feat(audit): integrate GPU C ABI tests into unified runner (P.1-P.2)

- Add UNIFIED_AUDIT_RUNNER guard + _run() entry point to:
    test_gpu_host_api_negative.cpp (38 checks)
    test_gpu_abi_gate.cpp (28 checks)
- Add gpu_registry.cpp + ufsecp_gpu_impl.cpp to unified_audit_runner sources
- Add gpu/include to unified_audit_runner include paths
- Register gpu_api_negative + gpu_abi_gate modules (memory_safety section)
- All 18 ufsecp_gpu_* functions now have null-guard coverage in unified runner
- Total unified modules: 70 (was 68); all PASS, AUDIT-READY verdict holds

docs(audit): AUDIT_TEST_PLAN §P section; AUDIT_SCOPE GPU rows; TEST_MATRIX
             70 modules; FFI_HOSTILE_CALLER §J section

audit/AUDIT_TEST_PLAN.md

@@ -215,6 +215,19 @@ must be tested end-to-end.
 
 ---
 
+### P. GPU C ABI Hostile-Caller Coverage (v3.24+)
+
+The GPU C ABI (`ufsecp_gpu_*`, 18 functions) now has full null-guard and
+error-path coverage integrated into the unified audit runner without requiring
+GPU hardware.
+
+| ID  | Test file                            | Checks | Key invariants |
+|-----|--------------------------------------|--------|----------------|
+| P.1 | `test_gpu_host_api_negative.cpp`     | 38     | NULL ctx batch ops; NULL ctx_out/info_out; invalid backend (0/99/255); is_available/device_count for invalid backend; count=0 no-ops; NULL buffers + count>0; invalid device index; GPU error strings (7 codes); backend names |
+| P.2 | `test_gpu_abi_gate.cpp`              | 28     | Backend count/ids/names; device_info null+invalid+valid; ctx_create/destroy lifecycle; last_error/msg(NULL); NULL buffer batch ops; error_str all codes; 1*G smoke if GPU available; count=0 no-op; NULL-scalar failure |
+
+---
+
 ## Unified Audit Runner -- 8-Section Internal Mapping
 
 The C++ `unified_audit_runner` binary covers **E, F, G(internal), H(deterministic), I(dudect+CT), J(ABI gate), L(smoke)** in a single executable.
@@ -227,7 +240,7 @@ The C++ `unified_audit_runner` binary covers **E, F, G(internal), H(deterministi
 | 4 | `standard_vectors` | bip340_vectors, bip32_vectors, rfc6979_vectors, frost_kat |
 | 5 | `fuzzing` | audit_fuzz, fuzz_parsers, fuzz_addr_bip32, fault_injection |
 | 6 | `protocol_security` | ecdsa_schnorr, bip32, musig2, ecdh_recovery, v4_features, coins, musig2_frost, musig2_frost_adv, audit_integration |
-| 7 | `memory_safety` | audit_security, debug_invariants, abi_gate |
+| 7 | `memory_safety` | audit_security, debug_invariants, abi_gate, gpu_api_negative, gpu_abi_gate |
 | 8 | `performance` | hash_accel, simd_batch, multiscalar, audit_perf |
 
 ---
@@ -241,7 +254,7 @@ The C++ `unified_audit_runner` binary covers **E, F, G(internal), H(deterministi
 | A3: Arithmetic Errors | CRITICAL | E.1a, E.4, F.1-F.5, G.1-G.4 | `audit_report.json` (math_invariants, differential) |
 | A4: Memory Safety | CRITICAL | D.1-D.5, H.1-H.4, J.3 | `artifacts/sanitizers/`, `audit_report.json` (fuzzing) |
 | A5: Supply Chain | HIGH | A.3, B.1-B.3, A.4 | `artifacts/sbom.cdx.json`, `artifacts/SHA256SUMS.txt` |
-| A6: GPU-Specific | HIGH | Separate GPU audit | -- |
+| A6: GPU-Specific | HIGH | P.1 (`test_gpu_host_api_negative`), P.2 (`test_gpu_abi_gate`) — null/invalid-backend/error-path paths; kernel-level ops audit in GPU backend test suites |
 
