{ pkgs }:

{
  # Backend integration tests with PostgreSQL and MinIO
  backend-integration = pkgs.testers.nixosTest {
    name = "webref-backend-integration";

    nodes = {
      machine =
        { pkgs, ... }:
        {
          # Import shared service configuration
          imports = [ ./dev-services.nix ];

          # Test-specific packages
          environment.systemPackages = with pkgs; [
            python3
            python3Packages.pytest
            python3Packages.fastapi
            postgresql
            curl
          ];
        };
    };

    testScript = ''
      start_all()

      # Wait for PostgreSQL
      machine.wait_for_unit("postgresql.service")
      machine.wait_for_open_port(5432)

      # Wait for MinIO
      machine.wait_for_unit("minio.service")
      machine.wait_for_open_port(9000)

      # Verify PostgreSQL is working
      machine.succeed("sudo -u postgres psql -c 'SELECT 1;'")

      # Verify MinIO is working
      machine.succeed("curl -f http://localhost:9000/minio/health/live")

      machine.succeed("echo '✅ Backend integration test passed'")
    '';
  };

  # Full stack test with backend + database
  full-stack = pkgs.testers.nixosTest {
    name = "webref-full-stack";

    nodes = {
      machine =
        { pkgs, ... }:
        {
          # Import shared service configuration
          imports = [ ./dev-services.nix ];

          # Test-specific packages
          environment.systemPackages = with pkgs; [
            python3
            curl
            jq
          ];
        };
    };

    testScript = ''
      start_all()

      # Wait for services
      machine.wait_for_unit("postgresql.service")
      machine.wait_for_unit("minio.service")
      machine.wait_for_open_port(5432)
      machine.wait_for_open_port(9000)

      # Test database connectivity
      machine.succeed("sudo -u postgres psql -c 'SELECT version();'")

      # Test MinIO API
      machine.succeed("curl -f http://localhost:9000/minio/health/live")

      machine.succeed("echo '✅ Full stack test passed'")
    '';
  };

  # Performance benchmarks
  performance = pkgs.testers.nixosTest {
    name = "webref-performance";

    nodes = {
      machine =
        { pkgs, ... }:
        {
          # Import shared service configuration
          imports = [ ./dev-services.nix ];

          # Test-specific packages
          environment.systemPackages = with pkgs; [
            python3
          ];
        };
    };

    testScript = ''
      start_all()
      machine.wait_for_unit("postgresql.service")

      machine.succeed("echo '✅ Performance test passed'")
    '';
  };

  # Security tests
  security = pkgs.testers.nixosTest {
    name = "webref-security";

    nodes = {
      machine =
        { pkgs, ... }:
        {
          # Import shared service configuration
          imports = [ ./dev-services.nix ];

          # Create system user for testing
          users.users.webref = {
            isSystemUser = true;
            group = "webref";
          };
          users.groups.webref = { };

          # Test-specific packages
          environment.systemPackages = with pkgs; [
            python3
            nmap
          ];
        };
    };

    testScript = ''
      start_all()
      machine.wait_for_unit("postgresql.service")

      # Wait for PostgreSQL setup scripts to complete (database and user creation)
      import time
      machine.wait_for_unit("postgresql-setup.service", timeout=30)
      time.sleep(2)  # Give it a moment to finalize

      # Verify database role exists
      machine.succeed("sudo -u postgres psql -c '\\du' | grep webref")

      # Verify database is accessible with webref user
      machine.succeed("sudo -u webref psql webref -c 'SELECT 1;'")

      machine.succeed("echo '✅ Security test passed'")
    '';
  };
}