ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
420-m365-generic-evidence-coverage-pack
TenantAtlas/specs/418-coverage-v2-operator-surface/checklists/requirements.md
ahmido 4aaec3521a feat: add coverage v2 operator surface (#485) 
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #485
2026-06-26 12:50:36 +00:00

5.0 KiB
Raw Permalink Blame History

Requirements Checklist: Spec 418 - Coverage v2 Operator Surface

Candidate And Dependencies

  • Candidate is user-provided, not auto-selected from an empty active candidate queue.
  • Spec 414 is completed/validated dependency context only.
  • Spec 415 is completed/validated dependency context only.
  • Spec 417 is completed/validated dependency context only.
  • No existing 418-coverage-v2-operator-surface spec directory was found before creation.
  • Scope is limited to one internal operator readiness surface.
  • No application implementation was performed during preparation.

Scope

  • Spec 418 depends on Coverage v2 kernel/capture/identity.
  • Spec 418 adds one operator-only read surface.
  • Spec 418 does not activate customer-facing Coverage v2 truth.
  • Spec 418 does not convert Evidence Overview, Review Packs, Reports, Restore, Baseline Compare, or Customer Review Workspace.
  • Spec 418 does not add capture/start actions.
  • Deferred Coverage v2 cutover/removal and customer activation are listed as follow-up work.

Product Surface

  • Product Surface Impact is declared.
  • Surface is Secondary Context Surface.
  • Surface is Read-only Registry / Report Surface.
  • Surface is Native Surface unless implementation documents an approved exception.
  • Inspect/open model uses a linked primary column instead of a duplicate View/Inspect row action.
  • Primary operator question is explicit.
  • Default-visible truth is explicit.
  • Diagnostics are secondary/disclosed.
  • Raw/support evidence is hidden.
  • Browser proof is required.
  • Product Surface table-count exception is documented and internal-only.
  • Product Surface table-count exception is classified as a PSC Technical Annex surface-budget exception, with UI-EX-001 remaining none for native Filament implementation.
  • Human Product Sanity questions are explicit.
  • docs/product/standards/list-surface-review-checklist.md is required for implementation close-out.

Ownership / RBAC

  • No tenant_id internal ownership.
  • Surface scopes by workspace and managed environment.
  • Provider connection filters are same-scope.
  • Non-member gets 404.
  • No environment entitlement gets 404.
  • Member without capability gets 403.
  • Authorized actor can view.
  • Workspace-wide aggregation, if implemented, is limited to entitled environments.

Data / Render

  • Page render is DB-only.
  • No Graph/TCM/provider calls during render.
  • No capture action.
  • No remote calls in table columns, badges, filters, or diagnostics.
  • No persisted UI-only summary table unless the spec is amended with proportionality proof.
  • Narrow indexes are allowed only with documented query path.
  • Top activation blocker ordering is deterministic.

Vocabulary

  • Shows Coverage level.
  • Shows Evidence state.
  • Shows Identity state.
  • Shows Claim state.
  • Shows Source class.
  • Shows Supported scope.
  • Status-like rendered values use BadgeCatalog/BadgeRenderer or a central BadgeDomain mapping.
  • Does not show Evidence gaps.
  • Does not show Raw gaps.
  • Does not show Primary gaps.
  • Does not show policy_record_missing.
  • Does not show foundation_not_policy_backed.
  • Does not show meta_fallback.
  • Does not show ambiguous_match.
  • Does not show old v1 gap reason codes as active UI truth.

Claim Safety

  • No unscoped 100% claim.
  • No broad Microsoft 365 coverage claim.
  • No certified claim unless exact internal guard allows and the label remains internal.
  • No restore-ready claim.
  • No customer-ready proof claim.
  • Claim state labels are internal/operator-facing.

Redaction

  • Raw payload hidden.
  • Normalized payload hidden by default.
  • Permission context raw JSON hidden.
  • Tokens, secrets, authorization headers, cookies, private keys, certificates, raw provider responses, stack traces, and PII absent.
  • OperationRun diagnostics are secondary and authorized.
  • Evidence hash is allowed if safe.

Tests

  • Unit tests cover read model, summary, blockers, display mapping, and no-old-label emissions.
  • Feature tests cover authorization, render, redaction, no-legacy, no-remote, OperationRun links, and provider scope.
  • Browser smoke covers rendered UI.
  • No real Graph/TCM/provider calls are allowed.
  • Test lane impact is documented.

Spec Readiness Gate

  • spec.md exists.
  • plan.md exists.
  • tasks.md exists.
  • Requirements are bounded and testable.
  • Plan identifies likely affected repo surfaces.
  • Tasks are ordered, small, verifiable, and include validation.
  • Product Surface, RBAC, workspace/provider isolation, OperationRun, evidence, provider boundary, no-legacy, and test governance are addressed.
  • No open question blocks safe implementation.

Gate Results

  • Candidate Selection Gate: PASS.
  • Spec Readiness Gate: PASS for preparation; implementation must still follow tasks.md.