dashpay · kwvg · Jun 6, 2026 · Jun 4, 2026 · Jun 5, 2026 · Jun 4, 2026
diff --git a/.github/workflows/build_msrv.yml b/.github/workflows/build_msrv.yml
@@ -0,0 +1,111 @@
+name: MSRV (1.85)
+
+on:
+  push:
+    branches: [develop]
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@1.85.0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: 24
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version-file: pyproject.toml
+
+      - name: Install Python dependencies
+        run: pip install ".[dev]"
+
+      - name: Install CodeQL
+        id: setup-codeql
+        uses: github/codeql-action/setup-codeql@v4.36.2
+        with:
+          tools: linked
+
+      - name: Setup CodeQL
+        run: echo "$(dirname '${{ steps.setup-codeql.outputs.codeql-path }}')" >> "$GITHUB_PATH"
+
+      - name: Restore cargo registry
+        uses: actions/cache/restore@v5
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-deps-${{ hashFiles('Cargo.lock') }}
+          restore-keys: cargo-deps-
+
+      - name: Restore CodeQL caches
+        id: codeql-cache
+        uses: actions/cache/restore@v5
+        with:
+          path: |
+            contrib/codeql/.cache
+            ~/.codeql
+          key: codeql-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('pkgs/**/*.rs', 'contrib/codeql/**/*.ql', 'contrib/codeql/**/*.qll', 'Cargo.lock') }}
+
+      - name: Run linters
+        run: python3 contrib/lint/all_lint.py
+
+      - name: Save CodeQL caches
+        if: success() && steps.codeql-cache.outputs.cache-hit != 'true'
+        uses: actions/cache/save@v5
+        with:
+          path: |
+            contrib/codeql/.cache
+            ~/.codeql
+          key: codeql-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('pkgs/**/*.rs', 'contrib/codeql/**/*.ql', 'contrib/codeql/**/*.qll', 'Cargo.lock') }}
+
+      - name: Check PR commit messages
+        if: github.event_name == 'pull_request'
+        run: >
+          python3 contrib/lint/lint_unconv.py
+          -r "${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}"
+
+  build:
+    name: Build and test
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@1.85.0
+
+      - name: Restore cargo registry
+        uses: actions/cache/restore@v5
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+          key: cargo-deps-${{ hashFiles('Cargo.lock') }}
+          restore-keys: cargo-deps-
+
+      - name: Build workspace
+        run: cargo build --workspace --features full,_internal
+
+      - name: Test workspace
+        run: cargo test --workspace --features full,_internal
diff --git a/.github/workflows/build_nightly.yml b/.github/workflows/build_nightly.yml
@@ -49,8 +49,8 @@ jobs:
           path: |
             ~/.cargo/registry
             ~/.cargo/git
-          key: cargo-deps-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Cargo.lock') }}
-          restore-keys: cargo-deps-${{ runner.os }}-${{ runner.arch }}-
+          key: cargo-deps-${{ hashFiles('Cargo.lock') }}
+          restore-keys: cargo-deps-
 
       - name: Restore build artifacts
         uses: actions/cache@v5
@@ -96,4 +96,4 @@ jobs:
           path: |
             ~/.cargo/registry
             ~/.cargo/git
-          key: cargo-deps-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Cargo.lock') }}
+          key: cargo-deps-${{ hashFiles('Cargo.lock') }}
diff --git a/.github/workflows/build_stable.yml b/.github/workflows/build_stable.yml
@@ -1,4 +1,4 @@
-name: Build on MSRV and stable
+name: Build on stable
 
 on:
   workflow_call:
@@ -21,34 +21,6 @@ permissions:
   contents: read
 
 jobs:
-  msrv:
-    name: ubuntu-24.04-arm (MSRV)
-    runs-on: ubuntu-24.04-arm
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 1
-
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@1.85.0
-
-      - name: Restore cargo registry
-        uses: actions/cache/restore@v5
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-          key: cargo-deps-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Cargo.lock') }}
-          restore-keys: cargo-deps-${{ runner.os }}-${{ runner.arch }}-
-
-      - name: Build package
-        run: cargo build -p ${{ inputs.package }} --features ${{ inputs.features }}
-
-      - name: Test package
-        run: cargo test -p ${{ inputs.package }} --features ${{ inputs.features }}
-
   stable:
     strategy:
       fail-fast: false
@@ -79,8 +51,8 @@ jobs:
           path: |
             ~/.cargo/registry
             ~/.cargo/git
-          key: cargo-deps-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Cargo.lock') }}
-          restore-keys: cargo-deps-${{ runner.os }}-${{ runner.arch }}-
+          key: cargo-deps-${{ hashFiles('Cargo.lock') }}
+          restore-keys: cargo-deps-
 
