go-core E2E: cover agyn expose list/remove lifecycle (add→list→dial→remove→list/unreachable)

[rowan-stein]

User request

Add E2E tests in agynio/e2e to cover all agyn expose methods (list/remove/etc), not just add.

Specification

Architecture reference:

• architecture/product/port-exposure/port-exposure.md
• architecture/architecture/expose-service.md

Goal

Validate the full port exposure lifecycle via the agyn CLI running inside an agent workload:

• agyn expose list reflects current exposures,
• agyn expose add <port> creates an exposure and returns a usable URL,
• agyn expose remove <port> removes the exposure,
• after removal the exposure disappears from list and becomes unreachable.

Proposed test (recommended single lifecycle test)

Add a new go-core E2E test under //go:build e2e && svc_agents_orchestrator:

Name: TestAgentExposeLifecycle_ListAddRemove

Steps + assertions

1. Baseline: exec agyn --output json expose list in the agent container → assert JSON array length == 0.
2. Start an HTTP server inside the agent container on exposePort (e.g. 3000) serving a unique body at /index.html; verify locally via wget http://127.0.0.1:<port>/index.html.
3. Exec agyn --output json expose add <port>; assert:
   • id non-empty
   • port matches
   • url == http://exposed-<id>.ziti:<port>
   • status == active
4. Poll (≤30s): agyn --output json expose list until it contains the exposure (match by id) and shows it active.
5. Reachability: create a temporary Ziti identity via ziti-management CreateAppIdentity, then use openziti/sdk-golang HTTP client to GET http://exposed-<id>:<port>/index.html (host is service name without .ziti). Poll (≤90s) until 200 and body matches.
6. Exec agyn expose remove <port>; assert exit code 0.
7. Poll (≤60s): agyn --output json expose list until empty.
8. Poll (≤90s): reachability should now fail (request error or non-200). Ensure requests don’t reuse keep-alive (req.Close = true).

Cleanup (best effort, always):

• agyn expose remove <port> (in case test fails mid-way)
• delete the temporary Ziti identity via ziti-management DeleteIdentity

Optional edge cases (only if cheap)

• agyn expose remove <port> when nothing is exposed → non-zero exit.
• duplicate agyn expose add <port> → non-zero exit and list still only contains one exposure.

Tagging

Keep svc_agents_orchestrator (required to create agent/thread/workload). Optionally also tag svc_expose if we want to allow selecting these tests explicitly.

Acceptance criteria

• The new E2E test reliably passes on CI.
• It validates list/add/remove behavior + reachability/unreachability end-to-end.