vijay_admin/sentryagent-idp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0506bc1b8e06803bab977ac2e2565bd5ebdb098c
sentryagent-idp/tests/load
History
SentryAgent.ai Developer 1b682c22b2 feat(phase-4): WS1 — Production Hardening (Redis rate limiting, DB pool, health endpoint, k6) 
Rate limiting:
- Replace in-memory express-rate-limit with ioredis + rate-limiter-flexible (sliding window)
- Graceful fallback to RateLimiterMemory when Redis unreachable
- RATE_LIMIT_WINDOW_MS / RATE_LIMIT_MAX_REQUESTS env var config
- Retry-After header on 429 responses
- agentidp_rate_limit_hits_total Prometheus counter

Database pool:
- Explicit pg.Pool config via DB_POOL_MAX/MIN/IDLE_TIMEOUT_MS/CONNECTION_TIMEOUT_MS
- Defaults: max=20, min=2, idle=30s, conn timeout=5s
- agentidp_db_pool_active_connections + agentidp_db_pool_waiting_requests gauges

Health endpoint:
- GET /health/detailed — per-service status (database, Redis, Vault, OPA)
- healthy / degraded (>1000ms) / unreachable classification
- HTTP 200 (all healthy) / 207 (any degraded) / 503 (any unreachable)

Load tests:
- tests/load/ with k6 scenarios for agent registration (100 VUs), token issuance (1000 VUs), credential rotation (50 VUs)
- npm run load-test script

Tests: 586 passing, zero TypeScript errors

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-02 04:20:37 +00:00
..
agent-registration.js
feat(phase-4): WS1 — Production Hardening (Redis rate limiting, DB pool, health endpoint, k6)
2026-04-02 04:20:37 +00:00
credential-rotation.js
feat(phase-4): WS1 — Production Hardening (Redis rate limiting, DB pool, health endpoint, k6)
2026-04-02 04:20:37 +00:00
README.md
feat(phase-4): WS1 — Production Hardening (Redis rate limiting, DB pool, health endpoint, k6)
2026-04-02 04:20:37 +00:00
token-issuance.js
feat(phase-4): WS1 — Production Hardening (Redis rate limiting, DB pool, health endpoint, k6)
2026-04-02 04:20:37 +00:00

README.md

Load Tests — SentryAgent.ai AgentIdP

Load tests are written for k6 and cover the three most performance-critical API flows.

Prerequisites

Install k6 on your machine (one-time):

# macOS
brew install k6

# Ubuntu / Debian
sudo gpg -k
sudo gpg --no-default-keyring --keyring /usr/share/keyrings/k6-archive-keyring.gpg \
  --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C5AD17C747E3415A3642D57D77C6C491D6AC1D69
echo "deb [signed-by=/usr/share/keyrings/k6-archive-keyring.gpg] https://dl.k6.io/deb stable main" \
  | sudo tee /etc/apt/sources.list.d/k6.list
sudo apt-get update && sudo apt-get install k6

# Windows (Chocolatey)
choco install k6

Environment Variables

Each script reads the following env vars:

Variable Default Description
BASE_URL http://localhost:3000 AgentIdP base URL
CLIENT_ID (required for token test) OAuth2 client_id for token issuance
CLIENT_SECRET (required for token test) OAuth2 client_secret
AGENT_ID (required for rotation test) Agent ID for credential rotation

Export them before running:

export BASE_URL=http://localhost:3000
export CLIENT_ID=your-client-id
export CLIENT_SECRET=your-client-secret
export AGENT_ID=your-agent-id

Running Individual Scenarios

# Agent Registration — 100 VUs, 60s
k6 run tests/load/agent-registration.js

# Token Issuance — 1000 VUs, 60s
k6 run tests/load/token-issuance.js

# Credential Rotation — 50 VUs, 60s
k6 run tests/load/credential-rotation.js

Running All Scenarios (npm script)

npm run load-test

This runs all three scenarios sequentially, matching the same order as the CI pipeline.

Pass / Fail Thresholds

All scenarios enforce these thresholds (tests FAIL if any is breached):

Metric Threshold
p95 response time < 500 ms
HTTP error rate < 1 %

k6 exits with a non-zero status code when any threshold is breached, making it safe to use in CI pipelines.

Results

k6 prints a summary table to stdout on completion. For HTML reports:

k6 run --out json=results.json tests/load/agent-registration.js
k6 report results.json
Reference in New Issue View Git Blame Copy Permalink