CMIS Browser Binding fixes

2026-05-11 12:28:36 +02:00
parent 59aa2a49a8
commit dc32be36fb
8 changed files with 1422 additions and 121 deletions
--- a/docs/cmis-1-1-capability-scorecard.md
+++ b/docs/cmis-1-1-capability-scorecard.md
@@ -2,16 +2,19 @@

 Date: 2026-05-07

-Evidence update: the 2026-05-08 OpenCMIS TCK compatibility implementation
-resolved the initial Browser Binding session blocker. The latest run,
-`run-20260508T092113Z`, completed the selected baseline with `38` passing
-repository/type cases, one local HTTP transport warning, and `22` object/content
-skips caused by the current non-creatable folder profile. See
-`docs/cmis-opencmis-tck-implementation-evidence-2026-05-08T092113Z.md`.
+Evidence update: the 2026-05-08 WP-0014 OpenCMIS pass moved the selected
+baseline beyond the original folder-creatable skip boundary and through several
+object/content maturity issues. The latest run, `run-20260508T164334Z`, reports
+`repository-type` as warning-only and reduces `object-content` to specific
+semantic gaps: invalid-type exception mapping, bulk update, content deletion,
+change-token conflict handling, copy/create-from-source, and one range
+classification warning. See
+`docs/cmis-opencmis-tck-wp0014-evidence-2026-05-08T164334Z.md`.

-The score below remains a product-depth estimate against mature CMIS products;
-the evidence-backed TCK preparation score for the selected baseline is `23.81`
-with `2/9` capability groups covered.
+The score below remains a product-depth estimate against mature CMIS products.
+The selected OpenCMIS baseline still exits as `infrastructure_error`, but the
+failure frontier is now narrow and capability-specific rather than basic
+Browser Binding shape or navigation.

 Status: baseline scorecard for the current Browser Binding subset.

@@ -71,9 +74,9 @@ CMIS interoperability importance rather than engine-internal importance.

 | Metric | Score |
 | --- | ---: |
-| Weighted CMIS 1.1 depth vs Hyland Alfresco benchmark | 42% |
-| Controlled-client Browser Binding usefulness | 58% |
-| Broad commodity CMIS client compatibility | 35% |
+| Weighted CMIS 1.1 depth vs Hyland Alfresco benchmark | 51% |
+| Controlled-client Browser Binding usefulness | 70% |
+| Broad commodity CMIS client compatibility | 46% |

 Interpretation: the current CMIS layer is a credible Browser Binding subset for
 known clients and profile-specific integrations. It is not yet a broad ECM/CMIS
@@ -83,41 +86,46 @@ replacement surface.

 | CMIS capability area | Weight | Current depth | Most worthy contender | Gap basis behind the percentage |
 | --- | ---: | ---: | --- | --- |
-| Repository service and repository info | 5 | 75% | Hyland Alfresco ACS | - Repository info and conservative capability flags exist.<br>- Unsupported feature catalog exists.<br>- Missing exact service-document parity and external TCK evidence. |
-| Type definitions | 6 | 45% | Hyland Alfresco ACS | - Base types and content stream properties exist.<br>- No mutable types or custom schema/type management.<br>- No broad property definition model beyond current projected fields. |
-| Navigation service | 8 | 40% | Hyland Alfresco ACS | - Root and folder-scoped children exist.<br>- Projection-only parents exist.<br>- Missing `getDescendants`, `getFolderTree`, object-by-path parity, and real filing mutations. |
-| Object read service | 10 | 70% | Hyland Alfresco ACS | - Object envelopes, properties, content descriptors, ACL projection, relationships, and allowable actions exist.<br>- Missing selector/property-filter fidelity and full Browser Binding response parity.<br>- Deleted/hidden objects are now correctly not exposed. |
-| Object write service | 8 | 35% | Hyland Alfresco ACS | - `createDocument`, custom metadata updates, content stream set, and delete-request lifecycle exist.<br>- No createFolder, moveObject, standard `cmis:*` property mutation, or physical delete semantics.<br>- Delete is intentionally governed, not raw repository removal. |
-| Content stream read/write | 8 | 65% | Hyland Alfresco ACS | - Byte streaming and deduplicating `setContentStream` exist.<br>- Digest verification and governed access exist.<br>- Missing append/delete stream, multipart Browser Binding parity, range handling, and client-tested large stream workflows. |
+| Repository service and repository info | 5 | 82% | Hyland Alfresco ACS | - Repository info and conservative capability flags exist.<br>- Unsupported feature catalog exists.<br>- OpenCMIS `repository-type` is warning-only, with the remaining warning caused by local HTTP. |
+| Type definitions | 6 | 52% | Hyland Alfresco ACS | - Base types and nullable content stream properties exist.<br>- No mutable types or custom schema/type management.<br>- Property definition depth remains intentionally narrow. |
+| Navigation service | 8 | 58% | Hyland Alfresco ACS | - Root and folder-scoped children, path lookup, folder parent lookup, and parent path segments work.<br>- Projection-only parents exist.<br>- Missing `getDescendants`, `getFolderTree`, and real filing mutations. |
+| Object read service | 10 | 78% | Hyland Alfresco ACS | - Object envelopes, properties, content descriptors, ACL projection, relationships, allowable actions, property filters, and path-addressed Browser Binding reads exist.<br>- Deleted/hidden objects are now correctly not exposed.<br>- Remaining read-side gaps are mostly around optional services and exception shape. |
+| Object write service | 8 | 58% | Hyland Alfresco ACS | - `createDocument`, `createFolder`, scoped `moveObject`, folder rename, selected standard property updates, custom metadata updates, content stream set, and delete-request lifecycle exist.<br>- No bulk update, copy/create-from-source, broad filing mutation, or physical delete semantics.<br>- Delete is intentionally governed, not raw repository removal. |
+| Content stream read/write | 8 | 74% | Hyland Alfresco ACS | - Byte streaming, explicit content headers, multipart Browser Binding create, deduplicating `setContentStream`, no-content compatibility streams, and partial body slicing exist.<br>- Digest verification and governed access exist.<br>- Remaining gaps are delete-content semantics, append semantics, change-token conflicts, and one range classification warning. |
 | Versioning service | 8 | 25% | Hyland Alfresco ACS | - Version properties can be projected from engine versions.<br>- No checkout/checkin/cancelCheckout/PWC services.<br>- No version history route or all-versions query behavior. |
 | Discovery/query | 8 | 25% | Hyland Alfresco ACS | - Narrow document select subset exists.<br>- Unsupported joins/order-by return diagnostics.<br>- Missing CMIS SQL predicates, type joins, full-text, ordering, and rich projection rules. |
 | Relationships | 5 | 60% | Hyland Alfresco ACS | - Relationship object projection and source filtering exist.<br>- Visibility gates prevent protected relationship leakage.<br>- Missing full relationship service filters, relationship creation through CMIS, and type hierarchy maturity. |
 | ACL service | 6 | 35% | Hyland Alfresco ACS | - Discover-only ACL projection exists.<br>- `applyACL` is blocked as not implemented.<br>- Missing inherited/direct ACL fidelity, propagation, ACL mutation, and repository principal model. |
 | Policy service | 3 | 10% | Hyland Alfresco ACS | - Native policy decisions govern exposure.<br>- No CMIS policy objects, `applyPolicy`, `removePolicy`, or `getAppliedPolicies` service surface.<br>- Explicitly unsupported. |
-| Change log | 5 | 55% | Hyland Alfresco ACS | - Audit-backed object-id change entries and paging exist.<br>- Missing full change token durability semantics and richer change event typing.<br>- Not yet proven against external CMIS clients. |
+| Change log | 5 | 55% | Hyland Alfresco ACS | - Audit-backed object-id change entries and paging exist.<br>- Missing CMIS update-conflict behavior for reused change tokens and richer change event typing.<br>- Change-token maturity is now directly visible in OpenCMIS object/content. |
 | Multi-filing and unfiling | 4 | 25% | Hyland Alfresco ACS | - Projection-only parent maps exist and are useful for navigation.<br>- Standard CMIS `capabilityMultifiling` is correctly false.<br>- No add/remove filing mutations or canonical folder membership model. |
 | Renditions | 3 | 15% | Hyland Alfresco ACS | - Native representations could become rendition candidates later.<br>- CMIS rendition capability is currently `none`.<br>- No rendition taxonomy or rendition stream routes. |
 | Retention and hold | 2 | 5% | OpenText / Hyland governance stacks | - Native governance metadata can represent intent later.<br>- No CMIS retention/hold model or mutation services.<br>- Explicitly unsupported. |
 | Bulk update | 2 | 5% | Hyland Alfresco ACS | - Native batch/error envelopes exist elsewhere in the engine.<br>- No CMIS `bulkUpdateProperties` behavior.<br>- Explicitly unsupported. |
-| Browser Binding protocol fidelity | 7 | 45% | Hyland Alfresco ACS | - Browser-style routes and JSON envelopes exist.<br>- FastAPI route shapes are pragmatic, not complete CMIS Browser Binding selector/action parity.<br>- Route-level tests skip without optional service dependencies. |
+| Browser Binding protocol fidelity | 7 | 66% | Hyland Alfresco ACS | - Browser-style routes, JSON envelopes, action aliases, multipart forms, path-addressed root routes, property filters, path segments, and range responses exist.<br>- Optional actions and CMIS exception mapping remain incomplete.<br>- Route-level CMIS tests run under the service extras and OpenCMIS now exercises object/content deeply. |
 | AtomPub binding | 2 | 0% | Hyland Alfresco ACS | - No AtomPub/XML service document or feeds.<br>- Intentionally deferred until monetized need. |
 | Web Services binding | 2 | 0% | Hyland Alfresco ACS | - No SOAP/WSDL stack.<br>- Intentionally deferred until monetized need. |
-| External conformance evidence | 3 | 35% | OpenCMIS TCK against Alfresco-like server behavior | - OpenCMIS Browser Binding session creation now succeeds against `compat-tck`.<br>- Selected `repository-type` baseline completes with no failures and one local HTTP warning.<br>- `object-content` reaches parsed cases but skips because `cmis:folder` is not creatable; broader groups and third-party client matrix are still missing. |
+| External conformance evidence | 3 | 58% | OpenCMIS TCK against Alfresco-like server behavior | - OpenCMIS Browser Binding session creation succeeds against `compat-tck`.<br>- Selected `repository-type` baseline is warning-only.<br>- `object-content` executes concrete CRUD/content cases and is now blocked by a short list of semantic gaps rather than startup, path, paging, or basic content-read failures. |

-Weighted result from this table: **42%**.
+Weighted result from this table: **51%**.

 ## Most Important Gaps

 1. **External conformance expansion**
   - Keep the selected OpenCMIS TCK baseline running against `compat-tck`.
-   - Decide whether to add TCK-only `createFolder` support or keep CRUD/content
-     skips as a deliberate profile boundary.
-   - Expand selected groups after the supported capability boundary is agreed.
+   - Close or explicitly waive the remaining object/content gaps: exception
+     mapping, bulk update, delete content, change-token conflicts, copy, and
+     offset-zero range classification.
+   - Expand selected groups after the supported object/content baseline is
+     stable.

 2. **Browser Binding fidelity**
   - Align route/action/selector shapes more closely with CMIS Browser Binding.
   - Add non-skipped FastAPI route tests in CI with service extras installed.
   - Add client smoke tests with Apache Chemistry/OpenCMIS where feasible.
+   - Return CMIS-specific exception classes/statuses instead of generic runtime
+     exceptions where OpenCMIS distinguishes invalid argument, constraint, and
+     update conflict.

 3. **Query depth**
   - Add a real CMIS SQL subset parser instead of a two-query allowlist.
--- a/docs/cmis-opencmis-tck-wp0014-evidence-2026-05-08T153316Z.md
+++ b/docs/cmis-opencmis-tck-wp0014-evidence-2026-05-08T153316Z.md
@@ -0,0 +1,99 @@
+# CMIS WP-0014 OpenCMIS Evidence - 2026-05-08T15:33:16Z
+
+## Scope
+
+This note records the second WP-0014 maturity pass for the CMIS 1.1 Browser
+Binding adapter. The pass followed the earlier folder/action work and focused
+on OpenCMIS compatibility issues that fit the engine architecture naturally.
+
+## Implemented Since Prior Evidence
+
+- Added Browser Binding `cmisaction=update` as an alias for
+  `updateProperties`.
+- Added scoped `cmisaction=move` support for CMIS-authored workspace documents
+  and adapter-managed workspace folders.
+- Added URL-path Browser Binding routes under `/browser/root/{path}` for object,
+  children, parent, parents, properties, allowable actions, content, and POST
+  actions against path-addressed objects.
+- Normalized stored CMIS content stream media types and emitted explicit
+  `Content-Type` headers so text streams do not acquire an unwanted charset.
+- Accepted metadata-backed standard property updates for `cmis:name`,
+  `cmis:description`, and `cmis:secondaryObjectTypeIds`.
+- Honored `cmis:secondaryObjectTypeIds` during document creation.
+- Rejected invalid `createDocument` type ids, such as `cmis:folder`.
+- Removed non-standard `cmis:path` from document property definitions and
+  document object projections while retaining folder `cmis:path`.
+
+## Local Verification
+
+Focused CMIS suite:
+
+```bash
+.venv/bin/python -m pytest tests/cmis -q
+```
+
+Result:
+
+- `48 passed`
+- Performance monitor warnings appeared on two Browser Binding tests; these
+  should be watched across additional runs before treating them as a regression.
+
+## OpenCMIS Run
+
+The final run used an isolated temporary target on port `8010` to avoid
+colliding with other local services:
+
+```bash
+cd /home/worsch/guide-board
+source /home/worsch/open-cmis-tck/.local/toolchains/env.sh
+PYTHONPATH=src python3 -m guide_board \
+  --extension-dir ../open-cmis-tck \
+  run \
+  --target /tmp/kontextual-cmis-compat-8010.json \
+  --assessment ../open-cmis-tck/profiles/assessments/cmis-browser-baseline.json \
+  --output-dir /tmp/open-cmis-tck-kontextual-wp14-20260508T153146Z
+```
+
+Result:
+
+- Run ID: `run-20260508T153316Z`
+- Run directory: `/tmp/open-cmis-tck-kontextual-wp14-20260508T153146Z`
+- Harness status: `infrastructure_error`
+- Maturity scorecard:
+  `/tmp/open-cmis-tck-kontextual-wp14-20260508T153146Z/reports/cmis-maturity-scorecard.md`
+- Maturity score: `19.05`
+- Coverage: `2/9` groups
+
+## Capability Interpretation
+
+- `repository-type`: improved from failing to `warning` / partial. Repository
+  info and type metadata are now usable enough for the selected baseline, with
+  warnings instead of hard failures.
+- `object-content`: still infrastructure-blocked in guide-board classification,
+  but the blockers are now concrete object/content edge cases rather than
+  Browser Binding startup, folder creation, MIME, or secondary-type basics.
+
+## Remaining Frontier
+
+- `getObjectByPath` still fails in several OpenCMIS child checks for paths such
+  as `/test-folder/test-folder`; this likely needs tighter folder/document
+  child path-segment semantics and cleanup behavior investigation.
+- Creating a document without content still leads OpenCMIS into a missing
+  content-stream exception. We need decide whether CMIS-created no-content
+  documents should expose an empty stream or clearer no-content semantics.
+- Invalid-type errors are now correctly rejected, but OpenCMIS still classifies
+  our HTTP 422 as a runtime warning rather than a clean CMIS constraint
+  response.
+- Folder `cmis:path` still appears when property filters request narrower
+  property sets. Operation-context filtering for properties, ACLs, allowable
+  actions, and path segments remains a compatibility gap.
+- `bulkUpdate`, `deleteContent`, and some change-token tests still receive
+  unsupported-action or validation responses. These should be handled either by
