Automated PR provided by Codex via Gitea API. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #486
137 lines
6.1 KiB
Markdown
137 lines
6.1 KiB
Markdown
# Requirements Checklist: Spec 419 - M365 TCM Workload Registry Expansion
|
|
|
|
## Preparation Checklist
|
|
|
|
- [x] Candidate is user-provided, not auto-selected from the empty active candidate queue.
|
|
- [x] Spec 414 is completed/validated dependency context only.
|
|
- [x] Spec 415 is completed/validated dependency context only.
|
|
- [x] Spec 417 is completed/validated dependency context only.
|
|
- [x] Spec 418 is completed/validated dependency context only.
|
|
- [x] No existing `specs/419-*` package was found before creation.
|
|
- [x] Existing Coverage v2 registry, supported scopes, enums, `ResourceTypeRegistry`, and `ClaimGuard` were verified as repo truth.
|
|
- [x] Draft-to-repo deviations are documented.
|
|
- [x] No application implementation was performed during preparation.
|
|
|
|
## Scope Checklist
|
|
|
|
- [x] Scope is registry expansion only.
|
|
- [x] No capture implementation is in scope.
|
|
- [x] No compare/render/restore/certification is in scope.
|
|
- [x] No customer-facing claims are in scope.
|
|
- [x] No new primary navigation or UI route is in scope.
|
|
- [x] No domain-specific mini-platform is in scope.
|
|
- [x] No runtime Microsoft docs fetch is in scope.
|
|
|
|
## Product Surface Checklist
|
|
|
|
- [x] UI Surface Impact records existing Spec 418 operator-surface data impact without runtime UI code scope.
|
|
- [x] Product Surface Impact covers data-driven existing-surface impact.
|
|
- [x] Browser proof is required if active rows/scopes render, or N/A only with proof that no rendered output changed.
|
|
- [x] Human Product Sanity is required if active rows/scopes render, or N/A only with proof that no rendered output changed.
|
|
- [x] Product Surface exceptions are `none`.
|
|
- [x] Stop-and-amend rule exists for any runtime UI file, route, navigation, action, report, download, or rendered label change beyond data-driven existing registry display.
|
|
|
|
## Workload Requirements Specified
|
|
|
|
- [x] Entra workload registration is required.
|
|
- [x] Exchange workload registration is required.
|
|
- [x] Teams workload registration is required.
|
|
- [x] Security and Compliance workload registration is required.
|
|
- [x] Defender safe overview/combined representation is required.
|
|
- [x] Purview safe overview/combined representation is required.
|
|
- [x] Defender/Purview representation uses aggregate supported-scope metadata, not fake certified resource types.
|
|
- [x] `tenantpilot` and `unknown` workload posture is covered.
|
|
|
|
## Resource Type Requirements Specified
|
|
|
|
- [x] Entra representative entries are listed.
|
|
- [x] Exchange representative entries are listed.
|
|
- [x] Teams representative entries are listed.
|
|
- [x] Security and Compliance representative entries are listed.
|
|
- [x] Defender/Purview uncertainty is explicit.
|
|
- [x] Full vs seeded/partial catalog decision is explicit.
|
|
- [x] Partial list must not be presented as full.
|
|
|
|
## Source / Support State Requirements Specified
|
|
|
|
- [x] TCM entries use `source_class = tcm`.
|
|
- [x] Current repo source classes remain authoritative unless amended with proportionality proof.
|
|
- [x] New non-Intune entries default to detected/registry-only.
|
|
- [x] No new entry defaults to content-backed.
|
|
- [x] No new entry defaults to comparable.
|
|
- [x] No new entry defaults to renderable.
|
|
- [x] No new entry defaults to certified.
|
|
- [x] No new entry defaults to restore-ready.
|
|
- [x] Existing repo restore tiers are mapped safely: `not_restorable` or `preview_only`, never `restorable`.
|
|
|
|
## Supported Scope Requirements Specified
|
|
|
|
- [x] Registry-only M365 detected scope is required.
|
|
- [x] Per-workload registry detected scopes are required.
|
|
- [x] Future generic scope is clearly future-only.
|
|
- [x] Certified M365 scope is explicitly none.
|
|
- [x] Broad full/certified M365 scope names are forbidden.
|
|
|
|
## Claim Guard Requirements Specified
|
|
|
|
- [x] Broad M365 coverage claims must be blocked.
|
|
- [x] Certified M365 claims must be blocked.
|
|
- [x] Restore-ready M365 claims must be blocked.
|
|
- [x] Registry-only claims are internal/operator and denominator-scoped.
|
|
- [x] Percent claims require explicit denominator and registry-only wording.
|
|
|
|
## No Runtime Capture Requirements Specified
|
|
|
|
- [x] No Graph/TCM calls may be added.
|
|
- [x] No runtime Microsoft docs fetch may be added.
|
|
- [x] No capture job/action may be added.
|
|
- [x] No concrete resources/evidence may be created by registry expansion.
|
|
- [x] No OperationRun-producing workflow is planned.
|
|
|
|
## No Legacy / Ownership Requirements Specified
|
|
|
|
- [x] No `tenant_id`.
|
|
- [x] No old gap taxonomy.
|
|
- [x] No v1-to-v2 adapter.
|
|
- [x] No fallback reader.
|
|
- [x] No dual writes.
|
|
- [x] Provider-native tenant/directory/account IDs remain metadata only.
|
|
|
|
## Test Requirements Specified
|
|
|
|
- [x] Unit tests cover workloads, manifest/defaults, claims, restore tiers, documentation status, and partial-vs-full catalog behavior.
|
|
- [x] Feature/static guards cover registry/scopes/no-overclaim/no-capture/no-mini-platform/no-tenant-id.
|
|
- [x] No real Graph/TCM/provider calls are allowed.
|
|
- [x] Test lane impact is documented.
|
|
- [x] Browser proof is required if active rows/scopes render on the existing Spec 418 operator surface.
|
|
|
|
## Future Implementation Gate
|
|
|
|
- [x] M365 workload registry expansion exists.
|
|
- [x] New workload entries are registry-only/detected by default.
|
|
- [x] Representative resource types exist.
|
|
- [x] Full vs partial catalog status is explicit.
|
|
- [x] Claim Guard blocks broad M365/certified/restore claims.
|
|
- [x] No runtime capture is added.
|
|
- [x] No customer-facing claim is activated.
|
|
- [x] No `tenant_id` is introduced.
|
|
- [x] No mini-platform tables/classes are introduced.
|
|
- [x] Focused tests pass.
|
|
- [x] Product Surface data-impact decision is confirmed, including browser/Human Product Sanity proof or exact N/A proof.
|
|
|
|
## Spec Readiness Gate
|
|
|
|
- [x] `spec.md` exists.
|
|
- [x] `plan.md` exists.
|
|
- [x] `tasks.md` exists.
|
|
- [x] Requirements are bounded and testable.
|
|
- [x] Plan identifies likely affected repo surfaces.
|
|
- [x] Tasks are ordered, small, verifiable, and include validation.
|
|
- [x] Product Surface, RBAC/no-UI, workspace/provider isolation, OperationRun/no-run, evidence/result truth, provider boundary, no-legacy, and test governance are addressed.
|
|
- [x] No open question blocks safe implementation.
|
|
|
|
## Gate Results
|
|
|
|
- [x] Candidate Selection Gate: PASS.
|
|
- [x] Spec Readiness Gate: PASS for preparation; implementation must still follow `tasks.md`.
|