Smoke Test Ledger

A quick record of recent end-to-end validations. These are repeatable — the next section runs live checks against the gateway in real time.

2026-02-26 • Local E2E (Primary Lane)

Scripted E2E validation succeeded: E2E OK (sync chat + async job).

Self-Serve Verification

Anyone can run a public health check immediately, and run full E2E if provided a demo API key.

Run It Yourself

This runs against the gateway you choose. For full E2E, you’ll need a Kaixu API key. The key never leaves your browser except as an Authorization header to the gateway.

Default: this site (current origin). Cross-origin browser tests require the gateway’s CORS allowlist.
Fixed for credibility: one known-good path.
If you don’t have a key, run Health. For full E2E, request a demo key from SOL.
Status: Idle

							


							

								
Copy-paste (curl): use your gateway origin and key.

								

							

						

					

				


				

					
What This Proves

					

						

							
Gateway boots + env is present

							

								Health returns build/schema info and confirms DB/env wiring.
							

						

						

							
Billing + governance path executes

							

								`gateway-chat` exercises auth, metering, pricing checks, and lane routing.
							

						

						

							
Async job system is operational

							

								Submits a job, polls status, and fetches the final result.
							

						

						

							
Repeatable, observable evidence

							

								Same inputs, same endpoint paths, same output trail — a credibility artifact.
							

						

					

				


				

					
FAQ

					
Why do I need an API key for E2E?

					

						Full E2E smoke testing includes calling `gateway-chat` and submitting async jobs.
						Those endpoints are intentionally protected by a Kaixu API key.
					


					
What can I run without a key?

					

						The health check is public and shows if the gateway is up and configured.
					


					
Why does another origin sometimes fail in the browser?

					

						The gateway uses strict CORS by default. If you point this page at a different origin, that gateway must include this page’s origin in
						`ALLOWED_ORIGINS` (or explicitly allow all origins) for browser requests to succeed.
					


					
Does this expose secrets?

					

						No secrets are displayed on this page.
						If you paste a demo key, it is only used in your browser to call the gateway.