That's completely fair. Consensus systems are very difficult to (re-)implement correctly but I would argue there is value in doing so. There is also great risk and we appreciate that.

This time we took a slightly different approach. Whenever possible, we directly ported the validation code from bitcoind. Granted, the script runner is the most fragile part and for that we are relying on bitcoin-ruby which does not directly port it from bitcoind.

While we are passing Matt Corallo's brilliant test suite, it is not currently recommended that anyone use Toshi in production for the purpose of managing bitcoin. And if you are going to run it in your environment we highly suggest running it behind trusted bitcoind nodes. There are many pieces still missing -- like all of the DoS penalty code. We currently have the demo running in the wild for the very purpose of giving helpful people the opportunity to break it.

> it is not currently recommended that anyone use Toshi in production for the purpose of managing bitcoin

Does Coinbase use Toshi in production?

The only instances of it we having running are the ones listed in the blog post (and just perhaps a Litecoin version that we're trying to get to sync.) They are in no way currently integrated with the web site.

I would encourage people to really read this post and try to reason about the implication for the Bitcoin "protocol" the claim that the Bitcoin Core software project is, and must always be, the only usable instantiation of it. (n.b. While this claim is extraordinary I don't believe it is actually wrong.)