Checklists

requirements.md

Specification Quality Checklist: Untrusted-Path Containment Hardening

Purpose: Validate specification completeness and quality before proceeding to planning Created: 2026-06-19 Mission: spec.md

Content Quality

  • ✅ No implementation details (languages, frameworks, APIs)
  • ✅ Focused on user value and business needs
  • ✅ Written for non-technical stakeholders
  • ✅ All mandatory sections completed

Requirement Completeness

  • ✅ No [NEEDS CLARIFICATION] markers remain
  • ✅ Requirements are testable and unambiguous
  • ✅ Requirement types are separated (Functional / Non-Functional / Constraints)
  • ✅ IDs are unique across FR-###, NFR-###, and C-### entries
  • ✅ All requirement rows include a non-empty Status value
  • ✅ Non-functional requirements include measurable thresholds
  • ✅ Success criteria are measurable
  • ✅ Success criteria are technology-agnostic (no implementation details)
  • ✅ All acceptance scenarios are defined
  • ✅ Edge cases are identified
  • ✅ Scope is clearly bounded
  • ✅ Dependencies and assumptions identified

Mission Readiness

  • ✅ All functional requirements have clear acceptance criteria
  • ✅ User scenarios cover primary flows
  • ✅ Mission meets measurable outcomes defined in Success Criteria
  • ✅ No implementation details leak into specification

Notes

  • Q1 (store.py symlink-dir residual) resolved → fix now with resolve()-containment (FR-002). aggregate.py re-scoped post-review: it already raise-guards the grammar; its composed-path containment is an IC-02 audit disposition (FR-003).
  • Q2 (audit breadth) resolved → full CLI audit, fix reachable sinks, document the rest (FR-004), via a reproducible recorded ruleset.
  • Spec rides PR #2036 (automation/sonar-security-20260619); #2036 is the landed first increment (FR-007).
  • Review remediation applied (2026-06-19 squad): added FR-009 + IC-05 for the code-verified meta.json-slug write-path bypass still live after #2036; tightened FR-001/FR-004/FR-005/SC-003 against fakeability; added macOS symlinked-root positive-case requirement (FR-008b / research Decision 6); reworded NFR-002 (inspection) and NFR-004 (per-distinct-slug warning); added SC-006.
  • Some requirement wording necessarily names module/function seams because the canonical-seam reuse is a binding constraint (C-002); this is intent, not implementation prescription.