Skip to main content
Palyra employs a multi-layered testing strategy designed to ensure deterministic behavior across its core agent logic, CLI parity, and complex integration scenarios involving external connectors and worker fleets. The infrastructure ranges from low-level unit tests to high-level “golden” fixture comparisons and a comprehensive workflow regression matrix that gates releases.

Workflow Regression Matrix

The workflow regression matrix is the primary integration gate for the Palyra ecosystem. It validates end-to-end scenarios by spawning real palyrad and browserd processes on dynamic loopback ports, interacting with them via the CLI and gRPC clients.

Implementation and Data Flow

The matrix is driven by a JSON manifest infra/release/workflow-regression-matrix.json infra/release/workflow-regression-matrix.json#1-121, which defines: The run_workflow_regression example crates/palyra-cli/examples/run_workflow_regression.rs#24-180 orchestrates the execution. It loads the manifest, filters scenarios based on the active profile, and executes them, capturing logs and generating a WorkflowRegressionRunReport.

Regression Components

ComponentResponsibilitySource
workflow_regression_matrix.rsMain test runner for local/remote/session lifecycle.crates/palyra-cli/tests/workflow_regression_matrix.rs#38-158
workflow_regression_contract.rsValidates consistency between manifest and code.crates/palyra-cli/tests/workflow_regression_contract.rs#45-107
run-workflow-regression.shEntry point for CI environments.scripts/test/run-workflow-regression.sh#40-49
Sources: infra/release/workflow-regression-matrix.json#1-190, crates/palyra-cli/examples/run_workflow_regression.rs#24-180, crates/palyra-cli/tests/workflow_regression_matrix.rs#1-158, crates/palyra-cli/tests/workflow_regression_contract.rs#1-107.

CLI Parity and ACP Shim Harness

The CLI infrastructure ensures that the palyra binary maintains a stable contract for both human operators and automated shims (like the Agent Control Protocol - ACP).

Help Snapshot and Status Tests

The suite validates that CLI output remains consistent across versions. The status_reports_http_grpc_and_admin_health test crates/palyra-cli/tests/cli_v1_acp_shim.rs#26-61 verifies that the status command correctly reports on all gateway transports.

ACP NDJSON Shim

The ACP shim allows external tools to consume agent events as NDJSON. The agent_acp_shim_emits_ndjson_events test crates/palyra-cli/tests/cli_v1_acp_shim.rs#204-207 ensures that when --output-format json is used, the CLI emits valid, machine-readable events instead of formatted text. Sources: crates/palyra-cli/tests/cli_v1_acp_shim.rs#1-207.

Golden Fixture and Installed Smoke Tests

To prevent regression in the distribution artifacts, Palyra runs “smoke tests” against fully packaged binaries.

Installed Smoke Context

The installed_smoke.rs suite uses environment variables like PALYRA_BIN_UNDER_TEST to locate a production-build binary crates/palyra-cli/tests/installed_smoke.rs#28-40. It performs:

Scenario Orchestration

The PowerShell script run-cli-install-smoke.ps1 scripts/test/run-cli-install-smoke.ps1#41-83 creates isolated scenario contexts (temporary home directories, config paths, and state roots) to ensure that the binary behaves correctly in clean-room environments. Sources: crates/palyra-cli/tests/installed_smoke.rs#1-163, scripts/test/run-cli-install-smoke.ps1#1-101.

Worker Fleet and Egress Testing

Testing the worker fleet requires simulating attestation and network isolation.

Worker Attestation Harness

The palyra-workerd crate defines WorkerAttestation crates/palyra-workerd/src/lib.rs#35-62. Tests validate the validate function crates/palyra-workerd/src/lib.rs#113-153 against WorkerAttestationExpectation to ensure that only workers with valid image digests and attested egress proxies can join the fleet.

Egress Proxy Verification

The palyra-egress-proxy suite ensures that the EgressProxyPolicyService crates/palyra-egress-proxy/src/lib.rs#125-127 correctly blocks forbidden schemes and non-allowlisted hosts. The evaluate_request function crates/palyra-egress-proxy/src/lib.rs#140-150 is tested against malicious inputs to confirm fail-closed behavior. Sources: crates/palyra-workerd/src/lib.rs#35-153, crates/palyra-egress-proxy/src/lib.rs#1-150.

Release Evaluation Gate

The Release Evaluation Gate is the final check before a build is promoted. It uses the CompatReleaseReadinessChecklist crates/palyra-cli/tests/workflow_regression_contract.rs#12-13 to ensure that all “must-pass” scenarios for a given release scope are met.

Readiness Logic

The gate logic is defined in infra/release/compat-hardening-readiness.json infra/release/compat-hardening-readiness.json#1-37, which tracks:

System Data Flow: Regression to Release

This diagram illustrates how test results flow from individual scenarios into the final release gate. Sources: infra/release/compat-hardening-readiness.json#1-123, crates/palyra-cli/tests/workflow_regression_contract.rs#1-155, crates/palyra-cli/examples/run_workflow_regression.rs#1-180.

Test Infrastructure Code Entities

The following diagram bridges the natural language concepts of “Test Profiles” and “Validation” to the specific Rust structs and JSON schemas used in the codebase. Sources: infra/release/workflow-regression-matrix.json#1-190, infra/release/compat-hardening-readiness.json#1-50, crates/palyra-egress-proxy/src/lib.rs#33-48, crates/palyra-workerd/src/lib.rs#35-62.