From 2cdb8b379cd4dcc66588bda803ba5115e8bff57b Mon Sep 17 00:00:00 2001
From: Kess Plasmeier <kessplas@amazon.com>
Date: Mon, 4 Aug 2025 14:21:38 -0700
Subject: [PATCH 1/2] chore: add client specification and Duvet annotations

---
 .gitmodules                                   |  4 +
 Makefile                                      | 14 +++
 specification                                 |  1 +
 .../encryption/s3/S3EncryptionClient.java     | 86 ++++++++++++++++++-
 .../internal/GetEncryptedObjectPipeline.java  |  8 ++
 .../MultipartUploadObjectPipeline.java        | 14 ++-
 .../encryption/s3/materials/S3Keyring.java    |  6 +-
 7 files changed, 127 insertions(+), 6 deletions(-)
 create mode 100644 .gitmodules
 create mode 100644 Makefile
 create mode 160000 specification

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 000000000..74843aee7
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,4 @@
+[submodule "specification"]
+	path = specification
+	url = git@github.com:awslabs/aws-encryption-sdk-specification.git
+	branch = kessplas/s3-ec-v3
diff --git a/Makefile b/Makefile
new file mode 100644
index 000000000..ec9f02e7f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,14 @@
+# Used for misc supporting functions like Duvet and prettier. Builds, tests, etc. should use the usual Java/Maven tooling.
+
+duvet: | duvet_extract duvet_report
+
+duvet_extract:
+	rm -rf compliance
+	$(foreach file, $(shell find specification/s3-encryption -name '*.md'), duvet extract -o compliance -f MARKDOWN $(file);)
+
+duvet_report:
+	duvet \
+		report \
+		--spec-pattern "compliance/**/*.toml" \
+		--source-pattern "src/**/*.java" \
+		--html specification_compliance_report.html
diff --git a/specification b/specification
new file mode 160000
index 000000000..c5a78bcd0
--- /dev/null
+++ b/specification
@@ -0,0 +1 @@
+Subproject commit c5a78bcd0d0cb2ca4b7875f12103314986a1495d
diff --git a/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java b/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
index 8b44bcda3..de4b8930d 100644
--- a/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
+++ b/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
@@ -101,6 +101,9 @@
 import static software.amazon.encryption.s3.S3EncryptionClientUtilities.instructionFileKeysToDelete;
 import static software.amazon.encryption.s3.internal.ApiNameVersion.API_NAME_INTERCEPTOR;
 
+
+//= specification/s3-encryption/client.md#aws-sdk-compatibility
+//# The S3EC MUST adhere to the same interface for API operations as the conventional AWS SDK S3 client.
 /**
  * This client is a drop-in replacement for the S3 client. It will automatically encrypt objects
  * on putObject and decrypt objects on getObject using the provided encryption key(s).
@@ -125,6 +128,8 @@ public class S3EncryptionClient extends DelegatingS3Client {
     private final long _bufferSize;
     private final InstructionFileConfig _instructionFileConfig;
 
+    //= specification/s3-encryption/client.md#aws-sdk-compatibility
+    //# The S3EC MUST provide a different set of configuration options than the conventional S3 client.
     private S3EncryptionClient(Builder builder) {
         super(builder._wrappedClient);
         _wrappedClient = builder._wrappedClient;
@@ -200,6 +205,8 @@ public static Consumer<AwsRequestOverrideConfiguration.Builder> withAdditionalCo
                         .putExecutionAttribute(S3EncryptionClient.CONFIGURATION, multipartConfiguration);
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# ReEncryptInstructionFile MAY be implemented by the S3EC.
     /**
      * Re-encrypts an instruction file with a new keyring while preserving the original encrypted object in S3.
      * This enables:
@@ -237,6 +244,8 @@ public ReEncryptInstructionFileResponse reEncryptInstructionFile(ReEncryptInstru
         final byte[] iv = contentMetadata.contentIv();
 
         //Decrypt the data key using the current keyring
+        //= specification/s3-encryption/client.md#api-operations
+        //# ReEncryptInstructionFile MUST decrypt the instruction file's encrypted data key for the given object using the client's CMM.
         DecryptionMaterials decryptedMaterials = this._cryptoMaterialsManager.decryptMaterials(
           DecryptMaterialsRequest.builder()
             .algorithmSuite(algorithmSuite)
@@ -255,6 +264,8 @@ public ReEncryptInstructionFileResponse reEncryptInstructionFile(ReEncryptInstru
           .build();
 
         //Re-encrypt the data key with the new keyring while preserving other cryptographic parameters
+        //= specification/s3-encryption/client.md#api-operations
+        //# ReEncryptInstructionFile MUST re-encrypt the plaintext data key with a provided keyring.
         RawKeyring newKeyring = reEncryptInstructionFileRequest.newKeyring();
         EncryptionMaterials encryptedMaterials = newKeyring.onEncrypt(encryptionMaterials);
 
@@ -296,6 +307,8 @@ private void enforceRotation(EncryptionMaterials newEncryptionMaterials, GetObje
         throw new S3EncryptionClientException("Re-encryption failed due to enforced rotation! Old keyring is still able to decrypt the newly encrypted data key");
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# PutObject MUST be implemented by the S3EC.
     /**
      * See {@link S3EncryptionClient#putObject(PutObjectRequest, RequestBody)}.
      * <p>
@@ -322,6 +335,7 @@ public PutObjectResponse putObject(PutObjectRequest putObjectRequest, RequestBod
                 throw new S3EncryptionClientException("Exception while performing Multipart Upload PutObject", e);
             }
         }
+
         PutEncryptedObjectPipeline pipeline = PutEncryptedObjectPipeline.builder()
                 .s3AsyncClient(_wrappedAsyncClient)
                 .cryptoMaterialsManager(_cryptoMaterialsManager)
@@ -332,6 +346,8 @@ public PutObjectResponse putObject(PutObjectRequest putObjectRequest, RequestBod
         ExecutorService singleThreadExecutor = Executors.newSingleThreadExecutor();
 
         try {
+            //= specification/s3-encryption/client.md#api-operations
+            //# PutObject MUST encrypt its input data before it is uploaded to S3.
             CompletableFuture<PutObjectResponse> futurePut = pipeline.putObject(putObjectRequest,
                     AsyncRequestBody.fromInputStream(
                             requestBody.contentStreamProvider().newStream(),
@@ -356,6 +372,8 @@ public PutObjectResponse putObject(PutObjectRequest putObjectRequest, RequestBod
 
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# GetObject MUST be implemented by the S3EC.
     /**
      * See {@link S3EncryptionClient#getObject(GetObjectRequest, ResponseTransformer)}
      * <p>
@@ -377,6 +395,8 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
                            ResponseTransformer<GetObjectResponse, T> responseTransformer)
             throws AwsServiceException, SdkClientException {
 
