# Requirements Checklist: Spec 427 - Exchange / Teams Verified Source Contract Enablement **Purpose**: Validate specification completeness and quality before implementation **Created**: 2026-07-03 **Feature**: `specs/427-exchange-teams-verified-source-contract-enablement/spec.md` ## Scope - [x] Only selected Exchange/Teams source contracts are in scope. - [x] No evidence capture is in scope. - [x] No content-backed promotion is in scope. - [x] No compare/render promotion is in scope. - [x] No certification is in scope. - [x] No restore/apply flow is in scope. - [x] No customer claim is in scope. - [x] No new UI surface is in scope. ## Target Types - [x] `exchange.transportRule` maps to repo canonical `transportRule`. - [x] `exchange.acceptedDomain` maps to repo canonical `acceptedDomain`. - [x] `teams.appPermissionPolicy` maps to repo canonical `appPermissionPolicy`. - [x] `teams.meetingPolicy` maps to repo canonical `meetingPolicy`. - [x] Repo-canonical names are documented in the spec. ## Contract Verification - [x] Source class metadata is required for verified contracts. - [x] Draft source class labels are mapped to repo-canonical source classes such as `graph_v1_fallback`. - [x] Contract name/version metadata is required for verified contracts. - [x] Permission model metadata is required for verified contracts. - [x] Response shape metadata is required for verified contracts. - [x] Pagination/collection semantics are required for verified contracts. - [x] Identity handoff metadata is required for verified contracts. - [x] Redaction rules are required for verified contracts. - [x] Final state is explicit for verified and blocked contracts. ## Fail-Safe - [x] Missing source blocks. - [x] Unclear permissions block. - [x] Beta-only source blocks certification/customer/restore claims. - [x] Unsafe response shape blocks. - [x] Missing repo adapter blocks. - [x] Unsafe identity blocks. - [x] Unsafe redaction blocks. - [x] Blocked contracts create no provider call, resource row, or evidence row. ## No Promotion - [x] No raw evidence created. - [x] No normalized evidence created. - [x] No content-backed level. - [x] No comparable level. - [x] No renderable level. - [x] No certified level. - [x] No customer claim. - [x] No restore-ready state. ## Architecture - [x] Uses Coverage v2 source contract infrastructure. - [x] No direct HTTP bypass. - [x] No endpoint guessing. - [x] No new provider subsystem. - [x] No `tenant_id`. - [x] No Exchange mini-platform. - [x] No Teams mini-platform. - [x] Completed specs are read-only context and are not rewritten. ## Product Surface - [x] No rendered UI changed by default. - [x] Product Surface Contract result is `N/A - no rendered UI surface changed`. - [x] Browser proof is `N/A - no rendered UI surface changed`. - [x] Human Product Sanity is `N/A - no product surface changed`. - [x] Product Surface exceptions are `none`. ## Tests - [x] Unit tests are planned for resolver/contract states/permissions/response/identity/redaction. - [x] Feature tests are planned for all four target types. - [x] No-promotion tests are planned. - [x] Spec 426 regression is planned. - [x] Spec 417/420 regression is planned. - [x] No real provider calls are allowed. - [x] Test lane impact is documented. ## Candidate Selection Gate - [x] Candidate exists as a direct user-provided draft. - [x] The active auto-prep queue was checked and is not used as the source. - [x] The candidate is not already covered by an existing active or completed Spec 427 package. - [x] Related completed specs are dependency context only. - [x] The candidate aligns with the current Coverage v2 / Exchange/Teams sequence. - [x] The scope is the smallest viable implementation slice. ## Spec Readiness Gate - [x] `spec.md` exists. - [x] `plan.md` exists. - [x] `tasks.md` exists. - [x] Problem, value, requirements, non-goals, acceptance criteria, assumptions, and risks are documented. - [x] RBAC, workspace/managed-environment/provider scope, auditability/observability, evidence/result truth, and UX no-impact posture are addressed. - [x] No open question blocks safe implementation. - [x] Scope is bounded for a later implementation loop. ## Final Candidate Gate Result: `PASS` Rationale: The package is a direct, manually supplied candidate and is scoped to precise source-contract verification only. It preserves fail-safe behavior, forbids evidence/readiness/customer promotion, and includes explicit implementation stop conditions.