Spec 430: Exchange PowerShell adapter contract slice 1. Validation was not rerun during PR creation handoff; branch contains implementation report and tests. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #497
162 lines
6.8 KiB
Markdown
162 lines
6.8 KiB
Markdown
# Requirements Checklist: Exchange PowerShell Adapter Contract Slice 1
|
|
|
|
**Purpose**: Validate that Spec 430 is bounded, implementation-ready, and safe to hand to an implementation loop. Checked items mean the requirement is specified by the artifacts, not already implemented in application code.
|
|
**Created**: 2026-07-04
|
|
**Feature**: `specs/430-exchange-powershell-adapter-contract-slice-1/spec.md`
|
|
|
|
## Preparation Scope
|
|
|
|
- [x] `spec.md` exists.
|
|
- [x] `plan.md` exists.
|
|
- [x] `tasks.md` exists.
|
|
- [x] Candidate source is documented from the user-provided draft and Spec 429.
|
|
- [x] Completed-spec guardrail was applied to Specs 426-429 as read-only context.
|
|
- [x] No existing `specs/430-*` package was found before creating this one.
|
|
- [x] Current branch and pre-Spec Kit HEAD/dirty state are recorded.
|
|
- [x] No application code was modified during preparation.
|
|
|
|
## Candidate Selection Gate
|
|
|
|
- [x] Selected candidate is directly provided by the user and aligned with Spec 429.
|
|
- [x] Selected candidate is not already covered by an active or completed Spec 430.
|
|
- [x] Candidate is scoped as a small implementation-ready slice.
|
|
- [x] Close alternatives are deferred instead of hidden in primary scope.
|
|
- [x] Roadmap relationship is explicit: Spec 430 unblocks Spec 431.
|
|
- [x] Candidate Selection Gate result is recorded as PASS.
|
|
|
|
## Scope
|
|
|
|
- [x] Only `transportRule` is included.
|
|
- [x] Only `remoteDomain` is included.
|
|
- [x] Only `inboundConnector` is included.
|
|
- [x] No Teams target type is included.
|
|
- [x] No Exchange Admin API adapter is included.
|
|
- [x] No `outboundConnector` is included.
|
|
- [x] No `acceptedDomain` or `organizationConfig` is included.
|
|
- [x] No evidence capture is included.
|
|
- [x] No OperationRun is included.
|
|
- [x] No compare/render is included.
|
|
- [x] No certification is included.
|
|
- [x] No restore/apply is included.
|
|
- [x] No customer claim is included.
|
|
- [x] No UI is included.
|
|
|
|
## Adapter Safety Requirements
|
|
|
|
- [x] Structured command contract requirement is specified.
|
|
- [x] Static allowlisted read-only commands are specified.
|
|
- [x] Raw command strings must be rejected.
|
|
- [x] Unknown parameters must be rejected.
|
|
- [x] Mutation commands must be rejected.
|
|
- [x] Fake runner must be used in tests.
|
|
- [x] No shell execution in unit tests is required.
|
|
- [x] No provider calls in tests is required.
|
|
- [x] Production live execution remains disabled/inert for this slice.
|
|
|
|
## Source Contract Requirements
|
|
|
|
- [x] `transportRule` contract requirement exists.
|
|
- [x] `remoteDomain` contract requirement exists.
|
|
- [x] `inboundConnector` contract requirement exists.
|
|
- [x] Resolver must return verified pending capture for included types.
|
|
- [x] Missing adapter state must be removed for included types only.
|
|
- [x] Missing contract state must be removed for included types only.
|
|
- [x] Excluded types must remain blocked or deferred.
|
|
|
|
## Metadata Requirements
|
|
|
|
- [x] Permission metadata is required.
|
|
- [x] Runtime permission validation must remain pending unless proven.
|
|
- [x] Response-shape metadata is required.
|
|
- [x] Identity handoff metadata is required.
|
|
- [x] Display-name-only identity is forbidden.
|
|
- [x] Redaction metadata is required.
|
|
- [x] Normalization handoff metadata is required.
|
|
- [x] Claim boundary metadata is required.
|
|
- [x] Restore tier must remain compare-only or stricter.
|
|
|
|
## Non-Functional Requirements
|
|
|
|
- [x] Fail-closed command and response-shape security posture is specified.
