Three Python-stdlib-only smoke scripts (no pip install required in CI;
the runner image ships Python 3 + ssl/socket/json/base64/time):
* allinone_smoke.py — boots rutster-allinone with RUTSTER_LOCAL_CERTS=true
(Caddy internal CA, no ACME per spec §9), extracts the root cert from
/data, opens wss:// WS to /twilio/media-stream, sends Twilio's
connected+start handshake (the same JSON sequence the in-tree
ws_ping.rs/nodelay.rs tests use), streams 200 PCM frames at 20ms cadence,
asserts the engine echoes/replies at least one text frame. Reuses the
T8 stub's handshake pattern (crates/rutster/tests/trunk_sim_e2e.rs TODO
body) against a real containerized binary rather than an in-process
MockTwilioMediaStreamsServer.
* compose_smoke.sh — T2 four-service boots + health checks via Caddy TLS.
The # TODO slice-C: assert lifecycle event in Valkey stream named hook
documents the contract slice C will assert; the valkey service is dark
on day one (no consumers) so the stream length is always 0 today.
* reload_during_call.py — holds a live WS streaming frames at 20ms while a
concurrent `caddy reload` fires mid-call; asserts zero frames dropped
+ WS survives across the reload. Regresses the stream_close_delay 24h
mitigation against caddy #6420/#7222 (TLS brief §5 risk 1; spec §9
reload-during-call smoke).
WS frame encode/decode is hand-rolled (RFC 6455 §5 — ten lines on top of
socket+ssl) so the smoke needs no websocket-client/websockets pip
dependency + no network round-trip in CI.
Signed-off-by: Aaron D. Lee <himself@adlee.work>