net-bridge/docs/testing-ci-play.md

Testing, CI, and Release Compliance

Testing Strategy

• Rust unit tests: frame parsing, NAT expiry, DNS policy, MTU calculations, replay windows, lease allocation.
• Rust fuzzing: malformed VSHP frames and packet parser inputs.
• Kotlin unit tests: domain state reducers, pairing expiry, VPN status mapping.
• Android instrumented tests: foreground service lifecycle, notification stop action, mDNS registration, LocalOnlyHotspot failure paths.
• Hardware integration tests: USB accessory sessions on physical Android devices and Windows/Linux/macOS hosts.
• E2E matrix: WireGuard, OpenVPN, Clash, V2Ray; IPv4-only, IPv6-capable, split-tunnel VPNs, VPN absent.

CI Design

Required jobs:

• rust: cargo fmt --check, cargo clippy --workspace -- -D warnings, cargo test --workspace.
• android: Gradle unit tests, lint, assemble debug.
• security: dependency audit, CodeQL, license scan, SBOM generation.
• docs: markdown lint and Mermaid render smoke test.

Physical-device CI is required before release for USB, LocalOnlyHotspot, battery, and vendor VPN compatibility.

Play Store Review Checklist

• Store listing explains VPN Share is a network sharing tool.
• If Android client VPN mode is bundled, VpnService declaration is submitted.
• In-app disclosure is separate from privacy policy and requires affirmative action.
• No personal/sensitive traffic collection.
• No ad traffic manipulation.
• Foreground-service type declaration matches actual use.
• Target SDK follows current Play requirements at release time.

Release Gates

• No known traffic leaks in VPN-active E2E tests.
• No crash loops on VPN revocation, USB disconnect, Wi-Fi change, or sleep.
• Packet parser fuzz corpus runs clean.
• Reproducible release build and signed SBOM.
• Third-party security review before public 1.0.