--- id: KONT-WP-0012 type: workplan title: "CMIS Profiled Access Points Implementation" domain: markitect repo: kontextual-engine status: completed owner: codex topic_slug: markitect planning_priority: high planning_order: 12 created: "2026-05-06" updated: "2026-05-06" state_hub_workstream_id: "d538d68f-17a8-401f-9cdc-d526dd734ddc" --- # KONT-WP-0012: CMIS Profiled Access Points Implementation ## Purpose Implement a CMIS API extension for `kontextual-engine` that can expose multiple CMIS access points. Each access point has a profile that regulates which CMIS capabilities are available, which data is visible, which mutations are allowed, and which data must never be exposed. ## Requirement It must be possible to allow and expose multiple CMIS access points with different profiles that regulate: - which subset of CMIS capabilities are provided on the access point, - which engine data is accessible using the access point, - which data must not be exposed through the access point. ## Dependency Implementation must begin after the assessment, examples, and test foundation from `KONT-WP-0011` are sufficient to define the first profile and regression suite. ## Implementation Notes - `docs/cmis-profiled-access-points-implementation.md` - `docs/cmis-deployment-compatibility.md` - `src/kontextual_engine/core/cmis.py` - `tests/cmis/test_cmis_access_profiles.py` - `tests/cmis/test_cmis_domain_mapper.py` - `tests/cmis/test_cmis_runtime_browser_binding.py` - `tests/cmis/test_cmis_browser_binding_api.py` - `tests/cmis/test_cmis_fixture_integration.py` - `tests/cmis/opencmis-tck/tck-subset-map.json` ## Architecture Constraint CMIS routes are adapters over engine services and policy gates. They must not become a second domain model. Every CMIS access point resolves an `OperationContext`, applies profile rules, authorizes exposure/mutation, and emits audit events. ## D12.1 - Define CMIS profile and access-point model ```task id: KONT-WP-0012-T001 status: done priority: high state_hub_task_id: "031c3ce5-bb56-41fb-a014-6a496c280d20" ``` Acceptance: - Access-point config includes ID, repository ID, profile name, binding, capability flags, visibility scope, deny rules, mutation policy, and actor context requirements. - Profiles support read-only, governed authoring, admin/export, and TCK compatibility variants. - Profile matching is deterministic and auditable. ## D12.2 - Implement CMIS domain mapper ```task id: KONT-WP-0012-T002 status: done priority: high state_hub_task_id: "a4c44471-22a9-40d9-9821-4b78e5ba9360" ``` Acceptance: - Engine assets map to CMIS documents/items. - Synthetic folders, paths, object IDs, properties, content streams, relationships, versions, allowable actions, and change tokens are mapped. - Unsupported CMIS features are represented by correct capability flags and structured errors. ## D12.3 - Implement Browser Binding MVP access point ```task id: KONT-WP-0012-T003 status: done priority: high state_hub_task_id: "b9f5d790-f291-4613-89da-5d47e7887a9e" ``` Acceptance: - Browser Binding routes expose repository info, types, navigation, object read, content stream read, query subset, relationships, and change log. - Route behavior is profile-scoped. - Responses match CMIS Browser Binding expectations for the supported subset. ## D12.4 - Implement governed authoring operations ```task id: KONT-WP-0012-T004 status: done priority: high state_hub_task_id: "49716ca7-6a10-43ac-8ac5-ffa1c15b048e" ``` Acceptance: - Supported create/update/delete/content stream operations delegate through engine services. - Mutations enforce policy, profile rules, version expectations, and audit. - Read-only profiles reject mutations with CMIS-compatible diagnostics. ## D12.5 - Implement profile-scoped ACL policy and redaction ```task id: KONT-WP-0012-T005 status: done priority: high state_hub_task_id: "64289d84-d7a2-4c03-8fa6-5f439bc233fe" ``` Acceptance: - Access points can hide assets by classification, owner, topic, lifecycle, source system, metadata, actor, or policy decision. - Denied data is omitted rather than partially leaked. - ACL/allowable action projections reflect engine policy and profile rules. ## D12.6 - Integrate CMIS compliance fixtures and optional OpenCMIS TCK ```task id: KONT-WP-0012-T006 status: done priority: medium state_hub_task_id: "2f1e9075-395e-4ed0-9abd-ed7c4ecd774d" ``` Acceptance: - Internal CMIS tests run for every profile. - Optional OpenCMIS TCK can target a running CMIS access point. - TCK subset results are captured and mapped back to capability gaps. ## D12.7 - Document deployment and compatibility posture ```task id: KONT-WP-0012-T007 status: done priority: medium state_hub_task_id: "a1d28453-2ab7-4d18-8757-6f9ece1674b3" ``` Acceptance: - CMIS endpoint setup is documented. - Supported/unsupported CMIS capabilities are documented per profile. - Browser Binding MVP, AtomPub/Web Services deferral, OpenCMIS TCK posture, and known client compatibility notes are explicit. ## Definition Of Done - Multiple CMIS access points can be configured and exposed. - Each access point enforces profile-specific capability and data-visibility rules. - Supported CMIS Browser Binding subset passes internal compliance tests. - Optional OpenCMIS TCK harness can be run against a compatibility profile. - `python3 -m pytest` passes.