Skip to content

Add test-driven assessment workflow for policy generation #123

Description

@jpower432

Context

The current validation gates (validate_policy, test_policy) catch structural and syntax errors in generated Rego policies but not semantic incorrectness — a policy that enforces the wrong condition can pass all current gates.

Models below Sonnet-class capability (e.g., Haiku) may skip MCP tool calls and generate from training data instead of catalog content, producing plausible-looking but incorrect output.

Without explicit approval steps, is it easier to mistake this tool for an autonomous workflow and not the human-in-loop authoring workflow is supposed to be.

Proposal

Add a test-first workflow to the pack-assessment skill. Test cases are generated from MCP-sourced requirements and presented to the user for review before any policy is written. The user reviews pass/fail scenarios in domain terms rather than Rego syntax.

Acceptance Criteria

  • Test cases are generated from MCP data before any policy is written
  • User reviews and approves test scenarios before policy generation
  • Policy is validated against the approved test suite
  • Skills stop and inform the user when MCP is unreachable

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

Priority

None yet

Effort

None yet

Projects

Status
In progress 📋

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions