Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 4m44s
Added BaselineReadinessGate, resolution propagation, and disclosure semantics logic per Spec 385. Integrated baseline unreadiness into Customer Review Workspace and Review Packs.
71 lines
4.6 KiB
Markdown
71 lines
4.6 KiB
Markdown
# Requirements Checklist: Spec 385 - Evidence and Review Readiness Integration v1
|
|
|
|
**Purpose**: Preparation quality and constitution gate for Spec 385 before implementation.
|
|
**Created**: 2026-06-17
|
|
**Feature**: `specs/385-evidence-review-readiness/spec.md`
|
|
|
|
## Candidate And Scope
|
|
|
|
- [x] CHK001 The selected candidate is directly user-provided and not invented from an empty auto-prep queue.
|
|
- [x] CHK002 The candidate is not already covered by an existing `specs/385-*` package.
|
|
- [x] CHK003 Completed dependency specs 381, 382, 383, and 384 are treated as read-only historical context.
|
|
- [x] CHK004 The smallest viable slice is Evidence, Environment Review, and Review Pack readiness integration only.
|
|
- [x] CHK005 Matching, compare semantics, resolution UI, workflow engines, report/PDF runtime, and legacy compatibility are explicitly out of scope.
|
|
|
|
## Spec Approval Rubric
|
|
|
|
- [x] CHK006 The Spec Candidate Check answers the operator workflow, trust/safety, smallest version, complexity, and why-now questions.
|
|
- [x] CHK007 The spec is classified as Core Enterprise.
|
|
- [x] CHK008 Red flags are named and defended.
|
|
- [x] CHK009 The score is at least 7/12 and the decision is approve.
|
|
- [x] CHK010 The proportionality review covers current problem, insufficiency, narrowest implementation, ownership cost, rejected alternative, and release truth.
|
|
|
|
## Repository Truth
|
|
|
|
- [x] CHK011 Existing affected surfaces are named from repo truth, including `BaselineDriftPostureSource`, `EvidenceCompletenessEvaluator`, `EnvironmentReviewReadinessGate`, `ReviewPackOutputReadiness`, `ReviewPackOutputResolutionGuidance`, and `ReportDisclosurePolicy`.
|
|
- [x] CHK012 Existing source-of-truth boundaries are preserved: OperationRun compare proof, provider resource bindings, Evidence Snapshot, Environment Review, Review Pack, and Stored Report.
|
|
- [x] CHK013 Readiness remains derived unless implementation updates the spec/plan/tasks before adding persistence.
|
|
- [x] CHK014 Pre-production compatibility posture rejects old payload compatibility readers.
|
|
|
|
## UI And Surface Coverage
|
|
|
|
- [x] CHK015 The spec includes a coherent UI Surface Impact decision for changed existing surfaces.
|
|
- [x] CHK016 UI/Productization Coverage names affected surfaces and page-report expectations.
|
|
- [x] CHK017 Customer-safe review requirements are explicit.
|
|
- [x] CHK018 Dangerous-action review is marked not applicable because no new destructive/high-impact action is planned.
|
|
- [x] CHK019 Tasks include UI coverage/page-report update decisions for affected existing surfaces.
|
|
- [x] CHK020 The spec includes a UI Action Matrix for changed existing Filament surfaces and records that no new actions are planned.
|
|
|
|
## Shared Patterns And OperationRun
|
|
|
|
- [x] CHK021 Cross-cutting shared pattern reuse names existing helpers before any new mapper.
|
|
- [x] CHK022 Any new mapper/helper is bounded to baseline readiness and barred from becoming a generic readiness/workflow framework.
|
|
- [x] CHK023 OperationRun impact is limited to proof and next-action links; no lifecycle transition or new run type is planned.
|
|
- [x] CHK024 Provider boundary rules keep provider identifiers internal/proof-only and primary readiness language provider-neutral.
|
|
|
|
## RBAC, Security, And Disclosure
|
|
|
|
- [x] CHK025 Workspace/environment entitlement and deny-as-not-found boundaries are required for all affected links and surfaces.
|
|
- [x] CHK026 Customer-safe output forbids raw provider IDs, canonical subject keys, binding internals, internal enum names, database IDs, and raw OperationRun JSON.
|
|
- [x] CHK027 Internal/support diagnostics are allowed only according to existing profile/disclosure rules.
|
|
- [x] CHK028 No Graph/provider calls are allowed during readiness derivation or UI render.
|
|
|
|
## Test And Validation Readiness
|
|
|
|
- [x] CHK029 Test purpose and lanes are explicit.
|
|
- [x] CHK030 Tasks include tests before runtime mapping implementation.
|
|
- [x] CHK031 Tasks cover false-green and false-red cases.
|
|
- [x] CHK032 Tasks include customer-safe leakage tests.
|
|
- [x] CHK033 Tasks include Filament/Livewire and browser-smoke decisions for changed rendered surfaces.
|
|
- [x] CHK034 Validation commands are present in the spec, plan, and tasks.
|
|
|
|
## Review Outcome
|
|
|
|
- [x] CHK035 Review outcome class: acceptable-special-case.
|
|
- [x] CHK036 Workflow outcome: keep.
|
|
- [x] CHK037 Final note location: implementation close-out entry `Evidence and Review Readiness Integration`.
|
|
|
|
## Notes
|
|
|
|
Preparation is ready for implementation review. The later implementation loop must stop and update spec/plan/tasks before adding any new persisted readiness entity, public state family, route, panel provider, provider call, workflow engine, report/PDF runtime change, or legacy compatibility reader.
|