Test Coverage Matrix
Complete test coverage documentation for the ASCEND AI Governance Platform.
Summary
| Metric | Value |
|---|---|
| Total Tests | 446 |
| Passed | 446 |
| Failed | 0 |
| Pass Rate | 100% |
| Test Suites | 25 |
Phase 4: Core Security Tests (148)
Fail-Secure Design (36 tests)
Tests verifying all 12 security layers default to DENY on error.
| Test ID | Test Name | Layer | Status |
|---|---|---|---|
| FS-001 | Rate limiting denies on Redis failure | 1 | PASSED |
| FS-002 | Prompt security blocks on detector failure | 2 | PASSED |
| FS-003 | Code analysis blocks on analyzer error | 3 | PASSED |
| FS-004 | Action governance denies on evaluator error | 4 | PASSED |
| FS-005 | JWT auth denies on invalid token | 5 | PASSED |
| FS-006 | API key validation denies on failure | 6 | PASSED |
| FS-007 | RBAC denies on permission check failure | 7 | PASSED |
| FS-008 | BYOK fails on key unavailable | 8 | PASSED |
| FS-009 | Audit blocks if write fails | 9 | PASSED |
| FS-010 | Input validation rejects malformed input | 10 | PASSED |
| FS-011 | Secrets management blocks on fetch failure | 11 | PASSED |
| FS-012 | Security headers use restrictive defaults | 12 | PASSED |
Action Evaluation (23 tests)
| Test ID | Test Name | Status |
|---|---|---|
| AE-001 | CVSS calculation accuracy | PASSED |
| AE-002 | Risk score thresholds | PASSED |
| AE-003 | Approval workflow trigger | PASSED |
| AE-004 | Multi-level approval | PASSED |
| AE-005 | Action allow low risk | PASSED |
| AE-006 | Action deny high risk | PASSED |
WORM Audit Trail (28 tests)
| Test ID | Test Name | Status |
|---|---|---|
| AT-001 | Audit log creation | PASSED |
| AT-002 | Audit log immutability | PASSED |
| AT-003 | Hash-chain integrity | PASSED |
| AT-004 | Tamper detection | PASSED |
| AT-005 | Audit log retention | PASSED |
Kill Switch (32 tests)
| Test ID | Test Name | Status |
|---|---|---|
| KS-001 | Kill switch activation | PASSED |
| KS-002 | Kill switch propagation | PASSED |
| KS-003 | Kill switch latency under 100ms | PASSED |
| KS-004 | SNS integration | PASSED |
| KS-005 | SQS integration | PASSED |
Multi-Tenant Isolation (29 tests)
| Test ID | Test Name | Status |
|---|---|---|
| MT-001 | Organization data isolation | PASSED |
| MT-002 | Cross-org access denied | PASSED |
| MT-003 | JWT org claim enforcement | PASSED |
| MT-004 | API endpoint org scoping | PASSED |
| MT-005 | Database query org filter | PASSED |
Phase 4b: Security & Integration Tests (148)
Prompt Security (30 tests)
| Test ID | Test Name | Status |
|---|---|---|
| PS-001 | Prompt injection detection | PASSED |
| PS-002 | Jailbreak attempt detection | PASSED |
| PS-003 | System prompt leakage detection | PASSED |
| PS-004 | Data exfiltration detection | PASSED |
| PS-005 | Multi-language detection | PASSED |
Code Analysis (20 tests)
| Test ID | Test Name | Status |
|---|---|---|
| CA-001 | Code pattern detection | PASSED |
| CA-002 | Secrets detection | PASSED |
| CA-003 | API key detection | PASSED |
| CA-004 | Credential detection | PASSED |
| CA-005 | Dangerous function detection | PASSED |
Rate Limiting (15 tests)
| Test ID | Test Name | Status |
|---|---|---|
| RL-001 | Rate limit enforcement | PASSED |
| RL-002 | Rate limit per endpoint | PASSED |
| RL-003 | Rate limit per user | PASSED |
| RL-004 | Rate limit per organization | PASSED |
| RL-005 | Rate limit headers | PASSED |
Gateway Integration (10 tests)
| Test ID | Test Name | Status |
|---|---|---|
| GI-001 | Kong plugin integration | PASSED |
| GI-002 | Envoy ext_authz | PASSED |
| GI-003 | Lambda authorizer | PASSED |
| GI-004 | Gateway decision caching | PASSED |
| GI-005 | Gateway fail-secure | PASSED |
Phase 4c: Enterprise Features Tests (150)
Authentication (16 tests) - Security Critical
| Test ID | Test Name | Status |
|---|---|---|
| AUTH-001 | Cognito login | PASSED |
| AUTH-002 | Cognito logout | PASSED |
| AUTH-003 | MFA verification | PASSED |
| AUTH-004 | Token refresh | PASSED |
| AUTH-005 | Session timeout | PASSED |
| AUTH-006 | Brute force protection | PASSED |
Authorization (21 tests) - Security Critical
| Test ID | Test Name | Status |
|---|---|---|
| AUTHZ-001 | RBAC platform admin | PASSED |
| AUTHZ-002 | RBAC enterprise admin | PASSED |
| AUTHZ-003 | RBAC org admin | PASSED |
| AUTHZ-004 | RBAC policy admin | PASSED |
| AUTHZ-005 | RBAC analyst | PASSED |
| AUTHZ-006 | RBAC viewer | PASSED |
| AUTHZ-007 | Permission inheritance | PASSED |
| AUTHZ-008 | Separation of duties | PASSED |
Billing (15 tests) - Revenue Critical
| Test ID | Test Name | Status |
|---|---|---|
| BILL-001 | Usage metering | PASSED |
| BILL-002 | Billing calculation | PASSED |
| BILL-003 | Stripe webhook processing | PASSED |
| BILL-004 | Spend limit enforcement | PASSED |
| BILL-005 | Overage handling | PASSED |
Compliance Test Mapping
SOC 2
| Control | Tests | Status |
|---|---|---|
| CC6.1 | FS-005, FS-006, AUTHZ-* | PASSED |
| CC6.3 | AUTH-002, AUTH-005 | PASSED |
| CC7.2 | AT-, KS- | PASSED |
PCI-DSS
| Requirement | Tests | Status |
|---|---|---|
| 3.5 | BYOK-* | PASSED |
| 7.1 | AUTHZ-* | PASSED |
| 10.2 | AT-* | PASSED |
HIPAA
| Section | Tests | Status |
|---|---|---|
| 164.312(a) | AUTH-, AUTHZ- | PASSED |
| 164.312(b) | AT-* | PASSED |
| 164.312(d) | AUTH-* | PASSED |
Performance Metrics
| Metric | Value | Target | Status |
|---|---|---|---|
| Avg Action Evaluation | 45ms | under 100ms | PASSED |
| P99 Latency | 120ms | under 200ms | PASSED |
| Throughput | 500 req/s | over 100 req/s | PASSED |
| Cache Hit Rate | 92% | over 80% | PASSED |
| Kill Switch Latency | under 100ms | under 100ms | PASSED |