TenantAtlas/specs/427-exchange-teams-verified-source-contract-enablement/checklists/requirements.md
ahmido bfb52b84d6 feat: implement spec 427 source contract enablement (#494)
Automated PR for spec 427 Exchange Teams verified source contract enablement.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #494
2026-07-03 23:12:45 +00:00

4.4 KiB

Requirements Checklist: Spec 427 - Exchange / Teams Verified Source Contract Enablement

Purpose: Validate specification completeness and quality before implementation
Created: 2026-07-03
Feature: specs/427-exchange-teams-verified-source-contract-enablement/spec.md

Scope

  • Only selected Exchange/Teams source contracts are in scope.
  • No evidence capture is in scope.
  • No content-backed promotion is in scope.
  • No compare/render promotion is in scope.
  • No certification is in scope.
  • No restore/apply flow is in scope.
  • No customer claim is in scope.
  • No new UI surface is in scope.

Target Types

  • exchange.transportRule maps to repo canonical transportRule.
  • exchange.acceptedDomain maps to repo canonical acceptedDomain.
  • teams.appPermissionPolicy maps to repo canonical appPermissionPolicy.
  • teams.meetingPolicy maps to repo canonical meetingPolicy.
  • Repo-canonical names are documented in the spec.

Contract Verification

  • Source class metadata is required for verified contracts.
  • Draft source class labels are mapped to repo-canonical source classes such as graph_v1_fallback.
  • Contract name/version metadata is required for verified contracts.
  • Permission model metadata is required for verified contracts.
  • Response shape metadata is required for verified contracts.
  • Pagination/collection semantics are required for verified contracts.
  • Identity handoff metadata is required for verified contracts.
  • Redaction rules are required for verified contracts.
  • Final state is explicit for verified and blocked contracts.

Fail-Safe

  • Missing source blocks.
  • Unclear permissions block.
  • Beta-only source blocks certification/customer/restore claims.
  • Unsafe response shape blocks.
  • Missing repo adapter blocks.
  • Unsafe identity blocks.
  • Unsafe redaction blocks.
  • Blocked contracts create no provider call, resource row, or evidence row.

No Promotion

  • No raw evidence created.
  • No normalized evidence created.
  • No content-backed level.
  • No comparable level.
  • No renderable level.
  • No certified level.
  • No customer claim.
  • No restore-ready state.

Architecture

  • Uses Coverage v2 source contract infrastructure.
  • No direct HTTP bypass.
  • No endpoint guessing.
  • No new provider subsystem.
  • No tenant_id.
  • No Exchange mini-platform.
  • No Teams mini-platform.
  • Completed specs are read-only context and are not rewritten.

Product Surface

  • No rendered UI changed by default.
  • Product Surface Contract result is N/A - no rendered UI surface changed.
  • Browser proof is N/A - no rendered UI surface changed.
  • Human Product Sanity is N/A - no product surface changed.
  • Product Surface exceptions are none.

Tests

  • Unit tests are planned for resolver/contract states/permissions/response/identity/redaction.
  • Feature tests are planned for all four target types.
  • No-promotion tests are planned.
  • Spec 426 regression is planned.
  • Spec 417/420 regression is planned.
  • No real provider calls are allowed.
  • Test lane impact is documented.

Candidate Selection Gate

  • Candidate exists as a direct user-provided draft.
  • The active auto-prep queue was checked and is not used as the source.
  • The candidate is not already covered by an existing active or completed Spec 427 package.
  • Related completed specs are dependency context only.
  • The candidate aligns with the current Coverage v2 / Exchange/Teams sequence.
  • The scope is the smallest viable implementation slice.

Spec Readiness Gate

  • spec.md exists.
  • plan.md exists.
  • tasks.md exists.
  • Problem, value, requirements, non-goals, acceptance criteria, assumptions, and risks are documented.
  • RBAC, workspace/managed-environment/provider scope, auditability/observability, evidence/result truth, and UX no-impact posture are addressed.
  • No open question blocks safe implementation.
  • Scope is bounded for a later implementation loop.

Final Candidate Gate

Result: PASS

Rationale: The package is a direct, manually supplied candidate and is scoped to precise source-contract verification only. It preserves fail-safe behavior, forbids evidence/readiness/customer promotion, and includes explicit implementation stop conditions.