Skip to content

6. Testing Strategy

6. Testing Strategy

6.1 Platform Service Tests

Unit Tests (pytest, >85% coverage):

  • Service logic (validation, workflow, AI broker)
  • Data models (Pydantic schemas)
  • Utility functions

Integration Tests:

  • Service-to-service communication
  • Database interactions (PostgreSQL, Redis)
  • External API mocking (Treasury, CMS)

Contract Tests (Pact):

  • API contracts between services
  • Suite integration contracts

6.2 Pack Execution Tests

RulePack Tests:

  • Rule accuracy (known input → expected output)
  • Edge cases (null values, malformed data)
  • Performance (1M records in <30 seconds)

WorkflowPack Tests:

  • End-to-end workflow execution
  • Failure scenarios (compensation testing)
  • Human-in-loop approval gates

6.3 AI/ML Tests

Reproducibility (>95% threshold):

  • Same prompt → same response (temperature=0)
  • Model version pinning
  • Regression test suite

RAG Tests:

  • Knowledge retrieval accuracy
  • Context relevance scoring
  • Embedding drift detection

6.4 Security Tests

OWASP Top 10:

  • Injection attacks (SQL, NoSQL, command)
  • Broken authentication
  • Sensitive data exposure
  • XML external entities (XXE)
  • Broken access control

Penetration Testing:

  • Annual 3rd party assessment
  • Vulnerability scanning (weekly)
  • Dependency scanning (CI/CD)

6.5 Compliance Tests

FedRAMP/NIST 800-53:

  • Control implementation validation
  • Evidence collection automation
  • Continuous monitoring tests

HIPAA:

  • PHI access logging
  • Encryption verification
  • Breach notification procedures