# Test Specification Template Use this template for each component's test spec. Save as `components/[##]_[name]/tests.md`. --- ```markdown # Test Specification — [Component Name] ## Acceptance Criteria Traceability | AC ID | Acceptance Criterion | Test IDs | Coverage | |-------|---------------------|----------|----------| | AC-01 | [criterion from acceptance_criteria.md] | IT-01, AT-01 | Covered | | AC-02 | [criterion] | PT-01 | Covered | | AC-03 | [criterion] | — | NOT COVERED — [reason] | --- ## Blackbox Tests ### IT-01: [Test Name] **Summary**: [One sentence: what this test verifies] **Traces to**: AC-01, AC-03 **Description**: [Detailed test scenario] **Input data**: ``` [specific input data for this test] ``` **Expected result**: ``` [specific expected output or state] ``` **Max execution time**: [e.g., 5s] **Dependencies**: [other components/services that must be running] --- ### IT-02: [Test Name] (repeat structure) --- ## Performance Tests ### PT-01: [Test Name] **Summary**: [One sentence: what performance aspect is tested] **Traces to**: AC-02 **Load scenario**: - Concurrent users: [N] - Request rate: [N req/s] - Duration: [N minutes] - Ramp-up: [strategy] **Expected results**: | Metric | Target | Failure Threshold | |--------|--------|-------------------| | Latency (p50) | [target] | [max] | | Latency (p95) | [target] | [max] | | Latency (p99) | [target] | [max] | | Throughput | [target req/s] | [min req/s] | | Error rate | [target %] | [max %] | **Resource limits**: - CPU: [max %] - Memory: [max MB/GB] - Database connections: [max pool size] --- ### PT-02: [Test Name] (repeat structure) --- ## Security Tests ### ST-01: [Test Name] **Summary**: [One sentence: what security aspect is tested] **Traces to**: AC-04 **Attack vector**: [e.g., SQL injection on search endpoint, privilege escalation via direct ID access] **Test procedure**: 1. [Step 1] 2. [Step 2] **Expected behavior**: [what the system should do — reject, sanitize, log, etc.] **Pass criteria**: [specific measurable condition] **Fail criteria**: [what constitutes a failure] --- ### ST-02: [Test Name] (repeat structure) --- ## Acceptance Tests ### AT-01: [Test Name] **Summary**: [One sentence: what user-facing behavior is verified] **Traces to**: AC-01 **Preconditions**: - [Precondition 1] - [Precondition 2] **Steps**: | Step | Action | Expected Result | |------|--------|-----------------| | 1 | [user action] | [expected outcome] | | 2 | [user action] | [expected outcome] | | 3 | [user action] | [expected outcome] | --- ### AT-02: [Test Name] (repeat structure) --- ## Test Data Management **Required test data**: | Data Set | Description | Source | Size | |----------|-------------|--------|------| | [name] | [what it contains] | [generated / fixture / copy of prod subset] | [approx size] | **Setup procedure**: 1. [How to prepare the test environment] 2. [How to load test data] **Teardown procedure**: 1. [How to clean up after tests] 2. [How to restore initial state] **Data isolation strategy**: [How tests are isolated from each other — separate DB, transactions, namespacing] ``` --- ## Guidance Notes - Every test MUST trace back to at least one acceptance criterion (AC-XX). If a test doesn't trace to any, question whether it's needed. - If an acceptance criterion has no test covering it, mark it as NOT COVERED and explain why (e.g., "requires manual verification", "deferred to phase 2"). - Performance test targets should come from the NFR section in `architecture.md`. - Security tests should cover at minimum: authentication bypass, authorization escalation, injection attacks relevant to this component. - Not every component needs all 4 test types. A stateless utility component may only need blackbox tests.