This document specifies test cases for the AltScore platform organized by system layer. Each test case references the PRD requirement it validates. Tests are labelled AUTO (automated in CI/CD or nightly pipeline) or MANUAL (human or specialist execution required).

Tests covering the ERP Connector SDK, data ingestion pipeline, and retailer identity resolution layer. PRD reference: Section 05, Layer 1 features.

Test ID	Test Name	Input	Expected Output	Pass Criteria	Priority	Type
ERP-01-01	Tally Prime — Successful data extraction	Tally Prime instance with 100 retailer ledgers, 24 months of invoices	Structured JSON batch with all required fields per schema	Zero missing required fields; schema validates 100%; batch signed correctly	P0	AUTO
ERP-01-02	SAP B1 — Successful data extraction	SAP Business One instance with standard FMCG distributor schema	Structured JSON batch; field mapping correct for SAP B1 nomenclature	Field mapping table applied correctly; invoice amounts match source records within ₹1 tolerance	P0	AUTO
ERP-01-03	CSV export — Successful ingestion	CSV file per AltScore template specification (header row, UTF-8, required columns)	Parsed and ingested batch equivalent to API-based extraction	All rows parsed; date format normalized; currency values correctly parsed	P0	AUTO
ERP-01-04	Incremental delta sync — only new records fetched	Full initial sync completed; 20 new invoices added to ERP; delta sync triggered	Only the 20 new records ingested; no duplicates of previously synced records	Batch contains exactly 20 new records; watermark timestamp correctly updated	P0	AUTO
ERP-01-05	Malformed ERP data — quarantine and alert	Batch with 5% of records having null invoice amounts and negative payment delays	Malformed records quarantined; clean records ingested; alert triggered	Quarantine count matches malformed record count; alert delivered within 5 minutes; clean records visible in Bronze layer	P0	AUTO
ERP-01-06	Retailer identity resolution — GST deduplication	Same retailer present in two distributor batches with identical GST, different shop names	Retailer resolved to single entity; both distributor relationships recorded	Single UUID assigned; both distributor_id relationships present in entity graph	P0	AUTO
ERP-01-07	Retailer identity resolution — fuzzy match (no GST)	Retailer with same phone number but slightly different shop name across two distributors	Fuzzy match score computed; above threshold → merged; below → flagged for manual review	Merge decisions are deterministic for same input; below-threshold cases reach manual review queue	P1	AUTO
ERP-01-08	ERP schema version change — graceful handling	Tally ERP upgraded; column names changed in invoice table	Connector detects schema drift; ingestion halted for that distributor; alert raised	No data ingested from mismatched schema; alert includes schema diff; other distributors unaffected	P0	AUTO

Test ID	Test Name	Input	Expected Output	Pass Criteria	Priority	Type
ERP-02-01	Completeness score computed correctly	Distributor batch with 30% of retailer records missing payment dates	Completeness score = 70%; status = "Low Confidence"	Score computed correctly; "Low Confidence" badge shown in distributor dashboard; scoring blocked for affected retailers	P1	AUTO
ERP-02-02	Data freshness indicator — stale sync alert	Last sync was 8 days ago; no new batches received	Freshness indicator shows "Stale (8 days)"; alert sent to distributor contact	Alert generated after 3-day gap; escalation alert after 7-day gap; scores marked with freshness_days correctly	P1	AUTO
ERP-02-03	Anomaly flag — bulk payment recording	100 retailer payments all recorded on the same day with the same amount	Anomaly flag raised; batch quarantined for review before feature computation	Anomaly detected and flagged; feature pipeline does not process flagged batch until review complete	P0	AUTO
ERP-02-04	Duplicate invoice detection	Same invoice_id appearing twice in a batch	Duplicate removed; one record retained; dedup count logged	Exactly one record per invoice_id in Bronze layer; dedup event logged with original count	P0	AUTO

Tests for the DPDP-compliant consent flow — grant, revocation, audit trail, and scope enforcement. PRD reference: Section 05, Layer 1 — Consent Management Portal; Section 08 — DPDP Act compliance.

