TenantAtlas/specs/426-exchange-teams-core-evidence-identity-readiness/checklists/requirements.md
ahmido f7d06621a0 feat: implement Exchange Teams evidence identity readiness (#493)
Automated PR for spec 426 exchange teams core evidence identity readiness. Includes service changes and coverage/requirement/spec updates from commit fb4dc20c.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #493
2026-07-03 11:43:11 +00:00

9.0 KiB

Requirements Checklist: Spec 426 - Exchange / Teams Core Evidence & Stable Identity Readiness

Purpose: Validate preparation readiness for the user-provided Spec 426 prerequisite unblocker before implementation. Created: 2026-07-02 Feature: spec.md

Candidate And Scope

  • Candidate is directly user-provided and does not depend on the empty auto-prep queue.
  • Completed historical specs are treated as read-only dependency evidence, not artifacts to rewrite.
  • Primary operators and user stories are documented.
  • Functional requirements are documented.
  • Non-functional requirements are documented.
  • Success criteria are documented.
  • Risks and mitigations are documented.
  • Scope is limited to exchange.transportRule, exchange.acceptedDomain, teams.appPermissionPolicy, and teams.meetingPolicy.
  • Optional Exchange resource types are explicitly excluded.
  • Optional Teams resource types are explicitly excluded.
  • Certification is excluded and deferred to Spec 427.
  • Restore/apply/assisted restore is excluded.
  • Customer-facing proof, report, Review Pack, export, or PDF activation is excluded.
  • Broad Exchange, Teams, and M365 coverage claims are excluded.

Repo Truth Alignment

  • Spec 422 is recorded as comparable/renderable support for content-backed synthetic or existing rows only.
  • Spec 425 is recorded as completed Entra certification precedent, not a reason to certify Exchange/Teams.
  • Current source preflight checked CoverageSourceContractResolver.
  • Current source preflight checked CoverageIdentityStrategyRegistry.
  • Current source preflight checked GenericContentEvidenceCaptureService.
  • Current source preflight checked CoverageEvidenceWriter.
  • Current source preflight checked ExchangeTeamsComparablePayloadNormalizer, ExchangeTeamsCoverageComparator, and ExchangeTeamsRenderableSummaryBuilder.
  • Current source preflight found no existing 426 spec directory before creation.
  • Current source preflight found no existing local 426 branch before creation.
  • Repo-canonical capture outcome and identity state values are recorded instead of inventing a parallel status family.

Source Contracts

  • Post-review correction requires transportRule to fail closed until a verified source contract exists.
  • Post-review correction requires acceptedDomain to fail closed until a verified source contract exists.
  • Post-review correction requires appPermissionPolicy to fail closed until a verified source contract exists.
  • Post-review correction requires meetingPolicy to fail closed until a verified source contract exists.
  • Existing contract registry / repo-canonical provider contract pattern is required.
  • GraphClientInterface or repo-canonical provider abstraction is required.
  • Hardcoded endpoint guessing is forbidden.
  • Direct HTTP/provider bypass is forbidden.
  • Runtime documentation fetch is forbidden.
  • Missing contract fails safe.
  • Missing permission fails safe.
  • Unsupported or beta/experimental-only source blocks certification readiness.

Evidence

  • Raw payload persistence is required when captured.
  • Typed/usable normalized payload persistence is required when captured.
  • Deterministic payload hash is required.
  • OperationRun linkage is required for provider/source capture.
  • Source class, source contract, source version/schema hash, and source metadata are required where available.
  • Empty collections are handled safely only after successful provider/source proof.
  • Fake/synthetic evidence cannot count as source-backed.
  • Old gap taxonomy is forbidden for Spec 426 outcomes.
  • OperationRun context must remain sanitized and numeric-only for summary counts.

Identity

  • Stable identity is required for all four mandatory types.
  • CanonicalIdentityResolver usage is required.
  • Display-name-only identity is impossible.
  • Array-index identity is impossible.
  • Priority/order-only identity is impossible.
  • Payload-hash identity is impossible.
  • OperationRun identity is impossible.
  • Random UUID identity is impossible.
  • Identity conflict blocks readiness.
  • Derived-only identity blocks certification readiness.
  • Missing external ID and unsupported identity block certification readiness.

