Test Intelligence — Workbench

Model gateway settings

.env-backedloadingrequiredlocal persisted values

Credential setup

Import an environment file or complete the required fields manually. Saved values are stored only in the local Workbench runtime directory.

TEST_INTELLIGENCE_LLM_GATEWAY_API_KEY: Required field is empty
TEST_INTELLIGENCE_FIGMA_ACCESS_TOKEN: Required field is empty
TEST_INTELLIGENCE_REGION_ATTESTATION_SIGNING_KEY: Required field is empty

.env path

Workspace-local path read by the Workbench process.

Upload .env import.env

LLM gateway

Required for run/figma-export routes. The Azure OpenAI resource the runtime calls for generation and judging.

Gateway endpoint *TEST_INTELLIGENCE_LLM_GATEWAY_ENDPOINT

API version *TEST_INTELLIGENCE_LLM_GATEWAY_API_VERSION

Bearer / API key *TEST_INTELLIGENCE_LLM_GATEWAY_API_KEY

Figma API token *TEST_INTELLIGENCE_FIGMA_ACCESS_TOKEN

Local-development or explicitly configured self-hosted use only. Snapshot artifacts store only the credential mode.

Figma credential mode *TEST_INTELLIGENCE_FIGMA_CREDENTIAL_MODE

Supported now: personal_access_token and enterprise_service_token. oauth_access_token is schema-ready and fails closed until an OAuth resolver is added.

Figma proxy URLTEST_INTELLIGENCE_FIGMA_PROXY_URL

Optional customer proxy used only for Figma REST and image export egress. Treated as secret-capable because proxy URLs may contain credentials.

Foundry account

Azure AI Foundry account endpoints used by the test-case and visual paths. Separate from the gateway endpoint above.

Text model endpoint *TEST_INTELLIGENCE_MODEL_ENDPOINT

For Azure Foundry/OpenAI-compatible deployments, use the v1 base URL.

Visual model endpoint *TEST_INTELLIGENCE_VISUAL_MODEL_ENDPOINT

Use the visual model account's matching v1 base URL when it differs from the text endpoint.

Auth modeTEST_INTELLIGENCE_LLM_AUTH_MODE

auto chooses bearer_token for OpenAI-compatible non-Azure endpoints and api_key for Azure/OpenAI paths.

Deployment pins

Pinned deployment names. Each pin is wired to a specific role in the pipeline; do not change without an attested rollout.

Test-case generatorTEST_INTELLIGENCE_TESTCASE_MODEL_DEPLOYMENT

Logic judgeTEST_INTELLIGENCE_LOGIC_JUDGE_DEPLOYMENT

Visual — primaryTEST_INTELLIGENCE_VISUAL_PRIMARY_DEPLOYMENT

Visual — fallbackTEST_INTELLIGENCE_VISUAL_FALLBACK_DEPLOYMENT

Region attestation

Sovereign-region pin and attestation source. The gateway will refuse the run if its inferred region disagrees with this value.

Attested regionTEST_INTELLIGENCE_REGION_ATTESTED_REGION

Sovereign sourceTEST_INTELLIGENCE_REGION_ATTESTATION_SOVEREIGN_SOURCE

1 — attestation comes from a sovereign source. 0 — degraded; emit warn-tagged evidence.

Signing key *TEST_INTELLIGENCE_REGION_ATTESTATION_SIGNING_KEY

Required to sign region-attestation evidence artifacts. Keep this operator-managed and tenant-local.

Runtime trust

Optional enterprise TLS trust configuration used for Figma REST and image export calls.

CA bundle pathNODE_EXTRA_CA_CERTS

Optional workspace-local PEM bundle path for corporate TLS interception.

Policy

Global override. Mirrors --allow-policy-blocked. When ON, the runtime will still emit artifacts even if the policy gate rejects.

Allow policy-blocked artifactsTEST_INTELLIGENCE_ALLOW_POLICY_BLOCKED

Cleared after every release-gate run unless an attested rationale is filed.

export downloads a local file only