merge(main): integrate Phase 1 hardening + tier-1 engineering from in… #8

	name: TCB Test Suite

	on:
	push:
	branches: [main, develop]
	pull_request:
	branches: [main]

	env:
	CARGO_TERM_COLOR: always

	jobs:
	rust-tcb:
	name: Rust TCB tests (56 in tests.rs + dag/engine/sequence modules)
	runs-on: windows-latest
	steps:
	- uses: actions/checkout@v4

	- name: Install Rust stable (MSVC)
	uses: dtolnay/rust-toolchain@stable
	with:
	toolchain: stable-x86_64-pc-windows-msvc

	- name: Cache cargo registry
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/registry
	~/.cargo/git
	freedom-kernel/target
	key: ${{ runner.os }}-cargo-${{ hashFiles('freedom-kernel/Cargo.lock') }}

	- name: Run TCB unit tests
	working-directory: freedom-kernel
	run: cargo test --lib tcb -- --nocapture 2>&1

	- name: Run all lib tests
	working-directory: freedom-kernel
	run: cargo test --lib -- --nocapture 2>&1
	continue-on-error: true

	python-attack-harness:
	name: Python attack harness (42 tests — AT-5.1 and AT-3.1 fixed)
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up Python 3.11
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'

	- name: Run mutation attack tests
	working-directory: attack_harness
	run: python mutation_attacks.py

	- name: Run canonicalization attack tests
	working-directory: attack_harness
	run: python canonicalization_attacks.py

	- name: Run sequence attack tests
	working-directory: attack_harness
	run: python sequence_attacks.py

	- name: Run attack tree coverage (all 7 attack classes)
	working-directory: attack_harness
	run: python attack_tree_coverage.py

Provide feedback