feat: funciones pass para gestión de secretos — get, set, list, delete, generate, sync

Wrappers Bash sobre pass (password-store) para CRUD de secretos, generación
de contraseñas y sincronización con git. Incluye script de test.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

bash/functions/infra/pass_test.sh

@@ -0,0 +1,157 @@
+#!/usr/bin/env bash
+# pass_test.sh — Tests para funciones pass del registry
+# Usa la entrada test/fn_registry_test como sandbox (se limpia al final)
+set -uo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/pass_get.sh"
+source "$SCRIPT_DIR/pass_set.sh"
+source "$SCRIPT_DIR/pass_list.sh"
+source "$SCRIPT_DIR/pass_delete.sh"
+source "$SCRIPT_DIR/pass_generate.sh"
+source "$SCRIPT_DIR/pass_sync.sh"
+
+TEST_ENTRY="test/fn_registry_test"
+PASS=0
+FAIL=0
+
+pass_cleanup() {
+    pass rm -f "$TEST_ENTRY" >/dev/null 2>&1 || true
+}
+
+assert_eq() {
+    local test_name="$1" got="$2" want="$3"
+    if [ "$got" = "$want" ]; then
+        echo "  PASS: $test_name"
+        ((PASS++))
+    else
+        echo "  FAIL: $test_name (got='$got', want='$want')"
+        ((FAIL++))
+    fi
+}
+
+assert_contains() {
+    local test_name="$1" got="$2" want="$3"
+    if echo "$got" | grep -q "$want"; then
+        echo "  PASS: $test_name"
+        ((PASS++))
+    else
+        echo "  FAIL: $test_name (got='$got', want contener '$want')"
+        ((FAIL++))
+    fi
+}
+
+assert_nonzero() {
+    local test_name="$1" got="$2"
+    if [ -n "$got" ]; then
+        echo "  PASS: $test_name"
+        ((PASS++))
+    else
+        echo "  FAIL: $test_name (got vacio)"
+        ((FAIL++))
+    fi
+}
+
+assert_fail() {
+    local test_name="$1"
+    shift
+    set +e
+    "$@" 2>/dev/null
+    local rc=$?
+    set -e
+    if [ "$rc" -eq 0 ]; then
+        echo "  FAIL: $test_name (esperaba fallo pero exitoso)"
+        ((FAIL++))
+    else
+        echo "  PASS: $test_name"
+        ((PASS++))
+    fi
+}
+
+# Pre-check
+if ! command -v pass &>/dev/null; then
+    echo "SKIP: pass no disponible"
+    exit 0
+fi
+
+trap pass_cleanup EXIT
+
+echo "=== pass_get ==="
+
+echo "  test: lee entrada existente (agentes/gitea-url)"
+got=$(pass_get agentes/gitea-url)
+assert_nonzero "lee entrada existente" "$got"
+
+echo "  test: falla con entrada inexistente"
+assert_fail "falla con entrada inexistente" pass_get "no/existe/xyz"
+
+echo ""
+echo "=== pass_set ==="
+
+echo "  test: inserta valor y lo lee de vuelta"
+pass_set "$TEST_ENTRY" "test-value-12345"
+got=$(pass_get "$TEST_ENTRY")
+assert_eq "inserta y lee" "$got" "test-value-12345"
+
+echo "  test: sobreescribe valor existente"
+pass_set "$TEST_ENTRY" "overwritten-value"
+got=$(pass_get "$TEST_ENTRY")
+assert_eq "sobreescribe" "$got" "overwritten-value"
+
+# Limpiar para siguiente test
+pass_cleanup
+
+echo ""
+echo "=== pass_list ==="
+
+echo "  test: lista todas las entradas"
+got=$(pass_list)
+assert_contains "lista todas" "$got" "dataforge-token"
+
+echo "  test: filtra por prefijo agentes"
+got=$(pass_list agentes)
+assert_contains "filtra agentes" "$got" "gitea-url"
+
+echo ""
+echo "=== pass_generate ==="
+
+echo "  test: genera password de 16 chars"
+generated=$(pass_generate "$TEST_ENTRY" 16)
+assert_eq "longitud 16" "${#generated}" "16"
+
+echo "  test: valor almacenado coincide"
+stored=$(pass_get "$TEST_ENTRY")
+assert_eq "stored = generated" "$stored" "$generated"
+
+pass_cleanup
+
+echo "  test: default 24 chars"
+generated=$(pass_generate "$TEST_ENTRY")
+assert_eq "longitud default 24" "${#generated}" "24"
+
+pass_cleanup
+
+echo ""
+echo "=== pass_delete ==="
+
+echo "  test: elimina entrada de test"
+pass_set "$TEST_ENTRY" "to-delete"
+pass_delete "$TEST_ENTRY"
+assert_fail "despues de delete no se puede leer" pass_get "$TEST_ENTRY"
+
+echo "  test: falla con entrada inexistente"
+assert_fail "delete inexistente" pass_delete "no/existe/xyz_delete_test"
+
+echo ""
+echo "=== pass_sync ==="
+
+echo "  test: sincroniza con remoto"
+got=$(pass_sync)
+assert_contains "sync retorna json" "$got" "pull"
+
+echo ""
+echo "================================"
+echo "Resultados: $PASS passed, $FAIL failed"
+if [ "$FAIL" -gt 0 ]; then
+    exit 1
+fi