Crossexamination of utility based on the content management interoperability standard

2026-05-06 23:36:22 +02:00
parent a44b439cc7
commit 28420c68d1
4 changed files with 596 additions and 0 deletions
--- a/workplans/KONT-WP-0011-cmis-compliance-assessment-test-foundation.md
+++ b/workplans/KONT-WP-0011-cmis-compliance-assessment-test-foundation.md
@@ -0,0 +1,138 @@
+---
+id: KONT-WP-0011
+type: workplan
+title: "CMIS Compliance Assessment And Test Foundation"
+domain: markitect
+repo: kontextual-engine
+status: active
+owner: codex
+topic_slug: markitect
+planning_priority: high
+planning_order: 11
+created: "2026-05-06"
+updated: "2026-05-06"
+state_hub_workstream_id: "c14d232c-cf80-443b-b5e0-76b51baf6676"
+---
+
+# KONT-WP-0011: CMIS Compliance Assessment And Test Foundation
+
+## Purpose
+
+Establish the CMIS compliance baseline before implementation. This workplan
+maps OASIS CMIS 1.1 capabilities to current engine functionality, organizes
+example fixtures by capability, and prepares internal and optional external
+compliance tests.
+
+## References
+
+- `docs/cmis-compliance-assessment.md`
+- `docs/cmis-compliance-test-foundation.md`
+- OASIS CMIS 1.1 standard and errata.
+- Apache Chemistry OpenCMIS TCK 1.1.0 and CMIS Workbench as optional external
+  validation tools.
+
+## Boundary
+
+This workplan does not implement CMIS access points. It creates the assessment,
+fixtures, profile matrix, and test harness that will govern implementation in
+`KONT-WP-0012`.
+
+## C11.1 - Freeze CMIS target version and reusable validation strategy
+
+```task
+id: KONT-WP-0011-T001
+status: todo
+priority: high
+state_hub_task_id: "1f4ed133-74f7-46df-9266-277813b5399a"
+```
+
+Acceptance:
+
+- CMIS target version, bindings, and errata posture are documented.
+- OpenCMIS TCK/Workbench reuse strategy is documented.
+- External harness is optional and does not block default Python tests.
+
+## C11.2 - Build capability assessment and demand estimate
+
+```task
+id: KONT-WP-0011-T002
+status: todo
+priority: high
+state_hub_task_id: "02651630-16e6-4c5f-879d-988a55fb7227"
+```
+
+Acceptance:
+
+- Capability-by-capability availability is documented.
+- Each CMIS area has a gap statement and implementation demand estimate.
+- High-risk areas are called out before implementation begins.
+
+## C11.3 - Create CMIS example fixture catalog grouped by capability
+
+```task
+id: KONT-WP-0011-T003
+status: todo
+priority: high
+state_hub_task_id: "a895218c-61b1-4944-8774-fd21c5416580"
+```
+
+Acceptance:
+
+- Example fixture groups cover repository/type, navigation, object/content,
+  versioning, discovery, relationships, ACL/policy, change log, renditions,
+  retention/hold, and bulk operations.
+- Fixtures declare expected behavior per profile.
+- Fixtures can seed both internal tests and external TCK preparations.
+
+## C11.4 - Add internal CMIS contract test skeleton
+
+```task
+id: KONT-WP-0011-T004
+status: todo
+priority: high
+state_hub_task_id: "710da9b6-2034-4948-8bc7-16230cc839cf"
+```
+
+Acceptance:
+
+- Internal tests validate CMIS mapper outputs independent of OpenCMIS.
+- Tests are organized by capability.
+- Unsupported capabilities assert explicit CMIS capability flags and structured
+  diagnostics.
+
+## C11.5 - Add optional OpenCMIS TCK harness plan
+
+```task
+id: KONT-WP-0011-T005
+status: todo
+priority: medium
+state_hub_task_id: "85b321a1-b9b5-469e-bc45-b207dc39ad7a"
+```
+
+Acceptance:
+
+- Optional Java/Maven harness configuration is documented.
+- TCK group selection is mapped to access-point profiles.
+- CI/default test suite skips TCK unless explicitly enabled.
+
+## C11.6 - Produce readiness gate for implementation
+
+```task
+id: KONT-WP-0011-T006
+status: todo
+priority: medium
+state_hub_task_id: "604e2f06-fde5-4d88-a13e-f3b725177696"
+```
+
+Acceptance:
+
+- A readiness checklist determines when `KONT-WP-0012` can start.
+- The checklist includes capability profile scope, fixture coverage, TCK
+  strategy, and known unsupported features.
+
+## Definition Of Done
+
+- CMIS capability assessment exists and is reviewed.
+- Example fixtures and internal test skeleton are organized by capability.
+- Optional OpenCMIS TCK strategy is ready.
+- Implementation proceeds only through the profile plan in `KONT-WP-0012`.
