ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a73a8f5882
TenantAtlas/specs/420-m365-generic-evidence-coverage-pack/checklists/requirements.md
ahmido a73a8f5882 feat: complete m365 generic evidence coverage pack (#487) 
Committing and publishing the current Spec 420 package changes.

Includes updated services, coverage tests, browser smoke coverage, and the spec/plan/tasks artifacts for the package.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #487
2026-06-27 12:24:00 +00:00

5.5 KiB
Raw Blame History

Requirements Checklist: Spec 420 - M365 Generic Evidence Coverage Pack

Preparation Checklist

  • Candidate is user-provided, not auto-selected from the empty active candidate queue.
  • Spec 414 is read-only dependency context only.
  • Spec 415 is read-only dependency context only.
  • Spec 417 is read-only dependency context only.
  • Spec 418 is read-only dependency context only.
  • Spec 419 is read-only dependency context only.
  • No existing specs/420-* package or branch was found before creation.
  • Existing Coverage v2 resource/evidence tables, registry, source resolver, capture service, identity resolver, Claim Guard, OperationRun service, and M365 registry rows were verified as repo truth.
  • Draft-to-repo deviations are documented.
  • No application implementation was performed during preparation.

Candidate Scope Checklist

  • Selected first pack is bounded to conditionalAccessPolicy, acceptedDomain, appPermissionPolicy, and dlpCompliancePolicy.
  • At least one enabled capture path is planned only when backed by an explicit repo-real contract.
  • Missing-contract paths are first-class requirements, not implementation failures.
  • No compare/render/restore/certification/customer output is in scope.
  • No new UI start action, route, navigation entry, dashboard, report, download, or customer surface is in scope.
  • No workload-specific mini-platform is in scope.

Product Surface Checklist

  • UI Surface Impact records existing Spec 418 operator-surface data impact without runtime UI code scope.
  • Product Surface Impact covers data-driven existing-surface impact.
  • Browser proof is required if captured/blocked M365 data renders, or N/A only with proof that no rendered output changed.
  • Human Product Sanity is required if captured/blocked M365 data renders, or N/A only with proof.
  • Product Surface exceptions are none.
  • Stop-and-amend rule exists for any runtime UI file, route, navigation, action, report, download, customer output, or rendered-label change beyond existing data-driven display.

OperationRun / RBAC / Scope Checklist

  • Existing tenant_configuration.capture operation type is reused by default.
  • New tenant_configuration.m365_capture is rejected unless proportionality review is amended.
  • OperationRunService owns status/outcome transitions.
  • Summary counts remain flat numeric-only and use existing keys.
  • Non-member and missing environment entitlement deny as not found.
  • Missing capture capability and readonly denial return 403 after membership is established.
  • Provider connection scope must match workspace and managed environment before run creation and job provider work.

Evidence / Identity / Claim Checklist

  • Captured evidence must persist raw payload, normalized payload, payload hash, source metadata, permission context, and OperationRun link.
  • Missing contracts must not create fake evidence.
  • CanonicalIdentityResolver must be used.
  • Display-name-only identity is forbidden as stable identity.
  • Identity conflicts and unsafe derived identity block customer-facing claims.
  • Claim Guard blocks broad M365, certified, restore-ready, customer-ready, complete tenant, all-resource, and unscoped 100% claims.
  • Generic captured evidence does not imply comparable, renderable, restorable, certified, or customer-ready.

Source Contract / Provider Boundary Checklist

  • Provider calls must go through GraphClientInterface and existing provider gateway/contract paths.
  • conditionalAccessPolicy capture depends on explicit repo-real source contract mapping.
  • acceptedDomain, appPermissionPolicy, and dlpCompliancePolicy remain missing-contract blockers for Spec 420; adding contracts for those three types requires an amended package or follow-up spec.
  • Endpoint guessing from canonical type strings or source aliases is forbidden.
  • Runtime Microsoft docs scraping is forbidden.
  • Provider-native tenant/directory/account IDs remain metadata only.

No Legacy / Ownership Checklist

  • No tenant_id.
  • No old gap taxonomy.
  • No v1-to-v2 adapter.
  • No fallback reader.
  • No dual writes.
  • No old snapshot promotion.
  • No customer-facing dual truth.

Test Requirements Checklist

  • Unit tests cover source contracts, eligibility, normalization/hash, identity strategy, Claim Guard, and redaction.
  • Feature tests cover capture persistence, OperationRun, authorization, provider scope, no-overclaim, no-legacy, and no-tenant-id.
  • No real Graph/TCM/provider calls are allowed in tests.
  • Test lane impact is documented.
  • PostgreSQL lane is required if migrations/check constraints/indexes change.
  • Browser proof is required if existing Spec 418 operator surface renders captured/blocked M365 data.

Spec Readiness Gate

  • spec.md exists.
  • plan.md exists.
  • tasks.md exists.
  • Requirements are bounded and testable.
  • Plan identifies likely affected repo surfaces.
  • Tasks are ordered, small, verifiable, and include validation.
  • Product Surface, RBAC, workspace/provider isolation, OperationRun, evidence/result truth, provider boundary, no-legacy, and test governance are addressed.
  • No open question blocks safe implementation.

Gate Results

  • Candidate Selection Gate: PASS for direct user-provided candidate.
  • Spec Readiness Gate: PASS for preparation; implementation must still follow tasks.md.