Apply suggestion from @xrplf-ai-reviewer[bot]

Co-authored-by: xrplf-ai-reviewer[bot] <266832837+xrplf-ai-reviewer[bot]@users.noreply.github.com>

.github/scripts/strategy-matrix/generate.py

@@ -20,8 +20,6 @@ _SANITIZER_SUFFIX: dict[str, str] = {
 def get_cmake_args(build_type: str, extra_args: str) -> str:
     """Get the full list of CMake arguments for a config."""
     args = _BASE_CMAKE_ARGS.copy()
-    if build_type == "Release":
-        args.append("-Dassert=ON")
     if extra_args:
         args.extend(extra_args.split())
     return " ".join(args)

include/xrpl/basics/TaggedCache.ipp

@@ -2,6 +2,7 @@
 
 #include <xrpl/basics/IntrusivePointer.ipp>
 #include <xrpl/basics/TaggedCache.h>
+#include <xrpl/basics/scope.h>
 
 namespace xrpl {
 
@@ -536,8 +537,15 @@ TaggedCache<Key, T, IsKeyCache, SharedWeakUnionPointer, SharedPointerType, Hash,
     std::vector<key_type> v;
 
     {
-        std::scoped_lock const lock(mutex_);
-        v.reserve(cache_.size());
+        std::unique_lock lock(mutex_);
+        for (auto size = cache_.size(); v.capacity() < size; size = cache_.size())
+        {
+            ScopeUnlock const unlock(lock);
+            v.reserve(size);
+        }
+        XRPL_ASSERT(lock.owns_lock(), "xrpl::TaggedCache::getKeys(): owns lock");
+        XRPL_ASSERT(
+            v.capacity() >= cache_.size(), "xrpl::TaggedCache::getKeys(): sufficient capacity");
         for (auto const& _ : cache_)
             v.push_back(_.first);
     }

include/xrpl/basics/sanitizers.h

@@ -4,7 +4,7 @@
 /*
  ASAN flags some false positives with sudden jumps in control flow, like
  exceptions, or when encountering coroutine stack switches. This macro can be used to disable ASAN
- intrumentation for specific functions.
+ instrumentation for specific functions.
 */
 #if defined(__GNUC__) || defined(__clang__)
 #define XRPL_NO_SANITIZE_ADDRESS __attribute__((no_sanitize("address", "hwaddress")))

include/xrpl/ledger/helpers/CredentialHelpers.h

@@ -36,13 +36,13 @@ checkFields(STTx const& tx, beast::Journal j);
 TER
 valid(STTx const& tx, ReadView const& view, AccountID const& src, beast::Journal j);
 
-// Check if subject has any credential maching the given domain. If you call it
+// Check if subject has any credential matching the given domain. If you call it
 // in preclaim and it returns tecEXPIRED, you should call verifyValidDomain in
 // doApply. This will ensure that expired credentials are deleted.
 TER
 validDomain(ReadView const& view, uint256 domainID, AccountID const& subject);
 
-// This function is only called when we about to return tecNO_PERMISSION
+// This function is only called when we are about to return tecNO_PERMISSION
 // because all the checks for the DepositPreauth authorization failed.
 TER
 authorizedDepositPreauth(ReadView const& view, STVector256 const& ctx, AccountID const& dst);
@@ -58,7 +58,7 @@ checkArray(STArray const& credentials, unsigned maxSize, beast::Journal j);
 
 }  // namespace credentials
 
-// Check expired credentials and for credentials maching DomainID of the ledger
+// Check expired credentials and for credentials matching DomainID of the ledger
 // object
 TER
 verifyValidDomain(ApplyView& view, AccountID const& account, uint256 domainID, beast::Journal j);

nix/packages.nix

@@ -22,6 +22,7 @@ in
     git-lfs
     gnumake
     gnupg # needed for signing commits & codecov/codecov-action
+    graphviz
     llvmPackages_22.clang-tools
     less # needed for git diff
     mold