TenantAtlas/specs/430-exchange-powershell-adapter-contract-slice-1/checklists/requirements.md
ahmido 9b58a5696d feat: add Exchange PowerShell adapter contract slice 1 (#497)
Spec 430: Exchange PowerShell adapter contract slice 1. Validation was not rerun during PR creation handoff; branch contains implementation report and tests.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #497
2026-07-05 12:08:16 +00:00

162 lines
6.8 KiB
Markdown

# Requirements Checklist: Exchange PowerShell Adapter Contract Slice 1
**Purpose**: Validate that Spec 430 is bounded, implementation-ready, and safe to hand to an implementation loop. Checked items mean the requirement is specified by the artifacts, not already implemented in application code.
**Created**: 2026-07-04
**Feature**: `specs/430-exchange-powershell-adapter-contract-slice-1/spec.md`
## Preparation Scope
- [x] `spec.md` exists.
- [x] `plan.md` exists.
- [x] `tasks.md` exists.
- [x] Candidate source is documented from the user-provided draft and Spec 429.
- [x] Completed-spec guardrail was applied to Specs 426-429 as read-only context.
- [x] No existing `specs/430-*` package was found before creating this one.
- [x] Current branch and pre-Spec Kit HEAD/dirty state are recorded.
- [x] No application code was modified during preparation.
## Candidate Selection Gate
- [x] Selected candidate is directly provided by the user and aligned with Spec 429.
- [x] Selected candidate is not already covered by an active or completed Spec 430.
- [x] Candidate is scoped as a small implementation-ready slice.
- [x] Close alternatives are deferred instead of hidden in primary scope.
- [x] Roadmap relationship is explicit: Spec 430 unblocks Spec 431.
- [x] Candidate Selection Gate result is recorded as PASS.
## Scope
- [x] Only `transportRule` is included.
- [x] Only `remoteDomain` is included.
- [x] Only `inboundConnector` is included.
- [x] No Teams target type is included.
- [x] No Exchange Admin API adapter is included.
- [x] No `outboundConnector` is included.
- [x] No `acceptedDomain` or `organizationConfig` is included.
- [x] No evidence capture is included.
- [x] No OperationRun is included.
- [x] No compare/render is included.
- [x] No certification is included.
- [x] No restore/apply is included.
- [x] No customer claim is included.
- [x] No UI is included.
## Adapter Safety Requirements
- [x] Structured command contract requirement is specified.
- [x] Static allowlisted read-only commands are specified.
- [x] Raw command strings must be rejected.
- [x] Unknown parameters must be rejected.
- [x] Mutation commands must be rejected.
- [x] Fake runner must be used in tests.
- [x] No shell execution in unit tests is required.
- [x] No provider calls in tests is required.
- [x] Production live execution remains disabled/inert for this slice.
## Source Contract Requirements
- [x] `transportRule` contract requirement exists.
- [x] `remoteDomain` contract requirement exists.
- [x] `inboundConnector` contract requirement exists.
- [x] Resolver must return verified pending capture for included types.
- [x] Missing adapter state must be removed for included types only.
- [x] Missing contract state must be removed for included types only.
- [x] Excluded types must remain blocked or deferred.
## Metadata Requirements
- [x] Permission metadata is required.
- [x] Runtime permission validation must remain pending unless proven.
- [x] Response-shape metadata is required.
- [x] Identity handoff metadata is required.
- [x] Display-name-only identity is forbidden.
- [x] Redaction metadata is required.
- [x] Normalization handoff metadata is required.
- [x] Claim boundary metadata is required.
- [x] Restore tier must remain compare-only or stricter.
## Non-Functional Requirements
- [x] Fail-closed command and response-shape security posture is specified.
- [x] Offline deterministic test posture is specified.
- [x] Redaction posture is specified for secrets, transcripts, stdout/stderr, and content.
- [x] Provider-boundary posture is specified.
- [x] Workspace/managed-environment/provider-connection scope posture is specified.
- [x] OperationRun observability posture is specified as deferred/no-run for this slice.
- [x] Product surface no-impact posture is specified.
- [x] Test governance posture is specified.
## No-Promotion Requirements
- [x] No content-backed evidence.
- [x] No raw provider payload persistence.
- [x] No normalized evidence persistence.
- [x] No comparable level.
- [x] No renderable level.
- [x] No certified level.
- [x] No restore-ready state.
- [x] No customer-ready state.
- [x] Claim Guard/no-claim proof is required.
## Architecture Requirements
- [x] Uses Coverage v2 source contract architecture.
- [x] No Exchange mini-platform.
- [x] No direct HTTP bypass.
- [x] No runtime Microsoft documentation fetch.
- [x] No `tenant_id`.
- [x] No legacy shim.
- [x] No fallback reader.
- [x] Provider-native identifiers remain metadata, not ownership truth.
## Product Surface Requirements
- [x] UI Surface Impact is checked as no impact.
- [x] Product Surface Impact is `N/A - no rendered product surface changed`.
- [x] Browser proof is `N/A - no rendered UI surface changed`.
- [x] Human Product Sanity is N/A.
- [x] Livewire v4 posture is recorded as no UI change.
- [x] Provider registration location is recorded as no panel change.
- [x] Global search posture is recorded as no resource change.
- [x] Destructive/high-impact action posture is none.
- [x] Asset strategy is no assets.
- [x] Deployment impact is no env/migrations/queues/scheduler/storage/assets expected.
## Test Readiness Requirements
- [x] Focused unit tests are required.
- [x] Feature tests are conditional and bounded.
- [x] Spec 426/427/428 regressions are required where test-backed.
- [x] Spec 417/420 regressions are required where relevant.
- [x] Pint is required.
- [x] `git diff --check` is required.
- [x] `git status --short` is required.
- [x] Browser is N/A unless the spec is amended.
## Implementation Gate Checklist
These items are checked after the implementation loop completed them, supported by `tasks.md` and `implementation-report.md`.
- [x] `transportRule`, `remoteDomain`, and `inboundConnector` have adapter contracts.
- [x] Only `Get-TransportRule`, `Get-RemoteDomain`, and `Get-InboundConnector` are allowlisted.
- [x] Mutation commands are rejected.
- [x] Raw command strings are rejected.
- [x] Fake runner proves structured execution behavior.
- [x] Resolver returns verified pending capture for included types.
- [x] Excluded types remain blocked/deferred.
- [x] No shell execution occurs in unit tests.
- [x] No provider calls occur in tests.
- [x] No evidence or OperationRun is created.
- [x] No compare/render/certification/restore/customer claim appears.
- [x] No `tenant_id` is introduced.
- [x] Exchange cmdlets and response fields remain provider-owned source details, not platform-core ownership truth or customer vocabulary.
- [x] Workspace/managed-environment/provider-connection scope is preserved for future execution handoff, with provider-native tenant identifiers metadata-only.
- [x] No Exchange mini-platform is introduced.
- [x] Focused tests and regressions pass.
## Review Outcome
- [x] Review outcome class for preparation: acceptable-special-case.
- [x] Workflow outcome for preparation: keep.
- [x] Final note location: implementation report after the later implementation loop.