generated from coulomb/repo-seed
49 lines
1.3 KiB
Markdown
49 lines
1.3 KiB
Markdown
# CMIS Profiled Access Points Implementation
|
|
|
|
Date: 2026-05-06
|
|
|
|
Status: first implementation slice started.
|
|
|
|
## Implemented Slice
|
|
|
|
`src/kontextual_engine/core/cmis.py` defines the CMIS profile and access-point
|
|
boundary used by the future API adapter:
|
|
|
|
- `CMISBinding`
|
|
- `CMISCapability`
|
|
- `CMISAction`
|
|
- `CMISAccessProfile`
|
|
- `CMISAccessPoint`
|
|
|
|
The layer is intentionally small. It decides whether a CMIS action is allowed
|
|
for a profile and whether an engine asset may be exposed through an access
|
|
point. It does not implement CMIS routes and does not duplicate asset storage,
|
|
metadata, relationship, policy, or audit services.
|
|
|
|
## Built-In Profiles
|
|
|
|
- `readonly-browser`: Browser Binding read profile over public/internal assets.
|
|
- `governed-authoring`: Browser Binding profile with selected create/update
|
|
and content stream mutations.
|
|
- `admin-export`: service-account-only export profile with broad visibility.
|
|
- `compat-tck`: Browser Binding profile intended for selected OpenCMIS TCK
|
|
compatibility tests.
|
|
|
|
## Enforcement Boundary
|
|
|
|
Profiles can restrict exposure by:
|
|
|
|
- CMIS capability,
|
|
- mutation allowance,
|
|
- actor type,
|
|
- sensitivity,
|
|
- asset type,
|
|
- topic,
|
|
- source system,
|
|
- metadata deny rules.
|
|
|
|
Decisions return existing `PolicyDecision` objects so later CMIS routes can
|
|
emit compatible diagnostics and audit records without inventing another policy
|
|
model.
|
|
|