# CMIS OpenCMIS TCK Evidence - Release Readiness - 2026-05-14T00:37:05Z ## Run Summary - Run ID: `run-20260514T003705Z` - Local date: 2026-05-14 Europe/Berlin - Harness: `guide-board` with `open-cmis-tck` extension - Assessment: `cmis-browser-baseline` - Target: `kontextual-cmis-compat` - Endpoint: `http://127.0.0.1:8010/cmis/compat-tck/browser` - OpenCMIS TCK: CMIS 1.1.0, revision `1789681` - Result: `completed` - Policy: `0` unexpected findings, `0` applied waivers - Run directory: `/tmp/kontextual-cmis-assessment-20260514T003648Z` - Assessment package: `/tmp/kontextual-cmis-assessment-20260514T003648Z/reports/assessment-package.json` - Report: `/tmp/kontextual-cmis-assessment-20260514T003648Z/reports/report.md` This run was executed after `KONT-WP-0016` added bounded read-side query, relationship, ACL, and capability-ordering contracts. A first assessment run (`run-20260514T002933Z`) exposed an avoidable object/content warning because folder children were not returned in deterministic `cmis:name` order after advertising `capabilityOrderBy=common`. The engine now sorts CMIS child projections by `cmis:name`; the final run below is the persisted release evidence. ## Command The sister `open-cmis-tck` target profile points at port `8000`, which is not safe for this workstation because another local service is already bound there. For this run, the target profile was copied to `/tmp` with only the endpoint changed to port `8010`. ```sh cd /home/worsch/guide-board source /home/worsch/open-cmis-tck/.local/toolchains/env.sh PYTHONPATH=src python3 -m guide_board \ --extension-dir ../open-cmis-tck \ run \ --target /tmp/kontextual-cmis-compat-8010-20260514T003648Z.json \ --assessment ../open-cmis-tck/profiles/assessments/cmis-browser-baseline.json \ --output-dir /tmp/kontextual-cmis-assessment-20260514T003648Z cd /home/worsch/open-cmis-tck PYTHONPATH=src python3 scripts/cmis_scorecard.py \ --run-dir /tmp/kontextual-cmis-assessment-20260514T003648Z ``` ## Normalized Results | Group | Result | Counts | Remaining non-green findings | | --- | --- | --- | --- | | `preflight` | `pass` | Endpoint reachable; parseable Browser Binding JSON; repository `compat-tck` selected. | None. | | `repository-type` | `warning` | `38 pass`, `2 info`, `1 skipped`, `1 warning` | Local loopback endpoint uses HTTP rather than HTTPS. | | `object-content` | `pass` | `10 info`, `5 skipped` | None. | Guide Board summary: - `pass`: 2 - `warning`: 1 - unexpected findings: 0 - applied expectations: 0 - applied waivers: 0 The only warning is the known local harness transport warning: ```text Security Test (BROWSER): HTTPS is not used. Credentials might be transferred as plain text! ``` ## Score This is a compatibility-infrastructure score for the selected Browser Binding baseline, not a CMIS certification score. | Metric | Score | Basis | | --- | ---: | --- | | Selected baseline completion | 100.0% | Guide Board result `completed`; both selected TCK groups returned `0`. | | Unexpected finding clearance | 100.0% | `0` unexpected findings, `0` fail, `0` infrastructure_error. | | Warning-adjusted normalized case score | 99.1% | `(56 accepted + 0.5 * 1 warning) / 57 normalized cases`. | | Strict no-warning normalized case score | 98.2% | `56 accepted / 57 normalized cases`. | | Guide Board maturity score | 33.33 | Two of nine mapped capability groups assessed; object/content demonstrated, repository/type partial due local HTTP. | | Guide Board coverage | 22.22% | Selected baseline covers `repository-type` and `object-content` only. | Digest versus `run-20260514T002933Z`: - `object-content` improved from warning to pass. - The folder child-order warning is closed by deterministic `cmis:name` ordering. - The remaining warning is unchanged: local loopback HTTP rather than HTTPS. Digest versus `run-20260513T223537Z`: - Selected-baseline infrastructure score remains `99.1%`. - `object-content` remains pass. - The persisted baseline now reflects `capabilityOrderBy=common`. ## Interpretation The selected OpenCMIS Browser Binding baseline remains release-ready for a controlled `0.1.0` preview. The engine demonstrates stable repository/type and object/content behavior through the external OpenCMIS harness. The remaining warning is a deployment topology issue, not a CMIS adapter behavior failure. Released access points must run behind HTTPS termination; local loopback harness runs may accept the warning as an environment condition. This evidence still does not claim full CMIS 1.1 certification. It does not cover AtomPub, Web Services, PWC/checkin/checkout, full CMIS SQL, renditions, retention/hold, policy mutation, or the non-selected OpenCMIS TCK groups.