Implements spec 424 with comparable renderable capture/readiness changes and supporting tests/spec artifacts. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #491
3.2 KiB
3.2 KiB
Requirements Checklist: Spec 424 - Security Defaults Content-Backed Comparable Support
Purpose: Preparation-readiness checklist for Spec 424 before implementation. Created: 2026-06-30 Feature: Spec 424
Candidate and Scope
- CHK001 The selected candidate is directly user-provided and not auto-selected from the empty active queue.
- CHK002 Related completed specs are marked read-only context and are not reopened.
- CHK003 Scope is limited to
securityDefaults. - CHK004 Certification, restore/apply, customer output, Review Pack/report/export, dashboards, routes, and additional Entra types are explicitly out of scope.
- CHK005 Candidate Selection Gate passes with repo-truth deviations documented.
Repo Truth Alignment
- CHK006 Current registry-only/out-of-scope Security Defaults state is documented.
- CHK007 Missing source-contract mapping is documented.
- CHK008 Missing graph contract entry is documented.
- CHK009 Missing identity strategy is documented.
- CHK010 Existing Entra helper support for Conditional Access only is documented.
- CHK011 Draft-to-repo deviations for restore tier, resource class, capture outcomes, and source class are documented.
Constitution and Product Surface
- CHK012 No
tenant_idownership truth is allowed. - CHK013 Workspace, managed-environment, and provider-connection ownership is required.
- CHK014 Graph calls must go through the repo graph contract and
GraphClientInterface. - CHK015 Proportionality review is complete.
- CHK016 Product Surface Contract handling is complete for existing rendered Coverage v2 output.
- CHK017 Browser proof and Human Product Sanity are required if rendered output changes, or exact N/A proof is required.
- CHK018 No new UI route/navigation/action/customer surface is allowed without amending artifacts.
Requirements Coverage
- CHK019 Source contract and missing-contract behavior are specified.
- CHK020 Capture/evidence persistence requirements are specified.
- CHK021 Identity requirements are specified.
- CHK022 Typed normalization requirements are specified.
- CHK023 Compare requirements are specified.
- CHK024 Render requirements are specified.
- CHK025 Claim Guard requirements are specified.
- CHK026 RBAC/scope requirements are specified.
- CHK027 Redaction/no-raw-payload requirements are specified.
- CHK028 No restore/certification/customer claim requirements are specified.
- CHK029 Supported-scope restrictions are specified.
Task Readiness
- CHK030 Tasks include preflight before runtime implementation.
- CHK031 Tasks are ordered by dependency.
- CHK032 Tasks include tests before or alongside implementation.
- CHK033 Tasks include validation and implementation-report close-out.
- CHK034 Tasks include browser/no-browser and Human Product Sanity handling.
- CHK035 Tasks include no completed-spec rewrite proof.
Review Outcome
- CHK036 Review outcome class: acceptable-special-case for preparation.
- CHK037 Workflow outcome: keep.
- CHK038 No blocking open question remains before implementation; source-contract viability is an implementation preflight gate with safe blocked behavior.