Fix integration tests: correct vault derivation index and debug test failures

internal/vault/integration_test.go

@@ -102,7 +102,7 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}
 
-		// Create a test vault
+		// Create a test vault - CreateVault now handles public key when mnemonic is in env
 		vlt, err := vault.CreateVault(fs, stateDir, "test-vault")
 		if err != nil {
 			t.Fatalf("Failed to create vault: %v", err)
@@ -114,19 +114,6 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 			t.Fatalf("Failed to derive long-term key: %v", err)
 		}
 
-		// Get the vault directory
-		vaultDir, err := vlt.GetDirectory()
-		if err != nil {
-			t.Fatalf("Failed to get vault directory: %v", err)
-		}
-
-		// Write long-term public key
-		ltPubKeyPath := filepath.Join(vaultDir, "pub.age")
-		pubKey := ltIdentity.Recipient().String()
-		if err := afero.WriteFile(fs, ltPubKeyPath, []byte(pubKey), secret.FilePerms); err != nil {
-			t.Fatalf("Failed to write long-term public key: %v", err)
-		}
-
 		// Unlock the vault
 		vlt.Unlock(ltIdentity)
 
@@ -176,31 +163,18 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}
 
-		// Create a test vault
+		// Create a test vault - CreateVault now handles public key when mnemonic is in env
 		vlt, err := vault.CreateVault(fs, stateDir, "test-vault")
 		if err != nil {
 			t.Fatalf("Failed to create vault: %v", err)
 		}
 
-		// Derive long-term key from mnemonic
+		// Derive long-term key from mnemonic for verification
 		ltIdentity, err := agehd.DeriveIdentity(testMnemonic, 0)
 		if err != nil {
 			t.Fatalf("Failed to derive long-term key: %v", err)
 		}
 
-		// Get the vault directory
-		vaultDir, err := vlt.GetDirectory()
-		if err != nil {
-			t.Fatalf("Failed to get vault directory: %v", err)
-		}
-
-		// Write long-term public key
-		ltPubKeyPath := filepath.Join(vaultDir, "pub.age")
-		pubKey := ltIdentity.Recipient().String()
-		if err := afero.WriteFile(fs, ltPubKeyPath, []byte(pubKey), secret.FilePerms); err != nil {
-			t.Fatalf("Failed to write long-term public key: %v", err)
-		}
-
 		// Verify the vault is locked initially
 		if !vlt.Locked() {
 			t.Errorf("Vault should be locked initially")
@@ -346,7 +320,7 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}
 
-		// Create two vaults
+		// Create two vaults - CreateVault now handles public key when mnemonic is in env
 		vault1, err := vault.CreateVault(fs, stateDir, "vault1")
 		if err != nil {
 			t.Fatalf("Failed to create vault1: %v", err)
@@ -358,27 +332,21 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 		}
 
 		// Derive long-term key from mnemonic
-		ltIdentity, err := agehd.DeriveIdentity(testMnemonic, 0)
+		// Note: Both vaults will have different derivation indexes due to GetNextDerivationIndex
+		ltIdentity1, err := agehd.DeriveIdentity(testMnemonic, 0) // vault1 gets index 0
 		if err != nil {
-			t.Fatalf("Failed to derive long-term key: %v", err)
+			t.Fatalf("Failed to derive long-term key for vault1: %v", err)
 		}
 
-		// Setup both vaults with the same long-term key
-		for _, vlt := range []*vault.Vault{vault1, vault2} {
-			vaultDir, err := vlt.GetDirectory()
-			if err != nil {
-				t.Fatalf("Failed to get vault directory: %v", err)
-			}
-
-			ltPubKeyPath := filepath.Join(vaultDir, "pub.age")
-			pubKey := ltIdentity.Recipient().String()
-			if err := afero.WriteFile(fs, ltPubKeyPath, []byte(pubKey), secret.FilePerms); err != nil {
-				t.Fatalf("Failed to write long-term public key: %v", err)
-			}
-
-			vlt.Unlock(ltIdentity)
+		ltIdentity2, err := agehd.DeriveIdentity(testMnemonic, 1) // vault2 gets index 1
+		if err != nil {
+			t.Fatalf("Failed to derive long-term key for vault2: %v", err)
 		}
 
+		// Unlock the vaults with their respective keys
+		vault1.Unlock(ltIdentity1)
+		vault2.Unlock(ltIdentity2)
+
 		// Add a secret to vault1
 		secretName := "test-secret"
 		secretValue := []byte("secret in vault1")