Summary: Wire Exchange PowerShell evidence capture through Spec 435 structured envelopes, target normalizers, and hash builder for transportRule, remoteDomain, and inboundConnector; preserve append-only internal content-backed evidence with fail-closed readiness, output, identity, and redaction behavior; add Spec 436 artifacts and focused coverage. Validation: php artisan test --filter=Spec436 --compact PASS, 28 tests / 307 assertions; git diff --cached --check PASS before commit. Product/Ops: Livewire v4 unchanged; provider registration unchanged under apps/platform/bootstrap/providers.php; global search unchanged; no destructive/high-impact actions; no assets/browser/UI/deployment impact. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #503
188 lines
6.6 KiB
Markdown
188 lines
6.6 KiB
Markdown
# Requirements Checklist: Exchange Content-Backed Evidence Promotion Slice 1
|
|
|
|
**Purpose**: Validate Spec 436 scope, prerequisites, safety gates, no-promotion posture, and preparation completeness before implementation.
|
|
**Created**: 2026-07-08
|
|
**Feature**: [spec.md](../spec.md)
|
|
|
|
## Prerequisites
|
|
|
|
- [x] Spec 435 PASS/merge-ready is required.
|
|
- [x] Spec 435 structured output envelope exists.
|
|
- [x] Spec 435 normalizers exist.
|
|
- [x] Spec 435 hash builder exists.
|
|
- [x] Spec 434 adapter boundary exists.
|
|
- [x] Spec 433 readiness exists.
|
|
- [x] Spec 432 runner boundary exists.
|
|
- [x] Spec 430 command contracts exist.
|
|
|
|
## Scope
|
|
|
|
- [x] Only `transportRule`.
|
|
- [x] Only `remoteDomain`.
|
|
- [x] Only `inboundConnector`.
|
|
- [x] No `outboundConnector`.
|
|
- [x] No `acceptedDomain`.
|
|
- [x] No `organizationConfig`.
|
|
- [x] No Teams.
|
|
- [x] No compare/render.
|
|
- [x] No certification.
|
|
- [x] No restore.
|
|
- [x] No customer claim.
|
|
- [x] No UI.
|
|
- [x] No jobs/schedules/listeners.
|
|
- [x] No migration.
|
|
|
|
## OperationRun
|
|
|
|
- [x] Uses `tenant_configuration.capture`.
|
|
- [x] Invocation operation remains runner truth only.
|
|
- [x] No new OperationRun type.
|
|
- [x] Safe context only.
|
|
- [x] Existing summary keys or tested/amended narrow keys.
|
|
- [x] No raw payload.
|
|
- [x] No normalizer/hash preview.
|
|
- [x] No raw stdout/stderr.
|
|
- [x] No credential material.
|
|
|
|
## Evidence
|
|
|
|
- [x] Append-only evidence.
|
|
- [x] Raw payload in evidence store only.
|
|
- [x] Raw payload is structured provider item/envelope.
|
|
- [x] Raw stdout/stderr is not evidence.
|
|
- [x] Normalized payload persisted.
|
|
- [x] Payload hash persisted.
|
|
- [x] Persisted `capture_outcome` uses existing repo-allowed evidence outcome values.
|
|
- [x] OperationRun linked.
|
|
- [x] `workspace_id` set.
|
|
- [x] `managed_environment_id` set.
|
|
- [x] `provider_connection_id` set.
|
|
- [x] No `tenant_id`.
|
|
|
|
## Normalizer / Hash
|
|
|
|
- [x] Uses Spec 435 target normalizers.
|
|
- [x] Uses Spec 435 hash builder.
|
|
- [x] Does not use `GenericPayloadNormalizer`.
|
|
- [x] Does not use `ExchangeTeamsComparablePayloadNormalizer`.
|
|
- [x] `transportRule` normalized deterministically.
|
|
- [x] `remoteDomain` normalized deterministically.
|
|
- [x] `inboundConnector` normalized deterministically.
|
|
- [x] Volatile fields excluded/demoted.
|
|
- [x] Sensitive fields handled.
|
|
- [x] Collection order deterministic.
|
|
- [x] Hash deterministic.
|
|
|
|
## Identity
|
|
|
|
- [x] `CanonicalIdentityResolver` used directly or through Spec 434 identity gate.
|
|
- [x] Stable identity required by default.
|
|
- [x] Display-name-only stable identity impossible.
|
|
- [x] `remoteDomain` domain-only identity blocked.
|
|
- [x] `inboundConnector` missing connector identity blocked.
|
|
- [x] Duplicate identity blocks.
|
|
- [x] Conflicting identity blocks.
|
|
- [x] Missing identity blocks.
|
|
- [x] Writer not called on unsafe identity.
|
|
|
|
## Blocking
|
|
|
|
- [x] Missing credential readiness blocks.
|
|
- [x] Client secret blocks.
|
|
- [x] Missing permission readiness blocks.
