feat(product): T5 — E2E smoke test (health, auth, CRUD through gateway)

[devin-ai-integration]

Summary

Adds an end-to-end smoke test validating the Product microservice through the API gateway with JWT authentication.

src/Services/Product/tests/smoke-test.sh — bash script that:

• Generates a valid HS256 JWT using openssl dgst with the shared dev secret
• Waits for services via wait_for_service retry loop (polls /healthz, 1s backoff, 30 retries) before running assertions
• Guards dependent tests: empty CATEGORY_ID skips product creation (Test 5), empty PRODUCT_ID skips get-by-id (Test 7) — prevents cascading false-passes
• Runs 8 assertions covering:
  • GET /healthz direct → 200 (public health check)
  • GET /api/product direct without token → 401
  • GET /api/products via gateway without token → 401
  • POST /api/products/categories via gateway with JWT → 201 (create category)
  • POST /api/products via gateway with JWT → 201 (create product referencing category)
  • GET /api/products via gateway with JWT → 200 + body contains created product
  • GET /api/products/{id} via gateway with JWT → 200

src/Services/Product/tests/docker-compose.test.yml — minimal compose stack (postgres:16-alpine, product-service, api-gateway) for isolated test runs.

All 8 assertions pass. No source files in Product.API/, Product.Domain/, Product.Infrastructure/, or ApiGateway/ were modified.

Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/bc5a9156cad244339c8ad8d1601e6dc2
Requested by: @mbatchelor81

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring