[A01-1] [MEDIUM] UnsupportedFlowInputs revert untested

[thedavidmeister]

Gap

Flow.sol reverts with UnsupportedFlowInputs when the deployer-returned io byte 0 (flowInputs) is non-zero (src/concrete/Flow.sol:203-204). No test exercises this branch. The mock helper expressionDeployerDeployExpression2MockCall is only ever called with hex"00060001" (FlowTest) and hex"0007" (Flow.construction.t.sol) — both have flowInputs == 0.

If a future deployer behaviour change (or a bug elsewhere) caused flowInputs to leak through as non-zero, no test would catch the regression of this guard.

Source

• src/concrete/Flow.sol:198-205 (assembly + revert)

Existing related tests

• test/src/concrete/Flow.construction.t.sol::testFlowConstructionInitialize — happy-path init only.
• test/abstract/FlowTest.sol::expressionDeployer — sets io to hex"00060001".

Proposed test

Add to test/src/concrete/Flow.construction.t.sol:

import {UnsupportedFlowInputs} from "src/error/ErrFlow.sol";

/// forge-config: default.fuzz.runs = 100
function testFlowConstructionRevertsOnNonZeroFlowInputs(
    address expression,
    bytes memory bytecode,
    uint256[] memory constants,
    uint8 flowInputs
) external {
    vm.assume(flowInputs != 0);
    // io: byte0 = flowInputs (non-zero), byte1 = 7 (>= MIN_FLOW_SENTINELS).
    bytes memory io = abi.encodePacked(flowInputs, uint8(7));
    expressionDeployerDeployExpression2MockCall(expression, io);

    EvaluableConfigV3[] memory flowConfig = new EvaluableConfigV3[](1);
    flowConfig[0] = EvaluableConfigV3(DEPLOYER, bytecode, constants);

    address impl = deployFlowImplementation();
    vm.expectRevert(UnsupportedFlowInputs.selector);
    I_CLONE_FACTORY.clone(impl, abi.encode(flowConfig));
}