feat: integration test suite — 416 tests, 61% coverage

Add OpenBao and Kratos to docker-compose dev stack with bootstrap seeding. Full integration tests hitting real services: - Vault SDK: KV read/write/delete, re-auth on bad token, new_with_token constructor for dev mode - Kratos SDK: list/get/create/disable/enable users, session listing - Token store: PAT lifecycle with OpenBao backing, expiry handling - Identity tools: full tool dispatch through Kratos admin API - Gitea SDK: resolve_username, ensure_token (PAT auto-provisioning), list/get repos, issues, comments, branches, file content - Devtools: tool dispatch for all gitea_* tools against live Gitea - Archive indexer: batch flush, periodic flush task, edit/redact/reaction updates against OpenSearch - Memory store: set/query/get_recent with user scoping in OpenSearch - Room history: context retrieval by timestamp and event_id, access control enforcement - Search archive: keyword search with room/sender filters, room scoping - Code search: language filter, repo filter, branch scoping - Breadcrumbs: symbol retrieval, empty index handling, token budget - Bridge: full event lifecycle mapping, request ID filtering - Evaluator: DM/mention/silence short-circuits, LLM evaluation path, reply-to-human suppression - Agent registry: list/get_id, prompt reuse, prompt-change recreation - Conversations: token tracking, multi-turn context recall, room isolation Bug fixes caught by tests: - AgentRegistry in-memory cache skipped hash comparison on prompt change - KratosClient::set_state sent bare PUT without traits (400 error) - find_code_session returns None on NULL conversation_id
2026-03-24 14:34:03 +00:00
parent b3a38767e0
commit 5dc739b800
8 changed files with 3105 additions and 3 deletions
--- a/docker-compose.dev.yaml
+++ b/docker-compose.dev.yaml
@@ -68,7 +68,52 @@ services:
      timeout: 5s
      retries: 10

+  openbao:
+    image: quay.io/openbao/openbao:2.5.1
+    cap_add:
+      - IPC_LOCK
+    environment:
+      - BAO_DEV_ROOT_TOKEN_ID=dev-root-token
+      - BAO_DEV_LISTEN_ADDRESS=0.0.0.0:8200
+    ports:
+      - "8200:8200"
+    healthcheck:
+      test: ["CMD", "bao", "status", "-address=http://127.0.0.1:8200"]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+
+  kratos-migrate:
+    image: oryd/kratos:v1.3.1
+    command: migrate sql -e --yes
+    environment:
+      - DSN=sqlite:///var/lib/sqlite/kratos.db?_fk=true&mode=rwc
+    volumes:
+      - ./dev/kratos.yml:/etc/kratos/kratos.yml:ro
+      - ./dev/identity.schema.json:/etc/kratos/identity.schema.json:ro
+      - kratos-data:/var/lib/sqlite
+
+  kratos:
+    image: oryd/kratos:v1.3.1
+    command: serve -c /etc/kratos/kratos.yml --dev --watch-courier
+    depends_on:
+      kratos-migrate:
+        condition: service_completed_successfully
+    ports:
+      - "4433:4433"   # public
+      - "4434:4434"   # admin
+    volumes:
+      - ./dev/kratos.yml:/etc/kratos/kratos.yml:ro
+      - ./dev/identity.schema.json:/etc/kratos/identity.schema.json:ro
+      - kratos-data:/var/lib/sqlite
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:4434/admin/health/ready || exit 1"]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+
 volumes:
  opensearch-data:
  tuwunel-data:
  gitea-data:
+  kratos-data: