coulomb/kontextual-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More CMIS scoring optimization

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-13 23:42:56 +02:00
parent 852b45c158
commit b11c9189e4
7 changed files with 775 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
docs/cmis-1-1-capability-scorecard.md
View File

@@ -1,20 +1,18 @@
# CMIS 1.1 Capability Scorecard
Date: 2026-05-07
Date: 2026-05-13
Evidence update: the 2026-05-08 WP-0014 OpenCMIS pass moved the selected
baseline beyond the original folder-creatable skip boundary and through several
object/content maturity issues. The latest run, `run-20260508T164334Z`, reports
`repository-type` as warning-only and reduces `object-content` to specific
semantic gaps: invalid-type exception mapping, bulk update, content deletion,
change-token conflict handling, copy/create-from-source, and one range
classification warning. See
`docs/cmis-opencmis-tck-wp0014-evidence-2026-05-08T164334Z.md`.
Evidence update: the 2026-05-13 WP-0014 OpenCMIS pass completed the selected
Browser Binding `repository-type` and `object-content` baseline. The latest
run, `run-20260513T210255Z`, reports `0` unexpected findings:
`repository-type` is warning-only because the local harness uses HTTP, and
`object-content` is warning-only because `appendContentStream()` is not
supported. See
`docs/cmis-opencmis-tck-wp0014-evidence-2026-05-13T210255Z.md`.
The score below remains a product-depth estimate against mature CMIS products.
The selected OpenCMIS baseline still exits as `infrastructure_error`, but the
failure frontier is now narrow and capability-specific rather than basic
Browser Binding shape or navigation.
The selected OpenCMIS baseline is now stable preparation evidence for
repository/type and object/content services, not a full CMIS certification.
Status: baseline scorecard for the current Browser Binding subset.
@@ -74,58 +72,56 @@ CMIS interoperability importance rather than engine-internal importance.
| Metric | Score |
| --- | ---: |
| Weighted CMIS 1.1 depth vs Hyland Alfresco benchmark | 51% |
| Controlled-client Browser Binding usefulness | 70% |
| Broad commodity CMIS client compatibility | 46% |
| Weighted CMIS 1.1 depth vs Hyland Alfresco benchmark | 59% |
| Controlled-client Browser Binding usefulness | 80% |
| Broad commodity CMIS client compatibility | 54% |
Interpretation: the current CMIS layer is a credible Browser Binding subset for
known clients and profile-specific integrations. It is not yet a broad ECM/CMIS
replacement surface.
known clients and profile-specific integrations, especially around repository,
type, object, folder, content, move/copy, and controlled mutation workflows. It
is not yet a broad ECM/CMIS replacement surface.
## Capability Scorecard
| CMIS capability area | Weight | Current depth | Most worthy contender | Gap basis behind the percentage |
| --- | ---: | ---: | --- | --- |
| Repository service and repository info | 5 | 82% | Hyland Alfresco ACS | - Repository info and conservative capability flags exist.<br>- Unsupported feature catalog exists.<br>- OpenCMIS `repository-type` is warning-only, with the remaining warning caused by local HTTP. |
| Type definitions | 6 | 52% | Hyland Alfresco ACS | - Base types and nullable content stream properties exist.<br>- No mutable types or custom schema/type management.<br>- Property definition depth remains intentionally narrow. |
| Navigation service | 8 | 58% | Hyland Alfresco ACS | - Root and folder-scoped children, path lookup, folder parent lookup, and parent path segments work.<br>- Projection-only parents exist.<br>- Missing `getDescendants`, `getFolderTree`, and real filing mutations. |
| Object read service | 10 | 78% | Hyland Alfresco ACS | - Object envelopes, properties, content descriptors, ACL projection, relationships, allowable actions, property filters, and path-addressed Browser Binding reads exist.<br>- Deleted/hidden objects are now correctly not exposed.<br>- Remaining read-side gaps are mostly around optional services and exception shape. |
| Object write service | 8 | 58% | Hyland Alfresco ACS | - `createDocument`, `createFolder`, scoped `moveObject`, folder rename, selected standard property updates, custom metadata updates, content stream set, and delete-request lifecycle exist.<br>- No bulk update, copy/create-from-source, broad filing mutation, or physical delete semantics.<br>- Delete is intentionally governed, not raw repository removal. |
| Content stream read/write | 8 | 74% | Hyland Alfresco ACS | - Byte streaming, explicit content headers, multipart Browser Binding create, deduplicating `setContentStream`, no-content compatibility streams, and partial body slicing exist.<br>- Digest verification and governed access exist.<br>- Remaining gaps are delete-content semantics, append semantics, change-token conflicts, and one range classification warning. |
| Repository service and repository info | 5 | 86% | Hyland Alfresco ACS | - Repository info and conservative capability flags exist.<br>- Unsupported feature catalog exists.<br>- OpenCMIS `repository-type` completes with only the local HTTP warning. |
| Type definitions | 6 | 55% | Hyland Alfresco ACS | - Base types, Browser Binding type definitions, secondary type projection, and nullable content stream properties exist.<br>- No mutable types or custom schema/type management.<br>- Property definition depth remains intentionally narrow. |
| Navigation service | 8 | 62% | Hyland Alfresco ACS | - Root and folder-scoped children, path lookup, folder parent lookup, parent path segments, move, and delete-tree work in the selected baseline.<br>- Projection-only parents exist.<br>- Missing `getDescendants`, `getFolderTree`, and real filing mutations. |
| Object read service | 10 | 84% | Hyland Alfresco ACS | - Object envelopes, properties, content descriptors, ACL projection, relationships, allowable actions, property filters, and path-addressed Browser Binding reads exist.<br>- Deleted/hidden objects are correctly not exposed.<br>- OpenCMIS object/content read-side baseline now completes with warnings only. |
| Object write service | 8 | 70% | Hyland Alfresco ACS | - `createDocument`, `createFolder`, scoped `moveObject`, folder rename, selected standard property updates, custom metadata updates, content stream set/delete, `bulkUpdateProperties`, and `createDocumentFromSource` exist.<br>- No broad filing mutation, raw physical delete, checkout/checkin, or policy/item creation.<br>- Delete remains intentionally governed, not raw repository removal. |
| Content stream read/write | 8 | 82% | Hyland Alfresco ACS | - Byte streaming, explicit content headers, multipart Browser Binding create, deduplicating `setContentStream`, no-content compatibility streams, content tombstones, partial body slicing, and offset-zero full-stream classification exist.<br>- Digest verification and governed access exist.<br>- Remaining warning is unsupported append semantics. |
| Versioning service | 8 | 25% | Hyland Alfresco ACS | - Version properties can be projected from engine versions.<br>- No checkout/checkin/cancelCheckout/PWC services.<br>- No version history route or all-versions query behavior. |
| Discovery/query | 8 | 25% | Hyland Alfresco ACS | - Narrow document select subset exists.<br>- Unsupported joins/order-by return diagnostics.<br>- Missing CMIS SQL predicates, type joins, full-text, ordering, and rich projection rules. |
| Relationships | 5 | 60% | Hyland Alfresco ACS | - Relationship object projection and source filtering exist.<br>- Visibility gates prevent protected relationship leakage.<br>- Missing full relationship service filters, relationship creation through CMIS, and type hierarchy maturity. |
| ACL service | 6 | 35% | Hyland Alfresco ACS | - Discover-only ACL projection exists.<br>- `applyACL` is blocked as not implemented.<br>- Missing inherited/direct ACL fidelity, propagation, ACL mutation, and repository principal model. |
| Policy service | 3 | 10% | Hyland Alfresco ACS | - Native policy decisions govern exposure.<br>- No CMIS policy objects, `applyPolicy`, `removePolicy`, or `getAppliedPolicies` service surface.<br>- Explicitly unsupported. |
| Change log | 5 | 55% | Hyland Alfresco ACS | - Audit-backed object-id change entries and paging exist.<br>- Missing CMIS update-conflict behavior for reused change tokens and richer change event typing.<br>- Change-token maturity is now directly visible in OpenCMIS object/content. |
| Change log | 5 | 60% | Hyland Alfresco ACS | - Audit-backed object-id change entries and paging exist.<br>- CMIS change-token conflicts are now enforced for property/content mutations.<br>- Missing richer change event typing and broader token semantics across optional services. |
| Multi-filing and unfiling | 4 | 25% | Hyland Alfresco ACS | - Projection-only parent maps exist and are useful for navigation.<br>- Standard CMIS `capabilityMultifiling` is correctly false.<br>- No add/remove filing mutations or canonical folder membership model. |
| Renditions | 3 | 15% | Hyland Alfresco ACS | - Native representations could become rendition candidates later.<br>- CMIS rendition capability is currently `none`.<br>- No rendition taxonomy or rendition stream routes. |
| Retention and hold | 2 | 5% | OpenText / Hyland governance stacks | - Native governance metadata can represent intent later.<br>- No CMIS retention/hold model or mutation services.<br>- Explicitly unsupported. |
| Bulk update | 2 | 5% | Hyland Alfresco ACS | - Native batch/error envelopes exist elsewhere in the engine.<br>- No CMIS `bulkUpdateProperties` behavior.<br>- Explicitly unsupported. |
| Browser Binding protocol fidelity | 7 | 66% | Hyland Alfresco ACS | - Browser-style routes, JSON envelopes, action aliases, multipart forms, path-addressed root routes, property filters, path segments, and range responses exist.<br>- Optional actions and CMIS exception mapping remain incomplete.<br>- Route-level CMIS tests run under the service extras and OpenCMIS now exercises object/content deeply. |
| Bulk update | 2 | 65% | Hyland Alfresco ACS | - `bulkUpdateProperties` works for the `compat-tck` profile by batching existing property updates with change-token handling.<br>- It is intentionally narrow and not enabled on the normal governed-authoring profile yet.<br>- No advanced partial-success envelope beyond the Browser Binding response list. |
| Browser Binding protocol fidelity | 7 | 78% | Hyland Alfresco ACS | - Browser-style routes, JSON envelopes, CMIS exception names, action aliases, multipart forms, path-addressed root routes, property filters, path segments, and range responses exist.<br>- Selected OpenCMIS Browser Binding repository/type and object/content baseline completes with warnings only.<br>- Optional services and broader CMIS SQL/versioning protocol surfaces remain incomplete. |
| AtomPub binding | 2 | 0% | Hyland Alfresco ACS | - No AtomPub/XML service document or feeds.<br>- Intentionally deferred until monetized need. |
| Web Services binding | 2 | 0% | Hyland Alfresco ACS | - No SOAP/WSDL stack.<br>- Intentionally deferred until monetized need. |
| External conformance evidence | 3 | 58% | OpenCMIS TCK against Alfresco-like server behavior | - OpenCMIS Browser Binding session creation succeeds against `compat-tck`.<br>- Selected `repository-type` baseline is warning-only.<br>- `object-content` executes concrete CRUD/content cases and is now blocked by a short list of semantic gaps rather than startup, path, paging, or basic content-read failures. |
| External conformance evidence | 3 | 82% | OpenCMIS TCK against Alfresco-like server behavior | - OpenCMIS Browser Binding session creation succeeds against `compat-tck`.<br>- Selected `repository-type` and `object-content` baselines complete with warnings only.<br>- Evidence still covers a selected baseline, not the full OpenCMIS TCK surface. |
Weighted result from this table: **51%**.
Weighted result from this table: **59%**.
## Most Important Gaps
1. **External conformance expansion**
- Keep the selected OpenCMIS TCK baseline running against `compat-tck`.
- Close or explicitly waive the remaining object/content gaps: exception
mapping, bulk update, delete content, change-token conflicts, copy, and
offset-zero range classification.
- Expand selected groups after the supported object/content baseline is
stable.
- Treat the current repository/type and object/content warnings as known:
local HTTP and unsupported append.
- Expand selected groups after the supported baseline remains stable.
2. **Browser Binding fidelity**
- Align route/action/selector shapes more closely with CMIS Browser Binding.
- Add non-skipped FastAPI route tests in CI with service extras installed.
- Add client smoke tests with Apache Chemistry/OpenCMIS where feasible.
