From bc44712dc9e26a7a4b40066a8d634bd6eb300a8f Mon Sep 17 00:00:00 2001
From: dazer1234 <dazer1234@users.noreply.github.com>
Date: Mon, 18 May 2026 13:28:57 +0200
Subject: [PATCH 1/2] Clamp beacon envelope pagination limit

---
 node/rustchain_v2_integrated_v2.2.1_rip200.py |  2 +-
 node/tests/test_limit_validation.py           | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/node/rustchain_v2_integrated_v2.2.1_rip200.py b/node/rustchain_v2_integrated_v2.2.1_rip200.py
index b52648b2a..7c3207d87 100644
--- a/node/rustchain_v2_integrated_v2.2.1_rip200.py
+++ b/node/rustchain_v2_integrated_v2.2.1_rip200.py
@@ -8365,7 +8365,7 @@ def beacon_digest():
 @app.route("/beacon/envelopes", methods=["GET"])
 def beacon_envelopes_list():
     try:
-        limit = min(int(request.args.get("limit", 50)), 50)
+        limit = max(1, min(int(request.args.get("limit", 50)), 50))
         offset = max(int(request.args.get("offset", 0)), 0)
     except (ValueError, TypeError):
         limit, offset = 50, 0
diff --git a/node/tests/test_limit_validation.py b/node/tests/test_limit_validation.py
index c8e6f46e0..91a87d05b 100644
--- a/node/tests/test_limit_validation.py
+++ b/node/tests/test_limit_validation.py
@@ -81,6 +81,16 @@ def test_pending_list_clamps_negative_limit(self):
         self.assertEqual(resp.get_json(), {"ok": True, "count": 0, "pending": []})
         self.assertEqual(mock_db.execute.call_args.args[1], ("pending", 1))
 
+    def test_beacon_envelopes_clamps_negative_limit(self):
+        with patch.object(self.mod, "get_recent_envelopes", return_value=[]):
+            resp = self.client.get("/beacon/envelopes?limit=-1&offset=-5")
+
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(resp.get_json(), {"ok": True, "count": 0, "envelopes": []})
+        self.mod.get_recent_envelopes.assert_called_once_with(
+            limit=1, offset=0, db_path=self.mod.DB_PATH
+        )
+
 
 if __name__ == "__main__":
     unittest.main()

From b44760a9f5f9a8311fa7b678a10b4ac680d8460d Mon Sep 17 00:00:00 2001
From: dazer1234 <dazer1234@users.noreply.github.com>
Date: Tue, 19 May 2026 12:38:41 +0200
Subject: [PATCH 2/2] Fix beacon envelope limit test mock

---
 node/tests/test_limit_validation.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/node/tests/test_limit_validation.py b/node/tests/test_limit_validation.py
index 91a87d05b..9eb0d8a29 100644
--- a/node/tests/test_limit_validation.py
+++ b/node/tests/test_limit_validation.py
@@ -82,12 +82,12 @@ def test_pending_list_clamps_negative_limit(self):
         self.assertEqual(mock_db.execute.call_args.args[1], ("pending", 1))
 
     def test_beacon_envelopes_clamps_negative_limit(self):
-        with patch.object(self.mod, "get_recent_envelopes", return_value=[]):
+        with patch.object(self.mod, "get_recent_envelopes", return_value=[]) as get_recent_envelopes:
             resp = self.client.get("/beacon/envelopes?limit=-1&offset=-5")
 
         self.assertEqual(resp.status_code, 200)
         self.assertEqual(resp.get_json(), {"ok": True, "count": 0, "envelopes": []})
-        self.mod.get_recent_envelopes.assert_called_once_with(
+        get_recent_envelopes.assert_called_once_with(
             limit=1, offset=0, db_path=self.mod.DB_PATH
         )