PK
Back to archive

Engineering

The Testing Pyramid Is a Lie

A risk-weighted testing model that invests in the regressions most worth preventing.

The Testing Pyramid Is a Lie

The testing pyramid turns an economic decision into a shape. Teams learn that many unit tests, fewer integration tests, and a small number of end-to-end tests is the mature posture.

That advice is useful until the system's actual risk profile disagrees with the drawing.

The thesis

The testing pyramid is a lie when it is treated as a target architecture. A test suite should be shaped by risk, contracts, feedback speed, maintenance cost, and evidence, not by a diagram that assumes all systems fail in similar ways.

I do not mean unit tests are bad or end-to-end tests are good. I mean the ratio is not the strategy. The strategy is to spend testing effort where a prevented regression is worth more than the test's cost of ownership.

The principal concern is not coverage theater. It is whether the organization can change important behavior without quietly breaking promises it no longer remembers making.

The production pattern

A team inherits a suite that looks healthy in dashboards. Reviewers feel protected.

Then a regression escapes. It was not in a complicated algorithm. It was in the connection between two parts of the system: a contract interpretation, a schema assumption, an authorization edge, a retry path, a feature flag combination, or a data migration sequence. The individual units behaved as mocked. The system failed where the mocks had become fiction.

The next reaction is usually to add an end-to-end test for the exact failure. Sometimes that is right. Sometimes it creates a slow, flaky test that future engineers learn to distrust. The root problem is that the team is still reacting by test type instead of by risk class.

A different team has the opposite problem. It has broad browser tests for everything. They catch real bugs, but they are slow, fragile, and expensive to debug. Engineers stop running them locally. The suite becomes a release gate instead of a design tool.

Both teams are obeying a shape.

The model

I use a risk-weighted testing model with five dimensions.

Risk asks what breaks if this behavior regresses. Money movement, access control, data deletion, notification correctness, compatibility, and operational recovery deserve more evidence than a low-impact formatting path.

Contract asks who depends on the behavior. A private helper has a small audience. An API, event schema, migration, permission rule, or exported report can have a long memory. The more durable the contract, the more the test should resemble the contract boundary.

Feedback speed asks when the test informs a decision. A test that runs in seconds can shape design and refactoring. A test that runs late in a pipeline is still valuable, but it cannot carry the same purpose.

Maintenance cost asks how often the test fails for reasons unrelated to product risk. Brittle fixtures, timing assumptions, environment coupling, and over-specified UI flows tax every future change.

Evidence asks what the test actually proves. A mocked unit test may prove branching logic. A contract test may prove compatibility. An integration test may prove wiring. An end-to-end test may prove the happy path through deployed components. None of them proves everything.

My practical checklist:

  • Failure class: what regression are we trying to prevent?
  • Boundary: where would that regression become observable?
  • Cheapest evidence: what is the lowest-cost test that proves the important claim?
  • Debug path: when it fails, will the owner know what to inspect?
  • Change rate: will this test survive ordinary product evolution?
  • Residual risk: what important behavior remains untested after this?

Where this goes wrong

Risk-weighted testing can be abused as an excuse to under-test. A team can call everything low risk when it is under deadline pressure. That is why the model needs named failure classes and explicit ownership. "We chose not to test this" should be a visible decision, not an accident.

It can also become too bespoke. If every area invents its own testing philosophy, the codebase becomes hard to reason about. Shared defaults still matter. The point is to let risk override the default, not to eliminate defaults.

The pyramid remains useful as a warning about cost. Broad tests are often slower and more fragile. A suite made mostly of end-to-end tests usually becomes painful. But the pyramid fails when teams obey it even after evidence shows that their highest-value regressions happen at boundaries.

Some organizations do need simple rules. A young codebase may benefit from "write more unit tests" because the alternative is no discipline at all. Simple rules can start a habit. They should not become permanent architecture.

What I do now

When reviewing a test plan, I ask what production promise the test suite is defending. I do not start with test count.

For pure logic, I want fast unit tests with small fixtures. For external contracts, I want contract tests that run near the boundary. For data behavior, I want integration tests against realistic storage. For migrations, I want forward and backward compatibility evidence. For critical user journeys, I want a small number of stable end-to-end tests that prove the business path, not every button.

For principal-level ownership, I want a testing strategy that can explain itself to new engineers. The suite should tell them which behaviors are sacred, which contracts are durable, which areas are volatile, and where extra care is required.

Closing takeaway

Do not optimize for a testing shape. Buy the cheapest reliable evidence for the regressions you most need to prevent.