+  natural implementation or sharper unsupported behavior.
+
+## Conclusion
+
+The CMIS adapter foundation is sounder and more standards-shaped after this
+pass. We should keep WP-0014 active for the remaining object/content frontier,
+but the work has moved from "basic Browser Binding compatibility" into specific
+CMIS behavior polish and optional-service boundary decisions.
--- a/docs/cmis-opencmis-tck-wp0014-evidence-2026-05-08T164334Z.md
+++ b/docs/cmis-opencmis-tck-wp0014-evidence-2026-05-08T164334Z.md
@@ -0,0 +1,109 @@
+# CMIS OpenCMIS TCK Evidence - WP-0014 - 2026-05-08T16:43:34Z
+
+## Run
+
+- Run ID: `run-20260508T164334Z`
+- Harness: `guide-board` with external extension `/home/worsch/open-cmis-tck`
+- Target: `kontextual-cmis-compat`
+- Endpoint under test: `http://127.0.0.1:8010/cmis/compat-tck/browser`
+- Output directory:
+  `/tmp/open-cmis-tck-kontextual-wp14-20260508T1643Z`
+- Assessment package:
+  `/tmp/open-cmis-tck-kontextual-wp14-20260508T1643Z/reports/assessment-package.json`
+- Report:
+  `/tmp/open-cmis-tck-kontextual-wp14-20260508T1643Z/reports/report.md`
+
+Command shape:
+
+```sh
+cd /home/worsch/guide-board
+PYTHONPATH=src python3 -m guide_board \
+  --extension-dir ../open-cmis-tck \
+  run \
+  --target /tmp/kontextual-cmis-compat-8010.json \
+  --assessment ../open-cmis-tck/profiles/assessments/cmis-browser-baseline.json \
+  --output-dir /tmp/open-cmis-tck-kontextual-wp14-20260508T1643Z
+```
+
+The local Java/Maven toolchain from `/home/worsch/open-cmis-tck/.local/toolchains`
+was supplied in the command environment.
+
+## Internal Verification
+
+- Focused CMIS tests:
+  `.venv/bin/python -m pytest tests/cmis/test_cmis_runtime_browser_binding.py tests/cmis/test_cmis_browser_binding_api.py -q`
+  -> `20 passed`.
+- Full suite:
+  `.venv/bin/python -m pytest -q`
+  -> `160 passed, 14 skipped`.
+
+## OpenCMIS Result Summary
+
+Overall Guide Board status remains `infrastructure_error` because the
+`object-content` group still contains unsupported or incomplete CMIS services.
+
+Normalized group counts:
+
+- `repository-type`: `38 pass`, `2 info`, `1 skipped`, `1 warning`.
+- `object-content`: `12 info`, `5 skipped`, `3 warning`, `3 fail`,
+  `3 infrastructure_error`.
+
+The sole `repository-type` warning is local HTTP rather than HTTPS:
+`HTTPS is not used. Credentials might be transferred as plain text!`
+
+## Improvements Since `run-20260508T153316Z`
+
+- Fixed Browser Binding parent `relativePathSegment`; OpenCMIS no longer builds
+  invalid paths such as `/folder/folder` for documents.
+- Added Browser Binding property filtering and optional envelope trimming for
+  `filter`, `includeAllowableActions`, `includeACL`, and `includePathSegment`.
+- Changed Browser Binding children `numItems` to report the total child count
+  instead of page length.
+- Added range-aware content responses with sliced bodies, `Content-Length`,
+  `Content-Range`, and `206` for partial requests.
+- Added no-content document compatibility streams while keeping document content
+  stream properties nullable.
+- Added stable object-id behavior for adapter-managed folder rename/update.
+- Added `setContent` and `deleteContent` Browser Binding action aliases over the
+  existing content-stream service boundary.
+- Preserved existing blob deduplication and digest verification paths.
+
+Removed or reduced OpenCMIS frontier items:
+
+- `getObjectByPath` path-segment failures are gone.
+- Create/delete document paging `numItems` failures are gone.
+- Update Smoke Test folder rename/object-id failures are gone.
+- Operation Context ACL delivery warning is gone.
+- Most content range warnings are gone.
+- No-content document retrieval no longer aborts with `Representation not found`.
+
+## Remaining Frontier
+
+These are now the concrete maturity gaps visible in the selected OpenCMIS
+baseline:
+
+- **Invalid type exception mapping**: invalid document/folder type creation
+  returns HTTP `422`, which OpenCMIS reports as `CmisRuntimeException` instead
+  of a narrower CMIS invalid-argument/constraint exception.
+- **Bulk update**: `cmisaction=bulkUpdate` is still unsupported and reports
+  `Unprocessable Entity`.
+- **Delete content semantics**: `deleteContentStream` is accepted through the
+  alias layer, but OpenCMIS still observes content after delete. The adapter
+  needs a stronger natural representation-removal or tombstone model.
+- **Change tokens**: repeated property/content updates with the same change token
+  do not produce CMIS update-conflict behavior yet.
+- **Copy/create-from-source**: `createDocumentFromSource` remains unsupported.
+- **Range classification**: the remaining range warning is for an offset-zero
+  full-stream request being marked as partial.
+
+## Interpretation
+
+The CMIS layer is now past the early Browser Binding and basic object/content
+shape problems. The remaining failures are concentrated in specific CMIS
+service semantics: exception mapping, content deletion, change token conflict
+handling, copy support, and bulk update.
+
+This is a healthy architectural signal: the adapter continues to map naturally
+onto native asset, representation, blob, metadata, policy, and audit services.
+The remaining work should be handled as explicit compatibility choices rather
+than broad ECM reimplementation.