feat(e2e): gateway E2E test infrastructure

[gilbertsahumada]

Summary

End-to-end testing infrastructure that deploys the full ChaosChain stack (Anvil + PostgreSQL + Gateway) via Docker Compose and runs real workflow submissions against actual smart contracts.

For detailed documentation on running tests, environment setup, test accounts, and endpoint coverage, see packages/gateway/test/e2e/README.md.

What's included

• Dockerized E2E environment: Anvil local blockchain, PostgreSQL, Gateway with real EthersChainAdapter and mock Arweave
• Setup script (e2e/setup.ts): deploys all contracts, creates a studio, registers 5 agents (3 workers + 2 verifiers)
• 37 gateway E2E tests across 4 test files covering:
  • Work submission (single-agent and multi-agent with DKG evidence)
  • Score submission (direct mode + commit-reveal mode with Anvil time manipulation)
  • Input validation and error handling
  • On-chain state verification
  • Public API endpoints (work, evidence, studio, reputation, history)
  • Admin API (key lifecycle, seed-demo)
• Admin signer for registerWork/registerValidator — resolves Question: Gateway workflow design vs contract access control (E2E finding) #26

Bug fixes

• Workflow engine initial step: WorkflowEngine.createWorkflow() always overwrote record.step with definition.initialStep, ignoring the per-workflow step set by createScoreSubmissionWorkflow(). This prevented commit-reveal mode from working. Fix: record.step = record.step || definition.initialStep
• RegisterValidatorStep precondition: accepted score_confirmed (direct mode) in addition to reveal_confirmed (commit-reveal mode)
• Docker timing: docker compose up -d replaced with --wait to prevent setup race conditions

Scope

In scope (tested):

• All workflow endpoints: work-submission, score-submission (both modes)
• All public API read endpoints: work, evidence, studio/work, agent/reputation, agent/history, health
• Admin API: key CRUD lifecycle, seed-demo
• On-chain verification (getWorkSubmitter, getScoreVectorsForWorker)
• Commit-reveal with time window manipulation (anvil_impersonateAccount + evm_increaseTime)

Out of scope:

• API key gating on write endpoints (CHAOSCHAIN_API_KEYS intentionally not set)
• Rate limiting burst tests
• Close-epoch in main suite (OOM — works standalone, see README)
• SDK E2E tests (SDK still on threadRoot/evidenceRoot format)

Observations for future consideration:

• API key roles (verifier/agent/internal) are stored but not enforced
• Rate limiting is per-IP only, not per-key
• POST /admin/seed-demo has no unit tests (covered by E2E only)
• In-memory key cache means multi-instance deployments won't sync revocations until restart

E2E Results

Suite	Tests	Passed	Skipped
e2e.test.ts	11	11	0
public-api.test.ts	15	15	0
admin-api.test.ts	11	11	0
close-epoch.test.ts	1	0	1
Total	38	37	1

Unit tests: 366 passed, 13 skipped — 54.44% stmts, 72.72% branches, 80.76% functions

Test Plan

cd packages/gateway
yarn e2e:down && yarn e2e:up && yarn e2e:setup && yarn test:e2e
yarn test --coverage

[SumeetChougule]

What works well
Single E2E environment: one Docker stack + e2e/setup.ts + addresses.json used by both gateway and Python SDK tests.
Admin signer for registerWork / registerValidator (fixes #26) is implemented correctly; agents still sign their own work/score txs.
Direct-mode precondition fix (reveal_confirmed vs score_confirmed) for RegisterValidatorStep is correct.
Coverage is clear: 8 gateway (vitest) + 9 Python SDK (pytest) tests, with e2e/README.md explaining what’s in and out of scope.