#!/usr/bin/env bash # ============================================================================= # x0x Comprehensive End-to-End Test Suite # Two named instances (alice + bob) with separate identities + charlie (seedless) # Tests ALL 75+ API endpoints across 19 categories with full lifecycle coverage # ============================================================================= set -euo pipefail X0XD="${X0XD:-$(pwd)/target/release/x0xd}" VERSION="$(grep '^version = ' Cargo.toml | head -1 | cut -d '"' -f2)" PASS=0; FAIL=0; SKIP=0; TOTAL=0 RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[0;33m'; CYAN='\033[0;36m'; NC='\033[0m' b64() { echo -n "$1" | base64; } check_json() { local n="$1" r="$2" k="$3"; TOTAL=$((TOTAL+1)) if echo "$r"|python3 -c "import sys,json;d=json.load(sys.stdin);assert '$k' in d" 2>/dev/null; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} $n" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} $n — no key '$k' in: $(echo "$r"|head -c200)" fi } check_contains() { local n="$1" r="$2" e="$3"; TOTAL=$((TOTAL+1)) if echo "$r"|grep -qi "$e"; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} $n" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} $n — want '$e' in: $(echo "$r"|head -c250)" fi } check_ok() { local n="$1" r="$2"; TOTAL=$((TOTAL+1)) if echo "$r"|grep -q '"ok":true\|"ok": true'; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} $n" elif echo "$r"|grep -q '"error"'; then FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} $n — $(echo "$r"|head -c250)" else PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} $n" fi } check_not_error() { local n="$1" r="$2"; TOTAL=$((TOTAL+1)) if echo "$r"|grep -q '"error":"curl_failed"'; then FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} $n — curl_failed (non-2xx)" elif echo "$r"|grep -q '"ok":false\|"ok": false'; then FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} $n — $(echo "$r"|head -c250)" else PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} $n" fi } check_eq() { local n="$1" got="$2" want="$3"; TOTAL=$((TOTAL+1)) if [ "$got" = "$want" ]; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} $n" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} $n — got '$got', want '$want'" fi } skip() { local n="$1" reason="$2" TOTAL=$((TOTAL+1)); SKIP=$((SKIP+1)) echo -e " ${YELLOW}SKIP${NC} $n — $reason" } jq_field() { echo "$1" | python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('$2',''))" 2>/dev/null || echo ""; } jq_int() { echo "$1" | python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('$2',0))" 2>/dev/null || echo "0"; } check_connect_outcome() { local n="$1" r="$2" outcome outcome=$(jq_field "$r" "outcome") TOTAL=$((TOTAL+1)) case "$outcome" in Direct|Coordinated|AlreadyConnected) PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} $n ($outcome)"; return 0 ;; Unreachable|NotFound|"") FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} $n — outcome=${outcome:-missing}: $(echo "$r"|head -c250)"; return 1 ;; *) PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} $n (outcome=$outcome)"; return 0 ;; esac } request_json() { local method="$1" token="$2" url="$3" local tmp status out tmp=$(mktemp) if [ "$#" -ge 4 ]; then local body="$4" status=$(curl -sS -o "$tmp" -w '%{http_code}' -X "$method" -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d "$body" "$url" 2>/dev/null || echo "000") else status=$(curl -sS -o "$tmp" -w '%{http_code}' -X "$method" -H "Authorization: Bearer $token" "$url" 2>/dev/null || echo "000") fi out=$(cat "$tmp" 2>/dev/null || true) rm -f "$tmp" if [[ "$status" == 2* ]]; then printf '%s' "$out" elif [ "$status" = "000" ]; then printf '{"error":"curl_failed"}' elif [ -n "$out" ]; then printf '%s' "$out" else printf '{"error":"http_%s"}' "$status" fi } # ── Curl wrappers (alice=A, bob=B) ────────────────────────────────────── A() { request_json "GET" "$AT" "$AA$1"; } B() { request_json "GET" "$BT" "$BA$1"; } Ap() { if [ "$#" -ge 2 ]; then request_json "POST" "$AT" "$AA$1" "$2"; else request_json "POST" "$AT" "$AA$1" '{}'; fi; } Bp() { if [ "$#" -ge 2 ]; then request_json "POST" "$BT" "$BA$1" "$2"; else request_json "POST" "$BT" "$BA$1" '{}'; fi; } Apu() { request_json "PUT" "$AT" "$AA$1" "$2"; } Bpu() { request_json "PUT" "$BT" "$BA$1" "$2"; } Apa() { request_json "PATCH" "$AT" "$AA$1" "$2"; } Bpa() { request_json "PATCH" "$BT" "$BA$1" "$2"; } Ad() { request_json "DELETE" "$AT" "$AA$1"; } Bd() { request_json "DELETE" "$BT" "$BA$1"; } # Charlie (seedless bootstrap) C() { request_json "GET" "$CT" "$CA$1"; } Cp() { if [ "$#" -ge 2 ]; then request_json "POST" "$CT" "$CA$1" "$2"; else request_json "POST" "$CT" "$CA$1" '{}'; fi; } # ── Cleanup ────────────────────────────────────────────────────────────── cleanup() { echo "" echo "Cleaning up..." kill $AP $BP 2>/dev/null || true [ -n "${CP:-}" ] && kill $CP 2>/dev/null || true wait $AP $BP 2>/dev/null || true [ -n "${CP:-}" ] && wait $CP 2>/dev/null || true rm -rf /tmp/x0x-e2e-alice /tmp/x0x-e2e-bob /tmp/x0x-e2e-charlie /tmp/x0x-e2e-testfile.txt } trap cleanup EXIT echo -e "${YELLOW}═══════════════════════════════════════════════════════════════${NC}" echo -e "${YELLOW} x0x v${VERSION} Comprehensive E2E Test Suite${NC}" echo -e "${YELLOW} ~180 assertions across 18 categories${NC}" echo -e "${YELLOW}═══════════════════════════════════════════════════════════════${NC}" # ── Verify binary ──────────────────────────────────────────────────────── if [ ! -x "$X0XD" ]; then echo -e "${RED}x0xd not found at $X0XD${NC}" echo "Build with: cargo build --release" exit 1 fi echo -e " x0xd: $X0XD" # ═════════════════════════════════════════════════════════════════════════ # SETUP: Start alice + bob daemons # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[Setup] Starting alice + bob with separate identities...${NC}" rm -rf /tmp/x0x-e2e-alice /tmp/x0x-e2e-bob /tmp/x0x-e2e-charlie mkdir -p /tmp/x0x-e2e-alice /tmp/x0x-e2e-bob /tmp/x0x-e2e-charlie cat>/tmp/x0x-e2e-alice/config.toml</tmp/x0x-e2e-bob/config.toml</tmp/x0x-e2e-alice/log & AP=$! $X0XD --config /tmp/x0x-e2e-bob/config.toml &>/tmp/x0x-e2e-bob/log & BP=$! CP="" AA="http://127.0.0.1:19101"; BA="http://127.0.0.1:19102"; CA="http://127.0.0.1:19103" for i in $(seq 1 30); do a=$(curl -sf "$AA/health" 2>/dev/null|python3 -c "import sys,json;print(json.load(sys.stdin).get('ok',''))" 2>/dev/null||true) b=$(curl -sf "$BA/health" 2>/dev/null|python3 -c "import sys,json;print(json.load(sys.stdin).get('ok',''))" 2>/dev/null||true) [ "$a" = "True" ] && [ "$b" = "True" ] && echo -e " ${GREEN}Both daemons ready (${i}s)${NC}" && break [ "$i" = "30" ] && echo -e "${RED}Startup failed!${NC}" && tail -20 /tmp/x0x-e2e-alice/log && exit 1 sleep 1 done AT=$(cat /tmp/x0x-e2e-alice/api-token 2>/dev/null) BT=$(cat /tmp/x0x-e2e-bob/api-token 2>/dev/null) CT="" # Extract identities RA=$(A /agent); AID=$(jq_field "$RA" "agent_id"); AM=$(jq_field "$RA" "machine_id") RB=$(B /agent); BID=$(jq_field "$RB" "agent_id"); BM=$(jq_field "$RB" "machine_id") echo -e " alice agent=${AID:0:16}... machine=${AM:0:16}..." echo -e " bob agent=${BID:0:16}... machine=${BM:0:16}..." # Generate fake agent/machine IDs for testing (deterministic) FAKE_AID="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" FAKE_MID="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" # Second fake ID for trust evaluation (separate from contacts lifecycle to avoid revocation conflict) FAKE_AID2="cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc" # ═════════════════════════════════════════════════════════════════════════ # 1. HEALTH & STATUS & CONSTITUTION # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[1/18] Health & Status & Constitution${NC}" R=$(A /health); check_json "alice health" "$R" "ok" check_contains "version matches package" "$R" "$VERSION" R=$(B /health); check_json "bob health" "$R" "ok" R=$(A /status); check_json "alice status" "$R" "uptime_secs" # Constitution R=$(curl -sf -H "Authorization: Bearer $AT" "$AA/constitution" 2>/dev/null || echo "ERROR") TOTAL=$((TOTAL+1)) if [ "$R" != "ERROR" ] && [ -n "$R" ] && echo "$R" | grep -qi "constitution\|preamble\|article\|x0x"; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} constitution markdown" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} constitution markdown — $(echo "$R"|head -c100)" fi R=$(A /constitution/json); check_json "constitution json" "$R" "version" # ═════════════════════════════════════════════════════════════════════════ # 2. IDENTITY & CARDS # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[2/18] Identity & Cards${NC}" check_json "alice agent" "$RA" "agent_id" check_json "bob agent" "$RB" "agent_id" check_eq "distinct agent IDs" "$([ "$AID" != "$BID" ] && echo yes || echo no)" "yes" # Agent cards R=$(A /agent/card); check_json "alice card" "$R" "link" ALICE_LINK=$(jq_field "$R" "link") R=$(B /agent/card); check_json "bob card" "$R" "link" BOB_LINK=$(jq_field "$R" "link") # Decode and validate card identity (Ben bug regression) ALICE_CARD_AID=$(echo "$ALICE_LINK" | sed 's|x0x://agent/||' | python3 -c " import sys,json,base64 b64=sys.stdin.read().strip() try: d=json.loads(base64.urlsafe_b64decode(b64+'==')) except: d=json.loads(base64.b64decode(b64+'==')) print(d.get('agent_id','')) " 2>/dev/null || echo "") check_eq "alice card has alice agent_id" "$ALICE_CARD_AID" "$AID" check_eq "alice card NOT bob agent_id" "$([ "$ALICE_CARD_AID" != "$BID" ] && echo yes || echo no)" "yes" BOB_CARD_AID=$(echo "$BOB_LINK" | sed 's|x0x://agent/||' | python3 -c " import sys,json,base64 b64=sys.stdin.read().strip() try: d=json.loads(base64.urlsafe_b64decode(b64+'==')) except: d=json.loads(base64.b64decode(b64+'==')) print(d.get('agent_id','')) " 2>/dev/null || echo "") check_eq "bob card has bob agent_id" "$BOB_CARD_AID" "$BID" R=$(A /agent/user-id); check_not_error "user-id endpoint" "$R" # Import cards R=$(Ap /agent/card/import "{\"card\":\"$BOB_LINK\",\"trust_level\":\"Trusted\"}"); check_not_error "alice imports bob card" "$R" R=$(Bp /agent/card/import "{\"card\":\"$ALICE_LINK\",\"trust_level\":\"Trusted\"}"); check_not_error "bob imports alice card" "$R" # ═════════════════════════════════════════════════════════════════════════ # 3. NETWORK & BOOTSTRAP # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[3/18] Network & Bootstrap (15s wait)${NC}" sleep 15 R=$(A /peers); check_not_error "alice peers" "$R" R=$(A /network/status); check_json "network status" "$R" "connected_peers" PEER_COUNT=$(jq_int "$R" "connected_peers") TOTAL=$((TOTAL+1)) if [ "$PEER_COUNT" -ge 1 ] 2>/dev/null; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} alice sees $PEER_COUNT peer(s)" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} alice sees 0 peers" fi R=$(A /network/bootstrap-cache); check_not_error "bootstrap cache" "$R" # ═════════════════════════════════════════════════════════════════════════ # 4. ANNOUNCE & DISCOVERY # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[4/18] Announce & Discovery${NC}" R=$(Ap /announce); check_not_error "alice announce" "$R" R=$(Bp /announce); check_not_error "bob announce" "$R" echo " Waiting 20s for gossip propagation..." sleep 20 R=$(A /agents/discovered); check_not_error "discovered agents" "$R" R=$(Ap "/agents/find/$BID") if echo "$R" | grep -q '"found":true'; then check_contains "find bob via gossip" "$R" '"found":true' R=$(A "/agents/reachability/$BID"); check_not_error "bob reachability" "$R" else skip "find bob via gossip" "expected on localhost — card import used" skip "bob reachability" "depends on gossip discovery" fi # ═════════════════════════════════════════════════════════════════════════ # 5. CONTACTS — FULL LIFECYCLE # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[5/18] Contacts — Full Lifecycle${NC}" # Alice already has bob from card import; verify R=$(A /contacts); check_contains "alice has bob contact" "$R" "$BID" # Bob already has alice from card import; verify R=$(B /contacts); check_contains "bob has alice contact" "$R" "$AID" # Add fake contact as Unknown R=$(Ap /contacts "{\"agent_id\":\"$FAKE_AID\",\"trust_level\":\"Unknown\",\"label\":\"fake-agent\"}") check_not_error "add fake contact (Unknown)" "$R" # Verify fake contact in list R=$(A /contacts); check_contains "contacts has fake" "$R" "$FAKE_AID" # Update trust: Unknown -> Known R=$(Apa "/contacts/$FAKE_AID" '{"trust_level":"Known"}'); check_ok "update fake to Known" "$R" # Update trust: Known -> Trusted R=$(Apa "/contacts/$FAKE_AID" '{"trust_level":"Trusted"}'); check_ok "update fake to Trusted" "$R" # Update trust: Trusted -> Blocked R=$(Apa "/contacts/$FAKE_AID" '{"trust_level":"Blocked"}'); check_ok "update fake to Blocked" "$R" # Update back: Blocked -> Trusted R=$(Apa "/contacts/$FAKE_AID" '{"trust_level":"Trusted"}'); check_ok "update fake Blocked->Trusted" "$R" # Quick trust set (POST /contacts/trust) R=$(Ap /contacts/trust "{\"agent_id\":\"$FAKE_AID\",\"level\":\"Known\"}") check_not_error "quick trust set to Known" "$R" # Revoke fake contact R=$(Ap "/contacts/$FAKE_AID/revoke" '{"reason":"e2e test revocation"}') check_not_error "revoke fake contact" "$R" # List revocations R=$(A "/contacts/$FAKE_AID/revocations"); check_contains "revocations has reason" "$R" "e2e test" # Remove fake contact R=$(Ad "/contacts/$FAKE_AID"); check_not_error "remove fake contact" "$R" # Verify removal R=$(A /contacts) TOTAL=$((TOTAL+1)) if echo "$R" | grep -q "$FAKE_AID"; then FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} fake contact still in list after removal" else PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} fake contact removed from list" fi # ═════════════════════════════════════════════════════════════════════════ # 6. MACHINES — FULL LIFECYCLE # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[6/18] Machines — Full Lifecycle${NC}" # Add bob's real machine R=$(Ap "/contacts/$BID/machines" "{\"machine_id\":\"$BM\",\"label\":\"bob-main\"}") check_not_error "add bob real machine" "$R" # Add fake machine to bob R=$(Ap "/contacts/$BID/machines" "{\"machine_id\":\"$FAKE_MID\",\"label\":\"bob-fake\"}") check_not_error "add bob fake machine" "$R" # List machines R=$(A "/contacts/$BID/machines"); check_contains "list machines has real" "$R" "$BM" check_contains "list machines has fake" "$R" "$FAKE_MID" # Pin bob's real machine R=$(Ap "/contacts/$BID/machines/$BM/pin"); check_not_error "pin real machine" "$R" # Set identity type to Pinned for machine pinning to take effect R=$(Apa "/contacts/$BID" '{"identity_type":"Pinned"}'); check_ok "set identity type Pinned" "$R" # Trust evaluate: pinned machine (correct) -> Accept R=$(Ap /trust/evaluate "{\"agent_id\":\"$BID\",\"machine_id\":\"$BM\"}") check_contains "eval pinned+correct -> Accept" "$R" "Accept" # Trust evaluate: pinned machine (wrong) -> RejectMachineMismatch R=$(Ap /trust/evaluate "{\"agent_id\":\"$BID\",\"machine_id\":\"$FAKE_MID\"}") check_contains "eval pinned+wrong -> RejectMachineMismatch" "$R" "RejectMachineMismatch" # Unpin machine R=$(Ad "/contacts/$BID/machines/$BM/pin"); check_not_error "unpin real machine" "$R" # Reset identity type back to avoid issues R=$(Apa "/contacts/$BID" '{"identity_type":"Trusted"}'); check_ok "reset identity type" "$R" # Remove fake machine R=$(Ad "/contacts/$BID/machines/$FAKE_MID"); check_not_error "remove fake machine" "$R" # ═════════════════════════════════════════════════════════════════════════ # 7. TRUST EVALUATION — ALL PATHS # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[7/18] Trust Evaluation — All Decision Paths${NC}" # Path 1: Trusted agent -> Accept R=$(Ap /trust/evaluate "{\"agent_id\":\"$BID\",\"machine_id\":\"$BM\"}") check_contains "trusted agent -> Accept" "$R" "Accept" # Path 2: Unknown agent -> Unknown (use FAKE_AID2 to avoid revocation from section 5) R=$(Ap /trust/evaluate "{\"agent_id\":\"$FAKE_AID2\",\"machine_id\":\"$FAKE_MID\"}") check_contains "unknown agent -> Unknown" "$R" "Unknown" # Path 3: Add as Blocked, evaluate -> RejectBlocked R=$(Ap /contacts "{\"agent_id\":\"$FAKE_AID2\",\"trust_level\":\"Blocked\",\"label\":\"blocked-test\"}") check_not_error "add blocked contact" "$R" R=$(Ap /trust/evaluate "{\"agent_id\":\"$FAKE_AID2\",\"machine_id\":\"$FAKE_MID\"}") check_contains "blocked agent -> RejectBlocked" "$R" "RejectBlocked" # Path 4: Update to Known -> AcceptWithFlag R=$(Apa "/contacts/$FAKE_AID2" '{"trust_level":"Known"}'); check_ok "update to Known" "$R" R=$(Ap /trust/evaluate "{\"agent_id\":\"$FAKE_AID2\",\"machine_id\":\"$FAKE_MID\"}") check_contains "known agent -> AcceptWithFlag" "$R" "AcceptWithFlag" # Clean up fake contact R=$(Ad "/contacts/$FAKE_AID2"); check_not_error "cleanup fake contact" "$R" # ═════════════════════════════════════════════════════════════════════════ # 8. PUB/SUB MESSAGING # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[8/18] Pub/Sub Messaging${NC}" # Bob subscribes R=$(Bp /subscribe '{"topic":"e2e-channel"}'); check_not_error "bob subscribe" "$R" SUB_ID=$(jq_field "$R" "subscription_id") # Alice publishes PAYLOAD_B64=$(b64 "hello from alice via gossip") R=$(Ap /publish "{\"topic\":\"e2e-channel\",\"payload\":\"$PAYLOAD_B64\"}"); check_ok "alice publish" "$R" # Publish to second topic R=$(Ap /publish "{\"topic\":\"e2e-channel-2\",\"payload\":\"$(b64 "second topic msg")\"}"); check_ok "alice publish topic 2" "$R" # Unsubscribe (if we got a subscription ID) if [ -n "$SUB_ID" ]; then R=$(Bd "/subscribe/$SUB_ID"); check_not_error "bob unsubscribe" "$R" else skip "bob unsubscribe" "no subscription_id returned" fi # ═════════════════════════════════════════════════════════════════════════ # 9. DIRECT MESSAGING # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[9/18] Direct Messaging${NC}" # Connect alice to bob R=$(Ap /agents/connect "{\"agent_id\":\"$BID\"}"); check_connect_outcome "alice connect to bob" "$R" sleep 2 # Alice sends direct message to bob DM_B64=$(b64 "direct hello from alice to bob") R=$(Ap /direct/send "{\"agent_id\":\"$BID\",\"payload\":\"$DM_B64\"}"); check_ok "alice direct send" "$R" # List alice direct connections R=$(A /direct/connections); check_not_error "alice direct connections" "$R" # Bob connects back to alice R=$(Bp /agents/connect "{\"agent_id\":\"$AID\"}"); check_connect_outcome "bob connect to alice" "$R" sleep 2 # Bob sends direct message to alice DM_B64=$(b64 "hey alice, got your message") R=$(Bp /direct/send "{\"agent_id\":\"$AID\",\"payload\":\"$DM_B64\"}"); check_ok "bob direct send" "$R" # List bob direct connections R=$(B /direct/connections); check_not_error "bob direct connections" "$R" # Send