# Requirements Checklist: Exchange PowerShell Adapter Contract Slice 1 **Purpose**: Validate that Spec 430 is bounded, implementation-ready, and safe to hand to an implementation loop. Checked items mean the requirement is specified by the artifacts, not already implemented in application code. **Created**: 2026-07-04 **Feature**: `specs/430-exchange-powershell-adapter-contract-slice-1/spec.md` ## Preparation Scope - [x] `spec.md` exists. - [x] `plan.md` exists. - [x] `tasks.md` exists. - [x] Candidate source is documented from the user-provided draft and Spec 429. - [x] Completed-spec guardrail was applied to Specs 426-429 as read-only context. - [x] No existing `specs/430-*` package was found before creating this one. - [x] Current branch and pre-Spec Kit HEAD/dirty state are recorded. - [x] No application code was modified during preparation. ## Candidate Selection Gate - [x] Selected candidate is directly provided by the user and aligned with Spec 429. - [x] Selected candidate is not already covered by an active or completed Spec 430. - [x] Candidate is scoped as a small implementation-ready slice. - [x] Close alternatives are deferred instead of hidden in primary scope. - [x] Roadmap relationship is explicit: Spec 430 unblocks Spec 431. - [x] Candidate Selection Gate result is recorded as PASS. ## Scope - [x] Only `transportRule` is included. - [x] Only `remoteDomain` is included. - [x] Only `inboundConnector` is included. - [x] No Teams target type is included. - [x] No Exchange Admin API adapter is included. - [x] No `outboundConnector` is included. - [x] No `acceptedDomain` or `organizationConfig` is included. - [x] No evidence capture is included. - [x] No OperationRun is included. - [x] No compare/render is included. - [x] No certification is included. - [x] No restore/apply is included. - [x] No customer claim is included. - [x] No UI is included. ## Adapter Safety Requirements - [x] Structured command contract requirement is specified. - [x] Static allowlisted read-only commands are specified. - [x] Raw command strings must be rejected. - [x] Unknown parameters must be rejected. - [x] Mutation commands must be rejected. - [x] Fake runner must be used in tests. - [x] No shell execution in unit tests is required. - [x] No provider calls in tests is required. - [x] Production live execution remains disabled/inert for this slice. ## Source Contract Requirements - [x] `transportRule` contract requirement exists. - [x] `remoteDomain` contract requirement exists. - [x] `inboundConnector` contract requirement exists. - [x] Resolver must return verified pending capture for included types. - [x] Missing adapter state must be removed for included types only. - [x] Missing contract state must be removed for included types only. - [x] Excluded types must remain blocked or deferred. ## Metadata Requirements - [x] Permission metadata is required. - [x] Runtime permission validation must remain pending unless proven. - [x] Response-shape metadata is required. - [x] Identity handoff metadata is required. - [x] Display-name-only identity is forbidden. - [x] Redaction metadata is required. - [x] Normalization handoff metadata is required. - [x] Claim boundary metadata is required. - [x] Restore tier must remain compare-only or stricter. ## Non-Functional Requirements - [x] Fail-closed command and response-shape security posture is specified. - [x] Offline deterministic test posture is specified. - [x] Redaction posture is specified for secrets, transcripts, stdout/stderr, and content. - [x] Provider-boundary posture is specified. - [x] Workspace/managed-environment/provider-connection scope posture is specified. - [x] OperationRun observability posture is specified as deferred/no-run for this slice. - [x] Product surface no-impact posture is specified. - [x] Test governance posture is specified. ## No-Promotion Requirements - [x] No content-backed evidence. - [x] No raw provider payload persistence. - [x] No normalized evidence persistence. - [x] No comparable level. - [x] No renderable level. - [x] No certified level. - [x] No restore-ready state. - [x] No customer-ready state. - [x] Claim Guard/no-claim proof is required. ## Architecture Requirements - [x] Uses Coverage v2 source contract architecture. - [x] No Exchange mini-platform. - [x] No direct HTTP bypass. - [x] No runtime Microsoft documentation fetch. - [x] No `tenant_id`. - [x] No legacy shim. - [x] No fallback reader. - [x] Provider-native identifiers remain metadata, not ownership truth. ## Product Surface Requirements - [x] UI Surface Impact is checked as no impact. - [x] Product Surface Impact is `N/A - no rendered product surface changed`. - [x] Browser proof is `N/A - no rendered UI surface changed`. - [x] Human Product Sanity is N/A. - [x] Livewire v4 posture is recorded as no UI change. - [x] Provider registration location is recorded as no panel change. - [x] Global search posture is recorded as no resource change. - [x] Destructive/high-impact action posture is none. - [x] Asset strategy is no assets. - [x] Deployment impact is no env/migrations/queues/scheduler/storage/assets expected. ## Test Readiness Requirements - [x] Focused unit tests are required. - [x] Feature tests are conditional and bounded. - [x] Spec 426/427/428 regressions are required where test-backed. - [x] Spec 417/420 regressions are required where relevant. - [x] Pint is required. - [x] `git diff --check` is required. - [x] `git status --short` is required. - [x] Browser is N/A unless the spec is amended. ## Implementation Gate Checklist These items are checked after the implementation loop completed them, supported by `tasks.md` and `implementation-report.md`. - [x] `transportRule`, `remoteDomain`, and `inboundConnector` have adapter contracts. - [x] Only `Get-TransportRule`, `Get-RemoteDomain`, and `Get-InboundConnector` are allowlisted. - [x] Mutation commands are rejected. - [x] Raw command strings are rejected. - [x] Fake runner proves structured execution behavior. - [x] Resolver returns verified pending capture for included types. - [x] Excluded types remain blocked/deferred. - [x] No shell execution occurs in unit tests. - [x] No provider calls occur in tests. - [x] No evidence or OperationRun is created. - [x] No compare/render/certification/restore/customer claim appears. - [x] No `tenant_id` is introduced. - [x] Exchange cmdlets and response fields remain provider-owned source details, not platform-core ownership truth or customer vocabulary. - [x] Workspace/managed-environment/provider-connection scope is preserved for future execution handoff, with provider-native tenant identifiers metadata-only. - [x] No Exchange mini-platform is introduced. - [x] Focused tests and regressions pass. ## Review Outcome - [x] Review outcome class for preparation: acceptable-special-case. - [x] Workflow outcome for preparation: keep. - [x] Final note location: implementation report after the later implementation loop.