TenantAtlas/.agent/skills/temporary-migrations/tcm-cutover-guard/SKILL.md
ahmido 332f6325cb feat: add tenantpilot agent skill layer v1 (#483)
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #483
2026-06-25 23:03:47 +00:00

4.8 KiB

name description
tenantpilot-tcm-cutover-guard Temporary migration gate for Coverage v2 / TCM activation, legacy coverage vocabulary cutover, and customer-claim safety.

Purpose

Use this temporary skill to prevent incomplete Coverage v2 / TCM kernel or capture work from becoming customer/operator proof, legacy adapters, fallback readers, dual truth, or runtime activation before the cutover is explicitly complete.

Activate When

  • Touching Coverage v2, TCM kernel, tenant configuration resource types, supported scopes, concrete resources, evidence capture, TCM/Graph contract decisions, legacy coverage vocabulary, or v1/v2 cutover.
  • Adding customer/operator claims about Coverage v2, supported scope, capture completeness, or TCM readiness.
  • Reviewing specs that follow Specs 414 or 415.

Do Not Activate When

  • The task has no Coverage v2, TCM, coverage vocabulary, capture evidence, or customer/operator coverage claim behavior.
  • The Coverage v2 / TCM activation and legacy vocabulary cutover have been completed and this skill has been retired.

Maturity

L3 temporary migration gate.

Gate Type

temporary-migration-gate.

Source Evidence

  • specs/414-tcm-first-coverage-core-cutover/implementation-report.md
  • specs/415-generic-content-backed-capture/implementation-report.md
  • specs/415-generic-content-backed-capture/spec.md
  • .specify/memory/constitution.md
  • apps/platform/app/Models/TenantConfigurationResourceType.php
  • apps/platform/app/Models/TenantConfigurationResource.php
  • apps/platform/app/Models/TenantConfigurationResourceEvidence.php
  • apps/platform/app/Support/TenantConfiguration/EvidenceState.php
  • apps/platform/tests/Feature/TenantConfiguration/Spec415NoLegacyNoUiActivationTest.php
  • apps/platform/tests/Feature/TenantConfiguration/TenantConfigurationKernelSchemaTest.php

External Anchors

Not applicable.

Required Repo Context

  • Spec 414 kernel status and inactive scope.
  • Spec 415 capture/evidence status and no-UI/no-legacy guard.
  • Tenant configuration migrations/models/services/tests.
  • Graph contract registry and provider gateway path if capture is touched.
  • Customer/operator surfaces that might display coverage claims.

Execution Checklist

  • Confirm whether Coverage v2 is still inactive for customer/operator proof.
  • Confirm no v1-to-v2 adapter, fallback reader, dual write, old snapshot promotion, or old gap taxonomy dependency is added.
  • Confirm no .tenant_id platform-core ownership field appears in Coverage v2 ownership schema.
  • Keep provider-native tenant IDs as metadata only.
  • Keep raw and normalized payloads as internal evidence storage, not default UI/report content.
  • Keep remote/provider capture queued and OperationRun-backed when used.
  • Use explicit Graph contracts; do not guess endpoints.
  • Stop before adding UI/start surfaces or customer claims unless the active spec is amended for Product Surface, browser proof, RBAC, and customer-output gates.

Stop Conditions

  • Remote capture is required but no Graph contract exists.
  • UI activation or customer/operator proof is added by a kernel/capture-only spec.
  • Legacy adapters, fallback readers, or dual truth paths are introduced.
  • tenant_id becomes Coverage v2 ownership truth.
  • Customer-facing claims depend on inactive TCM kernel or unactivated Coverage v2.
  • Raw provider/evidence payloads are rendered by default.
  • Capture bypasses same-scope provider connection or OperationRun/service lifecycle safeguards.

Required Evidence After Use

  • Whether Coverage v2 is inactive, active, or in explicit cutover.
  • Proof that no legacy adapter/fallback/dual write was added.
  • Ownership schema proof: workspace, managed environment, provider connection, and no tenant_id platform ownership.
  • Customer/operator UI impact or N/A - no rendered UI surface changed.
  • Tests or static guards for no-legacy/no-UI/no-customer-claim behavior.

Common Failure Modes

  • Treating Coverage v2 internal evidence as customer-ready coverage truth.
  • Reading old snapshots as v2 evidence.
  • Adding a convenience adapter to keep old and new outputs alive.
  • Letting beta or missing-contract capture outcomes look certified.
  • Building UI activation before proof and Product Surface gates exist.

Quarantined Rules

Full Spec 416 quarantine list applies. Especially quarantined here: Coverage v1 vocabulary as customer truth; v1-v2 adapters; fallback readers; dual writes; fallback-to-latest evidence; tenant_id as platform-core ownership truth; raw provider/evidence payload default display; historical audits as current truth.

Review / Expiry

Expires after Coverage v2 / TCM activation and legacy coverage vocabulary cutover are complete. At expiry, replace this temporary migration gate with current activation truth and remove stale cutover warnings from future prompts.