CMIS Browser Binding serializer layer

docs/cmis-1-1-capability-scorecard.md

@@ -2,12 +2,16 @@
 
 Date: 2026-05-07
 
-Evidence update: the 2026-05-08 OpenCMIS TCK run found that broad commodity
-CMIS client compatibility is currently pre-compliance because OpenCMIS cannot
-create a Browser Binding session. See
-`docs/cmis-opencmis-tck-assessment-2026-05-08T063312Z.md`. The score below is
-therefore retained as the pre-TCK product-depth estimate, not as external CMIS
-compatibility evidence.
+Evidence update: the 2026-05-08 OpenCMIS TCK compatibility implementation
+resolved the initial Browser Binding session blocker. The latest run,
+`run-20260508T092113Z`, completed the selected baseline with `38` passing
+repository/type cases, one local HTTP transport warning, and `22` object/content
+skips caused by the current non-creatable folder profile. See
+`docs/cmis-opencmis-tck-implementation-evidence-2026-05-08T092113Z.md`.
+
+The score below remains a product-depth estimate against mature CMIS products;
+the evidence-backed TCK preparation score for the selected baseline is `23.81`
+with `2/9` capability groups covered.
 
 Status: baseline scorecard for the current Browser Binding subset.
 
@@ -98,16 +102,17 @@ replacement surface.
 | Browser Binding protocol fidelity | 7 | 45% | Hyland Alfresco ACS | - Browser-style routes and JSON envelopes exist.<br>- FastAPI route shapes are pragmatic, not complete CMIS Browser Binding selector/action parity.<br>- Route-level tests skip without optional service dependencies. |
 | AtomPub binding | 2 | 0% | Hyland Alfresco ACS | - No AtomPub/XML service document or feeds.<br>- Intentionally deferred until monetized need. |
 | Web Services binding | 2 | 0% | Hyland Alfresco ACS | - No SOAP/WSDL stack.<br>- Intentionally deferred until monetized need. |
-| External conformance evidence | 3 | 20% | OpenCMIS TCK against Alfresco-like server behavior | - Internal fixtures and optional TCK mapping exist.<br>- No recorded OpenCMIS TCK execution against a running access point yet.<br>- No third-party client compatibility matrix yet. |
+| External conformance evidence | 3 | 35% | OpenCMIS TCK against Alfresco-like server behavior | - OpenCMIS Browser Binding session creation now succeeds against `compat-tck`.<br>- Selected `repository-type` baseline completes with no failures and one local HTTP warning.<br>- `object-content` reaches parsed cases but skips because `cmis:folder` is not creatable; broader groups and third-party client matrix are still missing. |
 
 Weighted result from this table: **42%**.
 
 ## Most Important Gaps
 
-1. **External conformance run**
-   - Run selected OpenCMIS TCK groups against `compat-tck`.
-   - Capture failures by capability group.
-   - Turn "estimated" scores into evidence-backed scores.
+1. **External conformance expansion**
+   - Keep the selected OpenCMIS TCK baseline running against `compat-tck`.
+   - Decide whether to add TCK-only `createFolder` support or keep CRUD/content
+     skips as a deliberate profile boundary.
+   - Expand selected groups after the supported capability boundary is agreed.
 
 2. **Browser Binding fidelity**
    - Align route/action/selector shapes more closely with CMIS Browser Binding.

docs/cmis-opencmis-tck-assessment-2026-05-08T063312Z.md

@@ -4,6 +4,11 @@ Run timestamp: 2026-05-08T06:33:12Z
 Local timestamp: 2026-05-08T08:33:12+02:00
 Status: evidence-backed compatibility blocker found
 
+Superseded implementation evidence: the blocker described here was resolved by
+`KONT-WP-0013`. See
+`docs/cmis-opencmis-tck-implementation-evidence-2026-05-08T092113Z.md` for the
+latest completed OpenCMIS run.
+
 ## Purpose
 
