Temp

scripts/az_e2e_test.ps1

@@ -0,0 +1,88 @@
+# 0) Set your values
+$RG      = "keon-rg"
+$APP     = "keon-mcp-gateway"
+$AUTHURL = "https://keon-auth.fly.dev/auth/token"
+
+# 1) Confirm the app exists and capture core status
+az containerapp show -g $RG -n $APP -o jsonc
+
+# 2) Quick health of ingress + FQDN + target port + active revisions mode
+az containerapp show -g $RG -n $APP --query "{fqdn:properties.configuration.ingress.fqdn,external:properties.configuration.ingress.external,targetPort:properties.configuration.ingress.targetPort,transport:properties.configuration.ingress.transport,activeRevisionsMode:properties.configuration.activeRevisionsMode}" -o jsonc
+
+# 3) List revisions and health/provisioning/running state
+az containerapp revision list -g $RG -n $APP --query "[].{name:name,active:properties.active,replicas:properties.runningState,health:properties.healthState,created:properties.createdTime,trafficWeight:properties.trafficWeight}" -o table
+
+# 4) Show active revision details
+# Use JSON parsing in PowerShell to avoid shell/JMESPath quoting issues on Windows.
+$revisionsJson = az containerapp revision list -g $RG -n $APP -o json
+$revisions = $revisionsJson | ConvertFrom-Json
+
+$activeRev = $revisions | Where-Object { $_.properties.active -eq $true } | Select-Object -First 1
+if ($activeRev) {
+  $REV = $activeRev.name
+} else {
+  $weightedRev = $revisions |
+    Sort-Object { [double]($_.properties.trafficWeight) } -Descending |
+    Select-Object -First 1
+  $REV = $weightedRev.name
+}
+
+if (-not $REV) {
+  Write-Error "No active revision found for $APP."
+  exit 1
+}
+az containerapp revision show -g $RG -n $APP --revision $REV -o jsonc
+
+# 5) Stream app logs (Ctrl+C after ~30-60s)
+az containerapp logs show -g $RG -n $APP --follow
+
+# 6) Tail recent app logs (non-follow)
+az containerapp logs show -g $RG -n $APP --tail 200
+
+# 7) Show system logs (ingress/proxy/platform)
+az containerapp logs show -g $RG -n $APP --type system --tail 200
+
+# 8) Inspect effective env var names in template (values are secretRefs/plain)
+az containerapp show -g $RG -n $APP --query "properties.template.containers[0].env" -o jsonc
+
+# 9) List configured secret names (not values)
+az containerapp secret list -g $RG -n $APP -o table
+
+# 10) Validate ingress endpoint from your machine
+$FQDN = az containerapp show -g $RG -n $APP --query "properties.configuration.ingress.fqdn" -o tsv
+curl.exe -i "https://$FQDN/health"
+
+# 11) Mint fresh gateway-compatible JWT from keon-auth
+$tokenBody = @{
+  sub       = "qa-user"
+  aud       = "keon-mcp-gateway"
+  tenant_id = "tenant-default"
+  actor_id  = "service-user"
+  scope     = "mcp.invoke"
+} | ConvertTo-Json -Compress
+
+$tokenResponse = curl.exe -sS -X POST $AUTHURL -H "Content-Type: application/json" --data-raw $tokenBody
+$token = ($tokenResponse | ConvertFrom-Json).access_token
+
+if (-not $token) {
+  Write-Error "Failed to mint access token from $AUTHURL"
+  Write-Host $tokenResponse
+  exit 1
+}
+
+# 12) Invoke gateway with ToolsInvokeRequest payload
+$invokeBody = @{
+  tenant_id       = "tenant-default"
+  actor_id        = "service-user"
+  correlation_id  = [guid]::NewGuid().ToString()
+  idempotency_key = [guid]::NewGuid().ToString()
+  tool            = "filesystem.read_text_file"
+  arguments       = @{
+    path = "/tmp/example.txt"
+  }
+} | ConvertTo-Json -Depth 10 -Compress
+
+curl.exe -i -X POST "https://$FQDN/mcp/tools/invoke" `
+  -H "Authorization: Bearer $token" `
+  -H "Content-Type: application/json" `
+  --data-raw $invokeBody

scripts/test_gateway_invoke_matrix.ps1

@@ -0,0 +1,66 @@
+$ErrorActionPreference = 'Stop'
+
+$RG = "keon-rg"
+$APP = "keon-mcp-gateway"
+$AUTHURL = "https://keon-auth.fly.dev/auth/token"
+
+# Mint gateway-compatible token
+$tokenBody = @{
+  sub       = "qa-user"
+  aud       = "keon-mcp-gateway"
+  tenant_id = "tenant-default"
+  actor_id  = "service-user"
+  scope     = "mcp.invoke"
+} | ConvertTo-Json -Compress
+
+$tokenResponse = Invoke-RestMethod -Method POST -Uri $AUTHURL -ContentType "application/json" -Body $tokenBody
+$token = $tokenResponse.access_token
+
+if (-not $token) {
+  Write-Output "TOKEN_FAIL"
+  $tokenResponse | ConvertTo-Json -Depth 10
+  exit 1
+}
+
+$fqdn = az containerapp show -g $RG -n $APP --query "properties.configuration.ingress.fqdn" -o tsv
+if (-not $fqdn) {
+  Write-Output "FQDN_FAIL"
+  exit 1
+}
+
+$invokeUrl = "https://$fqdn/mcp/tools/invoke"
+
+$validBody = @{
+  tenant_id       = "tenant-default"
+  actor_id        = "service-user"
+  correlation_id  = [guid]::NewGuid().ToString()
+  idempotency_key = [guid]::NewGuid().ToString()
+  tool            = "filesystem.read_text_file"
+  arguments       = @{
+    path = "/tmp/example.txt"
+  }
+} | ConvertTo-Json -Depth 10 -Compress
+
+$malformedBody = @{
+  tenant_id = "tenant-default"
+  actor_id  = "service-user"
+  tool      = "filesystem.read_text_file"
+  arguments = "not-an-object"
+} | ConvertTo-Json -Compress
+
+Write-Output "CASE=VALID"
+curl.exe -i -sS -X POST $invokeUrl `
+  -H "Authorization: Bearer $token" `
+  -H "Content-Type: application/json" `
+  --data-raw $validBody
+
+Write-Output "CASE=MISSING_TOKEN"
+curl.exe -i -sS -X POST $invokeUrl `
+  -H "Content-Type: application/json" `
+  --data-raw $validBody
+
+Write-Output "CASE=MALFORMED_PAYLOAD"
+curl.exe -i -sS -X POST $invokeUrl `
+  -H "Authorization: Bearer $token" `
+  -H "Content-Type: application/json" `
+  --data-raw $malformedBody