vm-cloudflare/TEST_WORKFLOW.sh

#!/bin/bash
# TEST_WORKFLOW.sh
# End-to-end test for GitLab + Cloudflare MCP integration
# Usage: ./TEST_WORKFLOW.sh [full|quick]

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
WORKFLOW_MODE="${1:-quick}"

# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

# Logging functions
log_info() {
    echo -e "${BLUE}[INFO]${NC} $1"
}

log_success() {
    echo -e "${GREEN}[SUCCESS]${NC} $1"
}

log_warning() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

# ============================================================================
# PHASE 1: Environment Validation
# ============================================================================
echo ""
log_info "====== PHASE 1: Environment Validation ======"

# Check required environment variables
check_env_var() {
    local var_name=$1
    local var_value=${!var_name:-}
    
    if [[ -z "$var_value" ]]; then
        log_warning "$var_name not set (optional)"
        return 1
    else
        log_success "$var_name is set (${#var_value} chars)"
        return 0
    fi
}

# Essential vars
log_info "Checking essential environment variables..."
GITHUB_OKAY=$(check_env_var GITHUB_TOKEN || echo "false")
GITLAB_OKAY=$(check_env_var GITLAB_TOKEN || echo "false")
CLOUDFLARE_OKAY=$(check_env_var CLOUDFLARE_API_TOKEN || echo "false")
ACCOUNT_OKAY=$(check_env_var CLOUDFLARE_ACCOUNT_ID || echo "false")

# Verify opencode.jsonc exists and is valid JSON
log_info "Validating opencode.jsonc..."
if [[ ! -f "$SCRIPT_DIR/opencode.jsonc" ]]; then
    log_error "opencode.jsonc not found in $SCRIPT_DIR"
    exit 1
fi

# Try to parse as JSON (allowing comments via jq)
if command -v jq &> /dev/null; then
    if jq . "$SCRIPT_DIR/opencode.jsonc" > /dev/null 2>&1; then
        log_success "opencode.jsonc is valid JSON"
    else
        log_warning "opencode.jsonc has comments (expected for .jsonc)"
    fi
else
    log_warning "jq not available, skipping JSON validation"
fi

# Check Terraform files
log_info "Validating Terraform files..."
if [[ ! -d "$SCRIPT_DIR/terraform" ]]; then
    log_error "terraform/ directory not found"
    exit 1
fi

if command -v terraform &> /dev/null; then
    cd "$SCRIPT_DIR/terraform"
    if terraform validate > /dev/null 2>&1; then
        log_success "Terraform files are valid"
    else
        log_warning "Terraform validation failed (may need init)"
    fi
    cd "$SCRIPT_DIR"
else
    log_warning "terraform CLI not installed, skipping validation"
fi

# ============================================================================
# PHASE 2: Test Scenarios (by mode)
# ============================================================================
echo ""

if [[ "$WORKFLOW_MODE" == "quick" ]]; then
    log_info "====== PHASE 2: Quick Test (Environment Check Only) ======"
    
    echo ""
    log_info "Summary of configured MCPs:"
    echo "  ✓ Enabled globally: filesystem, git, github, gh_grep"
    echo "  ⚠ Per-agent enabled: gitlab, cloudflare (requires tokens)"
    echo "  ✓ Optional: postgres, sqlite, docker, aws, slack, memory, context7"
    
    echo ""
    log_info "Token Status:"
    [[ "$GITHUB_OKAY" != "false" ]] && echo "  ✓ GITHUB_TOKEN available" || echo "  ✗ GITHUB_TOKEN missing"
    [[ "$GITLAB_OKAY" != "false" ]] && echo "  ✓ GITLAB_TOKEN available" || echo "  ✗ GITLAB_TOKEN missing (needed for gitlab MCP)"
    [[ "$CLOUDFLARE_OKAY" != "false" ]] && echo "  ✓ CLOUDFLARE_API_TOKEN available" || echo "  ✗ CLOUDFLARE_API_TOKEN missing (needed for cloudflare MCP)"
    [[ "$ACCOUNT_OKAY" != "false" ]] && echo "  ✓ CLOUDFLARE_ACCOUNT_ID available" || echo "  ✗ CLOUDFLARE_ACCOUNT_ID missing (needed for cloudflare MCP)"
    
    echo ""
    log_success "Quick test complete!"
    
elif [[ "$WORKFLOW_MODE" == "full" ]]; then
    log_info "====== PHASE 2: Full Integration Test ======"
    
    # ========================================================================
    # Test 1: Git Operations
    # ========================================================================
    echo ""
    log_info "Test 1: Git operations (local)"
    
    if [[ -d "$SCRIPT_DIR/.git" ]]; then
        log_success "Git repository detected"
        cd "$SCRIPT_DIR"
        BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
        COMMITS=$(git log --oneline -n 3 2>/dev/null || echo "none")
        log_success "Current branch: $BRANCH"
        log_success "Recent commits: (see below)"
        echo "$COMMITS" | sed 's/^/  /'
    else
        log_warning "Not a git repository (use 'git init' if needed)"
    fi
    
    # ========================================================================
    # Test 2: Filesystem Operations
    # ========================================================================
    echo ""
    log_info "Test 2: Filesystem operations (local)"
    
    FILES_FOUND=$(find "$SCRIPT_DIR" -maxdepth 2 -type f -name "*.tf" | wc -l)
    log_success "Found $FILES_FOUND Terraform files"
    
    if [[ -f "$SCRIPT_DIR/terraform/main.tf" ]]; then
        log_success "main.tf exists"
        RESOURCE_COUNT=$(grep -c "^resource " "$SCRIPT_DIR/terraform/main.tf" || echo "0")
        log_success "Contains $RESOURCE_COUNT resources"
    fi
    
