Automated PR for spec 426 exchange teams core evidence identity readiness. Includes service changes and coverage/requirement/spec updates from commit fb4dc20c.
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #493
9.0 KiB
9.0 KiB
Requirements Checklist: Spec 426 - Exchange / Teams Core Evidence & Stable Identity Readiness
Purpose: Validate preparation readiness for the user-provided Spec 426 prerequisite unblocker before implementation. Created: 2026-07-02 Feature: spec.md
Candidate And Scope
- Candidate is directly user-provided and does not depend on the empty auto-prep queue.
- Completed historical specs are treated as read-only dependency evidence, not artifacts to rewrite.
- Primary operators and user stories are documented.
- Functional requirements are documented.
- Non-functional requirements are documented.
- Success criteria are documented.
- Risks and mitigations are documented.
- Scope is limited to
exchange.transportRule,exchange.acceptedDomain,teams.appPermissionPolicy, andteams.meetingPolicy. - Optional Exchange resource types are explicitly excluded.
- Optional Teams resource types are explicitly excluded.
- Certification is excluded and deferred to Spec 427.
- Restore/apply/assisted restore is excluded.
- Customer-facing proof, report, Review Pack, export, or PDF activation is excluded.
- Broad Exchange, Teams, and M365 coverage claims are excluded.
Repo Truth Alignment
- Spec 422 is recorded as comparable/renderable support for content-backed synthetic or existing rows only.
- Spec 425 is recorded as completed Entra certification precedent, not a reason to certify Exchange/Teams.
- Current source preflight checked
CoverageSourceContractResolver. - Current source preflight checked
CoverageIdentityStrategyRegistry. - Current source preflight checked
GenericContentEvidenceCaptureService. - Current source preflight checked
CoverageEvidenceWriter. - Current source preflight checked
ExchangeTeamsComparablePayloadNormalizer,ExchangeTeamsCoverageComparator, andExchangeTeamsRenderableSummaryBuilder. - Current source preflight found no existing
426spec directory before creation. - Current source preflight found no existing local
426branch before creation. - Repo-canonical capture outcome and identity state values are recorded instead of inventing a parallel status family.
Source Contracts
- Post-review correction requires
transportRuleto fail closed until a verified source contract exists. - Post-review correction requires
acceptedDomainto fail closed until a verified source contract exists. - Post-review correction requires
appPermissionPolicyto fail closed until a verified source contract exists. - Post-review correction requires
meetingPolicyto fail closed until a verified source contract exists. - Existing contract registry / repo-canonical provider contract pattern is required.
GraphClientInterfaceor repo-canonical provider abstraction is required.- Hardcoded endpoint guessing is forbidden.
- Direct HTTP/provider bypass is forbidden.
- Runtime documentation fetch is forbidden.
- Missing contract fails safe.
- Missing permission fails safe.
- Unsupported or beta/experimental-only source blocks certification readiness.
Evidence
- Raw payload persistence is required when captured.
- Typed/usable normalized payload persistence is required when captured.
- Deterministic payload hash is required.
- OperationRun linkage is required for provider/source capture.
- Source class, source contract, source version/schema hash, and source metadata are required where available.
- Empty collections are handled safely only after successful provider/source proof.
- Fake/synthetic evidence cannot count as source-backed.
- Old gap taxonomy is forbidden for Spec 426 outcomes.
- OperationRun context must remain sanitized and numeric-only for summary counts.
Identity
- Stable identity is required for all four mandatory types.
CanonicalIdentityResolverusage is required.- Display-name-only identity is impossible.
- Array-index identity is impossible.
- Priority/order-only identity is impossible.
- Payload-hash identity is impossible.
- OperationRun identity is impossible.
- Random UUID identity is impossible.
- Identity conflict blocks readiness.
- Derived-only identity blocks certification readiness.
- Missing external ID and unsupported identity block certification readiness.