 ### Not Covered by Automated Tests
 

audit/CMakeLists.txt

@@ -575,6 +575,11 @@ add_executable(unified_audit_runner
     test_parse_strictness.cpp
     # -- ufsecp FFI implementation (needed by fuzz_parsers + fuzz_address) --
     ${CMAKE_CURRENT_SOURCE_DIR}/../include/ufsecp/ufsecp_impl.cpp
+    # -- ufsecp GPU ABI implementation + tests (null-guard paths work without hardware) --
+    ${CMAKE_CURRENT_SOURCE_DIR}/../include/ufsecp/ufsecp_gpu_impl.cpp
+    ${CMAKE_CURRENT_SOURCE_DIR}/../gpu/src/gpu_registry.cpp
+    test_gpu_host_api_negative.cpp
+    test_gpu_abi_gate.cpp
     # -- field representation tests --
     ${CPU_TESTS_DIR}/test_field_26.cpp
     # -- diagnostics --
@@ -593,6 +598,7 @@ target_include_directories(unified_audit_runner PRIVATE
     ${CMAKE_CURRENT_SOURCE_DIR}/../include
     ${CMAKE_CURRENT_BINARY_DIR}/../include   # for generated version.hpp
     ${CMAKE_BINARY_DIR}/include              # fallback for version.hpp
+    ${CMAKE_CURRENT_SOURCE_DIR}/../gpu/include  # for gpu_backend.hpp (gpu_registry.cpp)
 )
 # Inject git hash at compile time (short hash, 8 chars)
 execute_process(

audit/test_gpu_abi_gate.cpp

@@ -234,7 +234,8 @@ static void test_gpu_ops_if_available() {
     CHECK(1, "ctx_destroy succeeds");
 }
 
-int main() {
+int test_gpu_abi_gate_run() {
+    g_pass = 0; g_fail = 0;
     std::printf("=== GPU ABI Gate Test ===\n\n");
 
     test_backend_discovery();
@@ -247,3 +248,7 @@ int main() {
     std::printf("\n=== Results: %d passed, %d failed ===\n", g_pass, g_fail);
     return g_fail > 0 ? 1 : 0;
 }
+
+#ifndef UNIFIED_AUDIT_RUNNER
+int main() { return test_gpu_abi_gate_run(); }
+#endif

audit/test_gpu_host_api_negative.cpp

@@ -293,7 +293,8 @@ static void test_backend_names() {
 
 /* ============================================================================ */
 
-int main() {
+int test_gpu_host_api_negative_run() {
+    g_pass = 0; g_fail = 0;
     std::printf("=== GPU Host API Negative Test ===\n\n");
 
     /* Tests that don't need a context */
@@ -325,3 +326,7 @@ int main() {
     std::printf("\n=== Results: %d passed, %d failed ===\n", g_pass, g_fail);
     return g_fail > 0 ? 1 : 0;
 }
+
+#ifndef UNIFIED_AUDIT_RUNNER
+int main() { return test_gpu_host_api_negative_run(); }
+#endif

audit/unified_audit_runner.cpp

@@ -113,6 +113,12 @@ int test_ffi_round_trip_run();
 int test_adversarial_protocol_run();
 int test_ecies_regression_run();
 
+// ============================================================================
+// Forward declarations -- GPU ABI tests (no hardware required for null-guard paths)
+// ============================================================================
+int test_gpu_host_api_negative_run(); // NULL guards, invalid backend/device, error strings
+int test_gpu_abi_gate_run();          // Discovery, lifecycle, ops-if-available
+
 // ============================================================================
 // Forward declarations -- adversarial / fuzz tests
 // ============================================================================
@@ -329,6 +335,8 @@ static const AuditModule ALL_MODULES[] = {
     { "parse_strictness",  "Public parse path strictness (malformed inputs)","memory_safety", test_parse_strictness_run, false },
     { "adversarial_proto", "Adversarial protocol & FFI hostile-caller",   "fuzzing",         test_adversarial_protocol_run, false },
     { "ecies_regression",  "ECIES regression + C ABI prefix enforce",   "fuzzing",         test_ecies_regression_run, false },
+    { "gpu_api_negative",  "GPU C ABI null/invalid-backend/error paths", "memory_safety",   test_gpu_host_api_negative_run, false },
+    { "gpu_abi_gate",      "GPU ABI discovery, lifecycle, ops-if-avail", "memory_safety",   test_gpu_abi_gate_run, false },
 
