# CMIS Deployment And Compatibility Date: 2026-05-07 Status: Browser Binding subset implemented with profiled access points, conservative capability flags, and explicit unsupported diagnostics. ## Endpoint Setup Install the service dependencies and run the FastAPI application: ```sh python3 -m pip install -e '.[service]' uvicorn kontextual_engine.api.app:create_app --factory --host 127.0.0.1 --port 8000 ``` The CMIS access-point catalog is available at: ```text GET /cmis ``` Each configured profile is exposed as a Browser Binding MVP access point: ```text GET /cmis/{access_point_id}/browser GET /cmis/{access_point_id}/browser/types GET /cmis/{access_point_id}/browser/children GET /cmis/{access_point_id}/browser/object/{object_id} GET /cmis/{access_point_id}/browser/content/{object_id} GET /cmis/{access_point_id}/browser/acl/{object_id} GET /cmis/{access_point_id}/browser/parents/{object_id} GET /cmis/{access_point_id}/browser/query GET /cmis/{access_point_id}/browser/relationships GET /cmis/{access_point_id}/browser/changes POST /cmis/{access_point_id}/browser/document POST /cmis/{access_point_id}/browser/object/{object_id}/properties POST /cmis/{access_point_id}/browser/object/{object_id}/content POST /cmis/{access_point_id}/browser/object/{object_id}/delete ``` Supported `access_point_id` values: - `readonly-browser` - `governed-authoring` - `admin-export` - `compat-tck` Actor context is passed through the existing service headers, especially: - `X-Actor-Id` - `X-Actor-Type` - `X-Correlation-Id` - `X-Request-Scope` - `X-Policy-Scope` `admin-export` requires `X-Actor-Type: service_account`. ## Profile Capability Matrix | Capability | readonly-browser | governed-authoring | admin-export | compat-tck | | --- | --- | --- | --- | --- | | Browser Binding repository info | yes | yes | yes | yes | | Type definitions | yes | yes | yes | yes | | Synthetic navigation | yes | yes | yes | yes | | Projection-only parent maps | yes | yes | yes | yes | | CMIS `capabilityMultifiling` | no | no | no | no | | Descendants/folder tree services | no | no | no | no | | Object reads | yes | yes | yes | yes | | Content stream descriptors | yes | yes | yes | yes | | ACL projection | discover | discover | discover | discover | | Relationship projection | yes | yes | yes | yes | | Change log projection | yes | yes | yes | yes | | Query subset | document select only | document select only | document select only | document select only | | Create document | no | yes | no | yes | | Update properties | no | custom metadata only | no | custom metadata only | | Set content stream | no | yes | no | yes | | Delete object | no | delete-request lifecycle transition | no | delete-request lifecycle transition | | Confidential/restricted visibility | hidden | hidden | service-account visible | hidden | | AtomPub binding | deferred | deferred | deferred | deferred | | Web Services binding | deferred | deferred | deferred | deferred | ## Supported Query Subset The MVP supports: ```sql SELECT * FROM cmis:document SELECT * FROM kontextual:document ``` Unsupported query grammar returns structured validation diagnostics. Full CMIS SQL joins and broader predicate parsing are intentionally deferred. ## Compatibility Posture This implementation is a CMIS 1.1 Browser Binding MVP, not a broad CMIS certification claim. It is suitable for: - clients that can consume JSON Browser Binding-style repository, type, object, query, relationship, ACL, and change-log envelopes, - controlled integrations that can target a specific profile, - internal validation against deterministic fixtures, - optional selected OpenCMIS TCK checks through `compat-tck`. It is not yet suitable for clients that require: - AtomPub, - SOAP/Web Services, - `getDescendants` or `getFolderTree`, - full CMIS SQL, - mutating multifiling/unfiling, - private-working-copy semantics, - retention/hold mutation, - rendition streams, - bulk update properties, - apply/remove policy, - standard CMIS property mutation beyond `kontextual:metadata:`. ## Optional OpenCMIS TCK The optional harness boundary lives in: - `tests/cmis/opencmis-tck/README.md` - `tests/cmis/opencmis-tck/tck-subset-map.json` - `tests/cmis/opencmis-tck/tck-result-template.json` Default Python tests validate the fixture/TCK mapping but do not execute Java/Maven. Optional TCK runs should target: ```text http://127.0.0.1:8000/cmis/compat-tck/browser ``` Record results using the compact result template and map failures back to capability groups before treating them as implementation bugs. ## Operational Notes - Hidden objects should be treated as not found by CMIS clients. - Multiple parent folders are projection-only: assets may appear under several derived folder paths without changing canonical asset identity. The standard CMIS multifiling capability is advertised as unsupported because no add/remove filing mutation service is exposed. - Relationship and change-log responses are filtered through the same visibility gates as object reads. - Mutations always pass through engine services and produce normal engine audit events. - Delete is a governed lifecycle transition to `delete_requested`; after the transition the object is no longer exposed through CMIS reads. - Compatibility should be discussed per profile and per client rather than as a repo-wide binary property.