Committing and publishing the current Spec 420 package changes. Includes updated services, coverage tests, browser smoke coverage, and the spec/plan/tasks artifacts for the package. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #487
97 lines
5.5 KiB
Markdown
97 lines
5.5 KiB
Markdown
# Requirements Checklist: Spec 420 - M365 Generic Evidence Coverage Pack
|
|
|
|
## Preparation Checklist
|
|
|
|
- [x] Candidate is user-provided, not auto-selected from the empty active candidate queue.
|
|
- [x] Spec 414 is read-only dependency context only.
|
|
- [x] Spec 415 is read-only dependency context only.
|
|
- [x] Spec 417 is read-only dependency context only.
|
|
- [x] Spec 418 is read-only dependency context only.
|
|
- [x] Spec 419 is read-only dependency context only.
|
|
- [x] No existing `specs/420-*` package or branch was found before creation.
|
|
- [x] Existing Coverage v2 resource/evidence tables, registry, source resolver, capture service, identity resolver, Claim Guard, OperationRun service, and M365 registry rows were verified as repo truth.
|
|
- [x] Draft-to-repo deviations are documented.
|
|
- [x] No application implementation was performed during preparation.
|
|
|
|
## Candidate Scope Checklist
|
|
|
|
- [x] Selected first pack is bounded to `conditionalAccessPolicy`, `acceptedDomain`, `appPermissionPolicy`, and `dlpCompliancePolicy`.
|
|
- [x] At least one enabled capture path is planned only when backed by an explicit repo-real contract.
|
|
- [x] Missing-contract paths are first-class requirements, not implementation failures.
|
|
- [x] No compare/render/restore/certification/customer output is in scope.
|
|
- [x] No new UI start action, route, navigation entry, dashboard, report, download, or customer surface is in scope.
|
|
- [x] No workload-specific mini-platform is in scope.
|
|
|
|
## Product Surface Checklist
|
|
|
|
- [x] UI Surface Impact records existing Spec 418 operator-surface data impact without runtime UI code scope.
|
|
- [x] Product Surface Impact covers data-driven existing-surface impact.
|
|
- [x] Browser proof is required if captured/blocked M365 data renders, or N/A only with proof that no rendered output changed.
|
|
- [x] Human Product Sanity is required if captured/blocked M365 data renders, or N/A only with proof.
|
|
- [x] Product Surface exceptions are `none`.
|
|
- [x] Stop-and-amend rule exists for any runtime UI file, route, navigation, action, report, download, customer output, or rendered-label change beyond existing data-driven display.
|
|
|
|
## OperationRun / RBAC / Scope Checklist
|
|
|
|
- [x] Existing `tenant_configuration.capture` operation type is reused by default.
|
|
- [x] New `tenant_configuration.m365_capture` is rejected unless proportionality review is amended.
|
|
- [x] OperationRunService owns status/outcome transitions.
|
|
- [x] Summary counts remain flat numeric-only and use existing keys.
|
|
- [x] Non-member and missing environment entitlement deny as not found.
|
|
- [x] Missing capture capability and readonly denial return 403 after membership is established.
|
|
- [x] Provider connection scope must match workspace and managed environment before run creation and job provider work.
|
|
|
|
## Evidence / Identity / Claim Checklist
|
|
|
|
- [x] Captured evidence must persist raw payload, normalized payload, payload hash, source metadata, permission context, and OperationRun link.
|
|
- [x] Missing contracts must not create fake evidence.
|
|
- [x] CanonicalIdentityResolver must be used.
|
|
- [x] Display-name-only identity is forbidden as stable identity.
|
|
- [x] Identity conflicts and unsafe derived identity block customer-facing claims.
|
|
- [x] Claim Guard blocks broad M365, certified, restore-ready, customer-ready, complete tenant, all-resource, and unscoped 100% claims.
|
|
- [x] Generic captured evidence does not imply comparable, renderable, restorable, certified, or customer-ready.
|
|
|
|
## Source Contract / Provider Boundary Checklist
|
|
|
|
- [x] Provider calls must go through `GraphClientInterface` and existing provider gateway/contract paths.
|
|
- [x] `conditionalAccessPolicy` capture depends on explicit repo-real source contract mapping.
|
|
- [x] `acceptedDomain`, `appPermissionPolicy`, and `dlpCompliancePolicy` remain missing-contract blockers for Spec 420; adding contracts for those three types requires an amended package or follow-up spec.
|
|
- [x] Endpoint guessing from canonical type strings or source aliases is forbidden.
|
|
- [x] Runtime Microsoft docs scraping is forbidden.
|
|
- [x] Provider-native tenant/directory/account IDs remain metadata only.
|
|
|
|
## No Legacy / Ownership Checklist
|
|
|
|
- [x] No `tenant_id`.
|
|
- [x] No old gap taxonomy.
|
|
- [x] No v1-to-v2 adapter.
|
|
- [x] No fallback reader.
|
|
- [x] No dual writes.
|
|
- [x] No old snapshot promotion.
|
|
- [x] No customer-facing dual truth.
|
|
|
|
## Test Requirements Checklist
|
|
|
|
- [x] Unit tests cover source contracts, eligibility, normalization/hash, identity strategy, Claim Guard, and redaction.
|
|
- [x] Feature tests cover capture persistence, OperationRun, authorization, provider scope, no-overclaim, no-legacy, and no-tenant-id.
|
|
- [x] No real Graph/TCM/provider calls are allowed in tests.
|
|
- [x] Test lane impact is documented.
|
|
- [x] PostgreSQL lane is required if migrations/check constraints/indexes change.
|
|
- [x] Browser proof is required if existing Spec 418 operator surface renders captured/blocked M365 data.
|
|
|
|
## Spec Readiness Gate
|
|
|
|
- [x] `spec.md` exists.
|
|
- [x] `plan.md` exists.
|
|
- [x] `tasks.md` exists.
|
|
- [x] Requirements are bounded and testable.
|
|
- [x] Plan identifies likely affected repo surfaces.
|
|
- [x] Tasks are ordered, small, verifiable, and include validation.
|
|
- [x] Product Surface, RBAC, workspace/provider isolation, OperationRun, evidence/result truth, provider boundary, no-legacy, and test governance are addressed.
|
|
- [x] No open question blocks safe implementation.
|
|
|
|
## Gate Results
|
|
|
|
- [x] Candidate Selection Gate: PASS for direct user-provided candidate.
|
|
- [x] Spec Readiness Gate: PASS for preparation; implementation must still follow `tasks.md`.
|