+        //= specification/s3-encryption/client.md#api-operations
+        //# GetObject MUST decrypt data received from the S3 server and return it as plaintext.
         GetEncryptedObjectPipeline pipeline = GetEncryptedObjectPipeline.builder()
                 .s3AsyncClient(_wrappedAsyncClient)
                 .cryptoMaterialsManager(_cryptoMaterialsManager)
@@ -484,6 +504,8 @@ private <T extends Throwable> T onAbort(UploadObjectObserver observer, T t) {
         throw new S3EncryptionClientException(t.getMessage(), t);
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# DeleteObject MUST be implemented by the S3EC.
     /**
      * See {@link S3Client#deleteObject(DeleteObjectRequest)}.
      * <p>
@@ -501,9 +523,11 @@ public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest
                 .build();
 
         try {
-            // Delete the object
+            //= specification/s3-encryption/client.md#api-operations
+            //# DeleteObject MUST delete the given object key.
             DeleteObjectResponse deleteObjectResponse = _wrappedAsyncClient.deleteObject(actualRequest).join();
-            // If Instruction file exists, delete the instruction file as well.
+            //= specification/s3-encryption/client.md#api-operations
+            //# DeleteObject MUST delete the associated instruction file using the default instruction file suffix.
             String instructionObjectKey = deleteObjectRequest.key() + DEFAULT_INSTRUCTION_FILE_SUFFIX;
             _wrappedAsyncClient.deleteObject(builder -> builder
                     .overrideConfiguration(API_NAME_INTERCEPTOR)
@@ -518,6 +542,8 @@ public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest
         }
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# DeleteObjects MUST be implemented by the S3EC.
     /**
      * See {@link S3Client#deleteObjects(DeleteObjectsRequest)}.
      * <p>
@@ -534,9 +560,11 @@ public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsReq
                 .overrideConfiguration(API_NAME_INTERCEPTOR)
                 .build();
         try {
-            // Delete the objects
+            //= specification/s3-encryption/client.md#api-operations
+            //# DeleteObjects MUST delete each of the given objects.
             DeleteObjectsResponse deleteObjectsResponse = _wrappedAsyncClient.deleteObjects(actualRequest).join();
-            // If Instruction files exists, delete the instruction files as well.
+            //= specification/s3-encryption/client.md#api-operations
+            //# DeleteObjects MUST delete each of the corresponding instruction files using the default instruction file suffix.
             List<ObjectIdentifier> deleteObjects = instructionFileKeysToDelete(deleteObjectsRequest);
             _wrappedAsyncClient.deleteObjects(DeleteObjectsRequest.builder()
                     .overrideConfiguration(API_NAME_INTERCEPTOR)
@@ -551,6 +579,8 @@ public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsReq
         }
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# CreateMultipartUpload MAY be implemented by the S3EC.
     /**
      * See {@link S3Client#createMultipartUpload(CreateMultipartUploadRequest)}
      * <p>
@@ -572,6 +602,8 @@ public CreateMultipartUploadResponse createMultipartUpload(CreateMultipartUpload
         }
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# UploadPart MAY be implemented by the S3EC.
     /**
      * See {@link S3Client#uploadPart(UploadPartRequest, RequestBody)}
      *
@@ -595,6 +627,8 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
         }
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# CompleteMultipartUpload MAY be implemented by the S3EC.
     /**
      * See {@link S3Client#completeMultipartUpload(CompleteMultipartUploadRequest)}
      * @param request the request instance
@@ -612,6 +646,8 @@ public CompleteMultipartUploadResponse completeMultipartUpload(CompleteMultipart
         }
     }
 
+    //= specification/s3-encryption/client.md#api-operations
+    //# AbortMultipartUpload MAY be implemented by the S3EC.
     /**
      * See {@link S3Client#abortMultipartUpload(AbortMultipartUploadRequest)}
      * @param request the request instance
@@ -652,11 +688,17 @@ public static class Builder implements S3BaseClientBuilder<Builder, S3Encryption
         private SecretKey _aesKey;
         private PartialRsaKeyPair _rsaKeyPair;
         private String _kmsKeyId;
+        //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+        //# The option to enable legacy wrapping algorithms MUST be set to false by default.
         private boolean _enableLegacyWrappingAlgorithms = false;
+        //= specification/s3-encryption/client.md#enable-delayed-authentication
+        //# Delayed Authentication mode MUST be set to false by default.
         private boolean _enableDelayedAuthenticationMode = false;
         private boolean _enableMultipartPutObject = false;
         private Provider _cryptoProvider = null;
         private SecureRandom _secureRandom = new SecureRandom();
+        //= specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
+        //# The option to enable legacy unauthenticated modes MUST be set to false by default.
         private boolean _enableLegacyUnauthenticatedModes = false;
         private long _bufferSize = -1L;
         private InstructionFileConfig _instructionFileConfig = null;
@@ -683,6 +725,8 @@ public static class Builder implements S3BaseClientBuilder<Builder, S3Encryption
         private Builder() {
         }
 
+        //= specification/s3-encryption/client.md#wrapped-s3-client-s
+        //# The S3EC MUST support the option to provide an SDK S3 client instance during its initialization.
         /**
          * Sets the wrappedClient to be used for non-cryptographic operations.
          */
@@ -699,6 +743,8 @@ public Builder wrappedClient(S3Client _wrappedClient) {
             return this;
         }
 
+        //= specification/s3-encryption/client.md#wrapped-s3-client-s
+        //# The S3EC MUST support the option to provide an SDK S3 client instance during its initialization.
         /**
          * Sets the wrappedAsyncClient to be used for cryptographic operations.
          */
@@ -795,11 +841,17 @@ public Builder kmsKeyId(String kmsKeyId) {
         }
 
         // We only want one way to use a key, if more than one is set, throw an error
+        //= specification/s3-encryption/client.md#cryptographic-materials
+        //# The S3EC MUST accept either one CMM or one Keyring instance upon initialization.
+        //= specification/s3-encryption/client.md#cryptographic-materials
+        //# The S3EC MAY accept key material directly.
         private void checkKeyOptions() {
             if (onlyOneNonNull(_cryptoMaterialsManager, _keyring, _aesKey, _rsaKeyPair, _kmsKeyId)) {
                 return;
             }
 
+            //= specification/s3-encryption/client.md#cryptographic-materials
+            //# If both a CMM and a Keyring are provided, the S3EC MUST throw an exception.
             throw new S3EncryptionClientException("Only one may be set of: crypto materials manager, keyring, AES key, RSA key pair, KMS key id");
         }
 
@@ -818,6 +870,8 @@ private boolean onlyOneNonNull(Object... values) {
             return haveOneNonNull;
         }
 
+        //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+        //# The S3EC MUST support the option to enable or disable legacy wrapping algorithms.
         /**
          * When set to true, decryption of objects using legacy key wrapping
          * modes is enabled.
@@ -829,6 +883,8 @@ public Builder enableLegacyWrappingAlgorithms(boolean shouldEnableLegacyWrapping
             return this;
         }
 
+        //= specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
+        //# The S3EC MUST support the option to enable or disable legacy unauthenticated modes (content encryption algorithms).
         /**
          * When set to true, decryption of content using legacy encryption algorithms
          * is enabled. This includes use of GetObject requests with a range, as this
@@ -841,6 +897,8 @@ public Builder enableLegacyUnauthenticatedModes(boolean shouldEnableLegacyUnauth
             return this;
         }
 
+        //= specification/s3-encryption/client.md#enable-delayed-authentication
+        //# The S3EC MUST support the option to enable or disable Delayed Authentication mode.
         /**
          * When set to true, authentication of streamed objects is delayed until the
          * entire object is read from the stream. When this mode is enabled, the consuming
@@ -867,6 +925,8 @@ public Builder enableMultipartPutObject(boolean _enableMultipartPutObject) {
             return this;
         }
 
+        //= specification/s3-encryption/client.md#set-buffer-size
+        //# The S3EC SHOULD accept a configurable buffer size which refers to the maximum ciphertext length to store in memory when delayed authentication mode is disabled.
         /**
          * Sets the buffer size for safe authentication used when delayed authentication mode is disabled.
          * If buffer size is not given during client configuration, default buffer size is set to 64MiB.
@@ -900,6 +960,8 @@ public Builder cryptoProvider(Provider cryptoProvider) {
             return this;
         }
 
+        //= specification/s3-encryption/client.md#randomness
+        //# The S3EC MAY accept a source of randomness during client initialization.
         /**
          * Allows the user to pass an instance of {@link SecureRandom} to be used
          * for generating keys and IVs. Advanced option. Users who provide a {@link SecureRandom}
@@ -915,6 +977,10 @@ public Builder secureRandom(SecureRandom secureRandom) {
             return this;
         }
 
+        //= specification/s3-encryption/client.md#instruction-file-configuration
+        //# If the S3EC in a given language supports Instruction Files, then it MUST accept Instruction File Configuration during its initialization.
+        //= specification/s3-encryption/client.md#instruction-file-configuration
+        //# The S3EC MAY support the option to provide Instruction File Configuration during its initialization.
         /**
          * Sets the Instruction File configuration for the S3 Encryption Client.
          * The InstructionFileConfig can be used to specify an S3 client to use for retrieval of Instruction files,
@@ -927,6 +993,10 @@ public Builder instructionFileConfig(InstructionFileConfig instructionFileConfig
             return this;
         }
 
+        //= specification/s3-encryption/client.md#inherited-sdk-configuration
+        //# The S3EC MAY support directly configuring the wrapped SDK clients through its initialization.
+        //= specification/s3-encryption/client.md#inherited-sdk-configuration
+        //# For example, the S3EC MAY accept a credentials provider instance during its initialization.
         /**
          * The credentials provider to use for all inner clients, including KMS, if a KMS key ID is provided.
          * Note that if a wrapped client is configured, the wrapped client will take precedence over this option.
@@ -1207,6 +1277,8 @@ public S3EncryptionClient build() {
                 _bufferSize = DEFAULT_BUFFER_SIZE_BYTES;
             }
 
+            //= specification/s3-encryption/client.md#inherited-sdk-configuration
+            //# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped S3 clients.
             if (_wrappedClient == null) {
                 _wrappedClient = S3Client.builder()
                         .credentialsProvider(_awsCredentialsProvider)
@@ -1247,6 +1319,8 @@ public S3EncryptionClient build() {
                         .build();
             }
 
+            //= specification/s3-encryption/client.md#instruction-file-configuration
+            //# In this case, the Instruction File Configuration SHOULD be optional, such that its default configuration is used when none is provided.
             if (_instructionFileConfig == null) {
                 _instructionFileConfig = InstructionFileConfig.builder()
                         .instructionFileClient(_wrappedClient)
@@ -1267,6 +1341,8 @@ public S3EncryptionClient build() {
                             .secureRandom(_secureRandom)
                             .build();
                 } else if (_kmsKeyId != null) {
+                    //= specification/s3-encryption/client.md#inherited-sdk-configuration
+                    //# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped SDK clients including the KMS client.
                     KmsClient kmsClient = KmsClient.builder()
                             .credentialsProvider(_awsCredentialsProvider)
                             .region(_region)
@@ -1284,6 +1360,8 @@ public S3EncryptionClient build() {
                 }
             }
 
+            //= specification/s3-encryption/client.md#cryptographic-materials
+            //# When a Keyring is provided, the S3EC MUST create an instance of the DefaultCMM using the provided Keyring.
             if (_cryptoMaterialsManager == null) {
                 _cryptoMaterialsManager = DefaultCryptoMaterialsManager.builder()
                         .keyring(_keyring)
diff --git a/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java b/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java
index bc3563688..cb1e28963 100644
--- a/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java
+++ b/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java
@@ -75,7 +75,11 @@ private DecryptionMaterials prepareMaterialsFromRequest(final GetObjectRequest g
         }
 
         AlgorithmSuite algorithmSuite = contentMetadata.algorithmSuite();
+        //= specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
+        //# When enabled, the S3EC MUST be able to decrypt objects encrypted with all content encryption algorithms (both legacy and fully supported).
         if (!_enableLegacyUnauthenticatedModes && algorithmSuite.isLegacy()) {
+            //= specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
+            //# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy content encryption algorithms.
             throw new S3EncryptionClientException("Enable legacy unauthenticated modes to use legacy content decryption: " + algorithmSuite.cipherName());
         }
 
@@ -146,11 +150,15 @@ public void onStream(SdkPublisher<ByteBuffer> ciphertextPublisher) {
             if (algorithmSuite.equals(AlgorithmSuite.ALG_AES_256_CBC_IV16_NO_KDF)
                     || algorithmSuite.equals(AlgorithmSuite.ALG_AES_256_CTR_IV16_TAG16_NO_KDF)
                     || _enableDelayedAuthentication) {
+                //= specification/s3-encryption/client.md#enable-delayed-authentication
+                //# When enabled, the S3EC MAY release plaintext from a stream which has not been authenticated.
                 // CBC and GCM with delayed auth enabled use a standard publisher
                 CipherPublisher plaintextPublisher = new CipherPublisher(ciphertextPublisher,
                         getObjectResponse.contentLength(), desiredRange, contentMetadata.contentRange(), algorithmSuite.cipherTagLengthBits(), materials, iv);
                 wrappedAsyncResponseTransformer.onStream(plaintextPublisher);
             } else {
+                //= specification/s3-encryption/client.md#enable-delayed-authentication
+                //# When disabled the S3EC MUST NOT release plaintext from a stream which has not been authenticated.
                 // Use buffered publisher for GCM when delayed auth is not enabled
                 BufferedCipherPublisher plaintextPublisher = new BufferedCipherPublisher(ciphertextPublisher,
                         getObjectResponse.contentLength(), materials, iv, _bufferSize);
diff --git a/src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java b/src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java
index cb4dde03a..3fa28d0e2 100644
--- a/src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java
+++ b/src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java
@@ -74,6 +74,8 @@ public CreateMultipartUploadResponse createMultipartUpload(CreateMultipartUpload
                 .overrideConfiguration(API_NAME_INTERCEPTOR)
                 .build();
 
