# Requirements Checklist: Spec 426 - Exchange / Teams Core Evidence & Stable Identity Readiness **Purpose**: Validate preparation readiness for the user-provided Spec 426 prerequisite unblocker before implementation. **Created**: 2026-07-02 **Feature**: [spec.md](../spec.md) ## Candidate And Scope - [x] Candidate is directly user-provided and does not depend on the empty auto-prep queue. - [x] Completed historical specs are treated as read-only dependency evidence, not artifacts to rewrite. - [x] Primary operators and user stories are documented. - [x] Functional requirements are documented. - [x] Non-functional requirements are documented. - [x] Success criteria are documented. - [x] Risks and mitigations are documented. - [x] Scope is limited to `exchange.transportRule`, `exchange.acceptedDomain`, `teams.appPermissionPolicy`, and `teams.meetingPolicy`. - [x] Optional Exchange resource types are explicitly excluded. - [x] Optional Teams resource types are explicitly excluded. - [x] Certification is excluded and deferred to Spec 427. - [x] Restore/apply/assisted restore is excluded. - [x] Customer-facing proof, report, Review Pack, export, or PDF activation is excluded. - [x] Broad Exchange, Teams, and M365 coverage claims are excluded. ## Repo Truth Alignment - [x] Spec 422 is recorded as comparable/renderable support for content-backed synthetic or existing rows only. - [x] Spec 425 is recorded as completed Entra certification precedent, not a reason to certify Exchange/Teams. - [x] Current source preflight checked `CoverageSourceContractResolver`. - [x] Current source preflight checked `CoverageIdentityStrategyRegistry`. - [x] Current source preflight checked `GenericContentEvidenceCaptureService`. - [x] Current source preflight checked `CoverageEvidenceWriter`. - [x] Current source preflight checked `ExchangeTeamsComparablePayloadNormalizer`, `ExchangeTeamsCoverageComparator`, and `ExchangeTeamsRenderableSummaryBuilder`. - [x] Current source preflight found no existing `426` spec directory before creation. - [x] Current source preflight found no existing local `426` branch before creation. - [x] Repo-canonical capture outcome and identity state values are recorded instead of inventing a parallel status family. ## Source Contracts - [x] Post-review correction requires `transportRule` to fail closed until a verified source contract exists. - [x] Post-review correction requires `acceptedDomain` to fail closed until a verified source contract exists. - [x] Post-review correction requires `appPermissionPolicy` to fail closed until a verified source contract exists. - [x] Post-review correction requires `meetingPolicy` to fail closed until a verified source contract exists. - [x] Existing contract registry / repo-canonical provider contract pattern is required. - [x] `GraphClientInterface` or repo-canonical provider abstraction is required. - [x] Hardcoded endpoint guessing is forbidden. - [x] Direct HTTP/provider bypass is forbidden. - [x] Runtime documentation fetch is forbidden. - [x] Missing contract fails safe. - [x] Missing permission fails safe. - [x] Unsupported or beta/experimental-only source blocks certification readiness. ## Evidence - [x] Raw payload persistence is required when captured. - [x] Typed/usable normalized payload persistence is required when captured. - [x] Deterministic payload hash is required. - [x] OperationRun linkage is required for provider/source capture. - [x] Source class, source contract, source version/schema hash, and source metadata are required where available. - [x] Empty collections are handled safely only after successful provider/source proof. - [x] Fake/synthetic evidence cannot count as source-backed. - [x] Old gap taxonomy is forbidden for Spec 426 outcomes. - [x] OperationRun context must remain sanitized and numeric-only for summary counts. ## Identity - [x] Stable identity is required for all four mandatory types. - [x] `CanonicalIdentityResolver` usage is required. - [x] Display-name-only identity is impossible. - [x] Array-index identity is impossible. - [x] Priority/order-only identity is impossible. - [x] Payload-hash identity is impossible. - [x] OperationRun identity is impossible. - [x] Random UUID identity is impossible. - [x] Identity conflict blocks readiness. - [x] Derived-only identity blocks certification readiness. - [x] Missing external ID and unsupported identity block certification readiness. ## Normalization And Compare/Render - [x] Source payloads must align with Spec 422 compare/render shape. - [x] `transportRule` material fields are