init

docs/testing-ci-play.md

@@ -0,0 +1,46 @@
+# Testing, CI, and Release Compliance
+
+## Testing Strategy
+
+- Rust unit tests: frame parsing, NAT expiry, DNS policy, MTU calculations,
+  replay windows, lease allocation.
+- Rust fuzzing: malformed VSHP frames and packet parser inputs.
+- Kotlin unit tests: domain state reducers, pairing expiry, VPN status mapping.
+- Android instrumented tests: foreground service lifecycle, notification stop
+  action, mDNS registration, LocalOnlyHotspot failure paths.
+- Hardware integration tests: USB accessory sessions on physical Android
+  devices and Windows/Linux/macOS hosts.
+- E2E matrix: WireGuard, OpenVPN, Clash, V2Ray; IPv4-only, IPv6-capable,
+  split-tunnel VPNs, VPN absent.
+
+## CI Design
+
+Required jobs:
+
+- `rust`: `cargo fmt --check`, `cargo clippy --workspace -- -D warnings`,
+  `cargo test --workspace`.
+- `android`: Gradle unit tests, lint, assemble debug.
+- `security`: dependency audit, CodeQL, license scan, SBOM generation.
+- `docs`: markdown lint and Mermaid render smoke test.
+
+Physical-device CI is required before release for USB, LocalOnlyHotspot, battery,
+and vendor VPN compatibility.
+
+## Play Store Review Checklist
+
+- Store listing explains VPN Share is a network sharing tool.
+- If Android client VPN mode is bundled, `VpnService` declaration is submitted.
+- In-app disclosure is separate from privacy policy and requires affirmative
+  action.
+- No personal/sensitive traffic collection.
+- No ad traffic manipulation.
+- Foreground-service type declaration matches actual use.
+- Target SDK follows current Play requirements at release time.
+
+## Release Gates
+
+- No known traffic leaks in VPN-active E2E tests.
+- No crash loops on VPN revocation, USB disconnect, Wi-Fi change, or sleep.
+- Packet parser fuzz corpus runs clean.
+- Reproducible release build and signed SBOM.
+- Third-party security review before public 1.0.