+        //= specification/s3-encryption/client.md#api-operations
+        //# If implemented, CreateMultipartUpload MUST initiate a multipart upload.
         CreateMultipartUploadResponse response = _s3AsyncClient.createMultipartUpload(request).join();
 
         MultipartUploadMaterials mpuMaterials = MultipartUploadMaterials.builder()
@@ -133,13 +135,18 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
             throw new S3EncryptionClientException("No client-side information available on upload ID " + uploadId);
         }
         final UploadPartResponse response;
-        // Checks the parts are uploaded in series
+        //= specification/s3-encryption/client.md#api-operations
+        //# Each part MUST be encrypted in sequence.
         materials.beginPartUpload(actualRequest.partNumber(), partContentLength);
+        //= specification/s3-encryption/client.md#api-operations
+        //# Each part MUST be encrypted using the same cipher instance for each part.
         Cipher cipher = materials.getCipher(materials.getIv());
 
         ExecutorService singleThreadExecutor = Executors.newSingleThreadExecutor();
 
         try {
+            //= specification/s3-encryption/client.md#api-operations
+            //# UploadPart MUST encrypt each part.
             final AsyncRequestBody cipherAsyncRequestBody = new CipherAsyncRequestBody(
                 AsyncRequestBody.fromInputStream(
                     requestBody.contentStreamProvider().newStream(),
@@ -159,6 +166,7 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
             }
             // Ensures parts are not retried to avoid corrupting ciphertext
             AsyncRequestBody noRetryBody = new NoRetriesAsyncRequestBody(cipherAsyncRequestBody);
+            //= specification/s3-encryption/client.md#api-operations
             response =  _s3AsyncClient.uploadPart(actualRequest, noRetryBody).join();
         } finally {
             materials.endPartUpload();
@@ -187,6 +195,8 @@ public CompleteMultipartUploadResponse completeMultipartUpload(CompleteMultipart
                 .overrideConfiguration(API_NAME_INTERCEPTOR)
                 .build();
 
+        //= specification/s3-encryption/client.md#api-operations
+        //# CompleteMultipartUpload MUST complete the multipart upload.
         CompleteMultipartUploadResponse response = _s3AsyncClient.completeMultipartUpload(actualRequest).join();
 
         _multipartUploadMaterials.remove(uploadId);
@@ -198,6 +208,8 @@ public AbortMultipartUploadResponse abortMultipartUpload(AbortMultipartUploadReq
         AbortMultipartUploadRequest actualRequest = request.toBuilder()
                 .overrideConfiguration(API_NAME_INTERCEPTOR)
                 .build();
+        //= specification/s3-encryption/client.md#api-operations
+        //# AbortMultipartUpload MUST abort the multipart upload.
         return _s3AsyncClient.abortMultipartUpload(actualRequest).join();
     }
 
diff --git a/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java b/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java
index ebf3a6105..0d09173ba 100644
--- a/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java
+++ b/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java
@@ -5,13 +5,13 @@
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import software.amazon.encryption.s3.S3EncryptionClientException;
 
+import javax.crypto.SecretKey;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import javax.crypto.SecretKey;
 
 /**
  * This serves as the base class for all the keyrings in the S3 encryption client.
@@ -115,7 +115,11 @@ public DecryptionMaterials onDecrypt(final DecryptionMaterials materials, List<E
             throw new S3EncryptionClientException("The keyring does not support the object's key wrapping algorithm: " + keyProviderInfo);
         }
 
+        //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+        //# When enabled, the S3EC MUST be able to decrypt objects encrypted with all supported wrapping algorithms (both legacy and fully supported).
         if (decryptStrategy.isLegacy() && !_enableLegacyWrappingAlgorithms) {
+            //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+            //# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy wrapping algorithms.
             throw new S3EncryptionClientException("Enable legacy wrapping algorithms to use legacy key wrapping algorithm: " + keyProviderInfo);
         }
 

From 2301f3c2770e5ff7acbde040d8ad9ce1aad6f5ce Mon Sep 17 00:00:00 2001
From: Kess Plasmeier <kessplas@amazon.com>
Date: Tue, 5 Aug 2025 13:22:01 -0700
Subject: [PATCH 2/2] use implication/implementation/test annotation types
 instead of just comments for everything

---
 specification                                 |  2 +-
 .../encryption/s3/S3EncryptionClient.java     | 50 ++++++++++++++++++-
 .../internal/GetEncryptedObjectPipeline.java  |  6 ++-
 .../MultipartUploadObjectPipeline.java        |  7 +++
 .../encryption/s3/materials/S3Keyring.java    |  4 +-
 .../S3EncryptionClientCompatibilityTest.java  |  6 +++
 .../encryption/s3/S3EncryptionClientTest.java | 47 ++++++++++++++++-
 7 files changed, 116 insertions(+), 6 deletions(-)

diff --git a/specification b/specification
index c5a78bcd0..616da1e36 160000
--- a/specification
+++ b/specification
@@ -1 +1 @@
-Subproject commit c5a78bcd0d0cb2ca4b7875f12103314986a1495d
+Subproject commit 616da1e364a48c118cd19f42efc6cfc653c929ad
diff --git a/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java b/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
index de4b8930d..c4d043cc9 100644
--- a/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
+++ b/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
@@ -103,7 +103,11 @@
 
 
 //= specification/s3-encryption/client.md#aws-sdk-compatibility
+//= type=implication
 //# The S3EC MUST adhere to the same interface for API operations as the conventional AWS SDK S3 client.
+//= specification/s3-encryption/client.md#aws-sdk-compatibility
+//= type=implementation
+//# The S3EC SHOULD support invoking operations unrelated to client-side encryption e.g. CopyObject as the conventional AWS SDK S3 client would.
 /**
  * This client is a drop-in replacement for the S3 client. It will automatically encrypt objects
  * on putObject and decrypt objects on getObject using the provided encryption key(s).
@@ -129,6 +133,7 @@ public class S3EncryptionClient extends DelegatingS3Client {
     private final InstructionFileConfig _instructionFileConfig;
 
     //= specification/s3-encryption/client.md#aws-sdk-compatibility
+    //= type=implication
     //# The S3EC MUST provide a different set of configuration options than the conventional S3 client.
     private S3EncryptionClient(Builder builder) {
         super(builder._wrappedClient);
@@ -206,6 +211,7 @@ public static Consumer<AwsRequestOverrideConfiguration.Builder> withAdditionalCo
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# ReEncryptInstructionFile MAY be implemented by the S3EC.
     /**
      * Re-encrypts an instruction file with a new keyring while preserving the original encrypted object in S3.
@@ -245,6 +251,7 @@ public ReEncryptInstructionFileResponse reEncryptInstructionFile(ReEncryptInstru
 
         //Decrypt the data key using the current keyring
         //= specification/s3-encryption/client.md#api-operations
+        //= type=implication
         //# ReEncryptInstructionFile MUST decrypt the instruction file's encrypted data key for the given object using the client's CMM.
         DecryptionMaterials decryptedMaterials = this._cryptoMaterialsManager.decryptMaterials(
           DecryptMaterialsRequest.builder()
@@ -265,6 +272,7 @@ public ReEncryptInstructionFileResponse reEncryptInstructionFile(ReEncryptInstru
 
         //Re-encrypt the data key with the new keyring while preserving other cryptographic parameters
         //= specification/s3-encryption/client.md#api-operations
+        //= type=implication
         //# ReEncryptInstructionFile MUST re-encrypt the plaintext data key with a provided keyring.
         RawKeyring newKeyring = reEncryptInstructionFileRequest.newKeyring();
         EncryptionMaterials encryptedMaterials = newKeyring.onEncrypt(encryptionMaterials);
@@ -308,6 +316,7 @@ private void enforceRotation(EncryptionMaterials newEncryptionMaterials, GetObje
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# PutObject MUST be implemented by the S3EC.
     /**
      * See {@link S3EncryptionClient#putObject(PutObjectRequest, RequestBody)}.
@@ -347,6 +356,7 @@ public PutObjectResponse putObject(PutObjectRequest putObjectRequest, RequestBod
 
         try {
             //= specification/s3-encryption/client.md#api-operations
+            //= type=implication
             //# PutObject MUST encrypt its input data before it is uploaded to S3.
             CompletableFuture<PutObjectResponse> futurePut = pipeline.putObject(putObjectRequest,
                     AsyncRequestBody.fromInputStream(
@@ -373,6 +383,7 @@ public PutObjectResponse putObject(PutObjectRequest putObjectRequest, RequestBod
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# GetObject MUST be implemented by the S3EC.
     /**
      * See {@link S3EncryptionClient#getObject(GetObjectRequest, ResponseTransformer)}
@@ -396,6 +407,7 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
             throws AwsServiceException, SdkClientException {
 
         //= specification/s3-encryption/client.md#api-operations
+        //= type=implication
         //# GetObject MUST decrypt data received from the S3 server and return it as plaintext.
         GetEncryptedObjectPipeline pipeline = GetEncryptedObjectPipeline.builder()
                 .s3AsyncClient(_wrappedAsyncClient)
@@ -505,6 +517,7 @@ private <T extends Throwable> T onAbort(UploadObjectObserver observer, T t) {
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# DeleteObject MUST be implemented by the S3EC.
     /**
      * See {@link S3Client#deleteObject(DeleteObjectRequest)}.
@@ -524,9 +537,11 @@ public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest
 
         try {
             //= specification/s3-encryption/client.md#api-operations
+            //= type=implementation
             //# DeleteObject MUST delete the given object key.
             DeleteObjectResponse deleteObjectResponse = _wrappedAsyncClient.deleteObject(actualRequest).join();
             //= specification/s3-encryption/client.md#api-operations
+            //= type=implementation
             //# DeleteObject MUST delete the associated instruction file using the default instruction file suffix.
             String instructionObjectKey = deleteObjectRequest.key() + DEFAULT_INSTRUCTION_FILE_SUFFIX;
             _wrappedAsyncClient.deleteObject(builder -> builder
@@ -543,6 +558,7 @@ public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# DeleteObjects MUST be implemented by the S3EC.
     /**
      * See {@link S3Client#deleteObjects(DeleteObjectsRequest)}.
@@ -561,9 +577,11 @@ public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsReq
                 .build();
         try {
             //= specification/s3-encryption/client.md#api-operations
+            //= type=implementation
             //# DeleteObjects MUST delete each of the given objects.
             DeleteObjectsResponse deleteObjectsResponse = _wrappedAsyncClient.deleteObjects(actualRequest).join();
             //= specification/s3-encryption/client.md#api-operations
+            //= type=implementation
             //# DeleteObjects MUST delete each of the corresponding instruction files using the default instruction file suffix.
             List<ObjectIdentifier> deleteObjects = instructionFileKeysToDelete(deleteObjectsRequest);
             _wrappedAsyncClient.deleteObjects(DeleteObjectsRequest.builder()
@@ -580,6 +598,7 @@ public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsReq
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# CreateMultipartUpload MAY be implemented by the S3EC.
     /**
      * See {@link S3Client#createMultipartUpload(CreateMultipartUploadRequest)}
@@ -603,6 +622,7 @@ public CreateMultipartUploadResponse createMultipartUpload(CreateMultipartUpload
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# UploadPart MAY be implemented by the S3EC.
     /**
      * See {@link S3Client#uploadPart(UploadPartRequest, RequestBody)}
@@ -628,6 +648,7 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# CompleteMultipartUpload MAY be implemented by the S3EC.
     /**
      * See {@link S3Client#completeMultipartUpload(CompleteMultipartUploadRequest)}
@@ -647,6 +668,7 @@ public CompleteMultipartUploadResponse completeMultipartUpload(CompleteMultipart
     }
 
     //= specification/s3-encryption/client.md#api-operations
+    //= type=implication
     //# AbortMultipartUpload MAY be implemented by the S3EC.
     /**
      * See {@link S3Client#abortMultipartUpload(AbortMultipartUploadRequest)}
@@ -689,15 +711,18 @@ public static class Builder implements S3BaseClientBuilder<Builder, S3Encryption
         private PartialRsaKeyPair _rsaKeyPair;
         private String _kmsKeyId;
         //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+        //= type=implication
         //# The option to enable legacy wrapping algorithms MUST be set to false by default.
         private boolean _enableLegacyWrappingAlgorithms = false;
         //= specification/s3-encryption/client.md#enable-delayed-authentication
+        //= type=implication
         //# Delayed Authentication mode MUST be set to false by default.
         private boolean _enableDelayedAuthenticationMode = false;
         private boolean _enableMultipartPutObject = false;
         private Provider _cryptoProvider = null;
         private SecureRandom _secureRandom = new SecureRandom();
         //= specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
+        //= type=implication
         //# The option to enable legacy unauthenticated modes MUST be set to false by default.
         private boolean _enableLegacyUnauthenticatedModes = false;
         private long _bufferSize = -1L;
@@ -726,6 +751,7 @@ private Builder() {
         }
 
