feat: implement risk-pool and governance-dao contracts with full test suites (v2)

.github/workflows/release.yml

@@ -0,0 +1,63 @@
+name: Release WASM Artifacts
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+permissions:
+  contents: write
+
+jobs:
+  build-and-release:
+    name: Build & Release WASM
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: wasm32v1-none
+
+      - name: Cache Cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            contracts/target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('contracts/Cargo.lock') }}
+
+      - name: Run tests
+        working-directory: contracts
+        run: cargo test --quiet
+
+      - name: Build optimized WASM
+        working-directory: contracts
+        run: cargo build --target wasm32v1-none --release --quiet
+
+      - name: Collect artifacts
+        run: |
+          mkdir -p dist
+          cp contracts/target/wasm32v1-none/release/*.wasm dist/
+          ls -lh dist/
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dist/*.wasm
+          generate_release_notes: true
+          body: |
+            ## Parashield Protocol ${{ github.ref_name }}
+
+            ### Contracts
+            - `parashield_oracle_verifier.wasm` — Oracle data aggregation
+            - `parashield_policy_engine.wasm` — Insurance product and policy management
+            - `parashield_claims_processor.wasm` — Automated claim evaluation
+            - `parashield_risk_pool.wasm` — LP liquidity pools with yield distribution
+            - `parashield_governance_dao.wasm` — Token-weighted protocol governance
+
+            ### Verification
+            Verify WASM hash against the published checksum before deploying.

.github/workflows/test.yml

@@ -0,0 +1,84 @@
+name: CI
+
+on:
+  push:
+    branches: [main, "feat/**"]
+  pull_request:
+    branches: [main]
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
+jobs:
+  build-and-test:
+    name: Build & Test (Soroban)
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: wasm32v1-none
+
+      - name: Cache Cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            contracts/target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('contracts/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-
+
+      - name: Run tests
+        working-directory: contracts
+        run: cargo test --quiet
+
+      - name: Build WASM targets
+        working-directory: contracts
+        run: cargo build --target wasm32v1-none --release --quiet
+
+      - name: Run Clippy
+        working-directory: contracts
+        run: cargo clippy --all-targets -- -D warnings
+
+  wasm-size:
+    name: WASM Binary Size Report
+    runs-on: ubuntu-latest
+    needs: build-and-test
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: wasm32v1-none
+
+      - name: Cache Cargo registry
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            contracts/target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('contracts/Cargo.lock') }}
+
+      - name: Build WASM
+        working-directory: contracts
+        run: cargo build --target wasm32v1-none --release --quiet
+
+      - name: Report binary sizes
+        working-directory: contracts
+        run: |
+          echo "| Contract | Size (KB) |"
+          echo "|----------|-----------|"
+          for f in target/wasm32v1-none/release/*.wasm; do
+            name=$(basename "$f" .wasm)
+            size=$(du -k "$f" | cut -f1)
+            echo "| $name | ${size} |"
+          done

