Files
stack/docs/tess/VERIFICATION-MATRIX.md
Jarvis 10f757e874
Some checks failed
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/pr/ci Pipeline failed
docs(tess): define interaction agent mission
2026-07-12 13:09:18 -05:00

2.7 KiB

Tess Verification Matrix

Acceptance criterion Requirements Planned evidence Gate
AC-TESS-01 TESS-PI-001, TESS-DSC-001, TESS-CLI-001 Discord/CLI same-session integration and streaming E2E M3-V
AC-TESS-02 TESS-ARP-001, TESS-CLI-001, TESS-FLT-001 CLI contract tests for status/sessions/tree/attach/send/stop, typed denial/error snapshots M3-V
AC-TESS-03 TESS-PI-001, TESS-OBS-001 Clean service launch; status asserts GPT-5.6 Sol, high reasoning and effective tool policy with secret canaries absent M2-V, M3-V
AC-TESS-04 TESS-MOS-001, TESS-FLT-001 Authority E2E: coding request creates Mos handoff; safe status runs in Tess; no competing worker claim M4-V
AC-TESS-05 TESS-HRM-001 Hermes capability contract suite: sessions/stream/send/tree plus Kanban/skills/memory/tools/cron supported-or-denied matrix M4-V
AC-TESS-06 TESS-STA-001, TESS-SEC-008 Kill/restart/compaction fault injection across inbox/outbox/checkpoint transitions; duplicate side-effect detector M2-V, M5-V
AC-TESS-07 TESS-SEC-001..009 Threat-model abuse suite: authz, tenant isolation, forged identity/approval, injection, redaction, transport identity, GC scope M1-V, M3-V, M5-V
AC-TESS-08 TESS-TRN-001 Common provider contract suite against tmux/fleet and Matrix/native; identity and replay tests M5-V
AC-TESS-09 all pnpm typecheck, lint, format, unit/integration/contract/E2E; independent code and security reviews; CI URLs Every milestone
AC-TESS-10 TESS-MIG-001 Completed capability inventory with native/adapted/deferred/rejected state, owner, cutover/rollback evidence M5-V
AC-TESS-11 TESS-PLG-001, TESS-OBS-001 OpenAPI and user/admin/developer/plugin/ops docs, sitemap links, documentation checklist M5-V

Security Abuse Suite Minimum

  • Role/scope matrix for every command and provider capability.
  • Cross-tenant and cross-user session ID matrix across REST, WS, Discord, CLI, MCP, and providers.
  • Discord service identity, guild/channel/user allowlist, replay, attachment, and mention/DM policy cases.
  • Prompt/tool injection corpus and structured-proposal enforcement.
  • Approval action-digest mutation, replay, expiry, tenant, and actor mismatch cases.
  • Secret/PII canaries through message, attachment, tool args/output, logs, memory, audit, and error paths.
  • Restart fault injection before/after enqueue, provider send, side effect, response persistence, and acknowledgement.
  • Wrong tmux socket/target and Matrix identity/room/replay cases.

Evidence Rules

Evidence must include command/test name, terminal result, CI run URL, PR/merge reference, environment, and artifact/log location. A worker self-report is not evidence until independently verified.