Automated PR for spec 427 Exchange Teams verified source contract enablement. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #494
4.4 KiB
4.4 KiB
Requirements Checklist: Spec 427 - Exchange / Teams Verified Source Contract Enablement
Purpose: Validate specification completeness and quality before implementation
Created: 2026-07-03
Feature: specs/427-exchange-teams-verified-source-contract-enablement/spec.md
Scope
- Only selected Exchange/Teams source contracts are in scope.
- No evidence capture is in scope.
- No content-backed promotion is in scope.
- No compare/render promotion is in scope.
- No certification is in scope.
- No restore/apply flow is in scope.
- No customer claim is in scope.
- No new UI surface is in scope.
Target Types
exchange.transportRulemaps to repo canonicaltransportRule.exchange.acceptedDomainmaps to repo canonicalacceptedDomain.teams.appPermissionPolicymaps to repo canonicalappPermissionPolicy.teams.meetingPolicymaps to repo canonicalmeetingPolicy.- Repo-canonical names are documented in the spec.
Contract Verification
- Source class metadata is required for verified contracts.
- Draft source class labels are mapped to repo-canonical source classes such as
graph_v1_fallback. - Contract name/version metadata is required for verified contracts.
- Permission model metadata is required for verified contracts.
- Response shape metadata is required for verified contracts.
- Pagination/collection semantics are required for verified contracts.
- Identity handoff metadata is required for verified contracts.
- Redaction rules are required for verified contracts.
- Final state is explicit for verified and blocked contracts.
Fail-Safe
- Missing source blocks.
- Unclear permissions block.
- Beta-only source blocks certification/customer/restore claims.
- Unsafe response shape blocks.
- Missing repo adapter blocks.
- Unsafe identity blocks.
- Unsafe redaction blocks.
- Blocked contracts create no provider call, resource row, or evidence row.
No Promotion
- No raw evidence created.
- No normalized evidence created.
- No content-backed level.
- No comparable level.
- No renderable level.
- No certified level.
- No customer claim.
- No restore-ready state.
Architecture
- Uses Coverage v2 source contract infrastructure.
- No direct HTTP bypass.
- No endpoint guessing.
- No new provider subsystem.
- No
tenant_id. - No Exchange mini-platform.
- No Teams mini-platform.
- Completed specs are read-only context and are not rewritten.
Product Surface
- No rendered UI changed by default.
- Product Surface Contract result is
N/A - no rendered UI surface changed. - Browser proof is
N/A - no rendered UI surface changed. - Human Product Sanity is
N/A - no product surface changed. - Product Surface exceptions are
none.
Tests
- Unit tests are planned for resolver/contract states/permissions/response/identity/redaction.
- Feature tests are planned for all four target types.
- No-promotion tests are planned.
- Spec 426 regression is planned.
- Spec 417/420 regression is planned.
- No real provider calls are allowed.
- Test lane impact is documented.
Candidate Selection Gate
- Candidate exists as a direct user-provided draft.
- The active auto-prep queue was checked and is not used as the source.
- The candidate is not already covered by an existing active or completed Spec 427 package.
- Related completed specs are dependency context only.
- The candidate aligns with the current Coverage v2 / Exchange/Teams sequence.
- The scope is the smallest viable implementation slice.
Spec Readiness Gate
spec.mdexists.plan.mdexists.tasks.mdexists.- Problem, value, requirements, non-goals, acceptance criteria, assumptions, and risks are documented.
- RBAC, workspace/managed-environment/provider scope, auditability/observability, evidence/result truth, and UX no-impact posture are addressed.
- No open question blocks safe implementation.
- Scope is bounded for a later implementation loop.
Final Candidate Gate
Result: PASS
Rationale: The package is a direct, manually supplied candidate and is scoped to precise source-contract verification only. It preserves fail-safe behavior, forbids evidence/readiness/customer promotion, and includes explicit implementation stop conditions.