From a8d4f5e7c132373d88804d3cedf35e0a9718cf7f Mon Sep 17 00:00:00 2001
From: Javier Munoz <javier@greicodex.com>
Date: Tue, 12 May 2026 14:54:16 -0400
Subject: [PATCH 1/2] FID-7: pass --node-worker-cmd + install gmp,bcmath for
 fast RSA
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The conformance suite's bucket 03 (NUT outbound) and bucket 04 (NUT
inbound decrypt) need to drive the PHP queue worker between phases.
Without it, transmit_message jobs stay 'pending' forever and
inbound rows never advance past RECEIVED — both directions then
report false negatives even when the Go peer correctly delivered
the envelope.

Pass the cron drain command via --node-worker-cmd so the suite
spawns bin/worker.php between transmit/receive phases.

Also install gmp + bcmath in the setup-php step. brick/math (used
by web-token/jwt-framework for RSA-OAEP modPow) falls back to
NativeCalculator without one of these — and pure-PHP modPow on
4096-bit RSA routinely runs minutes per envelope, which makes the
worker hang inside the 60s drain budget. With gmp the same path
completes in single-digit milliseconds.
---
 .github/workflows/conformance.yml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index 444cf54..efd3674 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -46,7 +46,13 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: '8.2'
-          extensions: pdo, pdo_sqlite, openssl, curl, json, mbstring, sqlite3
+          # gmp is REQUIRED for FideX conformance: brick/math falls back to
+          # a pure-PHP calculator without it, and 4096-bit RSA-OAEP modPow
+          # in pure-PHP routinely runs minutes per envelope — which makes
+          # the queue worker hang inside the suite's 30s drain budget.
+          # bcmath is a viable secondary backend; we install both so the
+          # workflow stays portable across PHP versions.
+          extensions: pdo, pdo_sqlite, openssl, curl, json, mbstring, sqlite3, gmp, bcmath
           coverage: none
 
       - name: Setup Go
@@ -116,6 +122,7 @@ jobs:
             --node-db-path /tmp/fidex-php-ci.sqlite \
             --node-messages-table fidex_messages \
             --node-messages-direction inbound \
+            --node-worker-cmd "cd $GITHUB_WORKSPACE/fidex-php && FIDEX_NODE_ID=urn:custom:fidex-php-ci FIDEX_NODE_BASE_URL=http://localhost:18081 FIDEX_API_KEY=ci-conformance-key-32-chars-aaaaaaa FIDEX_DB_DRIVER=sqlite FIDEX_DB_PATH=/tmp/fidex-php-ci.sqlite FIDEX_ALLOW_HTTP_REGISTRATION=true timeout 60s php bin/worker.php" \
             --profile core
 
       - name: Upload report
@@ -150,7 +157,13 @@ jobs:
       - uses: shivammathur/setup-php@v2
         with:
           php-version: '8.2'
-          extensions: pdo, pdo_sqlite, openssl, curl, json, mbstring, sqlite3
+          # gmp is REQUIRED for FideX conformance: brick/math falls back to
+          # a pure-PHP calculator without it, and 4096-bit RSA-OAEP modPow
+          # in pure-PHP routinely runs minutes per envelope — which makes
+          # the queue worker hang inside the suite's 30s drain budget.
+          # bcmath is a viable secondary backend; we install both so the
+          # workflow stays portable across PHP versions.
+          extensions: pdo, pdo_sqlite, openssl, curl, json, mbstring, sqlite3, gmp, bcmath
       - uses: actions/setup-go@v6
         with:
           go-version: '1.24'
@@ -209,6 +222,7 @@ jobs:
             --node-db-path /tmp/fidex-php-ci.sqlite \
             --node-messages-table fidex_messages \
             --node-messages-direction inbound \
+            --node-worker-cmd "cd $GITHUB_WORKSPACE/fidex-php && FIDEX_NODE_ID=urn:custom:fidex-php-ci FIDEX_NODE_BASE_URL=http://localhost:18081 FIDEX_API_KEY=ci-conformance-key-32-chars-aaaaaaa FIDEX_DB_DRIVER=sqlite FIDEX_DB_PATH=/tmp/fidex-php-ci.sqlite FIDEX_ALLOW_HTTP_REGISTRATION=true timeout 60s php bin/worker.php" \
             --profile edge \
             || echo "::warning::enhanced/edge profile failures advisory pending CONFORMANCE.md gap closure"
 

From c245e2a31564d6bf9ee7b0f3cd04385bb1280f7b Mon Sep 17 00:00:00 2001
From: Javier Munoz <javier@greicodex.com>
Date: Tue, 12 May 2026 14:56:18 -0400
Subject: [PATCH 2/2] FID-7: pin conformance suite to feature branch for CI
 verification

---
 .github/workflows/conformance.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index efd3674..e02a2de 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -40,6 +40,10 @@ jobs:
         uses: actions/checkout@v6
         with:
           repository: GreicodexJM/fidex-conformance
+          # Pinned to feature/FID-7-interop until the matching PR
+          # (GreicodexJM/fidex-conformance#1) merges to master; revert
+          # to the default branch in the follow-up cleanup commit.
+          ref: feature/FID-7-interop
           path: fidex-conformance
 
       - name: Setup PHP 8.2