Sharepoint-Toolbox/.planning/REQUIREMENTS.md

# Requirements: SharePoint Toolbox v2

**Defined:** 2026-04-02
**Core Value:** Administrators can audit and manage SharePoint/Teams permissions and storage across multiple client tenants from a single, reliable desktop application.

## v1 Requirements

Requirements for initial release. Each maps to roadmap phases.

### Foundation

- [ ] **FOUND-01**: Application built with C#/WPF (.NET 10 LTS) using MVVM architecture
- [ ] **FOUND-02**: Multi-tenant profile registry — user can create, rename, delete, and switch between tenant profiles (tenant URL, client ID, display name)
- [ ] **FOUND-03**: Multi-tenant session caching — user stays authenticated across tenant switches without re-logging in (MSAL token cache per tenant)
- [ ] **FOUND-04**: Interactive Azure AD OAuth login via browser — no client secrets or certificates stored
- [ ] **FOUND-05**: All long-running operations report progress to the UI in real-time
- [ ] **FOUND-06**: User can cancel any long-running operation mid-execution
- [ ] **FOUND-07**: All errors surface to the user with actionable messages — no silent failures
- [ ] **FOUND-08**: Structured logging for diagnostics (Serilog or equivalent)
- [ ] **FOUND-09**: Localization system supporting English and French with dynamic language switching
- [ ] **FOUND-10**: JSON-based local storage for profiles, settings, and templates (compatible with current app's format for migration)
- [ ] **FOUND-11**: Self-contained single EXE distribution — no .NET runtime dependency for end users
- [ ] **FOUND-12**: Configurable data output folder for exports

### Permissions

- [ ] **PERM-01**: User can scan permissions on a single SharePoint site with configurable depth
- [ ] **PERM-02**: User can scan permissions across multiple selected sites in one operation
- [ ] **PERM-03**: Permissions scan includes owners, members, guests, external users, and broken inheritance
- [ ] **PERM-04**: User can choose to include or exclude inherited permissions
- [ ] **PERM-05**: User can export permissions report to CSV (raw data)
- [ ] **PERM-06**: User can export permissions report to interactive HTML (sortable, filterable, groupable by user)
- [ ] **PERM-07**: SharePoint 5,000-item list view threshold handled via pagination — no silent failures on large libraries

### Storage

- [ ] **STOR-01**: User can view storage consumption per library on a site
- [ ] **STOR-02**: User can view storage consumption per site with configurable folder depth
- [ ] **STOR-03**: Storage metrics include total size, version size, item count, and last modified date
- [ ] **STOR-04**: User can export storage metrics to CSV
- [ ] **STOR-05**: User can export storage metrics to interactive HTML with collapsible tree view

### File Search

- [ ] **SRCH-01**: User can search files across sites using multiple criteria (extension, name/regex, dates, creator, editor)
- [ ] **SRCH-02**: User can configure maximum search results (up to 50,000)
- [ ] **SRCH-03**: User can export search results to CSV
- [ ] **SRCH-04**: User can export search results to interactive HTML (sortable, filterable)

### Duplicate Detection

- [ ] **DUPL-01**: User can scan for duplicate files by name, size, creation date, modification date
- [ ] **DUPL-02**: User can scan for duplicate folders by name, subfolder count, file count
- [ ] **DUPL-03**: User can export duplicate report to HTML with grouped display and visual indicators

### Site Templates

- [ ] **TMPL-01**: User can capture site structure (libraries, folders, permission groups, logo, settings) as a template
- [ ] **TMPL-02**: User can apply template to create new Communication or Teams site
- [ ] **TMPL-03**: Templates persist locally as JSON
- [ ] **TMPL-04**: User can manage templates (create, rename, delete)

### Folder Structure

- [ ] **FOLD-01**: User can create folder structures on a site from a CSV template
- [ ] **FOLD-02**: Example CSV templates provided for common structures

### Bulk Operations

- [ ] **BULK-01**: User can transfer files and folders between sites with progress tracking
- [ ] **BULK-02**: User can add members to groups in bulk from CSV
- [ ] **BULK-03**: User can create multiple sites in bulk from CSV
- [ ] **BULK-04**: All bulk operations support cancellation mid-execution
- [ ] **BULK-05**: Bulk operation errors are reported per-item (not silently skipped)

## v2 Requirements

Deferred to after v1 parity is confirmed. New features from project goals.

