TenantAtlas/specs/419-m365-tcm-workload-registry-expansion/checklists/requirements.md
Ahmed Darrazi b5de122f94
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m11s
feat: expand m365 tcm workload registry
2026-06-27 00:26:34 +02:00

137 lines
6.1 KiB
Markdown

# Requirements Checklist: Spec 419 - M365 TCM Workload Registry Expansion
## Preparation Checklist
- [x] Candidate is user-provided, not auto-selected from the empty active candidate queue.
- [x] Spec 414 is completed/validated dependency context only.
- [x] Spec 415 is completed/validated dependency context only.
- [x] Spec 417 is completed/validated dependency context only.
- [x] Spec 418 is completed/validated dependency context only.
- [x] No existing `specs/419-*` package was found before creation.
- [x] Existing Coverage v2 registry, supported scopes, enums, `ResourceTypeRegistry`, and `ClaimGuard` were verified as repo truth.
- [x] Draft-to-repo deviations are documented.
- [x] No application implementation was performed during preparation.
## Scope Checklist
- [x] Scope is registry expansion only.
- [x] No capture implementation is in scope.
- [x] No compare/render/restore/certification is in scope.
- [x] No customer-facing claims are in scope.
- [x] No new primary navigation or UI route is in scope.
- [x] No domain-specific mini-platform is in scope.
- [x] No runtime Microsoft docs fetch is in scope.
## Product Surface Checklist
- [x] UI Surface Impact records existing Spec 418 operator-surface data impact without runtime UI code scope.
- [x] Product Surface Impact covers data-driven existing-surface impact.
- [x] Browser proof is required if active rows/scopes render, or N/A only with proof that no rendered output changed.
- [x] Human Product Sanity is required if active rows/scopes render, or N/A only with proof that no rendered output changed.
- [x] Product Surface exceptions are `none`.
- [x] Stop-and-amend rule exists for any runtime UI file, route, navigation, action, report, download, or rendered label change beyond data-driven existing registry display.
## Workload Requirements Specified
- [x] Entra workload registration is required.
- [x] Exchange workload registration is required.
- [x] Teams workload registration is required.
- [x] Security and Compliance workload registration is required.
- [x] Defender safe overview/combined representation is required.
- [x] Purview safe overview/combined representation is required.
- [x] Defender/Purview representation uses aggregate supported-scope metadata, not fake certified resource types.
- [x] `tenantpilot` and `unknown` workload posture is covered.
## Resource Type Requirements Specified
- [x] Entra representative entries are listed.
- [x] Exchange representative entries are listed.
- [x] Teams representative entries are listed.
- [x] Security and Compliance representative entries are listed.
- [x] Defender/Purview uncertainty is explicit.
- [x] Full vs seeded/partial catalog decision is explicit.
- [x] Partial list must not be presented as full.
## Source / Support State Requirements Specified
- [x] TCM entries use `source_class = tcm`.
- [x] Current repo source classes remain authoritative unless amended with proportionality proof.
- [x] New non-Intune entries default to detected/registry-only.
- [x] No new entry defaults to content-backed.
- [x] No new entry defaults to comparable.
- [x] No new entry defaults to renderable.
- [x] No new entry defaults to certified.
- [x] No new entry defaults to restore-ready.
- [x] Existing repo restore tiers are mapped safely: `not_restorable` or `preview_only`, never `restorable`.
## Supported Scope Requirements Specified
- [x] Registry-only M365 detected scope is required.
- [x] Per-workload registry detected scopes are required.
- [x] Future generic scope is clearly future-only.
- [x] Certified M365 scope is explicitly none.
- [x] Broad full/certified M365 scope names are forbidden.
## Claim Guard Requirements Specified
- [x] Broad M365 coverage claims must be blocked.
- [x] Certified M365 claims must be blocked.
- [x] Restore-ready M365 claims must be blocked.
- [x] Registry-only claims are internal/operator and denominator-scoped.
- [x] Percent claims require explicit denominator and registry-only wording.
## No Runtime Capture Requirements Specified
- [x] No Graph/TCM calls may be added.
- [x] No runtime Microsoft docs fetch may be added.
- [x] No capture job/action may be added.
- [x] No concrete resources/evidence may be created by registry expansion.
- [x] No OperationRun-producing workflow is planned.
## No Legacy / Ownership Requirements Specified
- [x] No `tenant_id`.
- [x] No old gap taxonomy.
- [x] No v1-to-v2 adapter.
- [x] No fallback reader.
- [x] No dual writes.
- [x] Provider-native tenant/directory/account IDs remain metadata only.
## Test Requirements Specified
- [x] Unit tests cover workloads, manifest/defaults, claims, restore tiers, documentation status, and partial-vs-full catalog behavior.
- [x] Feature/static guards cover registry/scopes/no-overclaim/no-capture/no-mini-platform/no-tenant-id.
- [x] No real Graph/TCM/provider calls are allowed.
- [x] Test lane impact is documented.
- [x] Browser proof is required if active rows/scopes render on the existing Spec 418 operator surface.
## Future Implementation Gate
- [x] M365 workload registry expansion exists.
- [x] New workload entries are registry-only/detected by default.
- [x] Representative resource types exist.
- [x] Full vs partial catalog status is explicit.
- [x] Claim Guard blocks broad M365/certified/restore claims.
- [x] No runtime capture is added.
- [x] No customer-facing claim is activated.
- [x] No `tenant_id` is introduced.
- [x] No mini-platform tables/classes are introduced.
- [x] Focused tests pass.
- [x] Product Surface data-impact decision is confirmed, including browser/Human Product Sanity proof or exact N/A proof.
## Spec Readiness Gate
- [x] `spec.md` exists.
- [x] `plan.md` exists.
- [x] `tasks.md` exists.
- [x] Requirements are bounded and testable.
- [x] Plan identifies likely affected repo surfaces.
- [x] Tasks are ordered, small, verifiable, and include validation.
- [x] Product Surface, RBAC/no-UI, workspace/provider isolation, OperationRun/no-run, evidence/result truth, provider boundary, no-legacy, and test governance are addressed.
- [x] No open question blocks safe implementation.
## Gate Results
- [x] Candidate Selection Gate: PASS.
- [x] Spec Readiness Gate: PASS for preparation; implementation must still follow `tasks.md`.