Add absolution-based fuzzing

[N3ur0sis]

Checklist

• App update process has been followed
• Target branch is develop
• Application version has been bumped

[github-actions]

Code coverage report

Per-file coverage

Package	Line Rate	Branch Rate	Health
src.transaction	85%	58%	✔
Summary	85% (50 / 59)	58% (28 / 48)	✔

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.44%. Comparing base (383782c) to head (b903542).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #215   +/-   ##
=======================================
  Coverage   72.44%   72.44%           
=======================================
  Files           5        5           
  Lines          98       98           
  Branches       22       22           
=======================================
  Hits           71       71           
  Misses          9        9           
  Partials       18       18           

Flag	Coverage Δ
unittests	72.44% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Adds an SDK-driven, coverage-guided fuzzing setup for the boilerplate app (including ClusterFuzzLite integration), and tightens status-word handling for crypto derivation failures to avoid bogus/truncated SW values.

Changes:

• Replace the legacy standalone transaction-parser fuzzer with the Ledger Secure SDK fuzzing framework + Absolution-based state prefixing.
• Add fuzzing harness/mocks/manifests/invariants and update docs + gitignore for the new workflow.
• Update ClusterFuzzLite build to fetch a pinned Secure SDK revision and build/package the framework-based fuzz targets.

Reviewed changes

Copilot reviewed 16 out of 41 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/handler/get_public_key.c	Avoids returning truncated cx_err_t as a 16-bit status word by mapping derive failures to SWO_SECURITY_ISSUE.
fuzzing/README.md	Replaces the old fuzzer instructions with framework-based campaign usage and artifact layout.
fuzzing/mock/scenario_layout.h	Adds generated Absolution prefix layout constants for the harness.
fuzzing/mock/mocks.h	Declares fuzzer control/tail globals and required framework symbols.
fuzzing/mock/mocks.c	Provides fuzz-build stubs (e.g., PRINTF, BSS-zero no-op) and control/tail globals.
fuzzing/macros/exclude_macros.txt	Adds macro-exclusion list for fuzz builds (e.g., stripping PRINTF macro define).
fuzzing/invariants/zero-symbols.txt	Defines app-local globals to pin/zero in the invariant to conserve prefix bytes.
fuzzing/invariants/domain-overrides.txt	Constrains key enum/state domains to improve convergence and unlocks swap/mock toggles.
fuzzing/harness/fuzz_dispatcher.c	Adds the app-specific fuzz harness dispatcher and optional swap-callback lane.
fuzzing/fuzz-manifest.toml	Introduces the fuzz target manifest (coverage key files, dictionary, seeds, exclusions).
fuzzing/fuzz_tx_parser.c	Removes the legacy LibFuzzer transaction-parser-only target.
fuzzing/extra/TxParser.cmake	Removes the legacy standalone txparser build helper.
fuzzing/CMakeLists.txt	Switches to LedgerAppFuzz.cmake + ledger_fuzz_add_app_target() build model.
fuzzing/base-corpus/.compat-key	Adds compatibility key for validating base-corpus reuse across builds.
.gitignore	Ignores new .fuzz-artifacts/ and generated invariant snapshot.
.clusterfuzzlite/Dockerfile	Moves to OSS-Fuzz base-builder and fetches a pinned Secure SDK revision with fuzz framework.
.clusterfuzzlite/build.sh	Reworks build to use SDK scripts for configuring/building targets and generating seed corpus zip.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.