         //= specification/s3-encryption/client.md#wrapped-s3-client-s
+        //= type=implementation
         //# The S3EC MUST support the option to provide an SDK S3 client instance during its initialization.
         /**
          * Sets the wrappedClient to be used for non-cryptographic operations.
@@ -736,6 +762,9 @@ private Builder() {
          */
         @SuppressFBWarnings(value = "EI_EXPOSE_REP2", justification = "Pass mutability into wrapping client")
         public Builder wrappedClient(S3Client _wrappedClient) {
+            //= specification/s3-encryption/client.md#wrapped-s3-client-s
+            //= type=exception
+            //# The S3EC MUST NOT support use of S3EC as the provided S3 client during its initialization; it MUST throw an exception in this case.
             if (_wrappedClient instanceof S3EncryptionClient) {
                 throw new S3EncryptionClientException("Cannot use S3EncryptionClient as wrapped client");
             }
@@ -744,6 +773,7 @@ public Builder wrappedClient(S3Client _wrappedClient) {
         }
 
         //= specification/s3-encryption/client.md#wrapped-s3-client-s
+        //= type=implementation
         //# The S3EC MUST support the option to provide an SDK S3 client instance during its initialization.
         /**
          * Sets the wrappedAsyncClient to be used for cryptographic operations.
@@ -754,6 +784,9 @@ public Builder wrappedClient(S3Client _wrappedClient) {
          */
         @SuppressFBWarnings(value = "EI_EXPOSE_REP2", justification = "Pass mutability into wrapping client")
         public Builder wrappedAsyncClient(S3AsyncClient _wrappedAsyncClient) {
+            //= specification/s3-encryption/client.md#wrapped-s3-client-s
+            //= type=exception
+            //# The S3EC MUST NOT support use of S3EC as the provided S3 client during its initialization; it MUST throw an exception in this case.
             if (_wrappedAsyncClient instanceof S3AsyncEncryptionClient) {
                 throw new S3EncryptionClientException("Cannot use S3AsyncEncryptionClient as wrapped client");
             }
@@ -840,10 +873,11 @@ public Builder kmsKeyId(String kmsKeyId) {
             return this;
         }
 
-        // We only want one way to use a key, if more than one is set, throw an error
         //= specification/s3-encryption/client.md#cryptographic-materials
+        //= type=implementation
         //# The S3EC MUST accept either one CMM or one Keyring instance upon initialization.
         //= specification/s3-encryption/client.md#cryptographic-materials
+        //= type=implication
         //# The S3EC MAY accept key material directly.
         private void checkKeyOptions() {
             if (onlyOneNonNull(_cryptoMaterialsManager, _keyring, _aesKey, _rsaKeyPair, _kmsKeyId)) {
@@ -851,6 +885,7 @@ private void checkKeyOptions() {
             }
 
             //= specification/s3-encryption/client.md#cryptographic-materials
+            //= type=exception
             //# If both a CMM and a Keyring are provided, the S3EC MUST throw an exception.
             throw new S3EncryptionClientException("Only one may be set of: crypto materials manager, keyring, AES key, RSA key pair, KMS key id");
         }
@@ -871,6 +906,7 @@ private boolean onlyOneNonNull(Object... values) {
         }
 
         //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+        //= type=implication
         //# The S3EC MUST support the option to enable or disable legacy wrapping algorithms.
         /**
          * When set to true, decryption of objects using legacy key wrapping
@@ -884,6 +920,7 @@ public Builder enableLegacyWrappingAlgorithms(boolean shouldEnableLegacyWrapping
         }
 
         //= specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
+        //= type=implication
         //# The S3EC MUST support the option to enable or disable legacy unauthenticated modes (content encryption algorithms).
         /**
          * When set to true, decryption of content using legacy encryption algorithms
@@ -898,6 +935,7 @@ public Builder enableLegacyUnauthenticatedModes(boolean shouldEnableLegacyUnauth
         }
 
         //= specification/s3-encryption/client.md#enable-delayed-authentication
+        //= type=implication
         //# The S3EC MUST support the option to enable or disable Delayed Authentication mode.
         /**
          * When set to true, authentication of streamed objects is delayed until the
@@ -926,6 +964,7 @@ public Builder enableMultipartPutObject(boolean _enableMultipartPutObject) {
         }
 
         //= specification/s3-encryption/client.md#set-buffer-size
+        //= type=implication
         //# The S3EC SHOULD accept a configurable buffer size which refers to the maximum ciphertext length to store in memory when delayed authentication mode is disabled.
         /**
          * Sets the buffer size for safe authentication used when delayed authentication mode is disabled.
@@ -961,6 +1000,7 @@ public Builder cryptoProvider(Provider cryptoProvider) {
         }
 
         //= specification/s3-encryption/client.md#randomness
+        //= type=implication
         //# The S3EC MAY accept a source of randomness during client initialization.
         /**
          * Allows the user to pass an instance of {@link SecureRandom} to be used
@@ -978,8 +1018,10 @@ public Builder secureRandom(SecureRandom secureRandom) {
         }
 
         //= specification/s3-encryption/client.md#instruction-file-configuration
+        //= type=implication
         //# If the S3EC in a given language supports Instruction Files, then it MUST accept Instruction File Configuration during its initialization.
         //= specification/s3-encryption/client.md#instruction-file-configuration
+        //= type=implication
         //# The S3EC MAY support the option to provide Instruction File Configuration during its initialization.
         /**
          * Sets the Instruction File configuration for the S3 Encryption Client.
@@ -994,8 +1036,10 @@ public Builder instructionFileConfig(InstructionFileConfig instructionFileConfig
         }
 
         //= specification/s3-encryption/client.md#inherited-sdk-configuration
+        //= type=implication
         //# The S3EC MAY support directly configuring the wrapped SDK clients through its initialization.
         //= specification/s3-encryption/client.md#inherited-sdk-configuration
+        //= type=implication
         //# For example, the S3EC MAY accept a credentials provider instance during its initialization.
         /**
          * The credentials provider to use for all inner clients, including KMS, if a KMS key ID is provided.
@@ -1278,6 +1322,7 @@ public S3EncryptionClient build() {
             }
 
             //= specification/s3-encryption/client.md#inherited-sdk-configuration
+            //= type=implication
             //# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped S3 clients.
             if (_wrappedClient == null) {
                 _wrappedClient = S3Client.builder()
@@ -1320,6 +1365,7 @@ public S3EncryptionClient build() {
             }
 
             //= specification/s3-encryption/client.md#instruction-file-configuration
+            //= type=implication
             //# In this case, the Instruction File Configuration SHOULD be optional, such that its default configuration is used when none is provided.
             if (_instructionFileConfig == null) {
                 _instructionFileConfig = InstructionFileConfig.builder()
@@ -1342,6 +1388,7 @@ public S3EncryptionClient build() {
                             .build();
                 } else if (_kmsKeyId != null) {
                     //= specification/s3-encryption/client.md#inherited-sdk-configuration
+                    //= type=implementation
                     //# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped SDK clients including the KMS client.
                     KmsClient kmsClient = KmsClient.builder()
                             .credentialsProvider(_awsCredentialsProvider)
@@ -1361,6 +1408,7 @@ public S3EncryptionClient build() {
             }
 
