kitelogik test

Run OPA's built-in unit-test runner against every *_test.rego file in the policies directory. Output streams to your terminal in real time so failures appear as they happen — useful for long test suites.

Synopsis

kitelogik test [--path PATH] [-v]

Flag	Default	Meaning
--path PATH	auto-discover	Path to a policies directory
-v, --verbose	off	Per-test reporting (forwarded to opa test -v)

What it does

1. Resolves the policies directory the same way validate does — --path if given, otherwise walk upward from cwd.
2. Runs opa test <policies_dir>, with -v forwarded if you passed it.
3. Streams stdout/stderr directly — output is not captured, so OPA's progress and any failures appear in your terminal as they occur.
4. Exits with OPA's return code (0 on all-pass, non-zero on failure).

Example

Default (compact) output:

$ kitelogik test
PASS: 47/47

Verbose output (one line per test):

$ kitelogik test -v
data.kitelogik.financial_test.test_allow_small_refund: PASS (1.2ms)
data.kitelogik.financial_test.test_block_large_refund: PASS (0.8ms)
data.kitelogik.security_test.test_block_env_read: PASS (0.4ms)
...
PASS: 47/47

A failure shows the diff and the failing assertion:

$ kitelogik test
data.kitelogik.financial_test.test_allow_under_threshold: FAIL (1.5ms)
  expected: true
  got:      false
FAIL: 46/47

Test file convention

Every _test.rego file under the policies directory is picked up. The convention used by the OSS modules is one _test.rego per policy module, in the same directory:

policies/
├─ financial.rego
├─ financial_test.rego
├─ security.rego
└─ security_test.rego

compliance (kitelogik compliance) reports modules that have no corresponding _test.rego file as a coverage gap — running test first catches the actual behaviour, then compliance catches the missing coverage.

OPA binary or Docker

Same fallback as the rest of the OPA-using commands: tries opa test directly, falls back to running it inside openpolicyagent/opa:latest via Docker. See CLI overview.

When to run it

• Locally, before every commit that touches policies/ — fast enough to be a pre-commit hook.
• In CI, on every PR — catches both behavioural regressions and policy/test drift.
• After validate — validate answers "does this parse?"; test answers "does it behave the way I assert?".

Related

• validate — syntax-only, much faster
• check — dry-run a one-off event without writing a test
• compliance — flags modules with no _test.rego coverage