TenantAtlas/specs/414-tcm-first-coverage-core-cutover/checklists/requirements.md

Specification Quality Checklist: Spec 414 - TCM-First Coverage v2 Kernel

Purpose: Validate specification completeness and quality before proceeding to implementation Created: 2026-06-25 Feature: specs/414-tcm-first-coverage-core-cutover/spec.md

Content Quality

• CHK001 The spec is reframed as TCM-First Coverage v2 Kernel.
• CHK002 The folder name remains unchanged.
• CHK003 The previous full-cutover readiness failure is acknowledged.
• CHK004 The spec keeps strategic hard-cutover direction without making this slice the cutover.
• CHK005 The spec states Coverage v2 is inactive after Spec 414.
• CHK006 The spec states Coverage v1 remains active runtime truth until a later activation/cutover spec.
• CHK007 Mandatory sections for candidate check, scope, no-legacy posture, UI/product surface impact, proportionality, tests, user stories, requirements, success criteria, assumptions, risks, and follow-ups are completed.

Bounded Kernel Scope

• CHK010 The scope is limited to value families, minimal persistence, registry, supported scope, claim guard, source class, provider provenance, and tests.
• CHK011 Full UI cutover is deferred.
• CHK012 Evidence Overview conversion is deferred.
• CHK013 Customer Review Workspace conversion is deferred.
• CHK014 Review Pack/report conversion is deferred.
• CHK015 Restore readiness conversion is deferred.
• CHK016 Full baseline/compare conversion is deferred.
• CHK017 Legacy runtime deletion and broad v1 test rewrite are deferred.
• CHK018 OperationRun-backed capture/evaluation is deferred.
• CHK019 TCM/Graph remote capture and generic content-backed evidence capture are deferred.
• CHK020 Browser proof across customer surfaces is not required unless UI scope is amended.

Ownership And Provider Provenance

• CHK030 Coverage v2 internal ownership uses workspace_id and managed_environment_id where environment-owned rows exist.
• CHK031 tenant_id is prohibited as Coverage v2 internal ownership truth.
• CHK032 Provider-native external IDs are metadata only.
• CHK033 provider_connection_id same-workspace and same-managed-environment validation is required where stored.
• CHK034 Same-scope provider provenance is included in requirements and tasks.

Source Classes And Claim Safety

• CHK040 Initial required registry entries are listed.
• CHK041 TCM-aligned Intune resource types map to source_class = tcm.
• CHK042 notificationMessageTemplate maps to source_class = graph_v1_fallback.
• CHK043 roleScopeTag maps to source_class = graph_beta_experimental.
• CHK044 Supported scopes require explicit denominator and minimum coverage level.
• CHK045 Beta resources are excluded by default.
• CHK046 Graph fallback is included only when scope allows it.
• CHK047 Claim guard blocks unscoped 100% claims.
• CHK048 Claim guard blocks beta certification by default.
• CHK049 Claim guard blocks non-restorable restore claims and incomplete supported-scope customer claims.
• CHK050 Claim guard allows only exact scope + level claims.
• CHK051 Kernel value-family allowed values are fixed and must not be expanded during implementation without amending artifacts.
• CHK052 tenantpilot_internal is not part of the Spec 414 initial source-class implementation scope.

Kernel Persistence Shape

• CHK055 tenant_configuration_resource_types required fields are defined.
• CHK056 tenant_configuration_supported_scopes required fields are defined.
• CHK057 Required kernel definition tables are platform-seeded definitions, not workspace/environment/provider-connection-owned records.
• CHK058 Required kernel definitions have deterministic uniqueness and upsert-safe seed/migration semantics.
• CHK059 PostgreSQL lane triggers are explicit for JSONB, composite FKs, partial unique indexes, same-scope provider constraints, or other PostgreSQL-specific behavior.

No Legacy / No Dual Truth

• CHK060 No compatibility shim is allowed.
• CHK061 No dual writes are allowed.
• CHK062 No fallback readers are allowed.
• CHK063 No v1-to-v2 translator is allowed.
• CHK064 No old snapshot promotion into v2 proof is allowed.
• CHK065 No old gap taxonomy is allowed as v2 logic.
• CHK066 No customer-facing dual truth is allowed.

Product Surface And OperationRun

• CHK070 Product Surface Impact is N/A - no rendered UI surface changed.
• CHK071 Browser proof is N/A - no rendered UI surface changed.
• CHK072 Human Product Sanity is not required for a rendered page.
• CHK073 Stop-and-amend rule exists for any UI file change.
• CHK074 No OperationRun-producing workflow is introduced by default.
• CHK075 OperationRun-backed capture/evaluation is deferred to a follow-up spec.

Task Readiness

• CHK080 tasks.md is bounded to preflight, tests, value families, minimal persistence, registry, supported scope, claim guard, boundary guards, and validation.
• CHK081 Tasks include unit tests for registry, supported scope, claim guard, and value families.
• CHK082 Tasks include feature tests for registry persistence, supported scopes, claim guard, no tenant_id, and same-scope provider connection validation where applicable.
• CHK083 Tasks include no UI surface impact validation.
• CHK084 Tasks include implementation report close-out.
• CHK085 Tasks include focused validation commands.

Gate Results

• CHK090 Candidate Selection Gate result: PASS after narrowing.
• CHK091 Spec Readiness Gate preparation status: ready for bounded kernel implementation.
• CHK092 Workflow outcome: keep as inactive Coverage v2 kernel slice.

Notes

• Follow-up specs are recommendations only until explicitly prepared: 415 Generic Content-Backed Capture, 416 Canonical Identity Engine, 417 Coverage v2 Operator Surface, 418 Legacy Coverage Cutover & Removal, 419 Intune Core Comparable/Renderable Pack, 420 Certified Intune Core Coverage Pack, 421 Pilot Readiness Gate.
• Supply-chain remediation, if still open, remains a release/pilot gate outside Spec 414.