chore: migrate rust/guards to icp-cli (#1396)

* chore: migrate rust/guards to icp-cli

Replace dfx.json with icp.yaml using @dfinity/rust@v3.3.0, restructure
source into backend/ subdirectory, update management canister usage to
ic-cdk-management-canister, add Makefile with guard behavior tests, and
add CI workflow.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore(rust/guards): test.sh over Makefile, bump CI image to 1.0.1

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): drop pinned channel 1.78 from rust-toolchain.toml

Transitive dependencies pulled in by ic-cdk 0.20 require edition2024
support (stabilized in Rust 1.85). Removing the 1.78 pin lets rustup
use the current stable toolchain.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): add ic_cdk::export_candid!() for candid-extractor

Required for the icp-cli recipe to extract the Candid interface from
the compiled WASM via get_candid_pointer.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): fix set -e interaction with expected-panicking canister calls

The panicking calls return a non-zero exit code (canister rejection).
In the old script, 'A && B; C' meant if B failed, set -e exited before
C ran — so the assertion after the panic was never checked.

Fix: split setup and panicking call onto separate lines, add '|| true'
to the panicking call to explicitly allow failure. The setup call still
uses '&&' so it fails loudly if the state reset itself fails.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): restore doc anchor links, drop redundant networks block

- Restore #inter-canister-calls-and-rollbacks and
  #securely-handle-traps-in-callbacks fragment identifiers that were
  dropped during migration
- Remove redundant networks block from icp.yaml (managed mode is default)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): use docs.internetcomputer.org link format consistently

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): update async-code link to inter-canister-calls

The old URL now redirects to the inter-canister calls page.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): shorten intro sentence and consolidate security link

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(rust/guards): restore PocketIC integration tests, fix docs links

- Restore backend/tests/tests.rs with pocket-ic 14.0.0 API (updated from
  original v5 — WasmResult/UserError replaced by direct Vec<u8>/RejectResponse)
- Covers all original scenarios including parallel processing prevention
  (submit_call/await_call for concurrent calls — not expressible in bash)
- Fix remaining building-apps/ doc links to guides/security/inter-canister-calls
- README explains both test approaches and how to run PocketIC tests locally
- CI downloads pocket-ic server via gh release download (authenticated, no
  rate limit risk) and runs cargo test as a separate step

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* improve(rust/guards): assert exact trap message in test.sh

Capture stderr from expected-panicking calls and verify it contains
'panicking callback!' — same check the PocketIC tests perform.

Extracted into assert_traps() helper to avoid repetition.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): use curl instead of gh for PocketIC server download

gh CLI is not available in the icp-dev-env-rust container.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* docs(rust/guards): mention trap message assertion in test.sh description

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(rust/guards): use dfinity/pocketic action to install PocketIC server

Replaces manual curl download with the official dfinity/pocketic composite
action — handles OS/arch detection, rate-limit-safe, sets POCKET_IC_BIN
automatically.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: marc0olo

.github/workflows/guards.yml

@@ -0,0 +1,37 @@
+name: guards
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    paths:
+      - rust/guards/**
+      - .github/workflows/guards.yml
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  rust-guards:
+    runs-on: ubuntu-24.04
+    container: ghcr.io/dfinity/icp-dev-env-rust:1.0.1
+    env:
+      ICP_CLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Deploy and test (icp-cli)
+        working-directory: rust/guards
+        run: |
+          icp network start -d
+          icp deploy
+          bash test.sh
+      - name: Install PocketIC server
+        uses: dfinity/pocketic@07bfae058ce2aa56994759b563531a7e8d98ba96 # main
+        with:
+          pocket-ic-server-version: "14.0.0"
+      - name: Build WASM and run PocketIC tests
+        working-directory: rust/guards
+        run: |
+          cargo build --package backend --target wasm32-unknown-unknown --release
+          cargo test --package backend