Test ID	Test Name	Scenario	Expected Outcome	Pass Criteria	Priority	Type
CON-01-01	Retailer consent grant — WhatsApp flow	Retailer receives consent request via WhatsApp; reads purpose statement; responds "Yes"	Consent record created with: retailer_id, distributor_id, timestamp, scope, channel="whatsapp", cryptographic signature	Consent record exists; signature validates; all required fields populated; retailer data processing unlocked	P0	MANUAL
CON-01-02	Retailer consent revocation — immediate data lock	Retailer sends revocation request	Consent revocation record created; data processing for this retailer halted within 1 hour; score API returns "consent_revoked" for this retailer	Processing lock applied within 1 hour; API returns correct error code; data is not deleted immediately (retention policy applies)	P0	AUTO
CON-01-03	Score request without retailer consent — blocked	Lender requests score for retailer_id with no consent record	API returns HTTP 403 with error code "CONSENT_REQUIRED"	No score computed or returned; audit log entry created; error code matches specification	P0	AUTO
CON-01-04	Consent scope enforcement — lender not in scope	Retailer consented only to NBFC_A; NBFC_B requests score for same retailer	API returns 403 "CONSENT_SCOPE_MISMATCH" for NBFC_B; NBFC_A score request succeeds	Strict per-lender consent scope enforced; no leakage between lenders	P0	AUTO
CON-01-05	Consent audit trail completeness	Grant, two processing events, one scope update, one revocation for a single retailer	Audit trail contains all 5 events in chronological order with correct timestamps and signatures	Audit log is complete; all signatures valid; no gaps between events; retrievable via compliance API	P0	AUTO
CON-01-06	Consent expiry — auto-renewal reminder	Consent record approaching 12-month expiry (30 days out)	Renewal reminder sent to retailer via WhatsApp; if no renewal by expiry, consent treated as revoked	Reminder sent 30 days before expiry; second reminder 7 days before; data lock applied at expiry if not renewed	P1	AUTO
CON-01-07	Consent in Hindi — purpose statement comprehension test	WhatsApp consent flow presented in Hindi to retailer who selected Hindi preference	Full consent flow in Hindi; purpose statement, data scope, and revocation instructions all translated accurately	Back-translation reviewed and approved by native Hindi speaker; no ambiguous or truncated phrases	P1	MANUAL

Tests validating the computation of the 40+ behavioral signals from raw ERP data. PRD reference: Section 07 — AI Engine Feature Design.

Test ID	Feature	Test Scenario	Expected Value	Pass Criteria	Priority	Type
FP-01-01	Avg. payment delay (days)	Retailer with 10 invoices; payment delays of [0,2,5,7,3,0,4,1,6,2] days	avg_payment_delay = 3.0 days	Computed value within ±0.01 of expected; null invoices excluded from computation	P0	AUTO
FP-01-02	P90 payment delay	Same retailer as FP-01-01	p90_payment_delay = 6.3 days (numpy-style interpolation)	Value within ±0.1 of expected; consistent across pipeline runs (deterministic)	P0	AUTO
FP-01-03	Order frequency (monthly)	Retailer with orders on: Jan 5, Jan 20, Feb 3, Feb 28, Mar 15 (5 orders in 3 months)	monthly_order_frequency = 1.67 orders/month	±0.05 tolerance; partial-month handling documented and applied consistently	P0	AUTO
FP-01-04	12-month GMV trend slope	Retailer GMV growing linearly from ₹50K/month to ₹80K/month over 12 months	gmv_trend_slope = positive (≈ +2500/month); upward trend label = True	Slope sign correct; OLS regression applied; R² reported alongside slope	P0	AUTO
FP-01-05	Seasonal demand elasticity	Retailer with 3x GMV spike in Oct–Nov vs. monthly average	seasonal_spike_ratio = 3.0; festival_months = ['Oct', 'Nov'] identified	Spike ratio computed correctly; festival months correctly identified via calendar mapping	P1	AUTO
FP-01-06	Return rate	Retailer with 200 invoices; 8 return/credit notes	return_rate = 4.0%	Rate computed as (returns / invoices) × 100; only valid return credit notes counted (not internal distributor adjustments)	P0	AUTO
FP-01-07	Distributor tenure (months)	First invoice date: Jan 2019; scoring date: May 2026	distributor_tenure_months = 88	Date arithmetic correct; handles leap years; uses first_invoice_date not first_sync_date	P0	AUTO
FP-01-08	Cold-start retailer — insufficient data	Retailer with only 4 months of data (below 6-month threshold)	Feature set marked "insufficient_data"; retailer routed to rules-based conservative limit path	No ML model score issued; rules-based credit limit returned with flag; lender API response includes cold_start=true	P0	AUTO
FP-01-09	Croston's method — sparse retailer	Retailer with orders only in Oct–Nov each year (seasonal agri-input shop); 3-year history	Intermittent demand model applied; order frequency not penalized; seasonal pattern recognized	Croston's method triggered (verified by model selection log); feature values reflect seasonal pattern; retailer not scored as "inactive"	P1	AUTO
FP-01-10	Feature pipeline — determinism	Same input data ingested twice; feature pipeline run twice independently	Identical feature values on both runs	All 40+ features match exactly between runs (no randomness in feature computation); hash of feature output file matches	P0	AUTO

