Added `BaselineReadinessGate`, resolution propagation, and disclosure semantics logic per Spec 385. Integrates baseline unreadiness into Customer Review Workspace and Review Packs to prevent report generation when identity bindings are unresolved. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #456
71 lines
4.6 KiB
Markdown
71 lines
4.6 KiB
Markdown
# Requirements Checklist: Spec 385 - Evidence and Review Readiness Integration v1
|
|
|
|
**Purpose**: Preparation quality and constitution gate for Spec 385 before implementation.
|
|
**Created**: 2026-06-17
|
|
**Feature**: `specs/385-evidence-review-readiness/spec.md`
|
|
|
|
## Candidate And Scope
|
|
|
|
- [x] CHK001 The selected candidate is directly user-provided and not invented from an empty auto-prep queue.
|
|
- [x] CHK002 The candidate is not already covered by an existing `specs/385-*` package.
|
|
- [x] CHK003 Completed dependency specs 381, 382, 383, and 384 are treated as read-only historical context.
|
|
- [x] CHK004 The smallest viable slice is Evidence, Environment Review, and Review Pack readiness integration only.
|
|
- [x] CHK005 Matching, compare semantics, resolution UI, workflow engines, report/PDF runtime, and legacy compatibility are explicitly out of scope.
|
|
|
|
## Spec Approval Rubric
|
|
|
|
- [x] CHK006 The Spec Candidate Check answers the operator workflow, trust/safety, smallest version, complexity, and why-now questions.
|
|
- [x] CHK007 The spec is classified as Core Enterprise.
|
|
- [x] CHK008 Red flags are named and defended.
|
|
- [x] CHK009 The score is at least 7/12 and the decision is approve.
|
|
- [x] CHK010 The proportionality review covers current problem, insufficiency, narrowest implementation, ownership cost, rejected alternative, and release truth.
|
|
|
|
## Repository Truth
|
|
|
|
- [x] CHK011 Existing affected surfaces are named from repo truth, including `BaselineDriftPostureSource`, `EvidenceCompletenessEvaluator`, `EnvironmentReviewReadinessGate`, `ReviewPackOutputReadiness`, `ReviewPackOutputResolutionGuidance`, and `ReportDisclosurePolicy`.
|
|
- [x] CHK012 Existing source-of-truth boundaries are preserved: OperationRun compare proof, provider resource bindings, Evidence Snapshot, Environment Review, Review Pack, and Stored Report.
|
|
- [x] CHK013 Readiness remains derived unless implementation updates the spec/plan/tasks before adding persistence.
|
|
- [x] CHK014 Pre-production compatibility posture rejects old payload compatibility readers.
|
|
|
|
## UI And Surface Coverage
|
|
|
|
- [x] CHK015 The spec includes a coherent UI Surface Impact decision for changed existing surfaces.
|
|
- [x] CHK016 UI/Productization Coverage names affected surfaces and page-report expectations.
|
|
- [x] CHK017 Customer-safe review requirements are explicit.
|
|
- [x] CHK018 Dangerous-action review is marked not applicable because no new destructive/high-impact action is planned.
|
|
- [x] CHK019 Tasks include UI coverage/page-report update decisions for affected existing surfaces.
|
|
- [x] CHK020 The spec includes a UI Action Matrix for changed existing Filament surfaces and records that no new actions are planned.
|
|
|
|
## Shared Patterns And OperationRun
|
|
|
|
- [x] CHK021 Cross-cutting shared pattern reuse names existing helpers before any new mapper.
|
|
- [x] CHK022 Any new mapper/helper is bounded to baseline readiness and barred from becoming a generic readiness/workflow framework.
|
|
- [x] CHK023 OperationRun impact is limited to proof and next-action links; no lifecycle transition or new run type is planned.
|
|
- [x] CHK024 Provider boundary rules keep provider identifiers internal/proof-only and primary readiness language provider-neutral.
|
|
|
|
## RBAC, Security, And Disclosure
|
|
|
|
- [x] CHK025 Workspace/environment entitlement and deny-as-not-found boundaries are required for all affected links and surfaces.
|
|
- [x] CHK026 Customer-safe output forbids raw provider IDs, canonical subject keys, binding internals, internal enum names, database IDs, and raw OperationRun JSON.
|
|
- [x] CHK027 Internal/support diagnostics are allowed only according to existing profile/disclosure rules.
|
|
- [x] CHK028 No Graph/provider calls are allowed during readiness derivation or UI render.
|
|
|
|
## Test And Validation Readiness
|
|
|
|
- [x] CHK029 Test purpose and lanes are explicit.
|
|
- [x] CHK030 Tasks include tests before runtime mapping implementation.
|
|
- [x] CHK031 Tasks cover false-green and false-red cases.
|
|
- [x] CHK032 Tasks include customer-safe leakage tests.
|
|
- [x] CHK033 Tasks include Filament/Livewire and browser-smoke decisions for changed rendered surfaces.
|
|
- [x] CHK034 Validation commands are present in the spec, plan, and tasks.
|
|
|
|
## Review Outcome
|
|
|
|
- [x] CHK035 Review outcome class: acceptable-special-case.
|
|
- [x] CHK036 Workflow outcome: keep.
|
|
- [x] CHK037 Final note location: implementation close-out entry `Evidence and Review Readiness Integration`.
|
|
|
|
## Notes
|
|
|
|
Preparation is ready for implementation review. The later implementation loop must stop and update spec/plan/tasks before adding any new persisted readiness entity, public state family, route, panel provider, provider call, workflow engine, report/PDF runtime change, or legacy compatibility reader.
|