LCORE-2079: added agent skills e2e feature file

[jrobertboos]

Description

Added E2E feature file for agent skills.

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

• Assisted-by: Claude
• Generated by: Claude

Related Tickets & Documents

• Related Issue #
• Closes #

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

• Please provide detailed steps to perform tests related to this code change.
• How were the fix/results from this change verified? Please provide relevant screenshots or results.

Summary by CodeRabbit

• Tests
  • Added comprehensive end-to-end test coverage for agent skills functionality including: startup validation, REST tool behavior, skill discovery, activation, resource loading, path traversal security validation, error handling, context deduplication, and multi-skill scenarios with both query and streaming modes.

[coderabbitai]

Walkthrough

This pull request adds a comprehensive end-to-end Gherkin feature file that defines test scenarios for agent skills functionality. The file covers initialization and configuration validation, REST API skill registration, LLM-based skill discovery and listing, skill activation and resource operations, security boundary checks, error handling for edge cases, and multi-skill scenarios including subdirectory discovery.

Changes

Agent Skills E2E Test Suite

Layer / File(s)	Summary
Setup, configuration validation, and REST API tests/e2e/features/skills.feature	Background initializes the e2e test environment. Startup validation scenarios verify success when valid skills exist and failure cases for missing/invalid skill directories, invalid frontmatter, and duplicate skill names. /tools REST endpoint scenarios confirm skill tools appear when configured and are absent when skills are not configured.
Skill discovery and listing tests/e2e/features/skills.feature	list_skills tool discovery tested via both query and streaming_query modes with token-metrics and content assertions. Multi-skill discovery scenarios verify that list_skills returns all configured skill names. Subdirectory discovery scenarios confirm skills nested under subdirectories are also discovered and listed.
Skill activation and resource loading tests/e2e/features/skills.feature	activate_skill tool invoked via both query and streaming_query, asserting returned skill content and increased token metrics. load_skill_resource tool tested for both query and streaming variants, confirming successful loading of skill resource files including reference file cases.
Security and error handling tests/e2e/features/skills.feature	Path traversal security scenarios for load_skill_resource confirm requests are rejected with HTTP 200 and response content indicating "outside skill directory". Unknown skill error handling for both activate_skill and load_skill_resource returns HTTP 200 with "Unknown skill" content. Missing resource errors return HTTP 200 with "Resource not found". Deduplication scenario confirms activating the same skill twice in the same conversation returns an "already loaded" result.

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding an end-to-end feature file for agent skills testing, which matches the PR's primary objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/e2e/features/skills.feature`:
- Line 7: The feature file contains a hardcoded Authorization header in the step
"And I set the Authorization header to Bearer …"; replace that literal token
with a placeholder backed by an env/fixture (e.g., use a Cucumber parameter or
placeholder like "<AUTH_TOKEN>" or a step that reads process.env.TEST_TOKEN) and
update the test bootstrap/fixture loader to inject a real token at runtime (or
add a dedicated step that loads/sets a token from a fixture or env). Ensure the
step implementation that handles "I set the Authorization header" reads the
placeholder and substitutes the runtime token so no static secrets remain in the
feature text.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 987e5347-9fc7-41ee-afd7-775a3c1cba2d

📥 Commits

Reviewing files that changed from the base of the PR and between f5cafb5 and 5c73738.

📒 Files selected for processing (1)

• tests/e2e/features/skills.feature

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
• GitHub Check: E2E: library mode / ci / group 2
• GitHub Check: E2E: server mode / ci / group 3
• GitHub Check: E2E: server mode / ci / group 2
• GitHub Check: E2E: library mode / ci / group 3
• GitHub Check: E2E: server mode / ci / group 1
• GitHub Check: E2E: library mode / ci / group 1

🧰 Additional context used

📓 Path-based instructions (1)

tests/e2e/**/*.{py,feature}

📄 CodeRabbit inference engine (AGENTS.md)

Use behave (BDD) framework for end-to-end testing with Gherkin feature files

Files:

• tests/e2e/features/skills.feature

🔇 Additional comments (1)

tests/e2e/features/skills.feature (1)

1-6: LGTM!

Also applies to: 8-377

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Remove hardcoded Bearer token from the feature file (Line 7).

Committing an inline token in test specs is a security/compliance risk and makes rotation harder. Use a placeholder/env-backed value (or a dedicated fixture loader step) instead of embedding the token literal.

Suggested change

-      And I set the Authorization header to Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva
+      And I set the Authorization header to Bearer {TEST_AUTH_TOKEN}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/e2e/features/skills.feature` at line 7, The feature file contains a
hardcoded Authorization header in the step "And I set the Authorization header
to Bearer …"; replace that literal token with a placeholder backed by an
env/fixture (e.g., use a Cucumber parameter or placeholder like "<AUTH_TOKEN>"
or a step that reads process.env.TEST_TOKEN) and update the test
bootstrap/fixture loader to inject a real token at runtime (or add a dedicated
step that loads/sets a token from a fixture or env). Ensure the step
implementation that handles "I set the Authorization header" reads the
placeholder and substitutes the runtime token so no static secrets remain in the
feature text.