       - name: Restore build artifacts
         uses: actions/cache@v5
@@ -103,4 +75,4 @@ jobs:
           path: |
             ~/.cargo/registry
             ~/.cargo/git
-          key: cargo-deps-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Cargo.lock') }}
+          key: cargo-deps-${{ hashFiles('Cargo.lock') }}
diff --git a/.github/workflows/lint_all.yml b/.github/workflows/lint_all.yml
diff --git a/.github/workflows/pr_comment.yml b/.github/workflows/pr_comment.yml
@@ -2,6 +2,7 @@ name: Comment on PRs
 
 on:
   push:
+    branches: [develop]
   pull_request_target:
     types: [synchronize, opened, reopened, closed]
 

diff --git a/.github/workflows/pr_tag.yml b/.github/workflows/pr_tag.yml
@@ -2,6 +2,7 @@ name: Tag PRs
 
 on:
   push:
+    branches: [develop]
   pull_request_target:
     types: [synchronize, opened, reopened]
   schedule:

diff --git a/CLAUDE.md b/CLAUDE.md
@@ -9,7 +9,7 @@ The full guide is at [`docs/guide_rust.md`](./docs/guide_rust.md). Key points:
 - **Naming**: `UpperCamelCase` for types/traits/enum variants, `snake_case` for functions/variables/modules,
   `SCREAMING_SNAKE_CASE` for constants. Acronyms as words (`TxId` not `TXID`). Getters omit `get_` prefix.
 - **Type safety**: newtypes over primitives when semantics differ, enums over booleans, make invalid states
-  unrepresentable. Derive `Clone`, `Debug`, `PartialEq`, `Eq`, `Hash`, `Default` eagerly.
+  unrepresentable. Derive `Clone`, `Debug`, `PartialEq`, `Eq`, `Hash` eagerly.
 - **Error handling**: never `.unwrap()` or `.expect()` in library code. Propagate with `?`. Domain error enums implement
   `Display`. Lowercase messages without trailing punctuation. Use `#[expect]` over `#[allow]`.
 - **Ownership**: prefer borrowing over cloning, accept `&str` over `&String`, `&[T]` over `&Vec<T>`. Let the caller

diff --git a/contrib/codeql/.gitignore b/contrib/codeql/.gitignore
@@ -0,0 +1,14 @@
+# CodeQL related
+.codeql
+.cache
+*.testproj/
+*.actual
+
+# Generated source-line data
+lib/source_lines.qll
+
+# Test files / folders
+test.ql
+test-*.ql
+**/testing/**
+**/*.testproj/*
diff --git a/contrib/codeql/attrib.ql b/contrib/codeql/attrib.ql
@@ -0,0 +1,58 @@
+/**
+ * Copyright (c) 2026-present, The Dash Core developers
+ * SPDX-License-Identifier: MIT
+ * See the accompanying file LICENSE or https://opensource.org/license/MIT
+ *
+ * @name Attribute and derivation rules
+ * @description Enforcement of required traits per feasible type.
+ * @kind problem
+ * @problem.severity warning
+ * @id base-sdk/attrib-rules
+ * @tags style
+ * @precision high
+ */
+
+import lib.filters
+import lib.fmt
+import lib.policy
+import lib.traits
+import rust
+
+/** Gets a comma-separated list of missing required traits for `t`. */
+string missingTraits(TypeItem t) {
+  isCheckableType(t) and
+  result =
+    concat(string trait |
+      trait = requiredTrait() and
+      not implementsTrait(t, trait) and
+      not isSuppressed(t, trait)
+    |
+      trait, ", " order by trait
+    ) and
+  result != ""
+}
+
+from TypeItem t, string message
+where
+  isCheckableType(t) and
+  (
+    exists(string missing |
+      missing = missingTraits(t) and
+      message = fmt("missing required derivations: {0}", missing)
+    )
+    or
+    // Serde: every non-exempt type must derive Serialize + Deserialize.
+    not isSerdeExempt(t) and
+    exists(string missing |
+      missing =
+        concat(string trait |
+          trait = requiredSerdeTrait() and
+          not implementsSerdeTrait(t, trait)
+        |
+          trait, ", " order by trait
+        ) and
+      missing != "" and
+      message = fmt("missing serde derivations: {0}", missing)
+    )
+  )
+select t, message
diff --git a/contrib/codeql/codeql-pack.lock.yml b/contrib/codeql/codeql-pack.lock.yml
@@ -0,0 +1,28 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/concepts:
+    version: 0.0.25
+  codeql/controlflow:
+    version: 2.0.35
+  codeql/dataflow:
+    version: 2.1.7
+  codeql/mad:
+    version: 1.0.51
+  codeql/regex:
+    version: 1.0.51
+  codeql/rust-all:
+    version: 0.2.15
+  codeql/ssa:
+    version: 2.0.27
+  codeql/threat-models:
+    version: 1.0.51
+  codeql/tutorial:
+    version: 1.0.51
+  codeql/typeinference:
+    version: 0.0.32
+  codeql/typetracking:
+    version: 2.0.35
+  codeql/util:
+    version: 2.0.38
+compiled: false
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,7 @@ name: Comment on PRs @@
     on:
       push:
+        branches: [develop]
       pull_request_target:
         types: [synchronize, opened, reopened, closed]
@@ Expand Down @@