ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
4aaec3521a
TenantAtlas/specs/418-coverage-v2-operator-surface/checklists/requirements.md
ahmido 4aaec3521a feat: add coverage v2 operator surface (#485) 
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #485
2026-06-26 12:50:36 +00:00

119 lines
5.0 KiB
Markdown
Raw Blame History

# Requirements Checklist: Spec 418 - Coverage v2 Operator Surface
## Candidate And Dependencies
- [x] Candidate is user-provided, not auto-selected from an empty active candidate queue.
- [x] Spec 414 is completed/validated dependency context only.
- [x] Spec 415 is completed/validated dependency context only.
- [x] Spec 417 is completed/validated dependency context only.
- [x] No existing `418-coverage-v2-operator-surface` spec directory was found before creation.
- [x] Scope is limited to one internal operator readiness surface.
- [x] No application implementation was performed during preparation.
## Scope
- [x] Spec 418 depends on Coverage v2 kernel/capture/identity.
- [x] Spec 418 adds one operator-only read surface.
- [x] Spec 418 does not activate customer-facing Coverage v2 truth.
- [x] Spec 418 does not convert Evidence Overview, Review Packs, Reports, Restore, Baseline Compare, or Customer Review Workspace.
- [x] Spec 418 does not add capture/start actions.
- [x] Deferred Coverage v2 cutover/removal and customer activation are listed as follow-up work.
## Product Surface
- [x] Product Surface Impact is declared.
- [x] Surface is Secondary Context Surface.
- [x] Surface is Read-only Registry / Report Surface.
- [x] Surface is Native Surface unless implementation documents an approved exception.
- [x] Inspect/open model uses a linked primary column instead of a duplicate View/Inspect row action.
- [x] Primary operator question is explicit.
- [x] Default-visible truth is explicit.
- [x] Diagnostics are secondary/disclosed.
- [x] Raw/support evidence is hidden.
- [x] Browser proof is required.
- [x] Product Surface table-count exception is documented and internal-only.
- [x] Product Surface table-count exception is classified as a PSC Technical Annex surface-budget exception, with UI-EX-001 remaining `none` for native Filament implementation.
- [x] Human Product Sanity questions are explicit.
- [x] `docs/product/standards/list-surface-review-checklist.md` is required for implementation close-out.
## Ownership / RBAC
- [x] No `tenant_id` internal ownership.
- [x] Surface scopes by workspace and managed environment.
- [x] Provider connection filters are same-scope.
- [x] Non-member gets 404.
- [x] No environment entitlement gets 404.
- [x] Member without capability gets 403.
- [x] Authorized actor can view.
- [x] Workspace-wide aggregation, if implemented, is limited to entitled environments.
## Data / Render
- [x] Page render is DB-only.
- [x] No Graph/TCM/provider calls during render.
- [x] No capture action.
- [x] No remote calls in table columns, badges, filters, or diagnostics.
- [x] No persisted UI-only summary table unless the spec is amended with proportionality proof.
- [x] Narrow indexes are allowed only with documented query path.
- [x] Top activation blocker ordering is deterministic.
## Vocabulary
- [x] Shows Coverage level.
- [x] Shows Evidence state.
- [x] Shows Identity state.
- [x] Shows Claim state.
- [x] Shows Source class.
- [x] Shows Supported scope.
- [x] Status-like rendered values use `BadgeCatalog`/`BadgeRenderer` or a central BadgeDomain mapping.
- [x] Does not show Evidence gaps.
- [x] Does not show Raw gaps.
- [x] Does not show Primary gaps.
- [x] Does not show policy_record_missing.
- [x] Does not show foundation_not_policy_backed.
- [x] Does not show meta_fallback.
- [x] Does not show ambiguous_match.
- [x] Does not show old v1 gap reason codes as active UI truth.
## Claim Safety
- [x] No unscoped 100% claim.
- [x] No broad Microsoft 365 coverage claim.
- [x] No certified claim unless exact internal guard allows and the label remains internal.
- [x] No restore-ready claim.
- [x] No customer-ready proof claim.
- [x] Claim state labels are internal/operator-facing.
## Redaction
- [x] Raw payload hidden.
- [x] Normalized payload hidden by default.
- [x] Permission context raw JSON hidden.
- [x] Tokens, secrets, authorization headers, cookies, private keys, certificates, raw provider responses, stack traces, and PII absent.
- [x] OperationRun diagnostics are secondary and authorized.
- [x] Evidence hash is allowed if safe.
## Tests
- [x] Unit tests cover read model, summary, blockers, display mapping, and no-old-label emissions.
- [x] Feature tests cover authorization, render, redaction, no-legacy, no-remote, OperationRun links, and provider scope.
- [x] Browser smoke covers rendered UI.
- [x] No real Graph/TCM/provider calls are allowed.
- [x] Test lane impact is documented.
## Spec Readiness Gate
- [x] `spec.md` exists.
- [x] `plan.md` exists.
- [x] `tasks.md` exists.
- [x] Requirements are bounded and testable.
- [x] Plan identifies likely affected repo surfaces.
- [x] Tasks are ordered, small, verifiable, and include validation.
- [x] Product Surface, RBAC, workspace/provider isolation, OperationRun, evidence, provider boundary, no-legacy, and test governance are addressed.
- [x] No open question blocks safe implementation.
## Gate Results
- [x] Candidate Selection Gate: PASS.
- [x] Spec Readiness Gate: PASS for preparation; implementation must still follow `tasks.md`.
Reference in New Issue View Git Blame Copy Permalink