Tests validating model performance, explainability, fairness, and drift detection. These tests run in the nightly ML evaluation pipeline and must pass before any model version is promoted to production. PRD reference: PDLC Phase 02 gate criteria, Section 10 metrics.

Test ID	Test Name	Dataset	Metric	Pass Threshold	Priority	Type
ML-01-01	AUROC on holdout set	Stratified 20% holdout from NBFC partner repayment data (min. 1,000 samples)	Area Under ROC Curve	≥ 0.72 · P0	P0	AUTO
ML-01-02	KS Statistic on holdout set	Same holdout as ML-01-01	Kolmogorov-Smirnov statistic (separation between default / non-default score distributions)	≥ 0.35 · P0	P0	AUTO
ML-01-03	Precision-Recall at Band boundaries	Holdout set; segment by risk band A/B/C/D	Default rate within each band must be monotonically increasing A→D	Band D default rate > Band C > Band B > Band A; no band inversions	P0	AUTO
ML-01-04	Score calibration — predicted PD vs. actual default rate	90-day repayment data from pilot Phase 04 (500 retailers)	Mean predicted PD vs. observed default rate per decile	Predicted PD within ±2% of actual default rate across all deciles; Brier score computed and reported	P0	AUTO
ML-01-05	Reason code coverage	Full holdout set	% of scores with ≥3 positive and ≥2 negative SHAP reason codes above threshold	≥ 95% of scores have complete reason code set; no "unknown" reason codes in production	P0	AUTO
ML-01-06	Reason code lender acceptance rate	Lender credit officer survey after 60-day pilot (n ≥ 20 officers)	% of reason codes rated "makes sense / useful" by credit officers	≥ 70% acceptance rate; specific rejected codes documented for model team review	P1	MANUAL

Test ID	Test Name	Cohort Segments	Metric	Pass Threshold	Priority	Type
ML-02-01	Geographic score parity — state-level	Retailers grouped by state (min. 30 retailers per state); compare score distributions	Mean score difference between highest and lowest-scoring states for equivalent GMV/payment behavior profiles	Score divergence ≤ 15% for matched cohorts; geography not a direct feature — confirm via SHAP	P0	AUTO
ML-02-02	Tier-2 vs. Tier-3 city score parity	Retailers in Tier-2 vs. Tier-3 cities with matched behavioral profiles	Score distribution comparison; disparate impact ratio	Disparate impact ratio ≥ 0.80 (80% rule); no statistically significant score gap at p < 0.05	P0	AUTO
ML-02-03	Gender proxy bias test	Retailers grouped by inferred gender of shop owner (via name analysis); compared for matched behavioral profiles	Score distribution comparison; mean score gap	Mean score gap ≤ 10 points for matched behavioral cohorts; gender proxy not in top-10 SHAP features	P0	MANUAL
ML-02-04	Industry / trade category parity	FMCG retailers vs. auto parts vs. general trade retailers with matched GMV and payment profiles	Score distribution comparison across categories	No single category penalized >15% vs. equivalent-behavior cohorts; SKU category not a direct feature	P1	AUTO
ML-02-05	Model drift — PSI monthly check	Live score distribution vs. training baseline score distribution	Population Stability Index (PSI)	PSI < 0.1 (stable); PSI 0.1–0.2 (monitor, alert); PSI > 0.2 (model refresh triggered, alert to Risk team)	P0	AUTO

Tests for the AltScore REST API — functional correctness, performance, error handling, and contract adherence. PRD reference: Section 05, Layer 3 — AltScore API; Section 10 metrics (API latency p95 <2s).

