TenantAtlas/specs/420-m365-generic-evidence-coverage-pack/checklists/requirements.md
ahmido a73a8f5882 feat: complete m365 generic evidence coverage pack (#487)
Committing and publishing the current Spec 420 package changes.

Includes updated services, coverage tests, browser smoke coverage, and the spec/plan/tasks artifacts for the package.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #487
2026-06-27 12:24:00 +00:00

97 lines
5.5 KiB
Markdown

# Requirements Checklist: Spec 420 - M365 Generic Evidence Coverage Pack
## Preparation Checklist
- [x] Candidate is user-provided, not auto-selected from the empty active candidate queue.
- [x] Spec 414 is read-only dependency context only.
- [x] Spec 415 is read-only dependency context only.
- [x] Spec 417 is read-only dependency context only.
- [x] Spec 418 is read-only dependency context only.
- [x] Spec 419 is read-only dependency context only.
- [x] No existing `specs/420-*` package or branch was found before creation.
- [x] Existing Coverage v2 resource/evidence tables, registry, source resolver, capture service, identity resolver, Claim Guard, OperationRun service, and M365 registry rows were verified as repo truth.
- [x] Draft-to-repo deviations are documented.
- [x] No application implementation was performed during preparation.
## Candidate Scope Checklist
- [x] Selected first pack is bounded to `conditionalAccessPolicy`, `acceptedDomain`, `appPermissionPolicy`, and `dlpCompliancePolicy`.
- [x] At least one enabled capture path is planned only when backed by an explicit repo-real contract.
- [x] Missing-contract paths are first-class requirements, not implementation failures.
- [x] No compare/render/restore/certification/customer output is in scope.
- [x] No new UI start action, route, navigation entry, dashboard, report, download, or customer surface is in scope.
- [x] No workload-specific mini-platform is in scope.
## Product Surface Checklist
- [x] UI Surface Impact records existing Spec 418 operator-surface data impact without runtime UI code scope.
- [x] Product Surface Impact covers data-driven existing-surface impact.
- [x] Browser proof is required if captured/blocked M365 data renders, or N/A only with proof that no rendered output changed.
- [x] Human Product Sanity is required if captured/blocked M365 data renders, or N/A only with proof.
- [x] Product Surface exceptions are `none`.
- [x] Stop-and-amend rule exists for any runtime UI file, route, navigation, action, report, download, customer output, or rendered-label change beyond existing data-driven display.
## OperationRun / RBAC / Scope Checklist
- [x] Existing `tenant_configuration.capture` operation type is reused by default.
- [x] New `tenant_configuration.m365_capture` is rejected unless proportionality review is amended.
- [x] OperationRunService owns status/outcome transitions.
- [x] Summary counts remain flat numeric-only and use existing keys.
- [x] Non-member and missing environment entitlement deny as not found.
- [x] Missing capture capability and readonly denial return 403 after membership is established.
- [x] Provider connection scope must match workspace and managed environment before run creation and job provider work.
## Evidence / Identity / Claim Checklist
- [x] Captured evidence must persist raw payload, normalized payload, payload hash, source metadata, permission context, and OperationRun link.
- [x] Missing contracts must not create fake evidence.
- [x] CanonicalIdentityResolver must be used.
- [x] Display-name-only identity is forbidden as stable identity.
- [x] Identity conflicts and unsafe derived identity block customer-facing claims.
- [x] Claim Guard blocks broad M365, certified, restore-ready, customer-ready, complete tenant, all-resource, and unscoped 100% claims.
- [x] Generic captured evidence does not imply comparable, renderable, restorable, certified, or customer-ready.
## Source Contract / Provider Boundary Checklist
- [x] Provider calls must go through `GraphClientInterface` and existing provider gateway/contract paths.
- [x] `conditionalAccessPolicy` capture depends on explicit repo-real source contract mapping.
- [x] `acceptedDomain`, `appPermissionPolicy`, and `dlpCompliancePolicy` remain missing-contract blockers for Spec 420; adding contracts for those three types requires an amended package or follow-up spec.
- [x] Endpoint guessing from canonical type strings or source aliases is forbidden.
- [x] Runtime Microsoft docs scraping is forbidden.
- [x] Provider-native tenant/directory/account IDs remain metadata only.
## No Legacy / Ownership Checklist
- [x] No `tenant_id`.
- [x] No old gap taxonomy.
- [x] No v1-to-v2 adapter.
- [x] No fallback reader.
- [x] No dual writes.
- [x] No old snapshot promotion.
- [x] No customer-facing dual truth.
## Test Requirements Checklist
- [x] Unit tests cover source contracts, eligibility, normalization/hash, identity strategy, Claim Guard, and redaction.
- [x] Feature tests cover capture persistence, OperationRun, authorization, provider scope, no-overclaim, no-legacy, and no-tenant-id.
- [x] No real Graph/TCM/provider calls are allowed in tests.
- [x] Test lane impact is documented.
- [x] PostgreSQL lane is required if migrations/check constraints/indexes change.
- [x] Browser proof is required if existing Spec 418 operator surface renders captured/blocked M365 data.
## Spec Readiness Gate
- [x] `spec.md` exists.
- [x] `plan.md` exists.
- [x] `tasks.md` exists.
- [x] Requirements are bounded and testable.
- [x] Plan identifies likely affected repo surfaces.
- [x] Tasks are ordered, small, verifiable, and include validation.
- [x] Product Surface, RBAC, workspace/provider isolation, OperationRun, evidence/result truth, provider boundary, no-legacy, and test governance are addressed.
- [x] No open question blocks safe implementation.
## Gate Results
- [x] Candidate Selection Gate: PASS for direct user-provided candidate.
- [x] Spec Readiness Gate: PASS for preparation; implementation must still follow `tasks.md`.