ARCHITECTURE.md

@@ -0,0 +1,127 @@
+# Parashield Protocol Architecture
+
+## Overview
+
+Parashield is a decentralised parametric insurance protocol built on Stellar Soroban.
+Unlike traditional insurance, claims are settled automatically by smart contracts
+when a real-world trigger condition is confirmed by an oracle network.
+No adjuster. No form. No delay.
+
+## Contract Map
+
+```
+┌──────────────────────────────────────────────────────────┐
+│                     User / DApp                          │
+└────────────────────┬──────────────────────────────────────┘
+                     │  buy_policy / submit_claim
+                     ▼
+┌──────────────────────────────────────────────────────────┐
+│            Policy Engine (policy-engine)                 │
+│  - Products catalogue (admin-defined)                    │
+│  - Policy lifecycle: Active → Claimed / Expired          │
+│  - Holds USDC escrow until payout or expiry              │
+└──────┬──────────────────────────────────┬────────────────┘
+       │ get_policy / pay_claim /         │ get_contract_balance
+       │ expire_policy                    │
+       ▼                                  ▼
+┌─────────────────────┐         ┌─────────────────────────┐
+│  Claims Processor   │         │     Risk Pool           │
+│  (claims-processor) │         │     (risk-pool)         │
+│                     │         │  - LP deposits USDC     │
+│  - Evaluates oracle │         │  - Pool tokens (shares) │
+│  - Calls pay_claim  │         │  - Yield from premiums  │
+│    or expire_policy │         │  - Locks coverage cap.  │
+└──────┬──────────────┘         └─────────────────────────┘
+       │ verify_trigger
+       ▼
+┌──────────────────────────────────────────────────────────┐
+│            Oracle Verifier (oracle-verifier)             │
+│  - Multiple oracles submit signed observations           │
+│  - Confidence-weighted median aggregation                │
+│  - verify_trigger: returns bool for trigger condition    │
+└──────────────────────────────────────────────────────────┘
+
+         Admin / Token Holders
+                  │
+                  ▼
+       ┌────────────────────┐
+       │  Governance DAO    │
+       │  (governance-dao)  │
+       │  - Proposals       │
+       │  - Token voting    │
+       │  - Protocol params │
+       └────────────────────┘
+```
+
+## Data Flow: Parametric Payout
+
+```
+1. Admin creates InsuranceProduct (oracle key, threshold, comparison)
+2. User calls buy_policy(product_id, coverage_amount, duration_days, oracle_key)
+   - Premium = coverage * premium_rate_bps / 10_000
+   - USDC premium transferred from user to Policy Engine
+   - Policy record created with status = Active
+3. Oracle(s) submit data via oracle-verifier.submit_data() periodically
+4. Keeper calls claims-processor.auto_process(policy_id)
+   - Claims Processor calls oracle-verifier.verify_trigger(condition)
+   - If trigger met:  Policy Engine.pay_claim() → USDC → policyholder
+   - If trigger not met AND policy expired: Policy Engine.expire_policy()
+```
+
+## Fixed-Point Math
+
+All monetary values use 7-decimal fixed point matching Stellar's native precision:
+
+| Display value | On-chain representation |
+|---------------|------------------------|
+| 1 USDC        | 10_000_000             |
+| 50.5 mm rain  | 505_000_000            |
+| 120 min delay | 1_200_000_000          |
+
+## Oracle Key Format
+
+Oracle keys follow a structured naming convention (max 9 chars = Soroban Symbol):
+
+| Data type   | Key format                    | Example     |
+|-------------|-------------------------------|-------------|
+| Rainfall    | `{loc}{yyyymm}`               | `kis2606`   |
+| Temperature | `tmp{loc}{mm}`                | `tmpkis06`  |
+| Flight      | `fl{flight}{dd}`              | `flkq10015` |
+| Wind speed  | `wnd{loc}{mm}`                | `wndmom06`  |
+| DeFi event  | `defi{proto}`                 | `defiave`   |
+
+## Risk Pool Economics (v2)
+
+```
+Premium flow:
+  80% → Risk Pool (LP yield)
+  10% → Protocol Treasury (governance-controlled)
+  10% → Backstop Fund (solvency reserve)
+
+Utilization rate = total_active_coverage / total_deposited_liquidity
+
+Target APY ranges:
+  Low-risk pools (crop, flight): 8–15%
+  Medium-risk (disaster):        15–25%
+  High-risk (DeFi exploit):      25–40%
+```
+
+## Governance DAO (v2)
+
+SHIELD token holders govern protocol parameters:
+
+- Add / remove insurance products
+- Adjust premium rates and trigger thresholds
+- Register / deregister oracle sources
+- Allocate protocol treasury funds
+- Emergency pause individual contracts
+
+**Proposal lifecycle:** Draft → Active (7-day voting) → Passed (≥10% quorum, simple majority) → Executed (2-day timelock)
+
+## Security Notes
+
+- Admin keys should transition to Governance DAO after protocol launch
+- Oracle submissions are bounded by registered oracle set (not open)
+- Policy Engine holds USDC in escrow: no admin withdrawal function
+- Claims Processor is the only address authorized to call `pay_claim` / `expire_policy`
+- All monetary arithmetic uses checked arithmetic (Soroban default with overflow-checks = true)

CONTRIBUTING.md

@@ -0,0 +1,53 @@
+# Contributing to Parashield Contracts
+
+## Setup
+
+```bash
+# Install Rust + Soroban target
+rustup target add wasm32v1-none
+
+# Build
+make build
+
+# Test
+make test
+
+# Lint
+make lint
+```
+
+## Conventions
+
+- All storage keys use `#[contracttype]` enums.
+- Monetary values use 7-decimal fixed-point `i128` (1 USDC = 10_000_000).
+- All public functions that modify state require `caller.require_auth()`.
+- Errors use `#[contracterror]` with explicit `#[repr(u32)]` codes.
+- Tests live in `src/test.rs` (unit) and `src/test_integration.rs` (cross-contract).
+
+## PR Checklist
+
+- [ ] `make test` passes
+- [ ] `make lint` passes with zero warnings
+- [ ] New public functions have a short doc comment explaining the invariants
+- [ ] Error codes do not collide with existing ones
+- [ ] Persistent storage keys are documented in the StorageKey enum comment
+
+## Adding a New Contract
+
+1. `cargo new --lib contracts/<name>`
+2. Add to `contracts/Cargo.toml` `[workspace.members]`
+3. Set `crate-type = ["cdylib", "rlib"]` in the crate's `Cargo.toml`
+4. Add a `testutils` feature that enables `soroban-sdk/testutils`
+5. Write at least 5 unit tests covering init, happy path, and error paths
+6. Update `ARCHITECTURE.md` with the new contract's role
+
+## Commit Messages
+
+Follow [Conventional Commits](https://www.conventionalcommits.org/):
+
+```
+feat(oracle-verifier): add batch_submit_data
+fix(risk-pool): guard against zero deposit edge case
+test(claims-processor): add dispute resolution tests
+chore: update soroban-sdk to 22.1
+```