Test ID	Scenario	Request	Expected Response	Pass Criteria	Priority	Type
API-01-01	Happy path — Band A retailer	POST /v1/score with valid GST, authorized lender, working_capital purpose	HTTP 200; altscore ∈ [750–900]; risk_band = "A"; recommended_limit ≤ 30% of 6-month GMV	All response fields present and typed correctly per API spec; score_version included; generated_at within 30s of request	P0	AUTO
API-01-02	Happy path — Band D retailer	POST /v1/score with high-risk retailer profile (chronic late payer, declining GMV)	HTTP 200; altscore ∈ [300–499]; risk_band = "D"; recommended_limit = 0 or minimal conservative amount	Score in correct band range; reason codes correctly identify negative signals	P0	AUTO
API-01-03	Invalid retailer ID format	POST /v1/score with malformed GST string ("NOT_A_GST")	HTTP 400; error_code = "INVALID_RETAILER_ID"; no score computed	Input validation fires before any DB lookup; error message does not expose internal details	P0	AUTO
API-01-04	Retailer not found in system	POST /v1/score with valid GST format but unknown retailer	HTTP 404; error_code = "RETAILER_NOT_FOUND"	404 returned; no score or profile data leaked; response time < 500ms (fast fail)	P0	AUTO
API-01-05	Stale data warning in response	Score request for retailer whose last ERP sync was 15 days ago	HTTP 200; data_freshness_days = 15; warning flag in response	Freshness days accurate; warning included; score still returned (not blocked) but freshness prominently surfaced	P1	AUTO
API-01-06	Requested limit capped at GMV ceiling	Lender requests score with requested_limit = ₹10L for retailer with 6-month GMV = ₹5L	recommended_limit = ₹1.5L (30% of ₹5L); warning: "limit_capped_to_gmv_ceiling"	Hard ceiling enforced; cannot be overridden via API parameters; ceiling logic documented in response	P0	AUTO
API-01-07	Rate limit enforcement	101 requests in 60 seconds from same lender API key	First 100: HTTP 200; request 101: HTTP 429 "RATE_LIMIT_EXCEEDED"	Rate limit fires at correct threshold; Retry-After header included in 429 response; limit resets correctly after window	P0	AUTO
API-01-08	Unauthorized lender token	POST /v1/score with expired JWT	HTTP 401; error_code = "TOKEN_EXPIRED"	No score returned; no retailer data leaked; event logged in audit trail	P0	AUTO

Test ID	Test Name	Load Profile	Target Metric	Pass Criteria	Priority	Type
API-02-01	Single score request latency	Single warm request to pre-scored retailer (cache hit scenario)	p50, p95, p99 latency	p50 < 500ms; p95 < 2000ms; p99 < 3000ms (PRD SLA: p95 < 2s)	P0	AUTO
API-02-02	Sustained load test	50 concurrent lenders; 10 req/sec each; 5-minute sustained load	Error rate; p95 latency; throughput	Error rate < 0.1%; p95 latency < 2s throughout; no memory leak (stable heap over 5 min)	P0	AUTO
API-02-03	Cache miss — cold score computation	Score request for retailer not in cache (forces model inference)	End-to-end latency including model inference	p95 < 3s for cache miss (documented exception to 2s SLA with lender communication); inference time logged separately	P1	AUTO

Tests validating the six guardrails defined in PRD Section 08. These tests are critical — guardrail failures represent either lender risk or retailer harm.

Test ID	Attack Pattern	Input Simulation	Expected Detection	Pass Criteria	Priority	Type
GR-01-01	Sudden order volume spike	Retailer with 12-month average of 5 orders/month suddenly places 25 orders in Month 13 (immediately before scoring event)	Isolation Forest flags as anomaly; score reflects pre-spike baseline, not inflated Month 13	Anomaly flag = True; score band unchanged vs. pre-spike baseline ±1 band; alert generated	P0	AUTO
GR-01-02	Order inflation + return gaming	Retailer places large orders; subsequently returns 80% of goods; net purchase = normal level	Return rate counter-signal reduces score benefit of inflated gross orders	High return rate correctly penalizes score; net purchase GMV computed correctly; Isolation Forest detects pattern	P0	AUTO
GR-01-03	60-day look-back window enforcement	Retailer games orders in Month 1; scoring event in Month 2 (within look-back); scoring event in Month 3 (outside look-back)	Month 2 score: anomaly flag present; Month 3 score: flag cleared if behavior normalized	Look-back window correctly applied; flag lifecycle (raise → clear) works as expected	P0	AUTO
GR-01-04	Payment behavior — ungameable confirmation	Retailer makes early payments for 2 months to improve score; history shows 3-year pattern of late payments	Score improvement is modest and bounded; 3-year payment history outweighs 2-month recent behavior	Score change ≤ 1 band; long-term payment history weight ≥ 60% of payment signal per SHAP analysis	P1	AUTO

