Integration and Regression Tests

This page documents the integration and regression testing infrastructure for the Palyra platform. The suite ensures the reliability of the core daemon (palyrad), the CLI (palyra), the browser automation service (palyra-browserd), and the connector ecosystem.

Daemon Integration Surface

The daemon integration tests verify the HTTP and gRPC boundaries of palyrad. These tests typically involve spawning a live daemon process with dynamic ports and an isolated state root to ensure no side effects between test runs.

Admin and Console API Testing

The admin_surface.rs suite validates the security and functionality of the Axum-based HTTP router. It specifically tests:

Authentication Requirements: Ensures that endpoints like /admin/v1/status crates/palyra-daemon/src/transport/http/router.rs#19-19 and /admin/v1/journal/recent crates/palyra-daemon/src/transport/http/router.rs#20-20 correctly reject requests missing the Authorization bearer token crates/palyra-daemon/tests/admin_surface.rs#42-43.
Context Validation: Verifies that requests must include mandatory headers such as x-palyra-principal and x-palyra-device-id crates/palyra-daemon/tests/admin_surface.rs#55-61.
Rate Limiting: Confirms that the admin_rate_limit_middleware crates/palyra-daemon/src/transport/http/router.rs#151-154 correctly triggers a 429 Too Many Requests status after repeated failed authentication attempts crates/palyra-daemon/tests/admin_surface.rs#164-176.

Health and Diagnostics

The health_endpoint.rs and console_diagnostics_handler crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#6-9 tests ensure the observability of the system. The diagnostics payload includes:

Model Provider Status: Serialized state of the active LLM backend crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#22-27.
Memory Usage: Current vector store and retention policy metrics crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#113-129.
Subsystem Snapshots: Status of skills, plugins, and webhooks crates/palyra-daemon/src/transport/http/handlers/console/diagnostics.rs#38-48.

Daemon Integration Data Flow

The following diagram illustrates how the integration tests interact with the daemon’s internal components. Integration Test Boundary Sources: crates/palyra-daemon/tests/admin_surface.rs#30-71, crates/palyra-daemon/src/transport/http/router.rs#17-157, crates/palyra-daemon/src/transport/http/handlers/admin/core.rs#1-20 (implied by router).

CLI Regression and Parity

CLI testing focuses on command-line argument parsing, profile management, and the bridge between the CLI and the daemon.

Daemon Status and Connectivity

The daemon_status.rs suite verifies that the CLI can communicate with the daemon’s management endpoints. It tests the daemon status command against a live palyrad instance crates/palyra-cli/tests/daemon_status.rs#19-37.

Isolated State: Tests use TempDir to create a fresh PALYRA_STATE_ROOT and PALYRA_GATEWAY_IDENTITY_STORE_DIR for every run crates/palyra-cli/tests/daemon_status.rs#144-149.
Dynamic Port Allocation: To avoid port collisions in CI, tests reserve loopback ports before spawning the daemon crates/palyra-cli/tests/daemon_status.rs#143-143.

Workflow Regression Matrix

The workflow_regression_matrix.rs and associated scripts (run-workflow-regression.sh) execute end-to-end scenarios to ensure that complex agentic workflows remain functional across versions. These tests often use the “Simulator Harness” to mock external model providers or channel interactions.

CLI to Daemon Communication

Sources: crates/palyra-cli/tests/daemon_status.rs#19-70, crates/palyra-daemon/src/transport/http/router.rs#19-19.

Browser Automation Tests

The palyra-browserd tests ensure that the headless Chromium engine and its gRPC service wrapper function correctly.

Session Lifecycle

Tests in support/tests.rs cover the creation and management of browser sessions:

Session Creation: Validates create_session crates/palyra-browserd/src/transport/grpc/service.rs#29-32 and ensures that principal names are mandatory crates/palyra-browserd/src/transport/grpc/service.rs#35-38.
Persistence: Verifies that persistence_enabled correctly triggers the loading of snapshots from the PersistedStateStore crates/palyra-browserd/src/transport/grpc/service.rs#75-88.
Budget Enforcement: Ensures that requested budgets (e.g., max_screenshot_bytes, max_navigation_timeout_ms) are clamped against the daemon’s configured defaults crates/palyra-browserd/src/transport/grpc/service.rs#107-161.

Redaction and Security

Query Redaction: The query_redaction_treats_oauth_code_and_state_as_sensitive test crates/palyra-browserd/src/support/tests.rs#128-140 ensures that sensitive URL parameters like code and state are stripped from logs.
State Directory Logic: Platform-specific tests verify that the browser state directory is correctly resolved on Windows (AppData) crates/palyra-browserd/src/support/tests.rs#161-174 and macOS (Application Support) crates/palyra-browserd/src/support/tests.rs#178-180.

Simulator Harness for Connectors

The simulator_harness.rs provides a mock environment for testing ChannelPlatform implementations (e.g., Discord, Slack) without requiring live API tokens or network connectivity.

Key Features

Message Injection: Allows tests to inject InboundMessage payloads directly into the ConnectorSupervisor.
Outcome Verification: Captures outbound actions like SendMessage or EditMessage to verify the daemon’s response logic.
State Mocking: Simulates connector health refreshes and queue draining operations crates/palyra-daemon/src/transport/http/router.rs#67-80.

Vault and Identity Persistence

Tests for the palyra-vault and palyra-identity crates focus on data integrity and encryption.

Vault Backend Testing

The backend.rs logic is tested across multiple storage types:

EncryptedFile: Verifies that the EncryptedFileBackend crates/palyra-vault/src/backend.rs#194-197 correctly manages the objects.store.json index and individual encrypted blobs.
Platform Specifics: Tests the selection logic crates/palyra-vault/src/backend.rs#135-158 that prefers MacosKeychainBackend, LinuxSecretServiceBackend, or WindowsDpapiBackend when available.

Identity Store Security

The FilesystemSecretStore tests crates/palyra-identity/src/store.rs#87-92 ensure:

Permissions Hardening: On Unix, the root directory is set to 0o700 crates/palyra-identity/src/store.rs#110-111. On Windows, ACLs are applied to ensure only the owner SID has access crates/palyra-identity/src/store.rs#101-101.
Atomic Writes: Secrets are written to temporary files and then renamed to their final destination to prevent corruption crates/palyra-identity/src/store.rs#177-195.
Encryption at Rest: All secrets are encrypted using CHACHA20_POLY1305 crates/palyra-identity/src/store.rs#16-16 with a store-specific key crates/palyra-identity/src/store.rs#23-23.

Sources: crates/palyra-daemon/tests/admin_surface.rs#1-107, crates/palyra-cli/tests/daemon_status.rs#1-194, crates/palyra-browserd/src/support/tests.rs#1-180, crates/palyra-browserd/src/transport/grpc/service.rs#1-161, crates/palyra-vault/src/backend.rs#1-204, crates/palyra-identity/src/store.rs#1-215.

​Daemon Integration Surface

​Admin and Console API Testing

​Health and Diagnostics

​Daemon Integration Data Flow

​CLI Regression and Parity

​Daemon Status and Connectivity

​Workflow Regression Matrix

​CLI to Daemon Communication

​Browser Automation Tests

​Session Lifecycle

​Redaction and Security

​Simulator Harness for Connectors

​Key Features

​Vault and Identity Persistence

​Vault Backend Testing

​Identity Store Security