# Requirements Checklist: Spec 415 - Generic Content-Backed Capture ## Preparation Completeness - [x] CHK001 `spec.md` exists and uses the active repository template sections. - [x] CHK002 `plan.md` exists and identifies likely affected repo surfaces. - [x] CHK003 `tasks.md` exists and is ordered, small, and verifiable. - [x] CHK004 Spec 414 is treated as completed dependency context only. - [x] CHK005 No application code was modified during preparation. ## Candidate Selection Gate - [x] CHK010 The selected candidate was directly provided by the user. - [x] CHK011 No existing `415-*` spec or branch was found before Spec Kit creation. - [x] CHK012 Related Spec 414 is completed/validated and was excluded from modification. - [x] CHK013 The active auto queue in `docs/product/spec-candidates.md` is empty, so the direct user-provided candidate is the safe source. - [x] CHK014 Manual backlog alternatives were deferred because they require explicit product promotion. - [x] CHK015 The candidate is scoped as a bounded internal runtime/evidence slice, not a broad activation/cutover. - [x] CHK016 Candidate Selection Gate result: PASS. ## Scope - [x] CHK020 Scope is limited to generic content-backed Coverage v2 capture for the initial Spec 414 resource types. - [x] CHK021 Coverage v2 remains inactive as customer/operator proof. - [x] CHK022 Evidence Overview conversion is out of scope. - [x] CHK023 Customer Review Workspace conversion is out of scope. - [x] CHK024 Review Pack, Report, Restore Readiness, Baseline Compare, and operator surface conversion are out of scope. - [x] CHK025 Full TCM catalog import, semantic compare, render, restore/apply, certification, and legacy removal are out of scope. - [x] CHK026 Spec 416 Canonical Identity Engine and later activation/cutover specs are deferred. ## Ownership And Data Truth - [x] CHK030 `workspace_id` and `managed_environment_id` are required for environment-owned resource/evidence records. - [x] CHK031 `provider_connection_id` is required for provider-sourced records and must be same workspace/environment. - [x] CHK032 `tenant_id` is forbidden as Coverage v2 ownership truth. - [x] CHK033 Provider-native Microsoft tenant/directory/subscription/account IDs are metadata only. - [x] CHK034 Concrete resources and append-only evidence are distinguished from OperationRun execution truth. - [x] CHK035 Raw payload and normalized payload are evidence truth, not OperationRun context truth. ## Source Contract Safety - [x] CHK040 Graph calls must use `GraphClientInterface`. - [x] CHK041 Source contracts must come from the repo registry/config path. - [x] CHK042 Missing contracts fail safe as `capture_blocked_missing_contract`. - [x] CHK043 Beta experimental capture is blocked by default. - [x] CHK044 Unsupported/out-of-scope types skip safely. - [x] CHK045 Endpoint guessing and hardcoded quick endpoints are forbidden. - [x] CHK046 Capture eligibility matrix is required in implementation report. ## Evidence And Redaction - [x] CHK050 Raw payload is JSONB evidence storage only. - [x] CHK051 Normalized payload is JSONB and hash input is deterministic. - [x] CHK052 Evidence rows are append-only. - [x] CHK053 Permission/source context is redacted. - [x] CHK054 OperationRun context/messages, audit metadata, logs, and notifications must not contain raw payloads or secrets. - [x] CHK055 Required redaction keys are listed. ## OperationRun - [x] CHK060 Capture is OperationRun-backed. - [x] CHK061 Remote/provider capture is queued/asynchronous. - [x] CHK062 OperationRun status/outcome transitions are service-owned through `OperationRunService`. - [x] CHK063 Summary counts use canonical numeric keys from `OperationSummaryKeys::all()`. - [x] CHK064 Default summary keys avoid inventing `captured`/`blocked` counters. - [x] CHK065 No local queued DB notification or terminal notification bypass is allowed. ## RBAC And Audit - [x] CHK070 Non-member workspace access returns 404. - [x] CHK071 Workspace member without managed-environment entitlement returns 404. - [x] CHK072 Member without capture capability returns 403. - [x] CHK073 Readonly cannot start capture. - [x] CHK074 Default capability posture uses `Capabilities::EVIDENCE_MANAGE` unless implementation documents and tests a narrower existing capability. - [x] CHK075 Start/completion/failure audit metadata is required and must be sanitized. ## No Legacy / No Dual Truth - [x] CHK080 No v1-to-v2 adapter. - [x] CHK081 No v1/v2 dual write. - [x] CHK082 No fallback reader from old snapshots. - [x] CHK083 No old snapshot promotion into v2 proof. - [x] CHK084 No old gap taxonomy in v2 outcomes. - [x] CHK085 No customer-facing dual truth. - [x] CHK086 No completed historical spec rewrite. ## Product Surface - [x] CHK090 UI Surface Impact is `No UI surface impact`. - [x] CHK091 Product Surface Impact is `N/A - no rendered product surface changed`. - [x] CHK092 Browser proof is `N/A - no rendered UI surface changed`. - [x] CHK093 Human Product Sanity is N/A. - [x] CHK094 Product Surface exceptions are none. - [x] CHK095 Stop-and-amend rule exists for any UI file, route, navigation, download, report, or rendered surface change. - [x] CHK096 Existing generic OperationRun/notification surfaces may show run records only through the shared lifecycle contract; no feature-local rendered UI or notification semantics are added. ## Tests And Validation - [x] CHK100 Unit tests are required for resolver, normalizer, hash, redaction, outcomes, and summary key posture. - [x] CHK101 Feature tests are required for persistence, OperationRun, RBAC, provider scope, fake Graph capture, and no-legacy/no-UI guards. - [x] CHK102 PostgreSQL lane is required when JSONB/check constraints/composite FKs/partial indexes are added. - [x] CHK103 Browser and heavy-governance lanes are not required unless scope changes. - [x] CHK104 No real Graph/TCM calls are allowed in tests. - [x] CHK105 Minimal validation commands are listed in `plan.md` and `tasks.md`. ## Spec Readiness Gate - [x] CHK110 Problem statement, value, users, requirements, non-goals, acceptance criteria, assumptions, and risks are present. - [x] CHK111 Plan identifies likely affected repo surfaces and does not contradict current architecture. - [x] CHK112 Tasks are ordered, small, verifiable, and include tests/validation. - [x] CHK113 RBAC, workspace/managed-environment isolation, auditability, OperationRun semantics, evidence/result truth, and UX/no-UI requirements are addressed. - [x] CHK114 No open question blocks safe implementation. - [x] CHK115 Required Product Surface and proportionality sections are complete. - [x] CHK116 Spec Readiness Gate result: PASS.