### User Access Audit

- **UACC-01**: User can export all SharePoint/Teams accesses a specific user has across selected sites
- **UACC-02**: Export includes direct assignments, group memberships, and inherited access

### Simplified Permissions

- **SIMP-01**: User can toggle plain-language permission labels (e.g., "Can edit files" instead of "Contribute")
- **SIMP-02**: Permissions report includes summary counts and color coding for untrained readers
- **SIMP-03**: Configurable detail level (simple/detailed) for reports

### Storage Visualization

- **VIZZ-01**: Storage Metrics tab includes a graph showing space by file type
- **VIZZ-02**: User can toggle between pie/donut chart and bar chart views
- **VIZZ-03**: Graph updates when storage scan completes

## Out of Scope

| Feature | Reason |
|---------|--------|
| Cross-platform (Mac/Linux) | WPF is Windows-only; not justified for current user base |
| Real-time monitoring / alerts | Requires background service, webhooks — turns desktop tool into a service |
| Automated remediation (auto-revoke) | Liability risk; one wrong rule destroys client access |
| SQLite / database storage | Breaks single-EXE distribution; JSON sufficient |
| Cloud sync / shared profiles | Requires server infrastructure — out of scope for local tool |
| AI-powered recommendations | Competes with Microsoft's own Copilot roadmap |
| Content migration between tenants | Separate product category (ShareGate territory) |
| Mobile app | Desktop admin tool |
| OAuth with client secrets/certificates | Interactive login only — no stored credentials |
| Version history management | Deep separate problem; surface totals in storage metrics only |

## Traceability

Which phases cover which requirements. Updated during roadmap creation.

| Requirement | Phase | Status |
|-------------|-------|--------|
| FOUND-01 | Phase 1 | Pending |
| FOUND-02 | Phase 1 | Pending |
| FOUND-03 | Phase 1 | Pending |
| FOUND-04 | Phase 1 | Pending |
| FOUND-05 | Phase 1 | Pending |
| FOUND-06 | Phase 1 | Pending |
| FOUND-07 | Phase 1 | Pending |
| FOUND-08 | Phase 1 | Pending |
| FOUND-09 | Phase 1 | Pending |
| FOUND-10 | Phase 1 | Pending |
| FOUND-11 | Phase 5 | Pending |
| FOUND-12 | Phase 1 | Pending |
| PERM-01 | Phase 2 | Pending |
| PERM-02 | Phase 2 | Pending |
| PERM-03 | Phase 2 | Pending |
| PERM-04 | Phase 2 | Pending |
| PERM-05 | Phase 2 | Pending |
| PERM-06 | Phase 2 | Pending |
| PERM-07 | Phase 2 | Pending |
| STOR-01 | Phase 3 | Pending |
| STOR-02 | Phase 3 | Pending |
| STOR-03 | Phase 3 | Pending |
| STOR-04 | Phase 3 | Pending |
| STOR-05 | Phase 3 | Pending |
| SRCH-01 | Phase 3 | Pending |
| SRCH-02 | Phase 3 | Pending |
| SRCH-03 | Phase 3 | Pending |
| SRCH-04 | Phase 3 | Pending |
| DUPL-01 | Phase 3 | Pending |
| DUPL-02 | Phase 3 | Pending |
| DUPL-03 | Phase 3 | Pending |
| TMPL-01 | Phase 4 | Pending |
| TMPL-02 | Phase 4 | Pending |
| TMPL-03 | Phase 4 | Pending |
| TMPL-04 | Phase 4 | Pending |
| FOLD-01 | Phase 4 | Pending |
| FOLD-02 | Phase 4 | Pending |
| BULK-01 | Phase 4 | Pending |
| BULK-02 | Phase 4 | Pending |
| BULK-03 | Phase 4 | Pending |
| BULK-04 | Phase 4 | Pending |
| BULK-05 | Phase 4 | Pending |

**Coverage:**
- v1 requirements: 42 total
- Mapped to phases: 42
- Unmapped: 0

---
*Requirements defined: 2026-04-02*
*Last updated: 2026-04-02 after roadmap creation — all 42 v1 requirements mapped*