     // ===================================================================
     // Section 8: Performance Validation & Regression

docs/AUDIT_SCOPE.md

@@ -141,6 +141,8 @@ An independent security audit is requested to verify correctness, identify vulne
 | libFuzzer harnesses | ∞ | Continuous fuzz for field/scalar/point |
 | `test_adversarial_protocol` (§H) | 100+ | New ABI surface edge cases: AEAD, ECIES, EllSwift, ETH, Pedersen switch, Schnorr adaptor, batch sign, BIP-143/144, SegWit, Taproot sighash |
 | `test_adversarial_protocol` (§I) | 77 | Remaining ABI surface: `ctx_clone`, `last_error_msg`, `pubkey_parse`, `pubkey_create_uncompressed`, `ecdsa_sign_recoverable`, `ecdsa_recover`, `ecdsa_sign_verified`, `schnorr_sign_verified`, deep batch verify |
+| `test_gpu_host_api_negative` | 38 | GPU C ABI: NULL ctx, NULL ctx_out, NULL info_out, count=0, count>0 + NULL buffers, invalid backend (0/99/255), invalid device index, error strings for all 7 GPU error codes, backend names |
+| `test_gpu_abi_gate` | 28 | GPU ABI gate: backend discovery, device info, context lifecycle, NULL buffer ops, error strings, ops-if-available (1*G smoke, count=0 no-op, NULL-scalar failure) |
 
 ### Mandatory Edge-Case Coverage Rule (enforced since v3.22)
 
@@ -154,7 +156,8 @@ before it is considered covered for audit purposes:
 4. **Success smoke** — at least one valid call demonstrates a correct round-trip or output
 
 Evidence for these checks lives in `audit/test_adversarial_protocol.cpp` (§G, §H, and §I)
-and is mapped in `docs/FFI_HOSTILE_CALLER.md` and `audit/AUDIT_TEST_PLAN.md` (§N).
+and the GPU ABI in `audit/test_gpu_host_api_negative.cpp` + `audit/test_gpu_abi_gate.cpp`,
+both integrated into the unified audit runner (v3.24+).
 
 ### Reproduction Commands
 

docs/FFI_HOSTILE_CALLER.md

@@ -102,13 +102,26 @@ shallow batch-verify paths. All gaps are closed by `test_i1_*`–`test_i5_*` in
 
 ---
 
+## Section J: GPU C ABI (v3.24+)
+
+`test_gpu_host_api_negative.cpp` and `test_gpu_abi_gate.cpp` cover all 18
+`ufsecp_gpu_*` functions without requiring GPU hardware. Both files are integrated
+into the unified audit runner (modules `gpu_api_negative` and `gpu_abi_gate`).
+
+| Test File | Checks | Coverage |
+|-----------|--------|----------|
+| `test_gpu_host_api_negative` | 38 | NULL ctx for all batch ops; NULL ctx_out / info_out; ctx_create with backend 0/99/255; is_available/device_count for invalid backend; count=0 no-ops; NULL buffers + count>0; invalid device index; GPU error strings (7 codes); backend name edge cases (0, 99, 0xFFFFFFFF) |
+| `test_gpu_abi_gate` | 28 | Backend count/ids/names (CUDA/OpenCL/Metal/none/invalid); device_info null guard + invalid backend + available device; ctx_create null/invalid/valid lifecycle; ctx_destroy(nullptr) no-crash; last_error/last_error_msg(nullptr); NULL buffer batch ops; error_str(OK/UNAVAILABLE/UNSUPPORTED/999); GPU ops if available (1*G smoke, count=0, NULL-scalar failure) |
+
+---
+
 ## Guarantee
 
 Every `ufsecp_*` function is tested with at least:
 1. Valid inputs (FFI round-trip)
 2. NULL context (G.1)
 3. NULL critical pointers (G.2, G.3)
-4. Malformed domain-specific input (G.4-G.20 / H.1-H.12 / I.1-I.5, per function category)
+4. Malformed domain-specific input (G.4-G.20 / H.1-H.12 / I.1-I.5 / J.1-J.2, per function category)
 
 **Mandatory edge-case rule for new ABI functions** (enforced since v3.22):
 Every new `ufsecp_*` function MUST be covered by all four checks below before

docs/TEST_MATRIX.md

@@ -51,7 +51,7 @@
 | `test_frost_kat.cpp` | -- | FROST t-of-n threshold signing known-answer tests |
 | `test_wycheproof_ecdsa.cpp` | -- | Wycheproof ECDSA: Google Project Wycheproof test vectors |
 | `test_wycheproof_ecdh.cpp` | -- | Wycheproof ECDH: Google Project Wycheproof test vectors |
-| `unified_audit_runner.cpp` | 49 modules | Unified audit: all 49 audit modules in single binary |
+| `unified_audit_runner.cpp` | 70 modules | Unified audit: all 70 audit modules in single binary (includes GPU null-guard paths) |
 
 ### CPU Unit Tests (`cpu/tests/`)