-
Notifications
You must be signed in to change notification settings - Fork 0
Testing Strategy
dev-mondoshawan edited this page Apr 16, 2026
·
1 revision
**Referenced Files in This Document**
- [backend/src/models/__mocks__/db.js](https://github.com/RunTimeAdmin/AgentID/blob/main/backend/src/models/__mocks__/db.js)
- [backend/src/services/bagsAuthVerifier.js](https://github.com/RunTimeAdmin/AgentID/blob/main/backend/src/services/bagsAuthVerifier.js)
- [backend/src/services/pkiChallenge.js](https://github.com/RunTimeAdmin/AgentID/blob/main/backend/src/services/pkiChallenge.js)
- [backend/src/routes/agents.js](https://github.com/RunTimeAdmin/AgentID/blob/main/backend/src/routes/agents.js)
- [backend/src/routes/register.js](https://github.com/RunTimeAdmin/AgentID/blob/main/backend/src/routes/register.js)
- [backend/package.json](https://github.com/RunTimeAdmin/AgentID/blob/main/backend/package.json)
- [frontend/package.json](https://github.com/RunTimeAdmin/AgentID/blob/main/frontend/package.json)
Loading
- Introduction
- Testing Levels
- Unit Testing
- Integration Testing
- End-to-End Testing
- Security Testing
- Performance Testing
- Test Data Management
- Continuous Integration
AgentID employs a comprehensive testing strategy covering unit, integration, and end-to-end tests. The goal is to ensure reliability, security, and performance across all components.
graph TB
E2E["E2E Tests<br/>Critical User Flows"] --> Integration["Integration Tests<br/>API Endpoints"]
Integration --> Unit["Unit Tests<br/>Services & Utils"]
Unit --> Mock["Mocked Dependencies"]
Test individual service functions with mocked dependencies:
// Example: bagsAuthVerifier test
describe('bagsAuthVerifier', () => {
describe('verifyBagsSignature', () => {
it('should return true for valid signature', () => {
const result = verifyBagsSignature(message, signature, pubkey);
expect(result).toBe(true);
});
it('should return false for invalid signature', () => {
const result = verifyBagsSignature(message, 'invalid', pubkey);
expect(result).toBe(false);
});
});
});The setMockQuery() function enables database mocking:
const { setMockQuery } = require('../models/db');
beforeEach(() => {
setMockQuery((text, params) => {
// Return mock data based on query
if (text.includes('SELECT')) {
return { rows: [{ pubkey: 'test', name: 'Test Agent' }] };
}
return { rows: [] };
});
});Test routes with real HTTP requests:
describe('POST /api/register', () => {
it('should create a new agent', async () => {
const response = await request(app)
.post('/api/register')
.send({
pubkey: 'valid_pubkey',
name: 'Test Agent',
signature: 'valid_sig',
message: 'test_message',
nonce: 'test_nonce'
});
expect(response.status).toBe(201);
expect(response.body.agent).toBeDefined();
});
it('should reject invalid input', async () => {
const response = await request(app)
.post('/api/register')
.send({ name: 'Test Agent' }); // Missing required fields
expect(response.status).toBe(400);
});
});Test with real database:
- Use test database
- Clean up after each test
- Use transactions for isolation
-
Registration Flow
- Navigate to registration page
- Fill form and submit
- Verify agent created
-
Verification Flow
- Request challenge
- Sign challenge
- Submit response
- Verify completion
-
Discovery Flow
- Search for agents
- Filter by capability
- View agent details
- Cypress: For frontend E2E tests
- Playwright: Alternative E2E testing
Test Ed25519 signature validation:
describe('Security: Signature Verification', () => {
it('should reject tampered signatures', () => {
const tamperedSig = signature.slice(0, -5) + 'xxxxx';
const result = verifySignature(message, tamperedSig, pubkey);
expect(result).toBe(false);
});
it('should reject replayed nonces', async () => {
// Complete verification once
await verifyChallenge(pubkey, nonce, signature);
// Attempt replay
await expect(verifyChallenge(pubkey, nonce, signature))
.rejects.toThrow('Challenge already completed');
});
});Verify rate limiting works:
describe('Security: Rate Limiting', () => {
it('should block excessive requests', async () => {
// Make requests up to limit
for (let i = 0; i < 100; i++) {
await request(app).get('/api/agents');
}
// Next request should be blocked
const response = await request(app).get('/api/agents');
expect(response.status).toBe(429);
});
});Use tools like Artillery or k6:
# artillery.yml
config:
target: 'http://localhost:3002'
phases:
- duration: 60
arrivalRate: 10
scenarios:
- name: "Get badge"
requests:
- get:
url: "/api/badge/test_pubkey"Target performance metrics:
- API response time: < 200ms (p95)
- Badge generation: < 100ms (cached)
- Database queries: < 50ms
Use consistent test data:
// test/fixtures/agents.js
module.exports = {
validAgent: {
pubkey: 'A'.repeat(88),
name: 'Test Agent',
signature: 'valid_signature',
message: 'challenge_message',
nonce: 'test_nonce'
},
invalidAgent: {
pubkey: 'short',
name: ''
}
};Seed test database:
beforeAll(async () => {
await seedDatabase([
{ table: 'agent_identities', data: testAgents },
{ table: 'agent_verifications', data: testVerifications }
]);
});
afterAll(async () => {
await cleanupDatabase();
});name: Test
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:14
redis:
image: redis:7
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 18
- run: npm ci
- run: npm run migrate
- run: npm test
- run: npm run test:coverageMinimum coverage thresholds:
- Statements: 80%
- Branches: 75%
- Functions: 80%
- Lines: 80%
Run tests before commits:
{
"husky": {
"hooks": {
"pre-commit": "npm run lint && npm run test:staged"
}
}
}