# Requirements Checklist — Foundations in Inventory (047)

## Constitution Gates

- [x] Tenant isolation: all foundation sync reads/writes are scoped to Tenant::current()/tenant_id (no leakage).
- [x] No snapshot/backup side effects: Inventory sync must not write to policy_versions/backup_* tables.
- [x] Config-driven types: foundation types are sourced from config('tenantpilot.foundation_types') only (no hardcoded lists).
- [x] No UI Graph calls: Inventory/Dependencies UI must render using DB-only resolution (no runtime Graph/Entra lookups).
- [x] Idempotency: re-running sync does not create duplicates; last_seen_at/last_seen_run_id update deterministically.
- [x] Data minimization: foundation meta_jsonb is sanitized (stored == InventoryMetaSanitizer::sanitize(stored)).
- [x] Observability: InventorySyncRun observed/upserted counts include foundations when enabled, exclude when disabled.
- [x] Tests exist and were executed (targeted at minimum).

## Feature 047 Functional Coverage

- [x] FR-001 Foundation types MVP are synced when include_foundations=true (roleScopeTag, assignmentFilter, notificationMessageTemplate).
- [x] FR-002 include_foundations=false produces no foundation node sync side effects.
- [x] FR-003 Foundation nodes stored as InventoryItems with stable identity (tenant_id + policy_type + external_id).
- [x] FR-004 Inventory Coverage UI shows Policies + Foundations.
- [x] FR-005 Inventory Items UI can filter/browse foundations.

## Test Gates

- [x] T020/T021: include_foundations on/off behavior is covered by feature tests.
- [x] T023: foundation meta_jsonb sanitized invariant (no payload dump).
- [x] T024: run counts include/exclude foundations (deterministic setup).
- [x] Pint run (T020) and targeted tests run (T021).