Missing reference for testing extensions within the extension host (or possibly too hard to find)

I am writing an extension, and I am writing tests for that extension.

The extension needs to severely limit its actions when the current workspace is untrusted.

I would like to write an integration test that spawns a trusted and an untrusted extension host, to validate that I got the trust boundary wrong.

Unfortunately, I cannot find any documentation on how to do that.