TenantAtlas/specs/381-provider-resource-identity-binding/checklists/requirements.md
Ahmed Darrazi fb2642e941
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m9s
feat(resources): implement provider resource identity binding
Added ProviderResourceBinding model, migrations, policies, and supporting framework for canonical resource identity mapping as defined in Spec 381.
2026-06-15 17:37:06 +02:00

57 lines
4.4 KiB
Markdown

# Requirements Checklist: Spec 381 - Provider Resource Identity and Binding Foundation v1
**Purpose**: Validate that the preparation artifacts define a bounded, implementable, constitution-aligned foundation for provider resource identity and binding decisions.
**Created**: 2026-06-15
**Feature**: [spec.md](../spec.md)
**Note**: This checklist covers preparation quality only. It does not mark implementation work complete.
## Applicability And Low-Impact Gate
- [x] CHK001 The spec explicitly states that no operator-facing surface or guardrail workflow surface is affected.
- [x] CHK002 The spec, plan, and tasks consistently classify the feature as a backend/domain foundation with no UI surface impact.
- [x] CHK029 The spec includes exactly one coherent UI Surface Impact decision: checked `No UI surface impact` with rationale.
- [x] CHK032 Navigation entries, Filament panel/provider changes, Livewire components, Blade views, routes, and actions were explicitly considered and excluded from v1.
- [x] CHK033 Browser screenshots and full page-report expectations are not required because v1 has no UI or customer-facing output change.
## Provider Boundary And Vocabulary
- [x] CHK010 The shared provider/platform seam is identified as mixed: provider identity data is stored in platform-core persistence, while provider-specific mapping semantics stay outside core.
- [x] CHK011 Microsoft-specific display names, Graph endpoints, and provider-default object labels are explicitly prohibited from becoming platform-core identity truth.
- [x] CHK034 A fake-provider proof is required so the identity and binding foundation does not silently become Microsoft-only.
## Persistence, State, And Proportionality
- [x] CHK035 The new `provider_resource_bindings` table is justified as independent, auditable product truth that outlives a run.
- [x] CHK036 The spec avoids duplicate active truth by using `binding_status=active` rather than adding a separate `is_active` flag.
- [x] CHK037 New status and resolution-mode families are justified by distinct lifecycle, audit, lookup, or future operator-action consequences.
- [x] CHK038 The plan keeps v1 managed-environment-scoped and defers workspace-level, baseline-profile-specific, and subject-only binding scopes.
- [x] CHK039 The plan reuses `BaselineSubjectKey` instead of introducing a parallel canonical-key taxonomy.
## RBAC, Audit, And Tenant Isolation
- [x] CHK040 Binding reads and mutations require workspace and managed-environment entitlement.
- [x] CHK041 Non-member access is deny-as-not-found; entitled users missing capability receive forbidden.
- [x] CHK042 V1 reuses existing baseline capabilities unless the spec is updated before dedicated binding capabilities are introduced.
- [x] CHK043 Binding decisions and revocations require safe audit records with actor, workspace, managed environment, provider key, canonical subject key, mode, and source references.
- [x] CHK044 Audit metadata explicitly excludes secrets, credentials, raw provider payloads, raw Graph responses, signed URLs, stack traces, and sensitive raw JSON.
## OperationRun And Runtime Truth
- [x] CHK019 The spec explicitly states that v1 creates no `OperationRun`, queued work, scheduler behavior, provider runtime calls, or Graph calls.
- [x] CHK045 The spec preserves current baseline compare, evidence readiness, environment review readiness, review-pack publication, and customer-facing output semantics.
- [x] CHK046 Follow-up matching, UI resolution, evidence/review consumption, and automatic built-in mapping work is listed as follow-up scope rather than hidden v1 behavior.
## Test Readiness
- [x] CHK047 The test-governance lane is explicit: Unit, Feature, PostgreSQL, and targeted no-op regression tests; no Browser family.
- [x] CHK048 PostgreSQL validation is scoped to partial unique/index behavior that SQLite cannot prove.
- [x] CHK049 Tasks require authorization, audit, fake-provider, persistence, identity, and no-op runtime regression coverage.
- [x] CHK050 Final validation commands are concrete enough for a later implementation loop.
## Review Outcome
- [x] CHK016 Review outcome class: `acceptable-special-case`.
- [x] CHK017 Workflow outcome: `keep`.
- [x] CHK018 Final note location: implementation close-out for `specs/381-provider-resource-identity-binding/` must record validation commands, deployment impact, Livewire/Filament status, and any confirmed scope deviations.