TenantAtlas/specs/430-exchange-powershell-adapter-contract-slice-1/checklists/requirements.md
ahmido 9b58a5696d feat: add Exchange PowerShell adapter contract slice 1 (#497)
Spec 430: Exchange PowerShell adapter contract slice 1. Validation was not rerun during PR creation handoff; branch contains implementation report and tests.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #497
2026-07-05 12:08:16 +00:00

6.8 KiB

Requirements Checklist: Exchange PowerShell Adapter Contract Slice 1

Purpose: Validate that Spec 430 is bounded, implementation-ready, and safe to hand to an implementation loop. Checked items mean the requirement is specified by the artifacts, not already implemented in application code. Created: 2026-07-04 Feature: specs/430-exchange-powershell-adapter-contract-slice-1/spec.md

Preparation Scope

  • spec.md exists.
  • plan.md exists.
  • tasks.md exists.
  • Candidate source is documented from the user-provided draft and Spec 429.
  • Completed-spec guardrail was applied to Specs 426-429 as read-only context.
  • No existing specs/430-* package was found before creating this one.
  • Current branch and pre-Spec Kit HEAD/dirty state are recorded.
  • No application code was modified during preparation.

Candidate Selection Gate

  • Selected candidate is directly provided by the user and aligned with Spec 429.
  • Selected candidate is not already covered by an active or completed Spec 430.
  • Candidate is scoped as a small implementation-ready slice.
  • Close alternatives are deferred instead of hidden in primary scope.
  • Roadmap relationship is explicit: Spec 430 unblocks Spec 431.
  • Candidate Selection Gate result is recorded as PASS.

Scope

  • Only transportRule is included.
  • Only remoteDomain is included.
  • Only inboundConnector is included.
  • No Teams target type is included.
  • No Exchange Admin API adapter is included.
  • No outboundConnector is included.
  • No acceptedDomain or organizationConfig is included.
  • No evidence capture is included.
  • No OperationRun is included.
  • No compare/render is included.
  • No certification is included.
  • No restore/apply is included.
  • No customer claim is included.
  • No UI is included.

Adapter Safety Requirements

  • Structured command contract requirement is specified.
  • Static allowlisted read-only commands are specified.
  • Raw command strings must be rejected.
  • Unknown parameters must be rejected.
  • Mutation commands must be rejected.
  • Fake runner must be used in tests.
  • No shell execution in unit tests is required.
  • No provider calls in tests is required.
  • Production live execution remains disabled/inert for this slice.

Source Contract Requirements

  • transportRule contract requirement exists.
  • remoteDomain contract requirement exists.
  • inboundConnector contract requirement exists.
  • Resolver must return verified pending capture for included types.
  • Missing adapter state must be removed for included types only.
  • Missing contract state must be removed for included types only.
  • Excluded types must remain blocked or deferred.

Metadata Requirements

  • Permission metadata is required.
  • Runtime permission validation must remain pending unless proven.
  • Response-shape metadata is required.
  • Identity handoff metadata is required.
  • Display-name-only identity is forbidden.
  • Redaction metadata is required.
  • Normalization handoff metadata is required.
  • Claim boundary metadata is required.
  • Restore tier must remain compare-only or stricter.

Non-Functional Requirements

  • Fail-closed command and response-shape security posture is specified.
  • Offline deterministic test posture is specified.
  • Redaction posture is specified for secrets, transcripts, stdout/stderr, and content.
  • Provider-boundary posture is specified.
  • Workspace/managed-environment/provider-connection scope posture is specified.
  • OperationRun observability posture is specified as deferred/no-run for this slice.
  • Product surface no-impact posture is specified.
  • Test governance posture is specified.

No-Promotion Requirements

  • No content-backed evidence.
  • No raw provider payload persistence.
  • No normalized evidence persistence.
  • No comparable level.
  • No renderable level.
  • No certified level.
  • No restore-ready state.
  • No customer-ready state.
  • Claim Guard/no-claim proof is required.

Architecture Requirements

  • Uses Coverage v2 source contract architecture.
  • No Exchange mini-platform.
  • No direct HTTP bypass.
  • No runtime Microsoft documentation fetch.
  • No tenant_id.
  • No legacy shim.
  • No fallback reader.
  • Provider-native identifiers remain metadata, not ownership truth.

Product Surface Requirements

  • UI Surface Impact is checked as no impact.
  • Product Surface Impact is N/A - no rendered product surface changed.
  • Browser proof is N/A - no rendered UI surface changed.
  • Human Product Sanity is N/A.
  • Livewire v4 posture is recorded as no UI change.
  • Provider registration location is recorded as no panel change.
  • Global search posture is recorded as no resource change.
  • Destructive/high-impact action posture is none.
  • Asset strategy is no assets.
  • Deployment impact is no env/migrations/queues/scheduler/storage/assets expected.

Test Readiness Requirements

  • Focused unit tests are required.
  • Feature tests are conditional and bounded.
  • Spec 426/427/428 regressions are required where test-backed.
  • Spec 417/420 regressions are required where relevant.
  • Pint is required.
  • git diff --check is required.
  • git status --short is required.
  • Browser is N/A unless the spec is amended.

Implementation Gate Checklist

These items are checked after the implementation loop completed them, supported by tasks.md and implementation-report.md.

  • transportRule, remoteDomain, and inboundConnector have adapter contracts.
  • Only Get-TransportRule, Get-RemoteDomain, and Get-InboundConnector are allowlisted.
  • Mutation commands are rejected.
  • Raw command strings are rejected.
  • Fake runner proves structured execution behavior.
  • Resolver returns verified pending capture for included types.
  • Excluded types remain blocked/deferred.
  • No shell execution occurs in unit tests.
  • No provider calls occur in tests.
  • No evidence or OperationRun is created.
  • No compare/render/certification/restore/customer claim appears.
  • No tenant_id is introduced.
  • Exchange cmdlets and response fields remain provider-owned source details, not platform-core ownership truth or customer vocabulary.
  • Workspace/managed-environment/provider-connection scope is preserved for future execution handoff, with provider-native tenant identifiers metadata-only.
  • No Exchange mini-platform is introduced.
  • Focused tests and regressions pass.

Review Outcome

  • Review outcome class for preparation: acceptable-special-case.
  • Workflow outcome for preparation: keep.
  • Final note location: implementation report after the later implementation loop.