coulomb/kontextual-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
kontextual-engine/docs/cmis-deployment-compatibility.md

5.3 KiB
Raw Permalink Blame History

CMIS Deployment And Compatibility

Date: 2026-05-07

Status: Browser Binding subset implemented with profiled access points, conservative capability flags, and explicit unsupported diagnostics.

Endpoint Setup

Install the service dependencies and run the FastAPI application:

python3 -m pip install -e '.[service]'
uvicorn kontextual_engine.api.app:create_app --factory --host 127.0.0.1 --port 8000

The CMIS access-point catalog is available at:

GET /cmis

Each configured profile is exposed as a Browser Binding MVP access point:

GET  /cmis/{access_point_id}/browser
GET  /cmis/{access_point_id}/browser/types
GET  /cmis/{access_point_id}/browser/children
GET  /cmis/{access_point_id}/browser/object/{object_id}
GET  /cmis/{access_point_id}/browser/content/{object_id}
GET  /cmis/{access_point_id}/browser/acl/{object_id}
GET  /cmis/{access_point_id}/browser/parents/{object_id}
GET  /cmis/{access_point_id}/browser/query
GET  /cmis/{access_point_id}/browser/relationships
GET  /cmis/{access_point_id}/browser/changes
POST /cmis/{access_point_id}/browser/document
POST /cmis/{access_point_id}/browser/object/{object_id}/properties
POST /cmis/{access_point_id}/browser/object/{object_id}/content
POST /cmis/{access_point_id}/browser/object/{object_id}/delete

Supported access_point_id values:

  • readonly-browser
  • governed-authoring
  • admin-export
  • compat-tck

Actor context is passed through the existing service headers, especially:

  • X-Actor-Id
  • X-Actor-Type
  • X-Correlation-Id
  • X-Request-Scope
  • X-Policy-Scope

admin-export requires X-Actor-Type: service_account.

Profile Capability Matrix

Capability readonly-browser governed-authoring admin-export compat-tck
Browser Binding repository info yes yes yes yes
Type definitions yes yes yes yes
Synthetic navigation yes yes yes yes
Projection-only parent maps yes yes yes yes
CMIS capabilityMultifiling no no no no
Descendants/folder tree services no no no no
Object reads yes yes yes yes
Content stream descriptors yes yes yes yes
ACL projection discover discover discover discover
Relationship projection yes yes yes yes
Change log projection yes yes yes yes
Query subset document select only document select only document select only document select only
Create document no yes no yes
Update properties no custom metadata only no custom metadata only
Set content stream no yes no yes
Delete object no delete-request lifecycle transition no delete-request lifecycle transition
Confidential/restricted visibility hidden hidden service-account visible hidden
AtomPub binding deferred deferred deferred deferred
Web Services binding deferred deferred deferred deferred

Supported Query Subset

The MVP supports:

SELECT * FROM cmis:document
SELECT * FROM kontextual:document

Unsupported query grammar returns structured validation diagnostics. Full CMIS SQL joins and broader predicate parsing are intentionally deferred.

Compatibility Posture

This implementation is a CMIS 1.1 Browser Binding MVP, not a broad CMIS certification claim. It is suitable for:

  • clients that can consume JSON Browser Binding-style repository, type, object, query, relationship, ACL, and change-log envelopes,
  • controlled integrations that can target a specific profile,
  • internal validation against deterministic fixtures,
  • optional selected OpenCMIS TCK checks through compat-tck.

It is not yet suitable for clients that require:

  • AtomPub,
  • SOAP/Web Services,
  • getDescendants or getFolderTree,
  • full CMIS SQL,
  • mutating multifiling/unfiling,
  • private-working-copy semantics,
  • retention/hold mutation,
  • rendition streams,
  • bulk update properties,
  • apply/remove policy,
  • standard CMIS property mutation beyond kontextual:metadata:<key>.

Optional OpenCMIS TCK

The optional harness boundary lives in:

  • tests/cmis/opencmis-tck/README.md
  • tests/cmis/opencmis-tck/tck-subset-map.json
  • tests/cmis/opencmis-tck/tck-result-template.json

Default Python tests validate the fixture/TCK mapping but do not execute Java/Maven. Optional TCK runs should target:

http://127.0.0.1:8000/cmis/compat-tck/browser

Record results using the compact result template and map failures back to capability groups before treating them as implementation bugs.

Operational Notes

  • Hidden objects should be treated as not found by CMIS clients.
  • Multiple parent folders are projection-only: assets may appear under several derived folder paths without changing canonical asset identity. The standard CMIS multifiling capability is advertised as unsupported because no add/remove filing mutation service is exposed.
  • Relationship and change-log responses are filtered through the same visibility gates as object reads.
  • Mutations always pass through engine services and produce normal engine audit events.
  • Delete is a governed lifecycle transition to delete_requested; after the transition the object is no longer exposed through CMIS reads.
  • Compatibility should be discussed per profile and per client rather than as a repo-wide binary property.
Reference in New Issue View Git Blame Copy Permalink