ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b3e6dfdb7c
TenantAtlas/specs/385-evidence-review-readiness/checklists/requirements.md
ahmido 3a9402998a feat(evidence): implement baseline review readiness integration (#456) 
Added `BaselineReadinessGate`, resolution propagation, and disclosure semantics logic per Spec 385. Integrates baseline unreadiness into Customer Review Workspace and Review Packs to prevent report generation when identity bindings are unresolved.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #456
2026-06-17 22:54:11 +00:00

4.6 KiB
Raw Blame History

Requirements Checklist: Spec 385 - Evidence and Review Readiness Integration v1

Purpose: Preparation quality and constitution gate for Spec 385 before implementation. Created: 2026-06-17 Feature: specs/385-evidence-review-readiness/spec.md

Candidate And Scope

  • CHK001 The selected candidate is directly user-provided and not invented from an empty auto-prep queue.
  • CHK002 The candidate is not already covered by an existing specs/385-* package.
  • CHK003 Completed dependency specs 381, 382, 383, and 384 are treated as read-only historical context.
  • CHK004 The smallest viable slice is Evidence, Environment Review, and Review Pack readiness integration only.
  • CHK005 Matching, compare semantics, resolution UI, workflow engines, report/PDF runtime, and legacy compatibility are explicitly out of scope.

Spec Approval Rubric

  • CHK006 The Spec Candidate Check answers the operator workflow, trust/safety, smallest version, complexity, and why-now questions.
  • CHK007 The spec is classified as Core Enterprise.
  • CHK008 Red flags are named and defended.
  • CHK009 The score is at least 7/12 and the decision is approve.
  • CHK010 The proportionality review covers current problem, insufficiency, narrowest implementation, ownership cost, rejected alternative, and release truth.

Repository Truth

  • CHK011 Existing affected surfaces are named from repo truth, including BaselineDriftPostureSource, EvidenceCompletenessEvaluator, EnvironmentReviewReadinessGate, ReviewPackOutputReadiness, ReviewPackOutputResolutionGuidance, and ReportDisclosurePolicy.
  • CHK012 Existing source-of-truth boundaries are preserved: OperationRun compare proof, provider resource bindings, Evidence Snapshot, Environment Review, Review Pack, and Stored Report.
  • CHK013 Readiness remains derived unless implementation updates the spec/plan/tasks before adding persistence.
  • CHK014 Pre-production compatibility posture rejects old payload compatibility readers.

UI And Surface Coverage

  • CHK015 The spec includes a coherent UI Surface Impact decision for changed existing surfaces.
  • CHK016 UI/Productization Coverage names affected surfaces and page-report expectations.
  • CHK017 Customer-safe review requirements are explicit.
  • CHK018 Dangerous-action review is marked not applicable because no new destructive/high-impact action is planned.
  • CHK019 Tasks include UI coverage/page-report update decisions for affected existing surfaces.
  • CHK020 The spec includes a UI Action Matrix for changed existing Filament surfaces and records that no new actions are planned.

Shared Patterns And OperationRun

  • CHK021 Cross-cutting shared pattern reuse names existing helpers before any new mapper.
  • CHK022 Any new mapper/helper is bounded to baseline readiness and barred from becoming a generic readiness/workflow framework.
  • CHK023 OperationRun impact is limited to proof and next-action links; no lifecycle transition or new run type is planned.
  • CHK024 Provider boundary rules keep provider identifiers internal/proof-only and primary readiness language provider-neutral.

RBAC, Security, And Disclosure

  • CHK025 Workspace/environment entitlement and deny-as-not-found boundaries are required for all affected links and surfaces.
  • CHK026 Customer-safe output forbids raw provider IDs, canonical subject keys, binding internals, internal enum names, database IDs, and raw OperationRun JSON.
  • CHK027 Internal/support diagnostics are allowed only according to existing profile/disclosure rules.
  • CHK028 No Graph/provider calls are allowed during readiness derivation or UI render.

Test And Validation Readiness

  • CHK029 Test purpose and lanes are explicit.
  • CHK030 Tasks include tests before runtime mapping implementation.
  • CHK031 Tasks cover false-green and false-red cases.
  • CHK032 Tasks include customer-safe leakage tests.
  • CHK033 Tasks include Filament/Livewire and browser-smoke decisions for changed rendered surfaces.
  • CHK034 Validation commands are present in the spec, plan, and tasks.

Review Outcome

  • CHK035 Review outcome class: acceptable-special-case.
  • CHK036 Workflow outcome: keep.
  • CHK037 Final note location: implementation close-out entry Evidence and Review Readiness Integration.

Notes

Preparation is ready for implementation review. The later implementation loop must stop and update spec/plan/tasks before adding any new persisted readiness entity, public state family, route, panel provider, provider call, workflow engine, report/PDF runtime change, or legacy compatibility reader.