Add repo setup instructions

[hanzjk]

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc.

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter �N/A� plus brief explanation of why there�s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type �Sent� when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type �N/A� and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• Documentation

  • Expanded Agent Manager Service README with detailed setup instructions, configuration tables, and Make command reference.
  • Added comprehensive LOCAL-SETUP.md guide for full platform local development with Kubernetes and Docker Compose workflows.
  • Updated Console README with runtime configuration setup and troubleshooting guidance.
  • Enhanced Traces Observer Service documentation with expanded API reference and development tooling instructions.

• Tests

  • Added comprehensive test coverage for agent creation with secret references and sensitive environment variables.
  • Added test coverage for agent deployment with environment variable handling.
  • Added test suite for Git secret management operations (create, list, delete).

[coderabbitai]

Warning

Rate limit exceeded

@hanzjk has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 18 minutes and 55 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 18 minutes and 55 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e96334d7-4646-437a-a8bd-9bf7fc75997b

📥 Commits

Reviewing files that changed from the base of the PR and between be300ec and 2c7a85d.

📒 Files selected for processing (7)

• agent-manager-service/.env.example
• agent-manager-service/README.md
• agent-manager-service/tests/deploy_agent_with_secrets_test.go
• agent-manager-service/tests/git_secret_test.go
• console/README.md
• deployments/LOCAL-SETUP.md
• traces-observer-service/README.MD

📝 Walkthrough

Walkthrough

This PR adds comprehensive test coverage for secret handling in agent creation and deployment, introduces a new local development setup guide, and updates documentation across the Agent Manager Service, Console, and Traces Observer Service to clarify configuration workflows and development procedures. A single environment variable was removed from the Agent Manager configuration template.

Changes

Cohort / File(s)	Summary
Agent Manager Configuration agent-manager-service/.env.example	Removed KUBECONFIG environment variable entry from Kubernetes configuration section.
Agent Manager Service Documentation agent-manager-service/README.md	Updated service description, folder structure, prerequisites, and development workflow; added .env.example configuration tables, explicit Docker/migration commands, Docker Compose section, and expanded Make command reference.
Agent Manager Service Test Suite agent-manager-service/tests/create_agent_with_secrets_test.go, agent-manager-service/tests/deploy_agent_with_secrets_test.go, agent-manager-service/tests/git_secret_test.go	Added three comprehensive test files covering agent creation with secret references, deployment with sensitive environment variables, and Git secret management API endpoints (create/list/delete with positive and negative test cases).
Console Documentation console/README.md	Revised setup workflow from build/watch-first to config-driven approach; updated runtime configuration object from window.APP_CONFIG to window.__RUNTIME_CONFIG__ with service connectivity settings; expanded commands list and added troubleshooting section.
Local Development Guide deployments/LOCAL-SETUP.md	Added comprehensive local setup documentation detailing full platform and core-services-only deployment paths, Kubernetes configuration, verification commands, daily dev operations, and operational troubleshooting.
Traces Observer Service Documentation traces-observer-service/README.MD	Updated service description, added folder structure and prerequisites; expanded local development workflow with .env setup, Docker and Make-driven command sections, structured API reference tables, and mock trace generation documentation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Tests bloom in secret gardens fair,
Deployments dance with config care,
Local setup guides the way,
Docs renewed, we code and play! 🌟

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description contains only the template structure with no substantive content in any section, leaving all required details (Purpose, Goals, Approach, etc.) unfilled.	Fill in the PR description template with concrete details: explain the purpose and goals (repo setup documentation + secrets testing), summarize the approach, list affected user stories, include automation test coverage details, and confirm security checks.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title 'Add repo setup instructions' is a general description that aligns with the addition of LOCAL-SETUP.md and README updates, but does not capture the full scope of changes including new test files for secrets management.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

deployments/LOCAL-SETUP.md (1)

19-20: Nit: add a language hint to fenced code blocks.

markdownlint flags the ASCII-art architecture block (and a couple of others around Lines 14, 20, 112) as MD040. Tagging them as text silences the lint without changing rendering.

🧹 Proposed fix

-```
+```text
 ┌──────────────────────────────────────────────────────────────┐
 │  Docker Compose (deployments/docker-compose.yml)             │

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@deployments/LOCAL-SETUP.md` around lines 19 - 20, The ASCII-art fenced code
blocks (e.g., the large architecture block starting with "┌─────────────────"
and the other blocks flagged around lines 14, 20, 112) lack a language hint and
trigger markdownlint MD040; update each such triple-backtick fence to include a
language hint of "text" (i.e., replace ``` with ```text) so the blocks are
treated as plain text and the linter warning is silenced while rendering stays
identical.

agent-manager-service/tests/create_agent_with_secrets_test.go (1)

260-278: Consider asserting each sensitive key individually.

The current loop sets foundSecretRef = true if either DB_PASSWORD or API_SECRET_KEY is seen. If a regression causes one of the two sensitive entries to be dropped or emitted as plain value, the test still passes. Tracking both independently makes the guarantee stronger.