Normalization And Compare/Render
- Source payloads must align with Spec 422 compare/render shape.
transportRulematerial fields are named.acceptedDomainmaterial fields are named.appPermissionPolicymaterial fields are named.meetingPolicymaterial fields are named.- Volatile fields must be excluded from material hashes where configured.
- Unsupported fields must be diagnosed rather than silently ignored.
- Source-backed compare/render readiness requires source-backed evidence plus stable identity.
- No certification assignment is allowed.
Claim Guard
- Evidence-ready internal claim is allowed only when proven.
- Stable-identity-ready internal claim is allowed only when proven.
- Compare/render-ready internal claim is allowed only when proven.
- Certified Exchange/Teams wording is blocked.
- Full Exchange claim is blocked.
- Full Teams claim is blocked.
- Certified M365 claim is blocked.
- Restore-ready claim is blocked.
- Customer-ready proof claim is blocked.
Ownership / Architecture
- No
tenant_idplatform-core ownership truth. - Uses Coverage v2 shared architecture.
- No Exchange-specific table family.
- No Teams-specific table family.
- No separate Exchange/Teams engine or mini-platform.
- No v1 compatibility.
- No fallback reader, dual write, or legacy adapter.
- Provider connection must be same workspace and same managed environment.
- Provider-native tenant identifiers remain provider/source metadata only.
Product Surface
- Default decision is no runtime UI impact.
- Product Surface no-impact rationale is documented.
- Browser proof is required if UI changes.
- Human Product Sanity is required if UI changes.
- No new route/navigation is allowed.
- No customer-facing route is allowed.
- No certify action is allowed.
- No restore/apply action is allowed.
- No dashboard/report/export/PDF/Review Pack output is allowed.
- Product Surface exceptions are
none.
Redaction / Safe Logging
- Raw payload default display is forbidden.
- Secrets and tokens are forbidden in logs/UI/output.
- Authorization/token/cookie fields are redacted.
- OperationRun context is sanitized.
- Permission context is sanitized.
- Mail body/subject/content leakage is forbidden.
- Teams chat/message/file/recording/transcript leakage is forbidden.
Test Readiness
- Unit tests cover source contracts.
- Unit tests cover capture eligibility.
- Unit tests cover identity strategies.
- Unit tests cover canonical identity.
- Unit tests cover source payload normalization.
- Unit tests cover evidence hash determinism.
- Unit tests cover Claim Guard readiness.
- Unit tests cover redaction.
- Feature tests cover blocked capture with no fake content-backed evidence readiness.
- Feature tests cover blocked capture with no fake stable identity readiness rows.
- Feature tests cover OperationRun linkage.
- Feature tests cover provider scope and RBAC semantics.
- Feature tests cover no certification.
- Feature tests cover no restore.
- Feature tests cover no customer claim.
- Feature tests cover no
tenant_id. - Feature tests cover no mini-platform.
- Browser tests are conditional on UI changes.
- No real provider calls are allowed in tests.
- Test lane impact is documented.
Implementation Report Readiness
- Candidate gate result requirement is defined.
- Dirty state before/after requirement is defined.
- Files changed requirement is defined.
- Source contract matrix is defined.
- Evidence matrix is defined.
- Identity matrix is defined.
- Compare/render readiness matrix is defined.
- Claim Guard proof requirement is defined.
- Redaction proof requirement is defined.
- No certification proof requirement is defined.
- No restore proof requirement is defined.
- No customer claim proof requirement is defined.
- No
tenant_idconfirmation is defined. - No mini-platform confirmation is defined.
- Product Surface no-impact/impact requirement is defined.
- Tests run and deferred work requirements are defined.
Review Outcome
- Candidate Selection Gate: PASS for direct user-provided manual promotion.
- Spec Readiness Gate: PASS for preparation artifacts.
- Open question/source blocker is recorded: verified source contracts remain required before source-backed readiness or Spec 427 can proceed.
- Hard implementation preflight remains required at T001-T008 before runtime code changes.
- Preparation scope stops before application implementation.