Skip to main content
The SINT conformance suite is a 157-test certification harness that any SINT-compliant gateway implementation must pass. The suite is language-agnostic; a reference runner ships with the TypeScript reference implementation and ports to Python, Go, and Rust.

The five categories

CategoryTestsWhat is validated
Token validation31Schema compliance, signature verification, expiry enforcement, delegation attenuation
State machine coverage28All DFA transitions exercised; unreachable-state rejection
Physical constraint enforcement24Velocity, force, geofence, e-stop binding
Escalation logic22All Δ factors; timeout handling; M-of-N quorum
Ledger integrity52Hash chain, TEE attestation, append-only, verification, rollback

Exit criteria

An implementation is certified SINT-compliant if:
≥ 154/157 tests pass (≥ 97.5%)
All 52 ledger integrity tests pass (100% mandatory)
Zero state-machine coverage failures
The ledger integrity gate is binary because a partial-integrity ledger is not an auditable ledger.

Running the suite

# Against the reference implementation
pnpm --filter @sint/conformance-tests test

# Against a running gateway (any implementation)
SINT_GATEWAY_URL=http://your-gateway:3100 \
  pnpm --filter @sint/conformance-tests test:external
Results are emitted as JSON + human-readable Markdown: 
Conformance run · 2026-04-17T02:45:00Z
Implementation: @sint/gateway-server v0.2.0
Exit: PASS (157/157)

  Token validation     ✓ 31/31
  State machine        ✓ 28/28
  Physical constraints ✓ 24/24
  Escalation           ✓ 22/22
  Ledger integrity     ✓ 52/52

Duration: 2m 18s
Certification bundle: docs/reports/certification-2026-04-17.json

The benchmark suite

Separate from the conformance suite, seven benchmarks (BM-*) measure performance characteristics. These are not certification gates but ship with every release.
BenchmarkCodeMeasuresTarget
Policy Gateway T0BM-PG-T0T0 decision latency under loadp50 ≤ 1ms
Policy Gateway T2BM-PG-T2T2 decision latency with sponsor notifyp50 ≤ 5ms
Policy Gateway T3BM-PG-T3Human-in-loop round-tripSLA-configurable
End-to-End MCPBM-E2E-MCPrequest → decision → ledgerp99 ≤ 25ms
End-to-End ROS 2BM-E2E-ROS2request → decision → actuation → commitp99 ≤ 50ms
Audit LedgerBM-AUDITSustainable throughput≥ 1,000 events/sec
CSML AccuracyBM-S1-S2Spearman ρ vs. ROSClaw≥ 0.85
Adversarial condition: every BM-PG-* benchmark includes a flood test (10,000 ESCALATE/min). Gateway must maintain T0 p50 ≤ 2ms under flood. This is the protocol’s DoS resilience test.

Hardware target matrix

PlatformCPURAMGateway totalLedger write
Jetson Orin NXARM Cortex-A78 8-core16 GB≤ 50ms≤ 5ms
Intel NUC 13Core i7-1365U32 GB≤ 60ms≤ 3ms
Raspberry Pi CM4Cortex-A72 4-core4 GB≤ 70ms≤ 8ms
Mac Mini M4 (dev)Apple M416 GB≤ 20ms≤ 1ms

Certification bundle

On passing, the suite emits a certification bundle — a JSON document suitable for submission to external auditors, internal compliance teams, or standards bodies. The bundle contains:
  • Per-invariant evidence (I-T1 through I-G3)
  • Per-tier benchmark results with confidence intervals
  • Full test log with timestamps
  • SHA-256 hash of the test harness at runtime
  • Gateway version and commit hash
  • Reproducibility metadata (hardware, OS, runtime versions)
Example bundle: docs/reports/certification-bundle-summary.md.
Independent implementation? If you’ve built a non-TypeScript SINT gateway, we’d love to see your conformance results. Open a PR against docs/implementations.md and we’ll link to your implementation from this page.