# Requirements Checklist: Spec 406 - Governance Artifact Lifecycle & Retention **Feature**: `specs/406-governance-artifact-lifecycle-retention/` **Review date**: 2026-06-23 **Scope**: Preparation artifact quality only. No application implementation performed. ## Candidate Selection Gate - [x] The selected candidate was directly provided by the operator as Spec 406. - [x] The selected candidate matches manual backlog item `governance-artifact-lifecycle-retention-runtime`. - [x] `docs/product/spec-candidates.md` was reviewed and still reports no safe automatic next-best-prep target. - [x] The candidate aligns with `docs/product/roadmap.md` Governance Artifact Lifecycle & Retention runtime priority. - [x] Completed Spec 267 is treated as read-only historical context and is not modified. - [x] Specs 158, 262, 400, 403, 404, and 405 are read-only context. - [x] No existing `specs/406-governance-artifact-lifecycle-retention/` package existed before preparation. - [x] A different branch named `406-provider-policy-domain-public-taxonomy` is recorded as unrelated. - [x] The smallest slice is lifecycle action, retention, export/download, hold/delete, file/database consistency, audit, tests, browser proof, and final report over existing artifacts. - [x] Close alternatives are deferred instead of hidden inside this package. - [x] Candidate Selection Gate result: PASS as a manual operator-promoted follow-through candidate. ## Spec Completeness - [x] Problem statement is clear and product-oriented. - [x] Business/product value is explicit. - [x] Primary users/operators are named. - [x] Scope fields cover routes/surfaces, ownership, RBAC, and leakage checks. - [x] Functional requirements are testable. - [x] Non-functional requirements cover security, reliability, auditability, performance, deployment, and test governance. - [x] User stories include independent tests and acceptance scenarios. - [x] Edge cases are documented. - [x] Out-of-scope boundaries forbid portal, eDiscovery, compliance claims, report redesign, evidence/currentness rewrite, JSONB migration, and broad audit scope. - [x] Success criteria are measurable. - [x] Assumptions, risks, and open questions are explicit. ## Constitution And Proportionality - [x] Spec Candidate Check is filled out. - [x] Approval class is exactly one class: Core Enterprise. - [x] Score is recorded and above the minimum threshold. - [x] Proportionality Review is completed. - [x] No generic artifact table/entity/source of truth is approved by default. - [x] No broad lifecycle framework, purge platform, export center, compliance taxonomy, or UI framework is approved by default. - [x] Runtime changes are limited to confirmed in-scope lifecycle/action/proof defects over existing artifacts. - [x] The spec requires stopping and updating spec/plan before broader architecture or product scope. ## Product Surface Contract - [x] `docs/product/standards/product-surface-contract.md` is referenced. - [x] No-legacy posture is recorded. - [x] Product Surface Impact is completed for existing artifact/status/download/customer-output surfaces. - [x] Page archetypes are identified as Report Page, Receipt Page, Decision Page, Technical Annex, and Search/Index Page where applicable. - [x] Surface-budget expectations and Technical Annex/deep-link demotion are documented. - [x] Canonical status vocabulary expectations are documented. - [x] Product Surface exceptions are `none planned`. - [x] Browser proof is required and focused. - [x] Human Product Sanity is required. - [x] UI coverage registry review/update or checked no-update rationale is required if rendered existing surfaces materially change. - [x] Implementation-report close-out fields are required. - [x] Completed historical specs are read-only context and must not be rewritten. ## Plan Completeness - [x] Plan identifies PHP/Laravel/Filament/Livewire/Pest/PostgreSQL/Sail/Dokploy context. - [x] Plan names existing runtime code surfaces likely affected if defects are found. - [x] Plan distinguishes Spec 267 read-only lifecycle completion from Spec 406 action/runtime hardening. - [x] Plan includes UI/Product Surface, Filament/Livewire/deployment, shared-pattern, OperationRun, RBAC, audit, storage, and test-governance posture. - [x] Plan defines lifecycle matrix-first implementation. - [x] Plan includes stop conditions. - [x] Plan does not contradict repository architecture or current code truth. ## Task Completeness - [x] Tasks are ordered by preparation, inventory, matrix, tests, implementation, browser proof, and close-out. - [x] Tasks are small and verifiable. - [x] Tasks require tests before runtime fixes where practical. - [x] Tasks include explicit lane classification. - [x] Tasks include Product Surface and Filament output-contract close-out fields. - [x] Tasks require authorization, cross-workspace, customer-safe, evidence/currentness, failure, storage, retention, audit, and file/database consistency proof. - [x] Tasks include focused browser proof and Human Product Sanity. - [x] Tasks include non-goals preventing scope creep. - [x] Tasks include final validation commands and implementation-report completion. ## Open Questions And Readiness - [x] Product decisions about actual deletion support, expired customer access, and hold persistence are recorded as implementation-time decisions handled by matrix classification. - [x] No open question blocks starting the implementation loop because unsafe decisions must become `PRODUCT DECISION REQUIRED` rows rather than invented behavior. - [x] Spec Readiness Gate result: PASS for implementation preparation. ## Review Outcome - [x] Review outcome class: `acceptable-special-case` for a bounded governance artifact lifecycle runtime-hardening gate. - [x] Workflow outcome: `keep`. - [x] Final note location: future implementation report `specs/406-governance-artifact-lifecycle-retention/implementation-report.md`. - [x] No application implementation was performed during preparation.