|
|
- [x] Wrong-scope permission blocks.
|
|
- [x] Stale permission blocks.
|
|
- [x] Unsupported provider capability blocks.
|
|
- [x] Auth failure blocks.
|
|
- [x] Permission failure blocks.
|
|
- [x] Source unavailable blocks.
|
|
- [x] Malformed output blocks.
|
|
- [x] Source unavailable is not treated as empty collection.
|
|
- [x] Partial output is not treated as empty collection or success.
|
|
- [x] Empty collection creates no fake evidence.
|
|
|
|
## Redaction
|
|
|
|
- [x] No raw payload in OperationRun.
|
|
- [x] No raw stdout/stderr in OperationRun.
|
|
- [x] No normalizer/hash preview in OperationRun.
|
|
- [x] No credential material.
|
|
- [x] No provider payload in summaries.
|
|
- [x] No customer output.
|
|
|
|
## No Promotion
|
|
|
|
- [x] Coverage max level `content_backed`.
|
|
- [x] Claim state internal-only/customer-blocked.
|
|
- [x] No comparable state.
|
|
- [x] No renderable state.
|
|
- [x] No certified state.
|
|
- [x] No restore-ready state.
|
|
- [x] No customer-ready state.
|
|
- [x] No report output.
|
|
- [x] No Review Pack output.
|
|
|
|
## Product Surface / Trigger
|
|
|
|
- [x] No routes.
|
|
- [x] No Filament pages.
|
|
- [x] No Livewire components.
|
|
- [x] No navigation.
|
|
- [x] No asset changes.
|
|
- [x] No global search changes.
|
|
- [x] No provider registration changes.
|
|
- [x] No destructive UI actions.
|
|
- [x] No job trigger.
|
|
- [x] No schedule trigger.
|
|
- [x] No listener trigger.
|
|
- [x] Browser N/A.
|
|
|
|
## Architecture
|
|
|
|
- [x] Uses Coverage v2 evidence architecture.
|
|
- [x] Uses Spec 434 adapter.
|
|
- [x] Uses Spec 435 normalizers/hash builder.
|
|
- [x] Uses Spec 433 readiness evaluator.
|
|
- [x] Uses Spec 432 runner boundary.
|
|
- [x] No Graph gateway fallback.
|
|
- [x] No fake Graph endpoint.
|
|
- [x] No Exchange-specific evidence table.
|
|
- [x] No `tenant_id` ownership truth.
|
|
- [x] No Exchange mini-platform.
|
|
- [x] No legacy shim.
|
|
- [x] No fallback reader.
|
|
- [x] No migration.
|
|
|
|
## Product Surface Contract
|
|
|
|
- [x] CHK034 The spec references `docs/product/standards/product-surface-contract.md`.
|
|
- [x] CHK035 No-legacy posture is explicit.
|
|
- [x] CHK036 Product Surface Impact records N/A values with rationale.
|
|
- [x] CHK037 Browser proof is `N/A - no rendered UI surface changed`.
|
|
- [x] CHK038 Human Product Sanity is N/A.
|
|
- [x] CHK039 Implementation report will include Livewire v4, provider registration, global search, destructive/high-impact action, asset, tests/browser, deployment, no completed-spec rewrite, and follow-up fields.
|
|
- [x] CHK040 Completed historical specs were not rewritten.
|
|
|
|
## Validation
|
|
|
|
- [x] Focused unit tests pass.
|
|
- [x] Focused feature tests pass.
|
|
- [x] Regressions pass.
|
|
- [x] Pint passes.
|
|
- [x] `git diff --check` passes.
|
|
- [x] `git status --short` documented.
|
|
|
|
## Review Outcome
|
|
|
|
- [x] Preparation review outcome class: acceptable-special-case.
|
|
- [x] Preparation workflow outcome: keep.
|
|
- [x] Final note location: implementation report.
|
|
|
|
## Final Candidate Gate
|
|
|
|
Preparation result: PASS.
|
|
|
|
Implementation PASS requires all runtime validation items above to be checked with evidence. PASS WITH CONDITIONS is allowed only for bounded follow-ups that do not weaken evidence integrity, identity safety, normalization determinism, redaction, readiness gating, no-promotion posture, no-product-surface posture, ownership, or no-mini-platform posture.
|
|
|
|
FAIL if Spec 435 is not merge-ready, credential/permission gates can be bypassed, fake evidence is created, permission denied is treated as empty data, malformed output is treated as success, unsafe identity creates evidence, raw stdout/stderr is treated as evidence, raw payload leaks outside evidence storage, OperationRun stores raw provider output or normalizer/hash preview, coverage promotes to comparable/renderable/certified, restore/customer claims appear, UI/routes/jobs/schedules/listeners are added, migration is added without amendment, `tenant_id` ownership truth is introduced, an Exchange-specific evidence table appears, or tests do not prove content-backed evidence safety.
|