![](data:image/svg+xml;utf8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="%23B8593E" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="3"/><path d="M12 2v3M12 19v3M2 12h3M19 12h3"/><path d="M5.6 5.6l2.1 2.1M16.3 16.3l2.1 2.1M5.6 18.4l2.1-2.1M16.3 7.7l2.1-2.1"/></svg>)
Lecture 10 — 12-Dimension Scenario Exploration
L01 > L02 > L03 > L04 > L05 > L06 | L07 > L08 > L09 > [ L10 ] L11 > L12
"The happy path is just one of twelve dimensions." — Systematic scenario coverage catches every class of failure that ad-hoc scenario writing misses.
Core idea: How
/autoresearch:scenarioexplores the full scenario space across 12 dimensions — one scenario per iteration, domain-aware prioritization, and output formats that chain directly into tests, stories, or security audits.
Code examples: code/
Practice project: Project 05 — Security Audit Pipeline
The Problem
Features are usually designed for the happy path. When someone asks "what could go wrong?", they write a few obvious cases — invalid input, network failure, unauthorized access — and stop. The entire class of concurrency bugs, temporal failures, and state transition corruptions never gets written.
You can't catch what you don't think to ask about.
The Solution
Feature or system under analysis
|
─────┴──────────────────────────────────
D1 D2 D3 D4 D5 D6
Happy Error Edge Abuse Scale Concurrency
path cond. case case
─────┬──────────────────────────────────
D7 D8 D9 D10 D11 D12
Temporal Data Permissions Integrations Recovery State
variation (3rd party) transitions
|
One scenario per iteration, cycling through dimensions
|
Output: test cases / user stories / threat scenariosHow It Works
1. The 12 dimensions.
| # | Dimension | What it catches |
|---|---|---|
| 1 | Happy path | Normal user, expected data, baseline behavior |
| 2 | Error conditions | Network failure, invalid input, service unavailable |
| 3 | Edge cases | Empty input, maximum values, boundary conditions |
| 4 | Abuse cases | Malicious input, injection attempts, enumeration |
| 5 | Scale | 1000× normal load, large datasets, many concurrent users |
| 6 | Concurrency | Race conditions, simultaneous writes, lock contention |
| 7 | Temporal | Long-running ops, stale data, time zone issues |
| 8 | Data variation | Unicode, special characters, nulls, large files |
| 9 | Permissions | Different roles, expired credentials, partial access |
| 10 | Integrations | 3rd-party failures, version mismatches, rate limits |
| 11 | Recovery | Resume after crash, rollback after failure, retry logic |
| 12 | State transitions | Partial completion, interrupted workflows, corruption |
2. One scenario per iteration — systematic, not random.
The agent cycles through dimensions in priority order, generating one concrete scenario per iteration. After 25 iterations you have coverage across all 12 dimensions, not 25 variations of the happy path.
3. Output format determines downstream use.
/autoresearch:scenario --format test-scenarios # pytest / jest test cases
/autoresearch:scenario --format user-stories # Agile user stories
/autoresearch:scenario --format threat-scenarios # security threat scenariosExample output (dimension: Concurrency):
## Scenario 003 — Concurrent Checkout
Precondition: Two users attempt to checkout the last item simultaneously
Steps:
1. User A begins checkout
2. User B begins checkout of same item before A completes
3. User A completes payment → item marked sold
4. User B completes payment
Expected: Only one succeeds; other receives "item no longer available"
Risk: Race condition may allow double-selling inventoryThis scenario wouldn't be written manually — it requires thinking in the "concurrency" dimension.
4. Domain-specific priorities.
| Domain | Top dimensions |
|---|---|
software | Error conditions, concurrency, scale, recovery |
security | Abuse cases, permissions, data variation, integrations |
product | Happy path, permissions, temporal |
business | Scale, integrations, recovery, state transitions |
5. Chain with other commands.
/autoresearch:scenario --chain debug # find bugs in discovered edge cases
/autoresearch:scenario --chain security # audit discovered threat scenariosWhat Changed
| Ad-hoc scenario writing | 12-dimension sweep |
|---|---|
| Same tester, same blind spots, every time | 12 forced dimensions, no dimension skipped |
| Happy path and obvious error cases | Concurrency, temporal, recovery scenarios generated |
| Scenarios live in a notebook | Structured output feeds directly into tests or audits |
| Stop when you run out of ideas | Loop generates until max_iterations or all dimensions covered |
Try It
Run the scenario priority calculator:
cd docs/en/lectures/lecture-10-twelve-dimension-scenarios/code
python scenario_priority.py software
python scenario_priority.py securityQuestions to think about:
- Compare the Top 3 for
softwareandsecurity— which dimensions appear in both? Which appear in only one? - Change the concurrency weight in
softwarefrom1.5to3.0— how does the ranking change? - Add a new domain
"mobile"toDOMAIN_WEIGHTS— which 3-4 dimensions matter most for mobile apps? - Pick a feature you built recently. Go through all 12 dimensions and write one concrete scenario for each — which dimension produced the scenario you'd never have written otherwise?