             //= specification/s3-encryption/client.md#cryptographic-materials
+            //= type=implication
             //# When a Keyring is provided, the S3EC MUST create an instance of the DefaultCMM using the provided Keyring.
             if (_cryptoMaterialsManager == null) {
                 _cryptoMaterialsManager = DefaultCryptoMaterialsManager.builder()
diff --git a/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java b/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java
index cb1e28963..b002b42b8 100644
--- a/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java
+++ b/src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java
@@ -76,10 +76,12 @@ private DecryptionMaterials prepareMaterialsFromRequest(final GetObjectRequest g
 
         AlgorithmSuite algorithmSuite = contentMetadata.algorithmSuite();
         //= specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
+        //= type=implication
         //# When enabled, the S3EC MUST be able to decrypt objects encrypted with all content encryption algorithms (both legacy and fully supported).
         if (!_enableLegacyUnauthenticatedModes && algorithmSuite.isLegacy()) {
             //= specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
-            //# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy content encryption algorithms.
+            //= type=exception
+            //# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy content encryption algorithms; it MUST throw an exception when attempting to decrypt an object encrypted with a legacy content encryption algorithm.
             throw new S3EncryptionClientException("Enable legacy unauthenticated modes to use legacy content decryption: " + algorithmSuite.cipherName());
         }
 
@@ -151,6 +153,7 @@ public void onStream(SdkPublisher<ByteBuffer> ciphertextPublisher) {
                     || algorithmSuite.equals(AlgorithmSuite.ALG_AES_256_CTR_IV16_TAG16_NO_KDF)
                     || _enableDelayedAuthentication) {
                 //= specification/s3-encryption/client.md#enable-delayed-authentication
+                //= type=implication
                 //# When enabled, the S3EC MAY release plaintext from a stream which has not been authenticated.
                 // CBC and GCM with delayed auth enabled use a standard publisher
                 CipherPublisher plaintextPublisher = new CipherPublisher(ciphertextPublisher,
@@ -158,6 +161,7 @@ public void onStream(SdkPublisher<ByteBuffer> ciphertextPublisher) {
                 wrappedAsyncResponseTransformer.onStream(plaintextPublisher);
             } else {
                 //= specification/s3-encryption/client.md#enable-delayed-authentication
+                //= type=implication
                 //# When disabled the S3EC MUST NOT release plaintext from a stream which has not been authenticated.
                 // Use buffered publisher for GCM when delayed auth is not enabled
                 BufferedCipherPublisher plaintextPublisher = new BufferedCipherPublisher(ciphertextPublisher,
diff --git a/src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java b/src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java
index 3fa28d0e2..01c48a578 100644
--- a/src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java
+++ b/src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java
@@ -75,6 +75,7 @@ public CreateMultipartUploadResponse createMultipartUpload(CreateMultipartUpload
                 .build();
 
         //= specification/s3-encryption/client.md#api-operations
+        //= type=implication
         //# If implemented, CreateMultipartUpload MUST initiate a multipart upload.
         CreateMultipartUploadResponse response = _s3AsyncClient.createMultipartUpload(request).join();
 
@@ -136,9 +137,11 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
         }
         final UploadPartResponse response;
         //= specification/s3-encryption/client.md#api-operations
+        //= type=implication
         //# Each part MUST be encrypted in sequence.
         materials.beginPartUpload(actualRequest.partNumber(), partContentLength);
         //= specification/s3-encryption/client.md#api-operations
+        //= type=implication
         //# Each part MUST be encrypted using the same cipher instance for each part.
         Cipher cipher = materials.getCipher(materials.getIv());
 
@@ -146,6 +149,7 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
 
         try {
             //= specification/s3-encryption/client.md#api-operations
+            //= type=implication
             //# UploadPart MUST encrypt each part.
             final AsyncRequestBody cipherAsyncRequestBody = new CipherAsyncRequestBody(
                 AsyncRequestBody.fromInputStream(
@@ -167,6 +171,7 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
             // Ensures parts are not retried to avoid corrupting ciphertext
             AsyncRequestBody noRetryBody = new NoRetriesAsyncRequestBody(cipherAsyncRequestBody);
             //= specification/s3-encryption/client.md#api-operations
+            //= type=implication
             response =  _s3AsyncClient.uploadPart(actualRequest, noRetryBody).join();
         } finally {
             materials.endPartUpload();
@@ -196,6 +201,7 @@ public CompleteMultipartUploadResponse completeMultipartUpload(CompleteMultipart
                 .build();
 
         //= specification/s3-encryption/client.md#api-operations
+        //= type=implication
         //# CompleteMultipartUpload MUST complete the multipart upload.
         CompleteMultipartUploadResponse response = _s3AsyncClient.completeMultipartUpload(actualRequest).join();
 
@@ -209,6 +215,7 @@ public AbortMultipartUploadResponse abortMultipartUpload(AbortMultipartUploadReq
                 .overrideConfiguration(API_NAME_INTERCEPTOR)
                 .build();
         //= specification/s3-encryption/client.md#api-operations
+        //= type=implication
         //# AbortMultipartUpload MUST abort the multipart upload.
         return _s3AsyncClient.abortMultipartUpload(actualRequest).join();
     }
diff --git a/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java b/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java
index 0d09173ba..822f09e8c 100644
--- a/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java
+++ b/src/main/java/software/amazon/encryption/s3/materials/S3Keyring.java
@@ -116,10 +116,12 @@ public DecryptionMaterials onDecrypt(final DecryptionMaterials materials, List<E
         }
 
         //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+        //= type=implication
         //# When enabled, the S3EC MUST be able to decrypt objects encrypted with all supported wrapping algorithms (both legacy and fully supported).
         if (decryptStrategy.isLegacy() && !_enableLegacyWrappingAlgorithms) {
             //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
-            //# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy wrapping algorithms.
+            //= type=exception
+            //# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy wrapping algorithms; it MUST throw an exception when attempting to decrypt an object encrypted with a legacy wrapping algorithm.
             throw new S3EncryptionClientException("Enable legacy wrapping algorithms to use legacy key wrapping algorithm: " + keyProviderInfo);
         }
 
diff --git a/src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java b/src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java
index 8f5fc2252..5f701abbd 100644
--- a/src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java
+++ b/src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java
@@ -836,6 +836,9 @@ public void AesCbcV1toV3FailsWhenUnauthencticateModeDisabled() {
         final String input = "AesCbcV1toV3";
         v1Client.putObject(BUCKET, objectKey, input);
 