--- a/workplans/KONT-WP-0012-cmis-profiled-access-points.md
+++ b/workplans/KONT-WP-0012-cmis-profiled-access-points.md
@@ -0,0 +1,169 @@
+---
+id: KONT-WP-0012
+type: workplan
+title: "CMIS Profiled Access Points Implementation"
+domain: markitect
+repo: kontextual-engine
+status: active
+owner: codex
+topic_slug: markitect
+planning_priority: high
+planning_order: 12
+created: "2026-05-06"
+updated: "2026-05-06"
+state_hub_workstream_id: "d538d68f-17a8-401f-9cdc-d526dd734ddc"
+---
+
+# KONT-WP-0012: CMIS Profiled Access Points Implementation
+
+## Purpose
+
+Implement a CMIS API extension for `kontextual-engine` that can expose multiple
+CMIS access points. Each access point has a profile that regulates which CMIS
+capabilities are available, which data is visible, which mutations are allowed,
+and which data must never be exposed.
+
+## Requirement
+
+It must be possible to allow and expose multiple CMIS access points with
+different profiles that regulate:
+
+- which subset of CMIS capabilities are provided on the access point,
+- which engine data is accessible using the access point,
+- which data must not be exposed through the access point.
+
+## Dependency
+
+Implementation must begin after the assessment, examples, and test foundation
+from `KONT-WP-0011` are sufficient to define the first profile and regression
+suite.
+
+## Architecture Constraint
+
+CMIS routes are adapters over engine services and policy gates. They must not
+become a second domain model. Every CMIS access point resolves an
+`OperationContext`, applies profile rules, authorizes exposure/mutation, and
+emits audit events.
+
+## D12.1 - Define CMIS profile and access-point model
+
+```task
+id: KONT-WP-0012-T001
+status: todo
+priority: high
+state_hub_task_id: "031c3ce5-bb56-41fb-a014-6a496c280d20"
+```
+
+Acceptance:
+
+- Access-point config includes ID, repository ID, profile name, binding,
+  capability flags, visibility scope, deny rules, mutation policy, and actor
+  context requirements.
+- Profiles support read-only, governed authoring, admin/export, and TCK
+  compatibility variants.
+- Profile matching is deterministic and auditable.
+
+## D12.2 - Implement CMIS domain mapper
+
+```task
+id: KONT-WP-0012-T002
+status: todo
+priority: high
+state_hub_task_id: "a4c44471-22a9-40d9-9821-4b78e5ba9360"
+```
+
+Acceptance:
+
+- Engine assets map to CMIS documents/items.
+- Synthetic folders, paths, object IDs, properties, content streams,
+  relationships, versions, allowable actions, and change tokens are mapped.
+- Unsupported CMIS features are represented by correct capability flags and
+  structured errors.
+
+## D12.3 - Implement Browser Binding MVP access point
+
+```task
+id: KONT-WP-0012-T003
+status: todo
+priority: high
+state_hub_task_id: "b9f5d790-f291-4613-89da-5d47e7887a9e"
+```
+
+Acceptance:
+
+- Browser Binding routes expose repository info, types, navigation, object read,
+  content stream read, query subset, relationships, and change log.
+- Route behavior is profile-scoped.
+- Responses match CMIS Browser Binding expectations for the supported subset.
+
+## D12.4 - Implement governed authoring operations
+
+```task
+id: KONT-WP-0012-T004
+status: todo
+priority: high
+state_hub_task_id: "49716ca7-6a10-43ac-8ac5-ffa1c15b048e"
+```
+
+Acceptance:
+
+- Supported create/update/delete/content stream operations delegate through
+  engine services.
+- Mutations enforce policy, profile rules, version expectations, and audit.
+- Read-only profiles reject mutations with CMIS-compatible diagnostics.
+
+## D12.5 - Implement profile-scoped ACL policy and redaction
+
+```task
+id: KONT-WP-0012-T005
+status: todo
+priority: high
+state_hub_task_id: "64289d84-d7a2-4c03-8fa6-5f439bc233fe"
+```
+
+Acceptance:
+
+- Access points can hide assets by classification, owner, topic, lifecycle,
+  source system, metadata, actor, or policy decision.
+- Denied data is omitted rather than partially leaked.
+- ACL/allowable action projections reflect engine policy and profile rules.
+
+## D12.6 - Integrate CMIS compliance fixtures and optional OpenCMIS TCK
+
+```task
+id: KONT-WP-0012-T006
+status: todo
+priority: medium
+state_hub_task_id: "2f1e9075-395e-4ed0-9abd-ed7c4ecd774d"
+```
+
+Acceptance:
+
+- Internal CMIS tests run for every profile.
+- Optional OpenCMIS TCK can target a running CMIS access point.
+- TCK subset results are captured and mapped back to capability gaps.
+
+## D12.7 - Document deployment and compatibility posture
+
+```task
+id: KONT-WP-0012-T007
+status: todo
+priority: medium
+state_hub_task_id: "a1d28453-2ab7-4d18-8757-6f9ece1674b3"
+```
+
+Acceptance:
+
+- CMIS endpoint setup is documented.
+- Supported/unsupported CMIS capabilities are documented per profile.
+- Browser Binding MVP, AtomPub/Web Services deferral, OpenCMIS TCK posture, and
+  known client compatibility notes are explicit.
+
+## Definition Of Done
+
+- Multiple CMIS access points can be configured and exposed.
+- Each access point enforces profile-specific capability and data-visibility
+  rules.
+- Supported CMIS Browser Binding subset passes internal compliance tests.
+- Optional OpenCMIS TCK harness can be run against a compatibility profile.
+- `python3 -m pytest` passes.