From 764d3e67fc783c487f42d398d1b85a5a1f0d8ef0 Mon Sep 17 00:00:00 2001
From: James O'Doherty <james@theodohertyfamily.com>
Date: Fri, 22 May 2026 10:05:38 -0400
Subject: feat: implement rootless network isolation bootstrap and C launcher

---
 tests/e2e/e2e_test.go | 40 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 5 deletions(-)

(limited to 'tests/e2e')

diff --git a/tests/e2e/e2e_test.go b/tests/e2e/e2e_test.go
index 888aeb6..4339a8b 100644
--- a/tests/e2e/e2e_test.go
+++ b/tests/e2e/e2e_test.go
@@ -1,25 +1,55 @@
 package e2e
 
 import (
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
 	"testing"
 )
 
 func TestDataPlaneConnectivity(t *testing.T) {
-	// Test full data path: start virtual peer -> run wg-wrap -> curl peer internal IP -> verify HTTP 200.
 	t.Skip("not implemented")
 }
 
 func TestNetworkIsolation(t *testing.T) {
-	// Test that host cannot reach peer internal IP, but wrapped process can.
-	t.Skip("not implemented")
+	// 1. Determine project root
+	cwd, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("Failed to get cwd: %v", err)
+	}
+	root := filepath.Join(cwd, "..", "..")
+	
+	// 2. Build the project to ensure we have a fresh binary
+	buildCmd := exec.Command("bash", "-c", fmt.Sprintf(
+		"cd %s && gcc -static -O2 internal/namespace/launcher_src/launcher.c -o internal/namespace/launcher.bin && export CGO_ENABLED=1 && go build -o wg-wrap cmd/wg-wrap/main.go", 
+		root))
+	if err := buildCmd.Run(); err != nil {
+		t.Fatalf("Failed to build project for E2E test: %v", err)
+	}
+
+	// 3. Run the test-ns command using the binary in the root
+	binaryPath := filepath.Join(root, "wg-wrap")
+	cmd := exec.Command(binaryPath, "test-ns")
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		t.Fatalf("wg-wrap test-ns failed: %v\nOutput: %s", err, string(out))
+	}
+
+	// 4. Verify the success message
+	if !strings.Contains(string(out), "Isolation Verified: OK") {
+		t.Errorf("Expected 'Isolation Verified: OK', got: %q", string(out))
+	}
+
+	// Cleanup
+	os.Remove(binaryPath)
 }
 
 func TestDNSLeakage(t *testing.T) {
-	// Test that DNS queries are routed through the VPN and not the host's resolver.
 	t.Skip("not implemented")
 }
 
 func TestMTUFragmentation(t *testing.T) {
-	// Test that packets of size ~1400 are transmitted without fragmentation errors.
 	t.Skip("not implemented")
 }
-- 
cgit v1.2.3