Test ID	Scenario	Input	Expected Behavior	Pass Criteria	Priority	Type
GR-02-01	30% GMV ceiling — hard cap	Retailer with 6-month GMV = ₹4L; lender requests limit of ₹2L	recommended_limit = ₹1.2L (30% of ₹4L); cannot be overridden via API	API parameter manipulation (e.g., inflated requested_limit) does not bypass ceiling; ceiling enforced server-side	P0	AUTO
GR-02-02	Seasonal limit adjustment	Same retailer scored in Oct (festival quarter) vs. Feb (lean quarter)	Oct limit = higher; Feb limit = lower; both ≤ 30% GMV ceiling for respective trailing 6 months	Limit varies sensibly with seasonal GMV; ceiling constraint always satisfied; seasonal structuring documented in response	P1	AUTO
GR-02-03	Lender manual override audit trail	NBFC credit officer overrides recommended limit upward (within lender policy)	Override recorded in audit log with officer_id, original_limit, override_limit, justification_text, timestamp	Audit entry immutable; override amount tracked in portfolio monitoring; alert to risk team if override > 20% above recommended	P1	MANUAL

Test ID	Scenario	Input	Expected Outcome	Pass Criteria	Priority	Type
GR-03-01	Retailer files grievance — acknowledgement SLA	Retailer submits grievance via WhatsApp ("my score seems wrong")	Acknowledgement sent within 24 hours; case assigned to review team; 7-day resolution SLA starts	Acknowledgement timestamp ≤ 24h from submission; case_id issued; SLA timer correctly started	P0	AUTO
GR-03-02	Grievance — score corrected after review	Manual review finds data error in distributor ERP; correct data increases score by 1 band	Score corrected; retailer notified; lender notified of score refresh; correction logged in audit trail	All three notifications sent; audit trail shows original_score, correction_reason, new_score; lender notified within 1 hour of correction	P1	MANUAL
GR-03-03	Grievance SLA breach — escalation	Grievance not resolved within 7 days	Escalation alert generated; sent to team lead; retailer notified of delay with updated resolution commitment	Escalation fires at Day 7 (not Day 8); retailer communication sent; escalation rate tracked in guardrail health metrics	P0	AUTO

Security test cases derived from the Security Architecture document (SAR-ALTSCORE-001). These tests are run as part of the pre-release security gate and periodically in production.

Test ID	Test Name	Scenario	Expected Result	Pass Criteria	Priority	Type
SEC-01-01	Cross-lender data isolation	NBFC_A token used to request score for retailer that only NBFC_B has been granted access to	HTTP 403 "CONSENT_SCOPE_MISMATCH"; zero NBFC_B data in response	Row-level security enforced; no data leakage; audit event logged	P0	AUTO
SEC-01-02	JWT replay attack	Valid JWT captured and replayed after revocation	HTTP 401 "TOKEN_REVOKED"	Revocation list checked on every request; no grace period; replay blocked within 1 second of revocation	P0	AUTO
SEC-01-03	Brute-force account lock	5 failed login attempts in 10 minutes for distributor portal	Account locked; unlock email sent to registered address; audit alert generated	Lock fires after exactly 5 failures (not 4, not 6); unlock flow verified; alert delivered within 2 minutes	P0	AUTO
SEC-01-04	SQL injection via API parameters	retailer_id parameter contains SQL injection payload ("' OR 1=1 --")	HTTP 400 "INVALID_RETAILER_ID"; no database query executed	Input validation fires before DB layer; parameterized queries confirmed via code review; no 500 error	P0	AUTO
SEC-01-05	ERP connector mTLS — certificate mismatch	Connector presents expired or wrong client certificate	Connection rejected at TLS handshake; no data accepted; alert raised	Rejection at TLS layer (not application layer); error logged with distributor_id and certificate details	P0	AUTO
SEC-01-06	Admin four-eyes access control	Admin user attempts to access raw retailer PII without a second admin approval	Access denied; approval workflow triggered; access only granted after second admin approves	No self-approval possible; approval workflow enforced technically; all admin accesses in audit log	P0	MANUAL