second message alice->bob DM_B64=$(b64 "second direct message from alice") R=$(Ap /direct/send "{\"agent_id\":\"$BID\",\"payload\":\"$DM_B64\"}"); check_ok "alice 2nd direct send" "$R" # ═════════════════════════════════════════════════════════════════════════ # 10. MLS GROUPS — FULL LIFECYCLE # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[10/18] MLS Groups — Full Lifecycle (PQC)${NC}" # Create group R=$(Ap /mls/groups); check_json "create MLS group" "$R" "group_id" MG=$(jq_field "$R" "group_id") echo " MLS group: ${MG:0:16}..." # List groups R=$(A /mls/groups); check_not_error "list MLS groups" "$R" if [ -n "$MG" ]; then # Get group details R=$(A "/mls/groups/$MG"); check_json "get MLS group" "$R" "members" # Add bob R=$(Ap "/mls/groups/$MG/members" "{\"agent_id\":\"$BID\"}"); check_ok "add bob to MLS" "$R" EPOCH1=$(jq_int "$R" "epoch") # Verify member count R=$(A "/mls/groups/$MG") MEMBER_COUNT=$(echo "$R" | python3 -c "import sys,json;d=json.load(sys.stdin);print(len(d.get('members',[])))" 2>/dev/null || echo "0") check_eq "MLS has 2 members" "$MEMBER_COUNT" "2" # Encrypt PLAIN_B64=$(b64 "PQC encrypted secret message via saorsa-mls") R=$(Ap "/mls/groups/$MG/encrypt" "{\"payload\":\"$PLAIN_B64\"}"); check_json "encrypt" "$R" "ciphertext" CT=$(jq_field "$R" "ciphertext") EPOCH=$(jq_int "$R" "epoch") # Decrypt round-trip if [ -n "$CT" ]; then R=$(Ap "/mls/groups/$MG/decrypt" "{\"ciphertext\":\"$CT\",\"epoch\":$EPOCH}") check_json "decrypt" "$R" "payload" DECRYPTED=$(echo "$R"|python3 -c "import sys,json,base64;print(base64.b64decode(json.load(sys.stdin).get('payload','')).decode())" 2>/dev/null||echo "") check_eq "decrypt round-trip" "$DECRYPTED" "PQC encrypted secret message via saorsa-mls" fi # Welcome for bob R=$(Ap "/mls/groups/$MG/welcome" "{\"agent_id\":\"$BID\"}"); check_not_error "create welcome" "$R" # Remove bob R=$(Ad "/mls/groups/$MG/members/$BID"); check_not_error "remove bob from MLS" "$R" # Verify member count after removal R=$(A "/mls/groups/$MG") MEMBER_COUNT=$(echo "$R" | python3 -c "import sys,json;d=json.load(sys.stdin);print(len(d.get('members',[])))" 2>/dev/null || echo "0") check_eq "MLS has 1 member after remove" "$MEMBER_COUNT" "1" # Re-add bob R=$(Ap "/mls/groups/$MG/members" "{\"agent_id\":\"$BID\"}"); check_ok "re-add bob to MLS" "$R" EPOCH2=$(jq_int "$R" "epoch") # Verify epoch incremented TOTAL=$((TOTAL+1)) if [ "$EPOCH2" -gt "$EPOCH1" ] 2>/dev/null; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} epoch incremented ($EPOCH1 -> $EPOCH2)" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} epoch not incremented ($EPOCH1 -> $EPOCH2)" fi # Encrypt again after membership change PLAIN2_B64=$(b64 "second encrypted message after member churn") R=$(Ap "/mls/groups/$MG/encrypt" "{\"payload\":\"$PLAIN2_B64\"}"); check_json "2nd encrypt" "$R" "ciphertext" CT2=$(jq_field "$R" "ciphertext") EPOCH_NEW=$(jq_int "$R" "epoch") if [ -n "$CT2" ]; then R=$(Ap "/mls/groups/$MG/decrypt" "{\"ciphertext\":\"$CT2\",\"epoch\":$EPOCH_NEW}") DECRYPTED2=$(echo "$R"|python3 -c "import sys,json,base64;print(base64.b64decode(json.load(sys.stdin).get('payload','')).decode())" 2>/dev/null||echo "") check_eq "2nd decrypt round-trip" "$DECRYPTED2" "second encrypted message after member churn" fi fi # ═════════════════════════════════════════════════════════════════════════ # 11. NAMED GROUPS — FULL LIFECYCLE # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[11/18] Named Groups — Full Lifecycle${NC}" # Create group R=$(Ap /groups '{"name":"E2E Comprehensive Group","description":"full lifecycle test"}') check_not_error "create named group" "$R" NG=$(jq_field "$R" "group_id") echo " Named group: ${NG:0:16}..." # List groups R=$(A /groups); check_contains "list groups" "$R" "E2E Comprehensive" if [ -n "$NG" ]; then # Get group info R=$(A "/groups/$NG"); check_not_error "get group info" "$R" # Generate invite R=$(Ap "/groups/$NG/invite"); check_not_error "generate invite" "$R" INVITE=$(jq_field "$R" "invite_link") if [ -n "$INVITE" ]; then # Validate invite format: must be x0x://invite/ NOT x0x://agent/ check_contains "invite is x0x://invite/" "$INVITE" "x0x://invite/" # Decode invite and verify fields INVITE_DECODED=$(echo "$INVITE" | sed 's|x0x://invite/||' | python3 -c " import sys,json,base64 b64=sys.stdin.read().strip() try: d=json.loads(base64.urlsafe_b64decode(b64+'==')) except: d=json.loads(base64.b64decode(b64+'==')) print(json.dumps(d)) " 2>/dev/null || echo "{}") check_contains "invite has group_name" "$INVITE_DECODED" "group_name" check_contains "invite has group_id" "$INVITE_DECODED" "group_id" check_contains "invite has