HIP-23: Istanbul DeFi Application Patterns v1.1

.github/workflows/hip23.yml

@@ -0,0 +1,32 @@
+name: HIP-23 Tests
+
+on:
+  push:
+    paths:
+      - 'doc/HIP23*.md'
+      - 'tests/hip23_*.rs'
+      - 'tests/common/**'
+      - 'tests/fixtures/**'
+      - 'protocol/**'
+      - 'Cargo.toml'
+      - '.github/workflows/hip23.yml'
+  pull_request:
+    paths:
+      - 'doc/HIP23*.md'
+      - 'tests/hip23_*.rs'
+      - 'tests/common/**'
+      - 'tests/fixtures/**'
+      - 'protocol/**'
+      - 'Cargo.toml'
+      - '.github/workflows/hip23.yml'
+
+jobs:
+  hip23:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - name: Run HIP-23 test suite
+        run: cargo test hip23_ -- --nocapture
+      - name: Run workspace tests
+        run: cargo test --workspace -- --nocapture

Cargo.toml

@@ -52,6 +52,7 @@ serde_json = "1.0"
 
 [dev-dependencies]
 testkit        = {path = "./testkit"}
+proptest       = "1.4"
 
 [features]
 default = ["db-sled"] #, "ocl"]

SECURITY.md

@@ -0,0 +1,66 @@
+# Security Policy — Hacash fullnodedev
+
+## Supported branches
+
+- `main` / release tags: production full node
+- Feature branches (e.g. `hip-23-draft`): draft standards — run tests before integration
+
+## HIP-23 integrator release gate
+
+Before shipping wallet, gateway, or indexer support for HIP-23 patterns:
+
+```bash
+cargo test hip23_ -- --nocapture
+```
+
+This runs regression, adversarial, stress, production-path, audit-strict, chain, replay, and proptest suites.
+
+Documentation:
+
+- `doc/HIP23.md` — normative spec
+- `doc/HIP23_wallet_checklist.md` — pre-sign validation
+- `doc/HIP23_threat_model.md` — threat analysis
+- `doc/HIP23_audit_findings.md` — known issues
+
+## Reporting vulnerabilities
+
+Report security issues privately to the repository maintainers. Do not open public issues for exploitable consensus or node vulnerabilities until coordinated disclosure.
+
+Include:
+
+- Affected component (node, protocol, HIP draft)
+- Reproduction steps or proof-of-concept
+- Impact assessment
+- Suggested fix (optional)
+
+## Test modes
+
+| Mode | `fast_sync` | Use |
+|------|-------------|-----|
+| Pattern semantics | `true` | Guard/TEX/AST logic |
+| Production-like | `false` | Signatures, duplicate-tx, fee rules |
+
+Integrators MUST validate against production-like mode before mainnet use.
+
+## Fuzzing (optional)
+
+```bash
+cargo install cargo-fuzz
+cd fuzz && cargo fuzz run tex_cell_act_parse -- -max_total_time=30
+```
+
+Proptest also covers random TEX wire parse (`hip23_proptest_tex_wire_parse_never_panics`).
+
+## Dependency audit
+
+Periodically run:
+
+```bash
+cargo audit
+```
+
+(Requires `cargo-audit` crate installed.)
+
+## Scope note
+
+HIP-23 is an **application integration standard** — it does not alter consensus. Security focus is on correct composition, co-signing, and indexer classification to prevent integrator-level fund loss.