Skip to content

Engineering Note: Backend API Test Suite

1. Overview

This document details the creation and implementation of a comprehensive test suite for the ANS backend API. The primary objective was to verify the functionality of all API endpoints, with a special focus on the previously untested /verify and /deregister routes.

The successful implementation of these tests ensures that the backend is reliable, robust, and ready for integration with the SDKs and any future clients.

2. Testing Framework and Tools

The test suite is built using a standard set of tools for Node.js applications:

  • Test Runner: Mocha is used to structure and execute the tests.
  • Assertion Library: Chai provides the assertion functions (e.g., expect) for validating test outcomes.
  • HTTP Testing: Supertest is used to make requests to the Express app, allowing us to test the API endpoints without needing to run a live server.
  • Mocking/Stubbing: Sinon is used to stub external dependencies, most notably the Firestore database and Pub/Sub clients.

3. Mocking Strategy: No Real Database Operations

A crucial aspect of this test suite is that it does not perform any real read or write operations on a live Firestore database. All interactions with Firestore and Pub/Sub are mocked using sinon.

This approach provides several key benefits:

  • Speed: The tests run in milliseconds, as there is no network latency from communicating with a real database.
  • Reliability: The tests are not dependent on the state of an external database, making them consistent and repeatable.
  • Isolation: The tests run in a completely isolated environment, ensuring that they do not interfere with each other or with any real data.

How the Mocking Works

In each test file, beforeEach and afterEach hooks are used to set up and tear down the stubs:

  • beforeEach: Before each test, we stub the Firestore.prototype.collection and PubSub.prototype.topic methods.
  • afterEach: After each test, sinon.restore() is called to remove the stubs, ensuring a clean state for the next test.

For the lookup.test.js file, a more advanced "intelligent mock" was implemented. This mock simulates the filtering behavior of Firestore's where clauses, allowing us to test complex queries without a real database.

Example of the intelligent mock in lookup.test.js:

// Simplified for clarity
beforeEach(() => {
  const collectionStub = {
    where: (field, op, value) => {
      // Store the query conditions
      queries.push({ field, op, value });
      return collectionStub; // Allow chaining
    },
    get: () => {
      // Filter the mock data based on the stored queries
      let filteredAgents = mockAgents.filter(/* ... */);
      return Promise.resolve({
        docs: filteredAgents.map(agent => ({ data: () => agent }))
      });
    },
  };
  sinon.stub(Firestore.prototype, 'collection').returns(collectionStub);
});

4. Fixes Implemented During Testing

During the creation of the test suite, a bug was identified and fixed in the /lookup endpoint (backend/src/routes/lookup.js).

  • The Problem: The policy compatibility tests were timing out. The root cause was that when a complex object like policy_requirements is passed in a GET request's URL query string, it is received by the Express server as a string, not an object. The original code was not parsing this string back into an object, causing the checkPolicyCompatibility function to fail.

  • The Solution: The performLookup function was updated to check if the policy_requirements parameter is a string. If it is, the code now attempts to JSON.parse() it. This change is fully backward-compatible:

    • If the parameter is not sent, the logic is skipped.
    • If it's already an object (sent from a newer SDK via a POST body, for example), the logic is skipped.
    • If it's a valid JSON string, it is correctly parsed.
    • If it's an invalid string, a try-catch block prevents a server crash.

This fix was essential for enabling the policy compatibility tests to pass and for making the /lookup endpoint more robust.

5. Test Results

The final test run confirmed that all 16 tests for the register, lookup, verify, and deregister endpoints are passing successfully.

> test
> mocha 'tests/**/*.js'


Running 9 configured test cases...


  POST /deregister
    ✔ should perform a full deregistration of an agent
    ✔ should perform a partial deregistration (capability revocation)
    ✔ should use "user_request" as default reason if none is provided

  Configurable Lookup API Test
  [Test: Find agent by exact name]
    - Query Parameters: {"query":"Translator","trust_level":"provisional"}
    - Response Time: 5.29ms
    - Results Found: 1
    ✔ should run test: 'Find agent by exact name' and measure performance
  [Test: Find agent by name prefix]
    - Query Parameters: {"query":"Nia","trust_level":"provisional"}
    - Response Time: 4.14ms
    - Results Found: 1
    ✔ should run test: 'Find agent by name prefix' and measure performance
  [Test: Find agent by all capabilities (AND logic)]
    - Query Parameters: {"capabilities":"translator,english,multilingual","trust_level":"provisional"}
    - Response Time: 3.38ms
    - Results Found: 1
    ✔ should run test: 'Find agent by all capabilities (AND logic)' and measure performance
  [Test: Find agent by a subset of capabilities]
    - Query Parameters: {"capabilities":"translator,english","trust_level":"provisional"}
    - Response Time: 3.50ms
    - Results Found: 1
    ✔ should run test: 'Find agent by a subset of capabilities' and measure performance
  [Test: Fail to find agent with mixed capabilities]
    - Query Parameters: {"capabilities":"translator,sales","trust_level":"provisional"}
    - Response Time: 3.76ms
    - Results Found: 0
    ✔ should run test: 'Fail to find agent with mixed capabilities' and measure performance
  [Test: Find all provisional agents]
    - Query Parameters: {"trust_level":"provisional"}
    - Response Time: 3.52ms
    - Results Found: 2
    ✔ should run test: 'Find all provisional agents' and measure performance
  [Test: Check policy compatibility success]
    - Query Parameters: {"query":"Translator","trust_level":"provisional","policy_requirements":"{\"capabilities\":[\"english\"]}"}
    - Response Time: 3.77ms
    - Results Found: 1
    ✔ should run test: 'Check policy compatibility success' and measure performance
  [Test: Check policy compatibility failure]
    - Query Parameters: {"query":"Translator","trust_level":"provisional","policy_requirements":"{\"capabilities\":[\"non_existent_capability\"]}"}
    - Response Time: 3.42ms
    - Results Found: 1
    ✔ should run test: 'Check policy compatibility failure' and measure performance
  [Test: Generic: Empty Result Lookup]
    - Query Parameters: {"query":"NonExistentAgent12345"}
    - Response Time: 2.86ms
    - Results Found: 0
    ✔ should run test: 'Generic: Empty Result Lookup' and measure performance

  API Tests
    ✔ should register an agent (49ms)

  POST /verify
    ✔ should return isValid: true for a valid signature
    ✔ should return isValid: false for an invalid signature
    ✔ should return a 404 if the agent is not found


  16 passing (169ms)

5. Conclusion

The ANS backend API is now fully covered by a robust and reliable test suite. This provides a high degree of confidence in the correctness of the API and serves as a safety net for future development and refactoring.