ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
4aaec3521a
TenantAtlas/specs/417-canonical-identity-engine/checklists/requirements.md
ahmido 8cbf1f7fe3 feat: implement canonical identity engine (#484) 
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #484
2026-06-26 06:50:25 +00:00

78 lines
3.5 KiB
Markdown
Raw Blame History

# Specification Quality Checklist: Spec 417 - Canonical Identity Engine
## Candidate And Scope
- [x] Candidate is user-provided, not auto-selected from an empty active candidate queue.
- [x] Spec 414 is completed/validated dependency context only.
- [x] Spec 415 is completed/validated dependency context only.
- [x] No existing `417-canonical-identity-engine` spec or branch was found before creation.
- [x] Scope is limited to Coverage v2 canonical identity for captured resources.
- [x] No Coverage v2 customer/operator activation is included.
- [x] No compare, render, restore, certification, or full TCM catalog import is included.
## Ownership And Isolation
- [x] Internal scope truth is `workspace_id`, `managed_environment_id`, and `provider_connection_id`.
- [x] Provider connection same-scope validation is required.
- [x] External Microsoft/Entra tenant IDs remain metadata only.
- [x] `tenant_id` is forbidden as Coverage v2 ownership truth.
- [x] Cross-workspace identity collisions cannot merge.
- [x] Cross-managed-environment identity collisions cannot merge.
- [x] Cross-provider identity collisions cannot merge.
## Identity Requirements
- [x] Initial eight Coverage v2 resource types are listed.
- [x] Identity strategy fields are defined.
- [x] Stable provider/Graph/TCM IDs are preferred.
- [x] Source/composite fallback behavior is defined.
- [x] Display-name-only stable identity is forbidden.
- [x] Existing `IdentityState` values are used.
- [x] Canonical key-kind values are bounded.
- [x] Existing `canonical_resource_key` duplicate-truth risk is addressed.
- [x] Missing external ID behavior is explicit.
- [x] Unsupported identity behavior is explicit.
- [x] Beta/experimental identity cannot certify by default.
## Claim And Evidence Safety
- [x] Claim Guard blocks `identity_conflict`.
- [x] Claim Guard blocks or limits `missing_external_id`.
- [x] Claim Guard blocks `unsupported_identity`.
- [x] Claim Guard limits or blocks `derived` unless explicitly allowed.
- [x] OperationRun execution truth remains separate from identity/evidence/customer proof.
- [x] Evidence payload truth remains append-only evidence, not customer proof by default.
- [x] No fallback-to-latest evidence behavior is allowed.
## Diagnostics And Redaction
- [x] Secondary keys are diagnostic metadata only.
- [x] Conflict diagnostics are bounded.
- [x] Raw payloads and full provider responses are forbidden in diagnostics.
- [x] Tokens, credentials, cookies, authorization headers, private keys, certificates, passwords, and unredacted PII are forbidden in diagnostics, OperationRun context/messages, and audit metadata.
## No Legacy / No Product Surface
- [x] No v1-to-v2 identity adapter is allowed.
- [x] No old snapshot identity promotion is allowed.
- [x] No old v1 gap taxonomy is active v2 runtime truth.
- [x] No dual write or fallback reader is allowed.
- [x] No reachable UI surface changes are allowed.
- [x] Browser proof is `N/A - no rendered UI surface changed`.
- [x] Product Surface exceptions are `none`.
- [x] Completed historical specs must not be rewritten.
## Tests And Readiness
- [x] Unit test targets are identified.
- [x] Feature test targets are identified.
- [x] PostgreSQL-lane trigger is identified for migrations/indexes/constraints/JSONB.
- [x] No browser/heavy-governance lane is planned.
- [x] Validation commands are listed.
- [x] Implementation report close-out fields are defined.
## Gate Results
- [x] Candidate Selection Gate: PASS.
- [x] Spec Readiness Gate: PASS for preparation; implementation must still follow `tasks.md`.
Reference in New Issue View Git Blame Copy Permalink