TenantAtlas/specs/424-security-defaults-content-backed-comparable-support/checklists/requirements.md
ahmido 2cd512915a feat: complete spec 424 security defaults content-backed comparable support (#491)
Implements spec 424 with comparable renderable capture/readiness changes and supporting tests/spec artifacts.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #491
2026-07-01 14:41:24 +00:00

3.2 KiB

Requirements Checklist: Spec 424 - Security Defaults Content-Backed Comparable Support

Purpose: Preparation-readiness checklist for Spec 424 before implementation. Created: 2026-06-30 Feature: Spec 424

Candidate and Scope

  • CHK001 The selected candidate is directly user-provided and not auto-selected from the empty active queue.
  • CHK002 Related completed specs are marked read-only context and are not reopened.
  • CHK003 Scope is limited to securityDefaults.
  • CHK004 Certification, restore/apply, customer output, Review Pack/report/export, dashboards, routes, and additional Entra types are explicitly out of scope.
  • CHK005 Candidate Selection Gate passes with repo-truth deviations documented.

Repo Truth Alignment

  • CHK006 Current registry-only/out-of-scope Security Defaults state is documented.
  • CHK007 Missing source-contract mapping is documented.
  • CHK008 Missing graph contract entry is documented.
  • CHK009 Missing identity strategy is documented.
  • CHK010 Existing Entra helper support for Conditional Access only is documented.
  • CHK011 Draft-to-repo deviations for restore tier, resource class, capture outcomes, and source class are documented.

Constitution and Product Surface

  • CHK012 No tenant_id ownership truth is allowed.
  • CHK013 Workspace, managed-environment, and provider-connection ownership is required.
  • CHK014 Graph calls must go through the repo graph contract and GraphClientInterface.
  • CHK015 Proportionality review is complete.
  • CHK016 Product Surface Contract handling is complete for existing rendered Coverage v2 output.
  • CHK017 Browser proof and Human Product Sanity are required if rendered output changes, or exact N/A proof is required.
  • CHK018 No new UI route/navigation/action/customer surface is allowed without amending artifacts.

Requirements Coverage

  • CHK019 Source contract and missing-contract behavior are specified.
  • CHK020 Capture/evidence persistence requirements are specified.
  • CHK021 Identity requirements are specified.
  • CHK022 Typed normalization requirements are specified.
  • CHK023 Compare requirements are specified.
  • CHK024 Render requirements are specified.
  • CHK025 Claim Guard requirements are specified.
  • CHK026 RBAC/scope requirements are specified.
  • CHK027 Redaction/no-raw-payload requirements are specified.
  • CHK028 No restore/certification/customer claim requirements are specified.
  • CHK029 Supported-scope restrictions are specified.

Task Readiness

  • CHK030 Tasks include preflight before runtime implementation.
  • CHK031 Tasks are ordered by dependency.
  • CHK032 Tasks include tests before or alongside implementation.
  • CHK033 Tasks include validation and implementation-report close-out.
  • CHK034 Tasks include browser/no-browser and Human Product Sanity handling.
  • CHK035 Tasks include no completed-spec rewrite proof.

Review Outcome

  • CHK036 Review outcome class: acceptable-special-case for preparation.
  • CHK037 Workflow outcome: keep.
  • CHK038 No blocking open question remains before implementation; source-contract viability is an implementation preflight gate with safe blocked behavior.