Normalization And Compare/Render

  • Source payloads must align with Spec 422 compare/render shape.
  • transportRule material fields are named.
  • acceptedDomain material fields are named.
  • appPermissionPolicy material fields are named.
  • meetingPolicy material fields are named.
  • Volatile fields must be excluded from material hashes where configured.
  • Unsupported fields must be diagnosed rather than silently ignored.
  • Source-backed compare/render readiness requires source-backed evidence plus stable identity.
  • No certification assignment is allowed.

Claim Guard

  • Evidence-ready internal claim is allowed only when proven.
  • Stable-identity-ready internal claim is allowed only when proven.
  • Compare/render-ready internal claim is allowed only when proven.
  • Certified Exchange/Teams wording is blocked.
  • Full Exchange claim is blocked.
  • Full Teams claim is blocked.
  • Certified M365 claim is blocked.
  • Restore-ready claim is blocked.
  • Customer-ready proof claim is blocked.

Ownership / Architecture

  • No tenant_id platform-core ownership truth.
  • Uses Coverage v2 shared architecture.
  • No Exchange-specific table family.
  • No Teams-specific table family.
  • No separate Exchange/Teams engine or mini-platform.
  • No v1 compatibility.
  • No fallback reader, dual write, or legacy adapter.
  • Provider connection must be same workspace and same managed environment.
  • Provider-native tenant identifiers remain provider/source metadata only.

Product Surface

  • Default decision is no runtime UI impact.
  • Product Surface no-impact rationale is documented.
  • Browser proof is required if UI changes.
  • Human Product Sanity is required if UI changes.
  • No new route/navigation is allowed.
  • No customer-facing route is allowed.
  • No certify action is allowed.
  • No restore/apply action is allowed.
  • No dashboard/report/export/PDF/Review Pack output is allowed.
  • Product Surface exceptions are none.

Redaction / Safe Logging

  • Raw payload default display is forbidden.
  • Secrets and tokens are forbidden in logs/UI/output.
  • Authorization/token/cookie fields are redacted.
  • OperationRun context is sanitized.
  • Permission context is sanitized.
  • Mail body/subject/content leakage is forbidden.
  • Teams chat/message/file/recording/transcript leakage is forbidden.

Test Readiness

  • Unit tests cover source contracts.
  • Unit tests cover capture eligibility.
  • Unit tests cover identity strategies.
  • Unit tests cover canonical identity.
  • Unit tests cover source payload normalization.
  • Unit tests cover evidence hash determinism.
  • Unit tests cover Claim Guard readiness.
  • Unit tests cover redaction.
  • Feature tests cover blocked capture with no fake content-backed evidence readiness.
  • Feature tests cover blocked capture with no fake stable identity readiness rows.
  • Feature tests cover OperationRun linkage.
  • Feature tests cover provider scope and RBAC semantics.
  • Feature tests cover no certification.
  • Feature tests cover no restore.
  • Feature tests cover no customer claim.
  • Feature tests cover no tenant_id.
  • Feature tests cover no mini-platform.
  • Browser tests are conditional on UI changes.
  • No real provider calls are allowed in tests.
  • Test lane impact is documented.

Implementation Report Readiness

  • Candidate gate result requirement is defined.
  • Dirty state before/after requirement is defined.
  • Files changed requirement is defined.
  • Source contract matrix is defined.
  • Evidence matrix is defined.
  • Identity matrix is defined.
  • Compare/render readiness matrix is defined.
  • Claim Guard proof requirement is defined.
  • Redaction proof requirement is defined.
  • No certification proof requirement is defined.
  • No restore proof requirement is defined.
  • No customer claim proof requirement is defined.
  • No tenant_id confirmation is defined.
  • No mini-platform confirmation is defined.
  • Product Surface no-impact/impact requirement is defined.
  • Tests run and deferred work requirements are defined.

Review Outcome

  • Candidate Selection Gate: PASS for direct user-provided manual promotion.
  • Spec Readiness Gate: PASS for preparation artifacts.
  • Open question/source blocker is recorded: verified source contracts remain required before source-backed readiness or Spec 427 can proceed.
  • Hard implementation preflight remains required at T001-T008 before runtime code changes.
  • Preparation scope stops before application implementation.