- Return CMIS-specific exception classes/statuses instead of generic runtime
exceptions where OpenCMIS distinguishes invalid argument, constraint, and
update conflict.
- Continue returning CMIS-specific exception classes/statuses as more
optional services are added.
3. **Query depth**
- Add a real CMIS SQL subset parser instead of a two-query allowlist.
@@ -146,6 +142,11 @@ Weighted result from this table: **51%**.
- Map selected derived representations to CMIS renditions only after we have
stable representation taxonomy and real preview/thumbnail use cases.
7. **Append streams**
- Keep `appendContentStream()` unsupported unless a real client requires it.
- If implemented later, design it through blob composition/deduplication
rather than byte concatenation in the CMIS adapter.
## Product Positioning Takeaway
Against a mature CMIS implementation such as Hyland Alfresco ACS, Kontextual is

75
docs/cmis-opencmis-tck-wp0014-evidence-2026-05-13T210255Z.md Normal file
View File

@@ -0,0 +1,75 @@
# CMIS OpenCMIS TCK Evidence - WP-0014 - 2026-05-13T21:02:55Z
## Run Summary
- Run ID: `run-20260513T210255Z`
- Harness: `guide-board` with `open-cmis-tck` extension
- Assessment: `cmis-browser-baseline`
- Target: `kontextual-cmis-compat`
- Endpoint: `http://127.0.0.1:8010/cmis/compat-tck/browser`
- OpenCMIS TCK: CMIS 1.1.0, revision `1789681`
- Result: `completed`
- Policy: `0` unexpected findings, `0` applied waivers
- Internal verification: `.venv/bin/python -m pytest -q` -> `165 passed`,
`14 skipped`
The previous unpersisted `/tmp` assessment output was not available anymore,
so this run is the persisted evidence baseline for the remaining WP-0014 CMIS
object/content maturity blockers.
## Normalized Results
| Group | Result | Counts | Remaining non-green findings |
| --- | --- | --- | --- |
| `repository-type` | `warning` | `38 pass`, `2 info`, `1 skipped`, `1 warning` | Local test endpoint uses HTTP rather than HTTPS. |
| `object-content` | `warning` | `10 info`, `5 skipped`, `1 warning` | `appendContentStream()` is not supported. |
Guide Board summary:
- `pass`: 1
- `warning`: 2
## Blocker Resolution
Resolved in this pass:
- CMIS-specific exception mapping now returns Browser Binding exception names
such as `invalidArgument`, `constraint`, `updateConflict`, `notSupported`,
`objectNotFound`, and `permissionDenied` instead of leaking generic `422`
diagnostics into CMIS clients.
- `bulkUpdateProperties` is implemented for the `compat-tck` Browser Binding
profile by applying the existing CMIS `updateProperties` path to each
requested object with per-object change-token handling.
- `deleteContentStream` now records a content-change version, tombstones the
content projection, clears content-stream properties, and returns CMIS
`constraint` for subsequent stream reads so OpenCMIS resolves the stream to
`null` rather than treating the document as deleted.
- Change-token conflicts are enforced for CMIS property and content mutations.
- `createDocumentFromSource`/copy is implemented by creating a governed asset
copy that reuses representation blob references instead of duplicating bytes.
- Offset-zero content range requests are classified as full-stream responses
unless a non-zero offset or explicit length is requested.
## Remaining Scope
Remaining warning-only items:
- `appendContentStream()` is unsupported by design for now. The engine supports
whole-stream replacement through deduplicated content services; append would
need a deliberate blob-composition design before being advertised.
- HTTPS is not used in the local harness endpoint. This is deployment/test
topology, not a CMIS adapter behavior gap.
Skipped OpenCMIS object/content cases are aligned with declared capability
boundaries:
- Relationship, policy, and item creation are not advertised as creatable.
- Folder-name change-token subcases are skipped by the TCK.
## Interpretation
The selected Browser Binding baseline is now stable enough to be considered a
completed compatibility-preparation baseline for repository/type and
object/content services. This is not full CMIS 1.1 certification and does not
cover AtomPub, Web Services, versioning/PWC, full query, renditions, retention,
or policy mutation depth.