Requirements Traceability Matrix (MVP + Control Plane)¶
Date: 2026-02-08 Status: Initial Draft
This matrix links requirements to contracts, decisions, owning services, and test references.
ID Conventions¶
REQ-*: requirement in a specCON-*: contract sectionADR-*: architecture decisionTEST-*: validating test
Matrix¶
| Requirement ID | Requirement Summary | Source Spec | Contract / Interface | ADR | Owner Service | Test Reference | Status |
|---|---|---|---|---|---|---|---|
| REQ-AUD-001 | Ingest and persist append-only audit events | 05-specs/slices/slice-000-audit-platform.md |
CON-AUD-API (POST /v1/audit/events) |
ADR-0005 | audit-service | TEST-AUD-001 | Planned |
| REQ-AUD-002 | Producer outbox for reliable audit delivery | 05-specs/slices/slice-000-audit-platform.md |
CON-AUD-DELIVERY | ADR-0005 | all producer services | TEST-AUD-002 | Planned |
| REQ-CONN-001 | Create/edit/delete connections with RBAC | 05-specs/slices/slice-001-integrations-and-connections.md |
CON-CONN-CRUD (/v1/connections) |
ADR-0002 | integrations-service | TEST-CONN-001 | Planned |
| REQ-CONN-002 | Test connection with actionable remediation | 05-specs/slices/slice-001-integrations-and-connections.md |
CON-CONN-TEST (POST /v1/connections/{id}/test) |
ADR-0002 | integrations-service | TEST-CONN-002 | Planned |
| REQ-DISC-001 | Async discovery run lifecycle queued/running/succeeded/partial/failed |
05-specs/slices/slice-002-discovery-runs.md |
CON-DISC-RUN-STATE | ADR-0004 | discovery-service | TEST-DISC-001 | Planned |
| REQ-DISC-002 | Emit normalized entities/relationships with provenance | 05-specs/slices/slice-002-discovery-runs.md |
CON-CANONICAL-MODEL (04-contracts/canonical-model.md) |
ADR-0001, ADR-0003 | discovery-service | TEST-DISC-002 | Planned |
| REQ-DISC-003 | Worker-based queue execution with no secrets in queue | 05-specs/slices/slice-002-discovery-runs.md |
CON-DISC-WORKER-QUEUE | ADR-0004 | discovery-service + worker | TEST-DISC-003 | Planned |
| REQ-EXP-001 | Answer resource-centric and principal-centric explorer questions | 05-specs/slices/slice-003-access-explorer.md |
CON-ACCESS-PATH (04-contracts/canonical-model.md) |
ADR-0001 | iam-service (or explorer module) | TEST-EXP-001 | Planned |
| REQ-EXP-002 | Show provenance per hop in drilldown | 05-specs/slices/slice-003-access-explorer.md |
CON-PROVENANCE (04-contracts/canonical-model.md) |
ADR-0001, ADR-0003 | iam-service (or explorer module) | TEST-EXP-002 | Planned |
| REQ-CP-001 | Maintain canonical tenant registry and deployment targets | 05-specs/global-control-plane-registry-and-licensing.md |
CON-CP-TENANT-REGISTRY | ADR-0006 | global control plane | TEST-CP-001 | Planned |
| REQ-CP-002 | Publish versioned routing snapshots for router/edge use | 05-specs/global-control-plane-registry-and-licensing.md |
CON-CP-ROUTING-SNAPSHOT | ADR-0006 | global control plane | TEST-CP-002 | Planned |
Contract Legend (MVP Draft Labels)¶
- CON-AUD-API:
/v1/audit/eventsingestion/query API contract - CON-AUD-DELIVERY: outbox delivery semantics and retry behavior
- CON-CONN-CRUD: integrations and connections CRUD API contract
- CON-CONN-TEST: connection test response contract and remediation schema
- CON-DISC-RUN-STATE: discovery run state transitions and status model
- CON-DISC-WORKER-QUEUE: queue payload contract and secret-handling constraints
- CON-ACCESS-PATH: canonical access path derivation rules
- CON-PROVENANCE: required provenance fields and display requirements
- CON-CP-TENANT-REGISTRY: tenant registry and deployment target contract
- CON-CP-ROUTING-SNAPSHOT: routing snapshot publication and rollback contract
Test References (to be implemented)¶
- TEST-AUD-001: audit ingest persists and filters by tenant/workspace
- TEST-AUD-002: outbox retries and eventual delivery behavior
- TEST-CONN-001: RBAC + secret redaction on connection APIs
- TEST-CONN-002: failed test returns actionable remediation array
- TEST-DISC-001: valid lifecycle transitions and run history visibility
- TEST-DISC-002: canonical entity/relationship schema conformance
- TEST-DISC-003: queue message excludes secrets; worker fetches secure config
- TEST-EXP-001: explorer supports both question modes with correct results
- TEST-EXP-002: provenance panel shows required fields for each hop
- TEST-CP-001: tenant create/update lifecycle updates registry + deployment metadata
- TEST-CP-002: routing snapshot publish/rollback updates router-visible version
Operating Rule¶
Every new REQ-* must include:
1. A linked contract section or explicit note that a new contract is required.
2. At least one validating TEST-* reference.
3. Owning service/team.