ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ca0f54614d
TenantAtlas/specs/415-generic-content-backed-capture/checklists/requirements.md
ahmido ca0f54614d feat: add generic content-backed coverage capture (#482) 
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #482
2026-06-25 19:55:52 +00:00

6.5 KiB
Raw Blame History

Requirements Checklist: Spec 415 - Generic Content-Backed Capture

Preparation Completeness

  • CHK001 spec.md exists and uses the active repository template sections.
  • CHK002 plan.md exists and identifies likely affected repo surfaces.
  • CHK003 tasks.md exists and is ordered, small, and verifiable.
  • CHK004 Spec 414 is treated as completed dependency context only.
  • CHK005 No application code was modified during preparation.

Candidate Selection Gate

  • CHK010 The selected candidate was directly provided by the user.
  • CHK011 No existing 415-* spec or branch was found before Spec Kit creation.
  • CHK012 Related Spec 414 is completed/validated and was excluded from modification.
  • CHK013 The active auto queue in docs/product/spec-candidates.md is empty, so the direct user-provided candidate is the safe source.
  • CHK014 Manual backlog alternatives were deferred because they require explicit product promotion.
  • CHK015 The candidate is scoped as a bounded internal runtime/evidence slice, not a broad activation/cutover.
  • CHK016 Candidate Selection Gate result: PASS.

Scope

  • CHK020 Scope is limited to generic content-backed Coverage v2 capture for the initial Spec 414 resource types.
  • CHK021 Coverage v2 remains inactive as customer/operator proof.
  • CHK022 Evidence Overview conversion is out of scope.
  • CHK023 Customer Review Workspace conversion is out of scope.
  • CHK024 Review Pack, Report, Restore Readiness, Baseline Compare, and operator surface conversion are out of scope.
  • CHK025 Full TCM catalog import, semantic compare, render, restore/apply, certification, and legacy removal are out of scope.
  • CHK026 Spec 416 Canonical Identity Engine and later activation/cutover specs are deferred.

Ownership And Data Truth

  • CHK030 workspace_id and managed_environment_id are required for environment-owned resource/evidence records.
  • CHK031 provider_connection_id is required for provider-sourced records and must be same workspace/environment.
  • CHK032 tenant_id is forbidden as Coverage v2 ownership truth.
  • CHK033 Provider-native Microsoft tenant/directory/subscription/account IDs are metadata only.
  • CHK034 Concrete resources and append-only evidence are distinguished from OperationRun execution truth.
  • CHK035 Raw payload and normalized payload are evidence truth, not OperationRun context truth.

Source Contract Safety

  • CHK040 Graph calls must use GraphClientInterface.
  • CHK041 Source contracts must come from the repo registry/config path.
  • CHK042 Missing contracts fail safe as capture_blocked_missing_contract.
  • CHK043 Beta experimental capture is blocked by default.
  • CHK044 Unsupported/out-of-scope types skip safely.
  • CHK045 Endpoint guessing and hardcoded quick endpoints are forbidden.
  • CHK046 Capture eligibility matrix is required in implementation report.

Evidence And Redaction

  • CHK050 Raw payload is JSONB evidence storage only.
  • CHK051 Normalized payload is JSONB and hash input is deterministic.
  • CHK052 Evidence rows are append-only.
  • CHK053 Permission/source context is redacted.
  • CHK054 OperationRun context/messages, audit metadata, logs, and notifications must not contain raw payloads or secrets.
  • CHK055 Required redaction keys are listed.

OperationRun

  • CHK060 Capture is OperationRun-backed.
  • CHK061 Remote/provider capture is queued/asynchronous.
  • CHK062 OperationRun status/outcome transitions are service-owned through OperationRunService.
  • CHK063 Summary counts use canonical numeric keys from OperationSummaryKeys::all().
  • CHK064 Default summary keys avoid inventing captured/blocked counters.
  • CHK065 No local queued DB notification or terminal notification bypass is allowed.

RBAC And Audit

  • CHK070 Non-member workspace access returns 404.
  • CHK071 Workspace member without managed-environment entitlement returns 404.
  • CHK072 Member without capture capability returns 403.
  • CHK073 Readonly cannot start capture.
  • CHK074 Default capability posture uses Capabilities::EVIDENCE_MANAGE unless implementation documents and tests a narrower existing capability.
  • CHK075 Start/completion/failure audit metadata is required and must be sanitized.

No Legacy / No Dual Truth

  • CHK080 No v1-to-v2 adapter.
  • CHK081 No v1/v2 dual write.
  • CHK082 No fallback reader from old snapshots.
  • CHK083 No old snapshot promotion into v2 proof.
  • CHK084 No old gap taxonomy in v2 outcomes.
  • CHK085 No customer-facing dual truth.
  • CHK086 No completed historical spec rewrite.

Product Surface

  • CHK090 UI Surface Impact is No UI surface impact.
  • CHK091 Product Surface Impact is N/A - no rendered product surface changed.
  • CHK092 Browser proof is N/A - no rendered UI surface changed.
  • CHK093 Human Product Sanity is N/A.
  • CHK094 Product Surface exceptions are none.
  • CHK095 Stop-and-amend rule exists for any UI file, route, navigation, download, report, or rendered surface change.
  • CHK096 Existing generic OperationRun/notification surfaces may show run records only through the shared lifecycle contract; no feature-local rendered UI or notification semantics are added.

Tests And Validation

  • CHK100 Unit tests are required for resolver, normalizer, hash, redaction, outcomes, and summary key posture.
  • CHK101 Feature tests are required for persistence, OperationRun, RBAC, provider scope, fake Graph capture, and no-legacy/no-UI guards.
  • CHK102 PostgreSQL lane is required when JSONB/check constraints/composite FKs/partial indexes are added.
  • CHK103 Browser and heavy-governance lanes are not required unless scope changes.
  • CHK104 No real Graph/TCM calls are allowed in tests.
  • CHK105 Minimal validation commands are listed in plan.md and tasks.md.

Spec Readiness Gate

  • CHK110 Problem statement, value, users, requirements, non-goals, acceptance criteria, assumptions, and risks are present.
  • CHK111 Plan identifies likely affected repo surfaces and does not contradict current architecture.
  • CHK112 Tasks are ordered, small, verifiable, and include tests/validation.
  • CHK113 RBAC, workspace/managed-environment isolation, auditability, OperationRun semantics, evidence/result truth, and UX/no-UI requirements are addressed.
  • CHK114 No open question blocks safe implementation.
  • CHK115 Required Product Surface and proportionality sections are complete.
  • CHK116 Spec Readiness Gate result: PASS.