    # ========================================================================
    # Test 3: GitHub Integration (if token available)
    # ========================================================================
    echo ""
    log_info "Test 3: GitHub integration"
    
    if [[ "$GITHUB_OKAY" != "false" ]] && command -v gh &> /dev/null; then
        log_success "GitHub CLI available with token"
        if gh auth status > /dev/null 2>&1; then
            USER=$(gh api user.login 2>/dev/null || echo "unknown")
            log_success "Authenticated as: $USER"
        else
            log_warning "GitHub token validation failed"
        fi
    else
        log_warning "GitHub token not available (optional for local work)"
    fi
    
    # ========================================================================
    # Test 4: GitLab Integration (if token available)
    # ========================================================================
    echo ""
    log_info "Test 4: GitLab integration"
    
    if [[ "$GITLAB_OKAY" != "false" ]]; then
        GITLAB_URL="${GITLAB_URL:-https://gitlab.com}"
        log_success "GITLAB_TOKEN available"
        log_success "GITLAB_URL: $GITLAB_URL"
        
        # Test with curl
        if command -v curl &> /dev/null; then
            GITLAB_RESPONSE=$(curl -s -H "PRIVATE-TOKEN: $GITLAB_TOKEN" "$GITLAB_URL/api/v4/user" 2>/dev/null | jq '.name' 2>/dev/null || echo "error")
            if [[ "$GITLAB_RESPONSE" != "error" ]]; then
                log_success "GitLab API connection successful"
            else
                log_warning "GitLab API returned an error (check token/URL)"
            fi
        fi
    else
        log_warning "GITLAB_TOKEN not available (needed for gitlab MCP)"
        echo "  To enable: export GITLAB_TOKEN='glpat_...'"
    fi
    
    # ========================================================================
    # Test 5: Cloudflare Integration (if token available)
    # ========================================================================
    echo ""
    log_info "Test 5: Cloudflare API integration"
    
    if [[ "$CLOUDFLARE_OKAY" != "false" ]] && [[ "$ACCOUNT_OKAY" != "false" ]]; then
        log_success "CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID available"
        
        # Test with curl
        if command -v curl &> /dev/null; then
            CF_RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID" \
                -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" 2>/dev/null | jq '.success' 2>/dev/null || echo "false")
            
            if [[ "$CF_RESPONSE" == "true" ]]; then
                log_success "Cloudflare API connection successful"
                
                # Get zones count
                ZONES=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones" \
                    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" 2>/dev/null | jq '.result | length' 2>/dev/null || echo "0")
                log_success "Account has $ZONES zone(s)"
            else
                log_warning "Cloudflare API authentication failed (check token)"
            fi
        fi
    else
        log_warning "CLOUDFLARE_API_TOKEN or CLOUDFLARE_ACCOUNT_ID not available"
        echo "  To enable: export CLOUDFLARE_API_TOKEN='...'"
        echo "  To enable: export CLOUDFLARE_ACCOUNT_ID='...'"
    fi
    
    # ========================================================================
    # Test 6: Compliance Files
    # ========================================================================
    echo ""
    log_info "Test 6: Compliance and documentation files"
    
    COMPLIANCE_FILES=(
        "cloudflare_dns_manifest.md"
        "cloudflare_waf_baseline.md"
        "zero_trust_architecture.md"
        "WEB-INFRA-SECURITY-PATTERNS.md"
        "TUNNEL-HARDENING.md"
    )
    
    for file in "${COMPLIANCE_FILES[@]}"; do
        if [[ -f "$SCRIPT_DIR/$file" ]]; then
            LINES=$(wc -l < "$SCRIPT_DIR/$file")
            log_success "$file ($LINES lines)"
        else
            log_warning "$file not found"
        fi
    done
    
    # ========================================================================
    # Test 7: Playbooks
    # ========================================================================
    echo ""
    log_info "Test 7: Incident Response Playbooks"
    
    if [[ -d "$SCRIPT_DIR/playbooks" ]]; then
        PLAYBOOK_COUNT=$(find "$SCRIPT_DIR/playbooks" -type f -name "*.md" | wc -l)
        log_success "Found $PLAYBOOK_COUNT playbooks"
        find "$SCRIPT_DIR/playbooks" -type f -name "*.md" -exec basename {} \; | sed 's/^/  - /'
    else
        log_warning "playbooks/ directory not found"
    fi
    
    log_success "Full test complete!"
    
else
    log_error "Unknown mode: $WORKFLOW_MODE"
    echo "Usage: $0 [quick|full]"
    exit 1
fi

# ============================================================================
# FINAL SUMMARY
# ============================================================================
echo ""
log_info "====== Test Summary ======"
echo ""
echo "Quick Reference:"
echo "  Start OpenCode:        opencode"
echo "  Initialize:            /init"
echo "  List MCPs:             /mcp list"
echo "  Start agent:           /agent cloudflare-ops"
echo "  Read config:           cat opencode.jsonc"
echo ""
echo "Next Steps:"
echo "  1. Export required tokens to environment"
echo "  2. Run: opencode /init"
echo "  3. Run: /mcp list (verify MCPs load)"
echo "  4. Run: /agent cloudflare-ops"
echo "  5. Test: 'Query the latest infrastructure changes in GitLab'"
echo ""
log_success "All checks passed!"