Spec 430: Exchange PowerShell adapter contract slice 1. Validation was not rerun during PR creation handoff; branch contains implementation report and tests. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #497
6.8 KiB
6.8 KiB
Requirements Checklist: Exchange PowerShell Adapter Contract Slice 1
Purpose: Validate that Spec 430 is bounded, implementation-ready, and safe to hand to an implementation loop. Checked items mean the requirement is specified by the artifacts, not already implemented in application code.
Created: 2026-07-04
Feature: specs/430-exchange-powershell-adapter-contract-slice-1/spec.md
Preparation Scope
spec.mdexists.plan.mdexists.tasks.mdexists.- Candidate source is documented from the user-provided draft and Spec 429.
- Completed-spec guardrail was applied to Specs 426-429 as read-only context.
- No existing
specs/430-*package was found before creating this one. - Current branch and pre-Spec Kit HEAD/dirty state are recorded.
- No application code was modified during preparation.
Candidate Selection Gate
- Selected candidate is directly provided by the user and aligned with Spec 429.
- Selected candidate is not already covered by an active or completed Spec 430.
- Candidate is scoped as a small implementation-ready slice.
- Close alternatives are deferred instead of hidden in primary scope.
- Roadmap relationship is explicit: Spec 430 unblocks Spec 431.
- Candidate Selection Gate result is recorded as PASS.
Scope
- Only
transportRuleis included. - Only
remoteDomainis included. - Only
inboundConnectoris included. - No Teams target type is included.
- No Exchange Admin API adapter is included.
- No
outboundConnectoris included. - No
acceptedDomainororganizationConfigis included. - No evidence capture is included.
- No OperationRun is included.
- No compare/render is included.
- No certification is included.
- No restore/apply is included.
- No customer claim is included.
- No UI is included.
Adapter Safety Requirements
- Structured command contract requirement is specified.
- Static allowlisted read-only commands are specified.
- Raw command strings must be rejected.
- Unknown parameters must be rejected.
- Mutation commands must be rejected.
- Fake runner must be used in tests.
- No shell execution in unit tests is required.
- No provider calls in tests is required.
- Production live execution remains disabled/inert for this slice.
Source Contract Requirements
transportRulecontract requirement exists.remoteDomaincontract requirement exists.inboundConnectorcontract requirement exists.- Resolver must return verified pending capture for included types.
- Missing adapter state must be removed for included types only.
- Missing contract state must be removed for included types only.
- Excluded types must remain blocked or deferred.
Metadata Requirements
- Permission metadata is required.
- Runtime permission validation must remain pending unless proven.
- Response-shape metadata is required.
- Identity handoff metadata is required.
- Display-name-only identity is forbidden.
- Redaction metadata is required.
- Normalization handoff metadata is required.
- Claim boundary metadata is required.
- Restore tier must remain compare-only or stricter.
Non-Functional Requirements
- Fail-closed command and response-shape security posture is specified.
- Offline deterministic test posture is specified.
- Redaction posture is specified for secrets, transcripts, stdout/stderr, and content.
- Provider-boundary posture is specified.
- Workspace/managed-environment/provider-connection scope posture is specified.
- OperationRun observability posture is specified as deferred/no-run for this slice.
- Product surface no-impact posture is specified.
- Test governance posture is specified.
No-Promotion Requirements
- No content-backed evidence.
- No raw provider payload persistence.
- No normalized evidence persistence.
- No comparable level.
- No renderable level.
- No certified level.
- No restore-ready state.
- No customer-ready state.
- Claim Guard/no-claim proof is required.
Architecture Requirements
- Uses Coverage v2 source contract architecture.
- No Exchange mini-platform.
- No direct HTTP bypass.
- No runtime Microsoft documentation fetch.
- No
tenant_id. - No legacy shim.
- No fallback reader.
- Provider-native identifiers remain metadata, not ownership truth.
Product Surface Requirements
- UI Surface Impact is checked as no impact.
- Product Surface Impact is
N/A - no rendered product surface changed. - Browser proof is
N/A - no rendered UI surface changed. - Human Product Sanity is N/A.
- Livewire v4 posture is recorded as no UI change.
- Provider registration location is recorded as no panel change.
- Global search posture is recorded as no resource change.
- Destructive/high-impact action posture is none.
- Asset strategy is no assets.
- Deployment impact is no env/migrations/queues/scheduler/storage/assets expected.
Test Readiness Requirements
- Focused unit tests are required.
- Feature tests are conditional and bounded.
- Spec 426/427/428 regressions are required where test-backed.
- Spec 417/420 regressions are required where relevant.
- Pint is required.
git diff --checkis required.git status --shortis required.- Browser is N/A unless the spec is amended.
Implementation Gate Checklist
These items are checked after the implementation loop completed them, supported by tasks.md and implementation-report.md.
transportRule,remoteDomain, andinboundConnectorhave adapter contracts.- Only
Get-TransportRule,Get-RemoteDomain, andGet-InboundConnectorare allowlisted. - Mutation commands are rejected.
- Raw command strings are rejected.
- Fake runner proves structured execution behavior.
- Resolver returns verified pending capture for included types.
- Excluded types remain blocked/deferred.
- No shell execution occurs in unit tests.
- No provider calls occur in tests.
- No evidence or OperationRun is created.
- No compare/render/certification/restore/customer claim appears.
- No
tenant_idis introduced. - Exchange cmdlets and response fields remain provider-owned source details, not platform-core ownership truth or customer vocabulary.
- Workspace/managed-environment/provider-connection scope is preserved for future execution handoff, with provider-native tenant identifiers metadata-only.
- No Exchange mini-platform is introduced.
- Focused tests and regressions pass.
Review Outcome
- Review outcome class for preparation: acceptable-special-case.
- Workflow outcome for preparation: keep.
- Final note location: implementation report after the later implementation loop.