🧪 Suggested tightening

-    foundPlain := false
-    foundSecretRef := false
+    foundPlain := false
+    sensitiveSeen := map[string]bool{"DB_PASSWORD": false, "API_SECRET_KEY": false}
     for _, env := range createCall.Req.Configurations.Env {
         if env.Key == "DB_HOST" {
             foundPlain = true
             require.Equal(t, "localhost", env.Value)
             require.Nil(t, env.ValueFrom)
         }
-        if env.Key == "DB_PASSWORD" || env.Key == "API_SECRET_KEY" {
-            foundSecretRef = true
+        if _, ok := sensitiveSeen[env.Key]; ok {
+            sensitiveSeen[env.Key] = true
             require.NotNil(t, env.ValueFrom)
             require.NotNil(t, env.ValueFrom.SecretKeyRef)
             require.Equal(t, env.Key, env.ValueFrom.SecretKeyRef.Key)
         }
     }
     require.True(t, foundPlain, "Should have found plain env var DB_HOST")
-    require.True(t, foundSecretRef, "Should have found secret ref env vars")
+    for k, seen := range sensitiveSeen {
+        require.True(t, seen, "Expected sensitive env %s to be forwarded as secretKeyRef", k)
+    }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@agent-manager-service/tests/create_agent_with_secrets_test.go` around lines
260 - 278, The test currently uses a single boolean foundSecretRef to track both
DB_PASSWORD and API_SECRET_KEY which can mask missing entries; update the loop
over createCall.Req.Configurations.Env to track and assert each sensitive key
separately (e.g., use foundDBPassword and foundAPISecretKey) by checking env.Key
== "DB_PASSWORD" and env.Key == "API_SECRET_KEY" independently, validating for
each that env.ValueFrom and env.ValueFrom.SecretKeyRef are not nil and that
env.ValueFrom.SecretKeyRef.Key equals env.Key, and then require.True for both
flags instead of a single foundSecretRef; keep the existing DB_HOST plain-value
assertions as-is.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@agent-manager-service/README.md`:
- Around line 54-57: The README shows an incorrect cd path after cloning: the
repo is cloned as "agent-manager" but the docs use "cd
ai-agent-manager/agent-manager-service"; update the README to use the correct
path (e.g., replace the line "cd ai-agent-manager/agent-manager-service" with
"cd agent-manager/agent-manager-service") or alternatively update the git clone
command to clone into "ai-agent-manager" (e.g., "git clone <repo>
ai-agent-manager") so the subsequent cd works; edit the README.md entry
containing "git clone" and "cd ai-agent-manager/agent-manager-service"
accordingly.
- Around line 179-189: The README's manual migration command currently omits the
server flag so running `go run . -migrate` will start the HTTP server (main.go's
serverFlag defaults to true); update the docs to match the Make target by adding
`-server=false` to the example (e.g., `ENV_FILE_PATH=.env go run . -migrate
-server=false`) or, alternatively, change the default in main.go (serverFlag) to
false so invoking `-migrate` alone does not start the server—pick one approach
and update README and/or main.go accordingly.

In `@agent-manager-service/tests/deploy_agent_with_secrets_test.go`:
- Around line 162-200: The test currently doesn't exercise the 404 branch
because ComponentExistsFunc always returns true and DeployFunc returns a generic
error; update the mock so the 404 path is deterministic: modify
ComponentExistsFunc used in this test (in the subtest "Deploying agent that does
not exist should return 404") to return false when agentName ==
"nonexistent-agent-xyz" (or alternatively have DeployFunc return
utils.ErrNotFound when componentName == "nonexistent-agent-xyz"), then tighten
the assertion to require exactly http.StatusNotFound (rr.Code ==
http.StatusNotFound) so the test reliably verifies the 404 semantics; reference
the ComponentExistsFunc and DeployFunc mocks and the rr.Code assertion in the
subtest to locate the changes.

In `@traces-observer-service/README.MD`:
- Line 41: The README currently lists "Go: Version 1.20 or later" which
conflicts with the module requirement; update the README.MD entry to match
go.mod by changing the Go version requirement text from "1.20" to "1.25.0" (or
"1.25.0 or later") so it aligns with the service's go.mod Go directive and the
platform docs; locate the version string in README.MD and replace it
accordingly, verifying consistency with go.mod's "go 1.25" directive.

---

Nitpick comments:
In `@agent-manager-service/tests/create_agent_with_secrets_test.go`:
- Around line 260-278: The test currently uses a single boolean foundSecretRef
to track both DB_PASSWORD and API_SECRET_KEY which can mask missing entries;
update the loop over createCall.Req.Configurations.Env to track and assert each
sensitive key separately (e.g., use foundDBPassword and foundAPISecretKey) by
checking env.Key == "DB_PASSWORD" and env.Key == "API_SECRET_KEY" independently,
validating for each that env.ValueFrom and env.ValueFrom.SecretKeyRef are not
nil and that env.ValueFrom.SecretKeyRef.Key equals env.Key, and then
require.True for both flags instead of a single foundSecretRef; keep the
existing DB_HOST plain-value assertions as-is.

In `@deployments/LOCAL-SETUP.md`:
- Around line 19-20: The ASCII-art fenced code blocks (e.g., the large
architecture block starting with "┌─────────────────" and the other blocks
flagged around lines 14, 20, 112) lack a language hint and trigger markdownlint
MD040; update each such triple-backtick fence to include a language hint of
"text" (i.e., replace ``` with ```text) so the blocks are treated as plain text
and the linter warning is silenced while rendering stays identical.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3e29f998-d04e-47fb-ae6c-4418940b42c8

📥 Commits

Reviewing files that changed from the base of the PR and between 0d4c59f and be300ec.

📒 Files selected for processing (8)

• agent-manager-service/.env.example
• agent-manager-service/README.md
• agent-manager-service/tests/create_agent_with_secrets_test.go
• agent-manager-service/tests/deploy_agent_with_secrets_test.go
• agent-manager-service/tests/git_secret_test.go
• console/README.md
• deployments/LOCAL-SETUP.md
• traces-observer-service/README.MD

💤 Files with no reviewable changes (1)

• agent-manager-service/.env.example