 Persist the first real `guide-board` + `open-cmis-tck` assessment against a

docs/cmis-opencmis-tck-implementation-evidence-2026-05-08T092113Z.md

@@ -0,0 +1,164 @@
+# CMIS OpenCMIS TCK Implementation Evidence
+
+Run timestamp: 2026-05-08T09:21:13Z
+Local timestamp: 2026-05-08T11:21:13+02:00
+Status: `KONT-WP-0013` implementation evidence captured
+
+## Purpose
+
+Persist the implementation outcome for the CMIS Browser Binding TCK
+compatibility workplan. This document supersedes the initial blocker report in
+`docs/cmis-opencmis-tck-assessment-2026-05-08T063312Z.md` for the current
+`kontextual-engine` state.
+
+## Implementation Summary
+
+The CMIS adapter now exposes a Browser Binding-shaped compatibility surface for
+the `compat-tck` profile instead of leaking native snake_case DTOs on the
+compatibility route.
+
+Implemented changes:
+
+- Browser Binding service document keyed by repository ID.
+- CMIS field names for repository info, capabilities, extended features, type
+  definitions, object properties, ACLs, parents, query results, and root folder
+  projections.
+- Selector handling for `repositoryInfo`, `typeChildren`, `typeDescendants`,
+  `typeDefinition`, `query`, `object`, `children`, `parents`, `properties`,
+  `allowableActions`, `policies`, and `content`.
+- `compat-tck` repository ID alignment between the engine profile and the
+  OpenCMIS target profile.
+- Root folder and virtual-folder projections that include the properties
+  advertised by the `cmis:folder` type definition.
+- `includePropertyDefinitions` handling for type-list selectors.
+- FastAPI OpenAPI generation fix for streaming routes.
+- Internal regression coverage for Browser Binding selectors and OpenAPI route
+  generation.
+
+## Final OpenCMIS Run
+
+Guide Board live run:
+
+- Run ID: `run-20260508T092113Z`
+- Run directory: `/tmp/open-cmis-tck-kontextual-fix6-20260508`
+- Assessment status: `completed`
+- Target: `kontextual-cmis-compat`
+- Assessment: `cmis-browser-baseline`
+- Browser Binding URL: `http://127.0.0.1:8010/cmis/compat-tck/browser`
+- Repository ID: `compat-tck`
+
+Guide Board summary:
+
+- `pass: 1`
+- `warning: 1`
+- `skipped: 1`
+- unexpected findings: `0`
+
+Mapped groups:
+
+- Repository and type metadata: `warning`
+- Object and content services: `skipped`
+
+Normalized OpenCMIS case counts:
+
+- `repository-type`: `38 pass`, `2 info`, `2 skipped`, `1 warning`, `0 fail`
+- `object-content`: `22 skipped`, `0 fail`
+
+The remaining repository/type warning is local transport only:
+
+```text
+HTTPS is not used. Credentials might be transferred as plain text!
+```
+
+The object/content group skips because the compatibility profile does not make
+the `cmis:folder` base type creatable. This is an intentional boundary for the
+current profiled adapter: governed document creation and content stream updates
+exist through the current engine-backed routes, but full CMIS CRUD scaffolding
+for TCK-created folders is not in scope yet.
+
+## Scorecard
+
+Generated scorecard:
+
+- Path: `/tmp/open-cmis-tck-kontextual-fix6-20260508/reports/cmis-maturity-scorecard.md`
+- Maturity score: `23.81`
+- Coverage: `2/9` groups, `22.22%`
+- Repository and type metadata: `partial`, score `3/4`
+- Object and content services: `not_automated`, score `2/4`
+
+Interpretation:
+
+- The original protocol blocker is resolved: OpenCMIS can create a Browser
+  Binding session and execute selected checks.
+- The current score remains low because only two groups are selected in the
+  baseline and one group is intentionally skipped by profile capability.
+- The scorecard is preparation evidence, not CMIS certification.
+
+## Commands
+
+Focused internal CMIS regression suite:
+
+```bash
+cd /home/worsch/kontextual-engine
+.venv/bin/python -m pytest tests/cmis --perf-history-disable
+```
+
+Result:
+
+```text
+45 passed
+```
+
+Live OpenCMIS run:
+
+```bash
+cd /home/worsch/guide-board
+source /home/worsch/open-cmis-tck/.local/toolchains/env.sh
+PYTHONPATH=src python3 -m guide_board \
+  --extension-dir ../open-cmis-tck \
+  run \
+  --target /tmp/kontextual-cmis-compat-8010.json \
+  --assessment ../open-cmis-tck/profiles/assessments/cmis-browser-baseline.json \
+  --output-dir /tmp/open-cmis-tck-kontextual-fix6-20260508
+```
+
+Scorecard generation:
+
+```bash
+cd /home/worsch/open-cmis-tck
+PYTHONPATH=src python3 scripts/cmis_scorecard.py \
+  --run-dir /tmp/open-cmis-tck-kontextual-fix6-20260508
+```
+
+## Evidence Artifacts
+
+The `/tmp` run artifacts are useful local evidence but may be ephemeral:
+
+- `/tmp/open-cmis-tck-kontextual-fix6-20260508/reports/report.md`
+- `/tmp/open-cmis-tck-kontextual-fix6-20260508/reports/cmis-maturity-scorecard.md`
+- `/tmp/open-cmis-tck-kontextual-fix6-20260508/normalized/evidence.json`
+- `/tmp/open-cmis-tck-kontextual-fix6-20260508/normalized/findings.json`
+- `/tmp/open-cmis-tck-kontextual-fix6-20260508/artifacts/open-cmis-tck/tck/repository-type/normalized-runner-result.json`
+- `/tmp/open-cmis-tck-kontextual-fix6-20260508/artifacts/open-cmis-tck/tck/object-content/normalized-runner-result.json`
+
+## Remaining Boundary Gaps
+
+These are not regressions in the current workplan; they are next-scope choices:
+
+- Configure a durable local target profile or harness parameter for the
+  `kontextual-engine` test port instead of using a temporary `/tmp` profile.
+- Decide whether the `compat-tck` profile should support CMIS `createFolder`
+  purely to exercise more CRUD/content TCK cases.
+- Expand OpenCMIS selected groups beyond `repository-type` and
+  `object-content` once the targeted capability boundary is agreed.
+- Harden `open-cmis-tck` preflight in the sister repository so native-shaped
+  repository-info responses are rejected before Maven invocation.
+- Add HTTPS or a local warning waiver only when transport-security evidence
+  matters for a deployment profile.
+
+## Conclusion
+
+`KONT-WP-0013` achieved its main purpose for `kontextual-engine`: OpenCMIS no
+longer fails at session creation, the repository/type group parses and executes,
+the object/content group reaches parsed TCK cases, and the remaining gaps are
+capability-scope decisions rather than protocol-shape crashes.