invite_secret" "$INVITE_DECODED" "invite_secret" INVITE_GNAME=$(echo "$INVITE_DECODED" | python3 -c "import sys,json;print(json.load(sys.stdin).get('group_name',''))" 2>/dev/null || echo "") check_eq "invite group_name matches" "$INVITE_GNAME" "E2E Comprehensive Group" # Bob joins via invite R=$(Bp /groups/join "{\"invite\":\"$INVITE\"}"); check_not_error "bob joins via invite" "$R" else skip "invite validation" "no invite_link returned" skip "bob joins via invite" "no invite_link" fi # Set display names R=$(Apu "/groups/$NG/display-name" '{"name":"Alice the Admin"}'); check_ok "alice display name" "$R" # Get group info again — verify display name R=$(A "/groups/$NG"); check_contains "group has alice display name" "$R" "Alice the Admin" # Alice leaves group R=$(Ad "/groups/$NG"); check_not_error "alice leaves group" "$R" # Create second group with invite expiry R=$(Ap /groups '{"name":"E2E Group 2","description":"second group"}') check_not_error "create 2nd group" "$R" NG2=$(jq_field "$R" "group_id") if [ -n "$NG2" ]; then # Generate invite with explicit expiry R='{"error":"curl_failed"}' for _ in 1 2 3; do R=$(Ap "/groups/$NG2/invite" '{"expiry_secs":3600}') if ! echo "$R" | grep -q '"error":"curl_failed"'; then break fi sleep 1 done check_not_error "invite with expiry" "$R" INVITE2=$(jq_field "$R" "invite_link") if [ -n "$INVITE2" ]; then R=$(Bp /groups/join "{\"invite\":\"$INVITE2\"}"); check_not_error "bob joins 2nd group" "$R" fi # Delete second group R=$(Ad "/groups/$NG2"); check_not_error "delete 2nd group" "$R" fi # Card with --include-groups (bob is in a group) R=$(B /agent/card); check_not_error "bob card for group check" "$R" fi # ═════════════════════════════════════════════════════════════════════════ # 12. KEY-VALUE STORES — FULL LIFECYCLE # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[12/18] Key-Value Stores — Full Lifecycle${NC}" # Create store R=$(Ap /stores '{"name":"e2e-kv","topic":"e2e-kv-topic"}'); check_not_error "create store" "$R" SID=$(echo "$R"|python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('store_id',d.get('id','')))" 2>/dev/null||echo "") echo " store: $SID" # List stores R=$(A /stores); check_not_error "list stores" "$R" if [ -n "$SID" ]; then # Put key 1: text/plain VAL_B64=$(b64 "hello kv world") R=$(Apu "/stores/$SID/greeting" "{\"value\":\"$VAL_B64\",\"content_type\":\"text/plain\"}"); check_ok "put greeting" "$R" # Put key 2: application/json JSON_VAL=$(b64 '{"setting":"enabled","count":42}') R=$(Apu "/stores/$SID/config" "{\"value\":\"$JSON_VAL\",\"content_type\":\"application/json\"}"); check_ok "put config" "$R" # Get key 1 — verify round-trip R=$(A "/stores/$SID/greeting"); check_json "get greeting" "$R" "value" GOT_VAL=$(echo "$R"|python3 -c "import sys,json,base64;print(base64.b64decode(json.load(sys.stdin).get('value','')).decode())" 2>/dev/null||echo "") check_eq "greeting round-trip" "$GOT_VAL" "hello kv world" # List keys — should have 2 R=$(A "/stores/$SID/keys"); check_contains "keys has greeting" "$R" "greeting" check_contains "keys has config" "$R" "config" # Update key 1 VAL2_B64=$(b64 "updated greeting value") R=$(Apu "/stores/$SID/greeting" "{\"value\":\"$VAL2_B64\",\"content_type\":\"text/plain\"}"); check_ok "update greeting" "$R" # Get updated key R=$(A "/stores/$SID/greeting") GOT_VAL2=$(echo "$R"|python3 -c "import sys,json,base64;print(base64.b64decode(json.load(sys.stdin).get('value','')).decode())" 2>/dev/null||echo "") check_eq "updated greeting round-trip" "$GOT_VAL2" "updated greeting value" # Delete key 1 R=$(Ad "/stores/$SID/greeting"); check_ok "delete greeting" "$R" # Verify 1 key remains R=$(A "/stores/$SID/keys") KEY_COUNT=$(echo "$R"|python3 -c "import sys,json;print(len(json.load(sys.stdin).get('keys',[])))" 2>/dev/null||echo "-1") check_eq "1 key remains" "$KEY_COUNT" "1" # Delete remaining key R=$(Ad "/stores/$SID/config"); check_ok "delete config" "$R" # Verify store empty R=$(A "/stores/$SID/keys") KEY_COUNT=$(echo "$R"|python3 -c "import sys,json;print(len(json.load(sys.stdin).get('keys',[])))" 2>/dev/null||echo "-1") check_eq "store empty" "$KEY_COUNT" "0" fi # ═════════════════════════════════════════════════════════════════════════ # 13. TASK LISTS — FULL LIFECYCLE # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[13/18] Task Lists — Full Lifecycle (CRDT)${NC}" # Create task list R=$(Ap /task-lists '{"name":"E2E Tasks","topic":"e2e-tasks-topic"}'); check_not_error "create task list" "$R" TL=$(echo "$R"|python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('list_id',d.get('id','')))" 2>/dev/null||echo "") echo " task list: $TL" # List task lists R=$(A /task-lists); check_not_error "list task lists" "$R" if [ -n "$TL" ]; then # Add task 1 R=$(Ap "/task-lists/$TL/tasks" '{"title":"Verify PQC MLS","description":"Test saorsa-mls encryption"}') check_not_error "add task 1" "$R" TID1=$(echo "$R"|python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('task_id',d.get('id','')))" 2>/dev/null||echo "") # Add task 2 R=$(Ap "/task-lists/$TL/tasks" '{"title":"Test CRDT convergence","description":"Multi-agent sync"}') check_not_error "add task 2" "$R" TID2=$(echo "$R"|python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('task_id',d.get('id','')))" 2>/dev/null||echo "") # Show tasks R=$(A "/task-lists/$TL/tasks"); check_contains "tasks has PQC" "$R" "Verify PQC" check_contains "tasks has CRDT" "$R" "CRDT convergence" # Claim task 1 if [ -n "$TID1" ]; then R=$(Apa "/task-lists/$TL/tasks/$TID1" '{"action":"claim"}'); check_not_error "claim task 1" "$R" R=$(Apa "/task-lists/$TL/tasks/$TID1" '{"action":"complete"}'); check_not_error "complete task 1" "$R" fi # Add task 3 R=$(Ap "/task-lists/$TL/tasks" '{"title":"Deploy to production","description":"Ship it"}') check_not_error "add task 3" "$R" # Verify we have 3 tasks total R=$(A "/task-lists/$TL/tasks") TASK_COUNT=$(echo "$R"|python3 -c "import sys,json;d=json.load(sys.stdin);print(len(d.get('tasks',[])))" 2>/dev/null||echo "0") TOTAL=$((TOTAL+1)) if [ "$TASK_COUNT" -ge 3 ] 2>/dev/null; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} 3 tasks in list" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} expected 3 tasks, got $TASK_COUNT" fi fi # ═════════════════════════════════════════════════════════════════════════ # 14. FILE TRANSFER # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[14/18] File Transfer${NC}" echo "E2E comprehensive test file content for x0x v${VERSION}" > /tmp/x0x-e2e-testfile.txt FILE_SHA=$(shasum -a 256 /tmp/x0x-e2e-testfile.txt | cut -d' ' -f1) FILE_SIZE=$(wc -c < /tmp/x0x-e2e-testfile.txt | tr -d ' ') # Send file offer R=$(Ap /files/send "{\"agent_id\":\"$BID\",\"filename\":\"test.txt\",\"size\":$FILE_SIZE,\"sha256\":\"$FILE_SHA\",\"path\":\"/tmp/x0x-e2e-testfile.txt\"}") check_not_error "send file offer" "$R" XFER_ID=$(jq_field "$R" "transfer_id") check_json "transfer_id returned" "$R" "transfer_id" # List transfers R=$(A /files/transfers); check_not_error "list transfers" "$R" # Get specific transfer status if [ -n "$XFER_ID" ]; then R=$(A "/files/transfers/$XFER_ID"); check_not_error "transfer status" "$R" fi # Send second file offer for reject test R=$(Ap /files/send "{\"agent_id\":\"$BID\",\"filename\":\"reject-me.txt\",\"size\":10,\"sha256\":\"deadbeef\"}") check_not_error "2nd file offer" "$R" # ═════════════════════════════════════════════════════════════════════════ # 15. PRESENCE — ALL ENDPOINTS # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[15/18] Presence — All 6 Endpoints${NC}" # GET /presence (alias) R=$(A /presence); check_not_error "presence (alias)" "$R" # GET /presence/online R=$(A /presence/online); check_not_error "presence online" "$R" # GET /presence/foaf R=$(A /presence/foaf); check_not_error "presence foaf" "$R" # GET /presence/find/:id R=$(A "/presence/find/$BID"); check_not_error "presence find bob" "$R" # GET /presence/status/:id R=$(A "/presence/status/$BID"); check_not_error "presence status bob" "$R" # GET /presence/events (SSE — grab first 3s) R=$(curl -sf -H "Authorization: Bearer $AT" --max-time 3 "$AA/presence/events" 2>/dev/null || echo "timeout_ok") TOTAL=$((TOTAL+1)) if [ "$R" = "timeout_ok" ] || echo "$R" | grep -qi "data:\|event:\|retry:"; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} presence events SSE (stream opened)" else PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} presence events SSE (endpoint responded)" fi # ═════════════════════════════════════════════════════════════════════════ # 16. WEBSOCKET & UPGRADE # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[16/18] WebSocket & Upgrade${NC}" R=$(A /ws/sessions); check_not_error "ws sessions" "$R" # Upgrade check hits GitHub API — may fail due to rate limiting or network issues. # Accept either ok:true OR a known GitHub-related error as a pass. R=$(A /upgrade) TOTAL=$((TOTAL+1)) if echo "$R"|grep -q '"ok":true\|"current_version"'; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} upgrade check" elif echo "$R"|grep -q '"upgrade check failed"\|"rate limit"\|"curl_failed"'; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} upgrade check (endpoint works, GitHub unreachable)" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} upgrade check — unexpected: $(echo "$R"|head -c250)" fi # ═════════════════════════════════════════════════════════════════════════ # 17. SEEDLESS BOOTSTRAP — CHARLIE # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[17/18] Seedless Bootstrap — Charlie${NC}" # Write charlie config with NO bootstrap peers cat>/tmp/x0x-e2e-charlie/config.toml</tmp/x0x-e2e-charlie/log & CP=$! # Wait for charlie to start for i in $(seq 1 15); do c=$(curl -sf "$CA/health" 2>/dev/null|python3 -c "import sys,json;print(json.load(sys.stdin).get('ok',''))" 2>/dev/null||true) [ "$c" = "True" ] && echo -e " ${GREEN}Charlie ready (${i}s)${NC}" && break [ "$i" = "15" ] && echo -e " ${RED}Charlie startup failed${NC}" && skip "seedless bootstrap" "charlie failed to start" && break sleep 1 done CT=$(cat /tmp/x0x-e2e-charlie/api-token 2>/dev/null || echo "") if [ -n "$CT" ]; then # Check charlie's initial peer count (may be >0 if bootstrap cache exists on disk) R=$(C /network/status) CHARLIE_PEERS_BEFORE=$(jq_int "$R" "connected_peers") echo " charlie initial peers: $CHARLIE_PEERS_BEFORE (0 expected if fresh data_dir)" # Import alice's card into charlie (gives charlie alice's address) R=$(Cp /agent/card/import "{\"card\":\"$ALICE_LINK\",\"trust_level\":\"Trusted\"}") check_not_error "charlie imports alice card" "$R" # Connect charlie to alice R=$(Cp /agents/connect "{\"agent_id\":\"$AID\"}"); check_connect_outcome "charlie connects to alice" "$R" # Wait for connection sleep 5 # Verify charlie has peers (either already had them or gained via card import) R=$(C /network/status) CHARLIE_PEERS=$(jq_int "$R" "connected_peers") TOTAL=$((TOTAL+1)) if [ "$CHARLIE_PEERS" -ge 1 ] 2>/dev/null; then PASS=$((PASS+1)); echo -e " ${GREEN}PASS${NC} charlie has $CHARLIE_PEERS peer(s) (seedless bootstrap works)" else FAIL=$((FAIL+1)); echo -e " ${RED}FAIL${NC} charlie still has 0 peers after card import + connect" fi # Charlie can see its own identity R=$(C /agent); check_json "charlie agent" "$R" "agent_id" CHARLIE_AID=$(jq_field "$R" "agent_id") check_eq "charlie has unique agent_id" "$([ "$CHARLIE_AID" != "$AID" ] && [ "$CHARLIE_AID" != "$BID" ] && echo yes || echo no)" "yes" fi # ═════════════════════════════════════════════════════════════════════════ # 18. AGENTID VERIFICATION & TRUST ANNOTATIONS # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${CYAN}[18/19] AgentId Verification & Trust Annotations${NC}" # Alice sends a direct message to bob — bob's SSE should include verified + trust_decision DM_B64=$(b64 "verification test msg") R=$(Ap /direct/send "{\"agent_id\":\"$BID\",\"payload\":\"$DM_B64\"}"); check_ok "alice direct send for verification" "$R" # Check bob's direct connections — they should be established from earlier tests R=$(B /direct/connections); check_json "bob direct connections" "$R" "connections" # Verify that direct events SSE endpoint returns events with verified and trust_decision fields # We read the first event from bob's SSE (timeout 5s) and check for the new fields SSE_RESPONSE=$(curl -sS -m 5 -H "Authorization: Bearer $BT" "${BA}/direct/events" 2>/dev/null || true) if echo "$SSE_RESPONSE" | grep -q "verified"; then TOTAL=$((TOTAL+1)); PASS=$((PASS+1)) echo -e " ${GREEN}PASS${NC} direct events SSE includes 'verified' field" else TOTAL=$((TOTAL+1)); SKIP=$((SKIP+1)) echo -e " ${YELLOW}SKIP${NC} direct events SSE 'verified' field — no event received in time window" fi if echo "$SSE_RESPONSE" | grep -q "trust_decision"; then TOTAL=$((TOTAL+1)); PASS=$((PASS+1)) echo -e " ${GREEN}PASS${NC} direct events SSE includes 'trust_decision' field" else TOTAL=$((TOTAL+1)); SKIP=$((SKIP+1)) echo -e " ${YELLOW}SKIP${NC} direct events SSE 'trust_decision' field — no event received in time window" fi # ═════════════════════════════════════════════════════════════════════════ # 19. SUMMARY # ═════════════════════════════════════════════════════════════════════════ echo -e "\n${YELLOW}═══════════════════════════════════════════════════════════════${NC}" if [ $FAIL -eq 0 ]; then echo -e "${GREEN} ALL $TOTAL TESTS PASSED ($PASS passed, $SKIP skipped)${NC}" else echo -e "${RED} $FAIL FAILED${NC} / $TOTAL TOTAL ($PASS passed, $SKIP skipped)" echo "" echo "alice log errors:" grep -i "error\|panic" /tmp/x0x-e2e-alice/log | grep -v "WARN\|manifest\|upgrade" | tail -10 || true echo "bob log errors:" grep -i "error\|panic" /tmp/x0x-e2e-bob/log | grep -v "WARN\|manifest\|upgrade" | tail -10 || true if [ -f /tmp/x0x-e2e-charlie/log ]; then echo "charlie log errors:" grep -i "error\|panic" /tmp/x0x-e2e-charlie/log | grep -v "WARN\|manifest\|upgrade" | tail -10 || true fi fi echo -e "${YELLOW}═══════════════════════════════════════════════════════════════${NC}" exit $FAIL