Automated PR provided by Codex via Gitea API. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #486
6.1 KiB
6.1 KiB
Requirements Checklist: Spec 419 - M365 TCM Workload Registry Expansion
Preparation Checklist
- Candidate is user-provided, not auto-selected from the empty active candidate queue.
- Spec 414 is completed/validated dependency context only.
- Spec 415 is completed/validated dependency context only.
- Spec 417 is completed/validated dependency context only.
- Spec 418 is completed/validated dependency context only.
- No existing
specs/419-*package was found before creation. - Existing Coverage v2 registry, supported scopes, enums,
ResourceTypeRegistry, andClaimGuardwere verified as repo truth. - Draft-to-repo deviations are documented.
- No application implementation was performed during preparation.
Scope Checklist
- Scope is registry expansion only.
- No capture implementation is in scope.
- No compare/render/restore/certification is in scope.
- No customer-facing claims are in scope.
- No new primary navigation or UI route is in scope.
- No domain-specific mini-platform is in scope.
- No runtime Microsoft docs fetch is in scope.
Product Surface Checklist
- UI Surface Impact records existing Spec 418 operator-surface data impact without runtime UI code scope.
- Product Surface Impact covers data-driven existing-surface impact.
- Browser proof is required if active rows/scopes render, or N/A only with proof that no rendered output changed.
- Human Product Sanity is required if active rows/scopes render, or N/A only with proof that no rendered output changed.
- Product Surface exceptions are
none. - Stop-and-amend rule exists for any runtime UI file, route, navigation, action, report, download, or rendered label change beyond data-driven existing registry display.
Workload Requirements Specified
- Entra workload registration is required.
- Exchange workload registration is required.
- Teams workload registration is required.
- Security and Compliance workload registration is required.
- Defender safe overview/combined representation is required.
- Purview safe overview/combined representation is required.
- Defender/Purview representation uses aggregate supported-scope metadata, not fake certified resource types.
tenantpilotandunknownworkload posture is covered.
Resource Type Requirements Specified
- Entra representative entries are listed.
- Exchange representative entries are listed.
- Teams representative entries are listed.
- Security and Compliance representative entries are listed.
- Defender/Purview uncertainty is explicit.
- Full vs seeded/partial catalog decision is explicit.
- Partial list must not be presented as full.
Source / Support State Requirements Specified
- TCM entries use
source_class = tcm. - Current repo source classes remain authoritative unless amended with proportionality proof.
- New non-Intune entries default to detected/registry-only.
- No new entry defaults to content-backed.
- No new entry defaults to comparable.
- No new entry defaults to renderable.
- No new entry defaults to certified.
- No new entry defaults to restore-ready.
- Existing repo restore tiers are mapped safely:
not_restorableorpreview_only, neverrestorable.
Supported Scope Requirements Specified
- Registry-only M365 detected scope is required.
- Per-workload registry detected scopes are required.
- Future generic scope is clearly future-only.
- Certified M365 scope is explicitly none.
- Broad full/certified M365 scope names are forbidden.
Claim Guard Requirements Specified
- Broad M365 coverage claims must be blocked.
- Certified M365 claims must be blocked.
- Restore-ready M365 claims must be blocked.
- Registry-only claims are internal/operator and denominator-scoped.
- Percent claims require explicit denominator and registry-only wording.
No Runtime Capture Requirements Specified
- No Graph/TCM calls may be added.
- No runtime Microsoft docs fetch may be added.
- No capture job/action may be added.
- No concrete resources/evidence may be created by registry expansion.
- No OperationRun-producing workflow is planned.
No Legacy / Ownership Requirements Specified
- No
tenant_id. - No old gap taxonomy.
- No v1-to-v2 adapter.
- No fallback reader.
- No dual writes.
- Provider-native tenant/directory/account IDs remain metadata only.
Test Requirements Specified
- Unit tests cover workloads, manifest/defaults, claims, restore tiers, documentation status, and partial-vs-full catalog behavior.
- Feature/static guards cover registry/scopes/no-overclaim/no-capture/no-mini-platform/no-tenant-id.
- No real Graph/TCM/provider calls are allowed.
- Test lane impact is documented.
- Browser proof is required if active rows/scopes render on the existing Spec 418 operator surface.
Future Implementation Gate
- M365 workload registry expansion exists.
- New workload entries are registry-only/detected by default.
- Representative resource types exist.
- Full vs partial catalog status is explicit.
- Claim Guard blocks broad M365/certified/restore claims.
- No runtime capture is added.
- No customer-facing claim is activated.
- No
tenant_idis introduced. - No mini-platform tables/classes are introduced.
- Focused tests pass.
- Product Surface data-impact decision is confirmed, including browser/Human Product Sanity proof or exact N/A proof.
Spec Readiness Gate
spec.mdexists.plan.mdexists.tasks.mdexists.- Requirements are bounded and testable.
- Plan identifies likely affected repo surfaces.
- Tasks are ordered, small, verifiable, and include validation.
- Product Surface, RBAC/no-UI, workspace/provider isolation, OperationRun/no-run, evidence/result truth, provider boundary, no-legacy, and test governance are addressed.
- No open question blocks safe implementation.
Gate Results
- Candidate Selection Gate: PASS.
- Spec Readiness Gate: PASS for preparation; implementation must still follow
tasks.md.