Files
kontextual-engine/docs/cmis-opencmis-tck-release-readiness-evidence-2026-05-14T003705Z.md

112 lines
4.6 KiB
Markdown

# CMIS OpenCMIS TCK Evidence - Release Readiness - 2026-05-14T00:37:05Z
## Run Summary
- Run ID: `run-20260514T003705Z`
- Local date: 2026-05-14 Europe/Berlin
- Harness: `guide-board` with `open-cmis-tck` extension
- Assessment: `cmis-browser-baseline`
- Target: `kontextual-cmis-compat`
- Endpoint: `http://127.0.0.1:8010/cmis/compat-tck/browser`
- OpenCMIS TCK: CMIS 1.1.0, revision `1789681`
- Result: `completed`
- Policy: `0` unexpected findings, `0` applied waivers
- Run directory: `/tmp/kontextual-cmis-assessment-20260514T003648Z`
- Assessment package:
`/tmp/kontextual-cmis-assessment-20260514T003648Z/reports/assessment-package.json`
- Report:
`/tmp/kontextual-cmis-assessment-20260514T003648Z/reports/report.md`
This run was executed after `KONT-WP-0016` added bounded read-side query,
relationship, ACL, and capability-ordering contracts. A first assessment run
(`run-20260514T002933Z`) exposed an avoidable object/content warning because
folder children were not returned in deterministic `cmis:name` order after
advertising `capabilityOrderBy=common`. The engine now sorts CMIS child
projections by `cmis:name`; the final run below is the persisted release
evidence.
## Command
The sister `open-cmis-tck` target profile points at port `8000`, which is not
safe for this workstation because another local service is already bound there.
For this run, the target profile was copied to `/tmp` with only the endpoint
changed to port `8010`.
```sh
cd /home/worsch/guide-board
source /home/worsch/open-cmis-tck/.local/toolchains/env.sh
PYTHONPATH=src python3 -m guide_board \
--extension-dir ../open-cmis-tck \
run \
--target /tmp/kontextual-cmis-compat-8010-20260514T003648Z.json \
--assessment ../open-cmis-tck/profiles/assessments/cmis-browser-baseline.json \
--output-dir /tmp/kontextual-cmis-assessment-20260514T003648Z
cd /home/worsch/open-cmis-tck
PYTHONPATH=src python3 scripts/cmis_scorecard.py \
--run-dir /tmp/kontextual-cmis-assessment-20260514T003648Z
```
## Normalized Results
| Group | Result | Counts | Remaining non-green findings |
| --- | --- | --- | --- |
| `preflight` | `pass` | Endpoint reachable; parseable Browser Binding JSON; repository `compat-tck` selected. | None. |
| `repository-type` | `warning` | `38 pass`, `2 info`, `1 skipped`, `1 warning` | Local loopback endpoint uses HTTP rather than HTTPS. |
| `object-content` | `pass` | `10 info`, `5 skipped` | None. |
Guide Board summary:
- `pass`: 2
- `warning`: 1
- unexpected findings: 0
- applied expectations: 0
- applied waivers: 0
The only warning is the known local harness transport warning:
```text
Security Test (BROWSER): HTTPS is not used. Credentials might be transferred as plain text!
```
## Score
This is a compatibility-infrastructure score for the selected Browser Binding
baseline, not a CMIS certification score.
| Metric | Score | Basis |
| --- | ---: | --- |
| Selected baseline completion | 100.0% | Guide Board result `completed`; both selected TCK groups returned `0`. |
| Unexpected finding clearance | 100.0% | `0` unexpected findings, `0` fail, `0` infrastructure_error. |
| Warning-adjusted normalized case score | 99.1% | `(56 accepted + 0.5 * 1 warning) / 57 normalized cases`. |
| Strict no-warning normalized case score | 98.2% | `56 accepted / 57 normalized cases`. |
| Guide Board maturity score | 33.33 | Two of nine mapped capability groups assessed; object/content demonstrated, repository/type partial due local HTTP. |
| Guide Board coverage | 22.22% | Selected baseline covers `repository-type` and `object-content` only. |
Digest versus `run-20260514T002933Z`:
- `object-content` improved from warning to pass.
- The folder child-order warning is closed by deterministic `cmis:name`
ordering.
- The remaining warning is unchanged: local loopback HTTP rather than HTTPS.
Digest versus `run-20260513T223537Z`:
- Selected-baseline infrastructure score remains `99.1%`.
- `object-content` remains pass.
- The persisted baseline now reflects `capabilityOrderBy=common`.
## Interpretation
The selected OpenCMIS Browser Binding baseline remains release-ready for a
controlled `0.1.0` preview. The engine demonstrates stable repository/type and
object/content behavior through the external OpenCMIS harness.
The remaining warning is a deployment topology issue, not a CMIS adapter
behavior failure. Released access points must run behind HTTPS termination;
local loopback harness runs may accept the warning as an environment condition.
This evidence still does not claim full CMIS 1.1 certification. It does not
cover AtomPub, Web Services, PWC/checkin/checkout, full CMIS SQL, renditions,
retention/hold, policy mutation, or the non-selected OpenCMIS TCK groups.