Tests validating the regulatory compliance controls defined in PRD Section 08 — Regulatory Compliance Map.

Test ID	Regulation	Test Scenario	Expected Outcome	Pass Criteria	Priority	Type
REG-01-01	DPDP Act — Right to Erasure	Retailer requests deletion of all their data after consent revocation	PII deleted from all active systems within 30 days; aggregated/anonymized features may be retained per policy; deletion confirmed in writing	Deletion completed within 30 days; deletion audit record created; score not retrievable after deletion; anonymized feature aggregate retained correctly	P0	MANUAL
REG-01-02	DPDP Act — Data Portability	Retailer requests a copy of all data held about them	Machine-readable export (JSON) delivered within 15 days containing all retailer-specific records	Export contains: consent records, score history, feature summary, processing events; no other retailer data included; delivered securely	P1	MANUAL
REG-01-03	RBI FLDG — Reason codes on every decision	100 consecutive score API responses sampled from production	100% of responses contain ≥1 positive and ≥1 negative reason code	Zero responses with empty reason_codes; codes map to RBI-recognized reason categories	P0	AUTO
REG-01-04	Breach notification SLA — 72-hour test	Simulated P1 security incident (tabletop exercise)	Incident declared; notification to Data Protection Board initiated within 72 hours; notification template approved by legal	Tabletop exercise completed within time limit; notification template reviewed and approved; runbook updated post-exercise	P0	MANUAL
REG-01-05	No payment card data in pipeline	Audit scan of Bronze, Silver, and Gold data lake layers for PAN, card number, CVV patterns	Zero matches for card data regex patterns across all data lake partitions	DLP scan returns zero findings; scan run quarterly; ERP extraction scope confirmed to exclude card fields	P0	AUTO

Full-stack integration tests covering the complete user journeys defined in the PRD — from distributor onboarding through to lender disbursement decision. These tests run in the staging environment before every release.

Test ID	Journey	Steps	Expected Outcome	Pass Criteria	Priority	Type
E2E-01-01	Full new retailer onboarding to first score	1. Distributor onboarded; ERP connected. 2. Retailer data ingested. 3. Consent obtained via WhatsApp. 4. Features computed. 5. Score issued via API to lender.	Score returned within 48 hours of distributor connection; all pipeline stages logged; consent trail complete	Score API returns valid response; all audit events present; feature completeness ≥ 80%; no data escaping consent scope	P0	MANUAL
E2E-01-02	Retailer consent revocation — data processing halt	1. Retailer has active consent and live score. 2. Retailer revokes consent. 3. Lender attempts score query 1 hour later.	Score query returns 403 CONSENT_REVOKED; no new data processed; existing score invalidated in score store	Processing halt within 1 hour; API error code correct; audit trail complete; no score returned post-revocation	P0	AUTO
E2E-01-03	Shadow mode pilot — AltScore vs. NBFC manual judgment	1. 100 retailers scored by AltScore in shadow mode. 2. NBFC credit officers make independent judgment. 3. Rank ordering compared.	AltScore correctly rank-orders risk in ≥ 75% of cases vs. NBFC officer judgment (PRD PDLC Phase 03 gate)	Agreement rate ≥ 75%; disagreements documented and reviewed with NBFC team; model adjustments logged	P0	MANUAL
E2E-01-04	Live lending pilot — 90-day repayment tracking	1. 500 retailers scored and loans disbursed (Bands A and B). 2. 90-day repayment outcomes collected. 3. Predicted PD vs. actual default rate compared.	Actual 90-day default rate ≤ predicted PD + 2% for each risk band (PRD PDLC Phase 04 gate)	Per-band analysis completed; PSI stable; if gate not met, model refresh triggered before Phase 05 advance	P0	MANUAL