+        //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+        //= type=test
+        //# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy wrapping algorithms; it MUST throw an exception when attempting to decrypt an object encrypted with a legacy wrapping algorithm.
         assertThrows(S3EncryptionClientException.class, () -> v3Client.getObjectAsBytes(builder -> builder
                 .bucket(BUCKET)
                 .key(objectKey)));
@@ -870,6 +873,9 @@ public void AesCbcV1toV3FailsWhenLegacyKeyringDisabled() {
         final String input = "AesCbcV1toV3";
         v1Client.putObject(BUCKET, objectKey, input);
 
+        //= specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
+        //= type=test
+        //# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy wrapping algorithms; it MUST throw an exception when attempting to decrypt an object encrypted with a legacy wrapping algorithm.
         assertThrows(S3EncryptionClientException.class, () -> v3Client.getObjectAsBytes(builder -> builder
                 .bucket(BUCKET)
                 .key(objectKey)));
diff --git a/src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java b/src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java
index d2520c6b2..37c18a6fe 100644
--- a/src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java
+++ b/src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java
@@ -41,6 +41,8 @@
 import software.amazon.encryption.s3.materials.CryptographicMaterialsManager;
 import software.amazon.encryption.s3.materials.DefaultCryptoMaterialsManager;
 import software.amazon.encryption.s3.materials.KmsKeyring;
+import software.amazon.encryption.s3.materials.PartialRsaKeyPair;
+import software.amazon.encryption.s3.materials.RsaKeyring;
 import software.amazon.encryption.s3.utils.BoundedInputStream;
 import software.amazon.encryption.s3.utils.S3EncryptionClientTestResources;
 
@@ -98,6 +100,9 @@ public static void setUp() throws NoSuchAlgorithmException {
         RSA_KEY_PAIR = keyPairGen.generateKeyPair();
     }
 
+    //= specification/s3-encryption/client.md#aws-sdk-compatibility
+    //= type=test
+    //# The S3EC SHOULD support invoking operations unrelated to client-side encryption e.g. CopyObject as the conventional AWS SDK S3 client would.
     @Test
     public void copyObjectTransparently() {
         final String objectKey = appendTestSuffix("copy-object-from-here");
@@ -161,10 +166,15 @@ public void deleteObjectWithInstructionFileSuccess() {
         v3Client.deleteObject(builder -> builder.bucket(BUCKET).key(objectKey));
 
         S3Client s3Client = S3Client.builder().build();
-        // Assert throw NoSuchKeyException when getObject for objectKey
+        //= specification/s3-encryption/client.md#api-operations
+        //= type=test
+        //# DeleteObject MUST delete the given object key.
         assertThrows(S3Exception.class, () -> s3Client.getObject(builder -> builder
                 .bucket(BUCKET)
                 .key(objectKey)));
+        //= specification/s3-encryption/client.md#api-operations
+        //= type=test
+        //# DeleteObject MUST delete the associated instruction file using the default instruction file suffix.
         assertThrows(S3Exception.class, () -> s3Client.getObject(builder -> builder
                 .bucket(BUCKET)
                 .key(objectKey + ".instruction")));
@@ -208,10 +218,15 @@ public void deleteObjectsWithInstructionFilesSuccess() {
                 .delete(builder1 -> builder1.objects(objects)));
 
         S3Client s3Client = S3Client.builder().build();
-        // Assert throw NoSuchKeyException when getObject for any of objectKeys
+        //= specification/s3-encryption/client.md#api-operations
+        //= type=test
+        //# DeleteObjects MUST delete each of the given objects.
         assertThrows(S3Exception.class, () -> s3Client.getObject(builder -> builder
                 .bucket(BUCKET)
                 .key(objectKeys[0])));
+        //= specification/s3-encryption/client.md#api-operations
+        //= type=test
+        //# DeleteObjects MUST delete each of the corresponding instruction files using the default instruction file suffix.
         assertThrows(S3Exception.class, () -> s3Client.getObject(builder -> builder
                 .bucket(BUCKET)
                 .key(objectKeys[0] + ".instruction")));
@@ -292,6 +307,9 @@ public void getNonExistentObject() {
         v3Client.close();
     }
 
+    //= specification/s3-encryption/client.md#cryptographic-materials
+    //= type=test
+    //# The S3EC MUST accept either one CMM or one Keyring instance upon initialization.
     @Test
     public void s3EncryptionClientWithMultipleKeyringsFails() {
         assertThrows(S3EncryptionClientException.class, () -> S3EncryptionClient.builder()
@@ -300,6 +318,22 @@ public void s3EncryptionClientWithMultipleKeyringsFails() {
                 .build());
     }
 
+    //= specification/s3-encryption/client.md#cryptographic-materials
+    //= type=test
+    //# If both a CMM and a Keyring are provided, the S3EC MUST throw an exception.
+    @Test
+    public void s3EncryptionClientWithCMMAndKeyringFails() {
+        CryptographicMaterialsManager defaultCMM = DefaultCryptoMaterialsManager.builder()
+                        .keyring(RsaKeyring.builder()
+                                .wrappingKeyPair(new PartialRsaKeyPair(RSA_KEY_PAIR))
+                                .build())
+                                .build();
+        assertThrows(S3EncryptionClientException.class, () -> S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .cryptoMaterialsManager(defaultCMM)
+                .build());
+    }
+
     @Test
     public void s3EncryptionClientWithNoKeyringsFails() {
         assertThrows(S3EncryptionClientException.class, () -> S3EncryptionClient.builder()
@@ -440,6 +474,9 @@ public void s3EncryptionClientWithCmmFromKmsKeyIdSucceeds() {
         v3Client.close();
     }
 
+    //= specification/s3-encryption/client.md#wrapped-s3-client-s
+    //= type=test
+    //# The S3EC MUST support the option to provide an SDK S3 client instance during its initialization.
     @Test
     public void s3EncryptionClientWithWrappedS3ClientSucceeds() {
         final String objectKey = appendTestSuffix("wrapped-s3-client-with-kms-key-id");
@@ -462,6 +499,9 @@ public void s3EncryptionClientWithWrappedS3ClientSucceeds() {
         wrappingClient.close();
     }
 
+    //= specification/s3-encryption/client.md#wrapped-s3-client-s
+    //= type=test
+    //# The S3EC MUST NOT support use of S3EC as the provided S3 client during its initialization; it MUST throw an exception in this case.
     /**
      * S3EncryptionClient implements S3Client, so it can be passed into the builder as a wrappedClient.
      * However, is not a supported use case, and the builder should throw an exception if this happens.
@@ -854,6 +894,9 @@ public void s3EncryptionClientTopLevelCredentialsNullCreds() {
         }
     }
 
+    //= specification/s3-encryption/client.md#inherited-sdk-configuration
+    //= type=test
+    //# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped SDK clients including the KMS client.
     @Test
     public void s3EncryptionClientTopLevelAlternateCredentials() {
         final String objectKey = appendTestSuffix("wrapped-s3-client-with-top-level-credentials");