Formal User Acceptance Test plan — 6 personas, Given/When/Then, 30-day exit gates.
This pack is the canonical UAT surface for procurement-led acceptance. It defines six test personas (procurement officer, security auditor, legal/data-protection officer, integration engineer, operator, named evaluator), Given/When/Then criteria per persona, and exit gates that must be passed before sovereign handover. Every test references the live sovereign spec on csoai.org.
The 6 test personas
P1 — Procurement Officer
Tests: company verification (UK Ltd 16939677), insurance scope, framework enrolment, signatures.
Exit signal: all source documents located and verified.
P2 — Security Auditor
Tests: BFT quorum, SIGIL integrity, supply-chain hashes, TLS pinning, red-line handling.
Exit signal: SIGIL chain unbroken; quorum continues across 30 days; BFT supermajority preserved.
P3 — Legal / Data Protection Officer
Tests: data residency (UK-only), PII handling, GDPR/UK-DPA, EU AI Act Art 10/15.
Exit signal: zero data egress on sovereign-tier; right-to-erasure exercised and receipted.
P4 — Integration Engineer
Tests: MCP federation, admission control, scope management, idempotent retries.
Exit signal: MCP round-trip < 100 ms at p99; idempotency-key check passes; admission control unambiguous on every test MCP.
P5 — Operator
Tests: incident response, key rotation, troubleshooting recipes, escalation ladder.
Exit signal: 12 named failure scenarios (see operator troubleshooting) all rehearsed; SEV1/SEV2 in tabletop.
P6 — Named Evaluator (UK AISI / NATO / DASA)
Tests: model card, system card, evaluation reports, sovereign receipts.
Exit signal: evaluation pack issued; sovereign-tier receipts provided in UK AISI evaluation pack.
Given / When / Then criteria — selected critical cases
GIVEN a sovereign-tier data record is created
WHEN 30 days pass without owner access
THEN the record retains UK-only residency, retains its Ed25519-signed lineage, and remains queryable by named operators only.
GIVEN an MCP requests admission with capabilities outside its declared scope
WHEN admission control is invoked
THEN admission is denied; SIGIL records the rejection.
GIVEN a red-line-class action is attempted (strike, surveillance-of-individual, foreign-routing)
WHEN the policy layer evaluates
THEN action is auto-rejected; SIGIL records the attempt; BFT supermajority is required to override.
GIVEN a BFT witness falls offline
WHEN quorum falls toward 23/33
THEN emergency session protocol activates (see emergency session); service continues without loss.
GIVEN a key rotation is scheduled
WHEN rotation window arrives
THEN zero-downtime rotation completes; both old and new keys sign a transition SIGIL; old key is cryptographically destroyed.
GIVEN a buyer exercises right-to-erasure under UK GDPR
WHEN erasure is requested by named officer
THEN PII is removed from sovereign-tier; the action is SIGIL-recorded with a verifiable receipt.
Exit gates (30-day window)
Gate 1 — Sovereignty: 7 invariants held continuously for 30 days. Cross-reference: readiness checklist §7.
Gate 2 — Audit: zero SIGIL gaps; BFT quorum ≥23/33 every voting session; care_score ≥0.90; red_line_violations = 0.
Gate 3 — Operations: 12 failure scenarios rehearsed; 4 SEV1 tabletop exercises completed; 1 SEV1 live exercise with BFT containment.
Gate 4 — Procurement: buyer evidence pack issued (see buyer evidence index); UAT pass-pack signed by all 6 personas.
Gate 5 — Compliance: Cyber Essentials Plus, ISO 27001 stage 1 (or roadmap), JSP 936 §4.6 conformance, OWASP ASI v1.0 conformance.
Gate 6 — Sovereign-handover: key split transfer to buyer with 3-witness BFT ratification; sovereign-state-of-the-art log printed to SIGIL ledger.
Acceptance artefact
On exit, the buyer receives a signed acceptance pack:
- UAT sign-off (5 personas) — Ed25519-signed
- 12-recipe rehearsal log
- 30-day SIGIL chain export
- BFT vote tally receipts
- Sovereign-key handover ceremony log