|
|
- [x] Offline deterministic test posture is specified.
|
|
- [x] Redaction posture is specified for secrets, transcripts, stdout/stderr, and content.
|
|
- [x] Provider-boundary posture is specified.
|
|
- [x] Workspace/managed-environment/provider-connection scope posture is specified.
|
|
- [x] OperationRun observability posture is specified as deferred/no-run for this slice.
|
|
- [x] Product surface no-impact posture is specified.
|
|
- [x] Test governance posture is specified.
|
|
|
|
## No-Promotion Requirements
|
|
|
|
- [x] No content-backed evidence.
|
|
- [x] No raw provider payload persistence.
|
|
- [x] No normalized evidence persistence.
|
|
- [x] No comparable level.
|
|
- [x] No renderable level.
|
|
- [x] No certified level.
|
|
- [x] No restore-ready state.
|
|
- [x] No customer-ready state.
|
|
- [x] Claim Guard/no-claim proof is required.
|
|
|
|
## Architecture Requirements
|
|
|
|
- [x] Uses Coverage v2 source contract architecture.
|
|
- [x] No Exchange mini-platform.
|
|
- [x] No direct HTTP bypass.
|
|
- [x] No runtime Microsoft documentation fetch.
|
|
- [x] No `tenant_id`.
|
|
- [x] No legacy shim.
|
|
- [x] No fallback reader.
|
|
- [x] Provider-native identifiers remain metadata, not ownership truth.
|
|
|
|
## Product Surface Requirements
|
|
|
|
- [x] UI Surface Impact is checked as no impact.
|
|
- [x] Product Surface Impact is `N/A - no rendered product surface changed`.
|
|
- [x] Browser proof is `N/A - no rendered UI surface changed`.
|
|
- [x] Human Product Sanity is N/A.
|
|
- [x] Livewire v4 posture is recorded as no UI change.
|
|
- [x] Provider registration location is recorded as no panel change.
|
|
- [x] Global search posture is recorded as no resource change.
|
|
- [x] Destructive/high-impact action posture is none.
|
|
- [x] Asset strategy is no assets.
|
|
- [x] Deployment impact is no env/migrations/queues/scheduler/storage/assets expected.
|
|
|
|
## Test Readiness Requirements
|
|
|
|
- [x] Focused unit tests are required.
|
|
- [x] Feature tests are conditional and bounded.
|
|
- [x] Spec 426/427/428 regressions are required where test-backed.
|
|
- [x] Spec 417/420 regressions are required where relevant.
|
|
- [x] Pint is required.
|
|
- [x] `git diff --check` is required.
|
|
- [x] `git status --short` is required.
|
|
- [x] Browser is N/A unless the spec is amended.
|
|
|
|
## Implementation Gate Checklist
|
|
|
|
These items are checked after the implementation loop completed them, supported by `tasks.md` and `implementation-report.md`.
|
|
|
|
- [x] `transportRule`, `remoteDomain`, and `inboundConnector` have adapter contracts.
|
|
- [x] Only `Get-TransportRule`, `Get-RemoteDomain`, and `Get-InboundConnector` are allowlisted.
|
|
- [x] Mutation commands are rejected.
|
|
- [x] Raw command strings are rejected.
|
|
- [x] Fake runner proves structured execution behavior.
|
|
- [x] Resolver returns verified pending capture for included types.
|
|
- [x] Excluded types remain blocked/deferred.
|
|
- [x] No shell execution occurs in unit tests.
|
|
- [x] No provider calls occur in tests.
|
|
- [x] No evidence or OperationRun is created.
|
|
- [x] No compare/render/certification/restore/customer claim appears.
|
|
- [x] No `tenant_id` is introduced.
|
|
- [x] Exchange cmdlets and response fields remain provider-owned source details, not platform-core ownership truth or customer vocabulary.
|
|
- [x] Workspace/managed-environment/provider-connection scope is preserved for future execution handoff, with provider-native tenant identifiers metadata-only.
|
|
- [x] No Exchange mini-platform is introduced.
|
|
- [x] Focused tests and regressions pass.
|
|
|
|
## Review Outcome
|
|
|
|
- [x] Review outcome class for preparation: acceptable-special-case.
|
|
- [x] Workflow outcome for preparation: keep.
|
|
- [x] Final note location: implementation report after the later implementation loop.
|