Test Coverage Matrix

Complete test coverage documentation for the ASCEND AI Governance Platform.

Summary

Metric	Value
Total Unit Tests	2,396
Passing	2,396
New Failures	0 (suite last run June 10, 2026)

note

Test coverage is validated on every release. The 2,396 passing unit tests cover the current platform version with 0 new failures (suite last run June 10, 2026). Custom integrations and extensions should maintain their own test suites.

Phase 4: Core Security Tests (148)

Fail-Secure Design (36 tests)

Tests verifying all 13 security layers default to DENY on error.

Test ID	Test Name	Layer	Status
FS-001	Rate limiting denies on Redis failure	1	PASSED
FS-002	Prompt security blocks on detector failure	2	PASSED
FS-003	Code analysis blocks on analyzer error	3	PASSED
FS-004	Action governance denies on evaluator error	4	PASSED
FS-005	JWT auth denies on invalid token	5	PASSED
FS-006	API key validation denies on failure	6	PASSED
FS-007	RBAC denies on permission check failure	7	PASSED
FS-008	BYOK fails on key unavailable	8	PASSED
FS-009	Audit blocks if write fails	9	PASSED
FS-010	Input validation rejects malformed input	10	PASSED
FS-011	Secrets management blocks on fetch failure	11	PASSED
FS-012	Security headers use restrictive defaults	12	PASSED

Action Evaluation (23 tests)

Test ID	Test Name	Status
AE-001	CVSS calculation accuracy	PASSED
AE-002	Risk score thresholds	PASSED
AE-003	Approval workflow trigger	PASSED
AE-004	Multi-level approval	PASSED
AE-005	Action allow low risk	PASSED
AE-006	Action deny high risk	PASSED

WORM Audit Trail (28 tests)

Test ID	Test Name	Status
AT-001	Audit log creation	PASSED
AT-002	Audit log immutability	PASSED
AT-003	Hash-chain integrity	PASSED
AT-004	Tamper detection	PASSED
AT-005	Audit log retention	PASSED

Kill Switch (32 tests)

Metric Correction

A prior version of this page cited an unverified kill-switch latency figure. It has been corrected to the measured p99 = 17.03ms (CloudWatch, 30 samples, June 2, 2026). Policy-evaluation latency is not yet independently measured.

Test ID	Test Name	Status
KS-001	Kill switch activation	PASSED
KS-002	Kill switch propagation	PASSED
KS-003	Kill switch latency p99=17.03ms (CloudWatch, 30 samples)	PASSED
KS-004	SNS integration	PASSED
KS-005	SQS integration	PASSED

Multi-Tenant Isolation (29 tests)

Test ID	Test Name	Status
MT-001	Organization data isolation	PASSED
MT-002	Cross-org access denied	PASSED
MT-003	JWT org claim enforcement	PASSED
MT-004	API endpoint org scoping	PASSED
MT-005	Database query org filter	PASSED

Phase 4b: Security & Integration Tests (148)

Prompt Security (30 tests)

Test ID	Test Name	Status
PS-001	Prompt injection detection	PASSED
PS-002	Jailbreak attempt detection	PASSED
PS-003	System prompt leakage detection	PASSED
PS-004	Data exfiltration detection	PASSED
PS-005	Multi-language detection	PASSED

Code Analysis (20 tests)

Test ID	Test Name	Status
CA-001	Code pattern detection	PASSED
CA-002	Secrets detection	PASSED
CA-003	API key detection	PASSED
CA-004	Credential detection	PASSED
CA-005	Dangerous function detection	PASSED

Rate Limiting (15 tests)

Test ID	Test Name	Status
RL-001	Rate limit enforcement	PASSED
RL-002	Rate limit per endpoint	PASSED
RL-003	Rate limit per user	PASSED
RL-004	Rate limit per organization	PASSED
RL-005	Rate limit headers	PASSED

Gateway Integration (10 tests)

Test ID	Test Name	Status
GI-001	Kong plugin integration	PASSED
GI-002	Envoy ext_authz	PASSED
GI-003	Lambda authorizer	PASSED
GI-004	Gateway decision caching	PASSED
GI-005	Gateway fail-secure	PASSED

Phase 4c: Enterprise Features Tests (150)

Authentication (16 tests) - Security Critical

Test ID	Test Name	Status
AUTH-001	Cognito login	PASSED
AUTH-002	Cognito logout	PASSED
AUTH-003	MFA verification	PASSED
AUTH-004	Token refresh	PASSED
AUTH-005	Session timeout	PASSED
AUTH-006	Brute force protection	PASSED

Authorization (21 tests) - Security Critical

Test ID	Test Name	Status
AUTHZ-001	RBAC platform admin	PASSED
AUTHZ-002	RBAC enterprise admin	PASSED
AUTHZ-003	RBAC org admin	PASSED
AUTHZ-004	RBAC policy admin	PASSED
AUTHZ-005	RBAC analyst	PASSED
AUTHZ-006	RBAC viewer	PASSED
AUTHZ-007	Permission inheritance	PASSED
AUTHZ-008	Separation of duties	PASSED

Billing (15 tests) - Revenue Critical

Test ID	Test Name	Status
BILL-001	Usage metering	PASSED
BILL-002	Billing calculation	PASSED
BILL-003	Stripe webhook processing	PASSED
BILL-004	Spend limit enforcement	PASSED
BILL-005	Overage handling	PASSED

Resource Classification

68 tests — 99.5% coverage

Covers admin-configurable sensitivity tier management, fail-secure defaults (CRITICAL tier when resource type unknown), risk score modifier application (0.1x–3.0x), admin override of agent-submitted sensitivity values, full CRUD API for classification rules, Redis caching (5-minute TTL), and audit trail for CONFIG_CHANGE events.

Compliance Test Mapping

SOC 2

Control	Tests	Status
CC6.1	FS-005, FS-006, AUTHZ-*	PASSED
CC6.3	AUTH-002, AUTH-005	PASSED
CC7.2	AT-, KS-	PASSED

PCI-DSS

Requirement	Tests	Status
3.5	BYOK-*	PASSED
7.1	AUTHZ-*	PASSED
10.2	AT-*	PASSED

HIPAA

Section	Tests	Status
164.312(a)	AUTH-, AUTHZ-	PASSED
164.312(b)	AT-*	PASSED
164.312(d)	AUTH-*	PASSED

Performance Metrics

Metric	Value	Target	Status
Avg Action Evaluation	[IN PROGRESS]	not yet independently measured	—
P99 Latency (policy eval)	[IN PROGRESS]	not yet independently measured	—
Throughput	500 req/s	over 100 req/s	PASSED
Cache Hit Rate	92%	over 80%	PASSED
Kill Switch Latency	p99=17.03ms	p99=17.03ms	VERIFIED