fix(ci): reliability and correctness fixes

[iap]

Summary

Four targeted fixes for CI reliability and consistency issues identified in the workflow analysis.

Changes

• contracts-ci.yml: add timeout-minutes: 15 to contracts-release-check and contracts-production-mode-smoke jobs — prevents multi-hour stuck runs when forge script hangs on anvil JSON-RPC polling
• contracts/script/ops/smoke-production-mode.sh: replace rg fallback with grep -Eo — ripgrep is not guaranteed on GitHub-hosted ubuntu runners
• contracts/Makefile: pin slither-analyzer==0.11.5 in slither-install target to match the version pinned in CI workflows
• contracts/foundry.toml: add [profile.default.invariant] runs = 256 to make invariant run count explicit and consistent across all invocations

Verification

forge test --no-match-path 'test/invariant/**': passes

Scope

• .github/workflows
• contracts

Risk

Low. No contract or test logic changes. Timeout values are conservative (15 min vs typical 3-5 min runtime).

Summary by CodeRabbit

• Chores
  • Added explicit timeout limits to CI workflow jobs, preventing indefinite execution and improving overall system reliability
  • Pinned a development tool dependency to a specific version, ensuring reproducible builds and consistency across development environments
  • Updated test configuration with new invariant testing parameters to standardize and improve test behavior
  • Enhanced production deployment script reliability by refining transaction verification tooling

[coderabbitai]

Walkthrough

This PR updates the contracts infrastructure with four independent configuration and tooling improvements: Foundry test profiles are reorganized with a new invariant test block, slither-analyzer is pinned to version 0.11.5, the smoke test script replaces ripgrep with grep for hash extraction, and two CI jobs receive explicit 15-minute timeouts.

Changes

Contracts Build and Test Infrastructure

Layer / File(s)	Summary
Foundry Test Configuration contracts/foundry.toml	remappings moved under [profile.default] and new [profile.default.invariant] section added with runs = 256.
Build Dependencies contracts/Makefile	slither-analyzer dependency pinned to version 0.11.5 in the slither-install target.
Deployment Script Tool Migration contracts/script/ops/smoke-production-mode.sh	Verifier transaction hash extraction switches from rg (ripgrep) to grep to match the first 0x[0-9a-fA-F]{64} pattern.
CI Workflow Job Timeouts .github/workflows/contracts-ci.yml	contracts-release-check and contracts-production-mode-smoke jobs each receive timeout-minutes: 15.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• trade/mark#33: Both PRs pin slither-analyzer to 0.11.5 as a dependency management update.

Poem

🐰 Timeouts ticking, tools all pinned so tight,
Foundry profiles dance in the sunlight,
From ripgrep to grep, the smoke runs clean,
Infrastructure gleams, the best we've seen! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(ci): reliability and correctness fixes' directly summarizes the main changes: CI workflow improvements, script reliability fixes, and configuration consistency updates across multiple files.
Description check	✅ Passed	The description provides clear explanations of all changes, verification steps, scope, and risk assessment. It covers the template's key sections with specific technical details about each fix, though it does not use the exact template format with checkboxes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/ci-reliability

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@contracts/script/ops/smoke-production-mode.sh`:
- Around line 64-68: The current fallback extracts the first 64-hex string from
SEND_OUT (variable VERIFIER_TX) which can pick up blockHash instead of the
transaction hash; modify the logic so SEND_OUT is obtained with a
machine-readable form (use cast send --json) and parse the transactionHash field
explicitly (e.g., jq -r '.transactionHash') to set VERIFIER_TX; if cast --json
isn't available, change the grep extraction to target the transaction-specific
label (match the token after "transactionHash" or "Transaction hash" rather than
the first 0x... sequence) so VERIFIER_TX always contains the transaction hash
used by cast receipt.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: bc05c7a8-dd73-4f5a-b62c-4a250829c808

📥 Commits

Reviewing files that changed from the base of the PR and between d2e24c3 and 3c7a6be.

📒 Files selected for processing (4)

• .github/workflows/contracts-ci.yml
• contracts/Makefile
• contracts/foundry.toml
• contracts/script/ops/smoke-production-mode.sh