named. - [x] `acceptedDomain` material fields are named. - [x] `appPermissionPolicy` material fields are named. - [x] `meetingPolicy` material fields are named. - [x] Volatile fields must be excluded from material hashes where configured. - [x] Unsupported fields must be diagnosed rather than silently ignored. - [x] Source-backed compare/render readiness requires source-backed evidence plus stable identity. - [x] No certification assignment is allowed. ## Claim Guard - [x] Evidence-ready internal claim is allowed only when proven. - [x] Stable-identity-ready internal claim is allowed only when proven. - [x] Compare/render-ready internal claim is allowed only when proven. - [x] Certified Exchange/Teams wording is blocked. - [x] Full Exchange claim is blocked. - [x] Full Teams claim is blocked. - [x] Certified M365 claim is blocked. - [x] Restore-ready claim is blocked. - [x] Customer-ready proof claim is blocked. ## Ownership / Architecture - [x] No `tenant_id` platform-core ownership truth. - [x] Uses Coverage v2 shared architecture. - [x] No Exchange-specific table family. - [x] No Teams-specific table family. - [x] No separate Exchange/Teams engine or mini-platform. - [x] No v1 compatibility. - [x] No fallback reader, dual write, or legacy adapter. - [x] Provider connection must be same workspace and same managed environment. - [x] Provider-native tenant identifiers remain provider/source metadata only. ## Product Surface - [x] Default decision is no runtime UI impact. - [x] Product Surface no-impact rationale is documented. - [x] Browser proof is required if UI changes. - [x] Human Product Sanity is required if UI changes. - [x] No new route/navigation is allowed. - [x] No customer-facing route is allowed. - [x] No certify action is allowed. - [x] No restore/apply action is allowed. - [x] No dashboard/report/export/PDF/Review Pack output is allowed. - [x] Product Surface exceptions are `none`. ## Redaction / Safe Logging - [x] Raw payload default display is forbidden. - [x] Secrets and tokens are forbidden in logs/UI/output. - [x] Authorization/token/cookie fields are redacted. - [x] OperationRun context is sanitized. - [x] Permission context is sanitized. - [x] Mail body/subject/content leakage is forbidden. - [x] Teams chat/message/file/recording/transcript leakage is forbidden. ## Test Readiness - [x] Unit tests cover source contracts. - [x] Unit tests cover capture eligibility. - [x] Unit tests cover identity strategies. - [x] Unit tests cover canonical identity. - [x] Unit tests cover source payload normalization. - [x] Unit tests cover evidence hash determinism. - [x] Unit tests cover Claim Guard readiness. - [x] Unit tests cover redaction. - [x] Feature tests cover blocked capture with no fake content-backed evidence readiness. - [x] Feature tests cover blocked capture with no fake stable identity readiness rows. - [x] Feature tests cover OperationRun linkage. - [x] Feature tests cover provider scope and RBAC semantics. - [x] Feature tests cover no certification. - [x] Feature tests cover no restore. - [x] Feature tests cover no customer claim. - [x] Feature tests cover no `tenant_id`. - [x] Feature tests cover no mini-platform. - [x] Browser tests are conditional on UI changes. - [x] No real provider calls are allowed in tests. - [x] Test lane impact is documented. ## Implementation Report Readiness - [x] Candidate gate result requirement is defined. - [x] Dirty state before/after requirement is defined. - [x] Files changed requirement is defined. - [x] Source contract matrix is defined. - [x] Evidence matrix is defined. - [x] Identity matrix is defined. - [x] Compare/render readiness matrix is defined. - [x] Claim Guard proof requirement is defined. - [x] Redaction proof requirement is defined. - [x] No certification proof requirement is defined. - [x] No restore proof requirement is defined. - [x] No customer claim proof requirement is defined. - [x] No `tenant_id` confirmation is defined. - [x] No mini-platform confirmation is defined. - [x] Product Surface no-impact/impact requirement is defined. - [x] Tests run and deferred work requirements are defined. ## Review Outcome - [x] Candidate Selection Gate: PASS for direct user-provided manual promotion. - [x] Spec Readiness Gate: PASS for preparation artifacts. - [x] Open question/source blocker is recorded: verified source contracts remain required before source-backed readiness or Spec 427 can proceed. - [x] Hard implementation preflight remains required at T001-T008 before runtime code changes. - [x] Preparation scope stops before application implementation.