coulomb/kontextual-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
801d2f48517b44ad22fb9b1e64121ee6c8a90e53
kontextual-engine/docs/cmis-deployment-compatibility.md
tegwick 801d2f4851 deployment and compatibility
2026-05-07 02:04:59 +02:00

144 lines
4.6 KiB
Markdown
Raw Blame History

# CMIS Deployment And Compatibility
Date: 2026-05-07
Status: Browser Binding MVP implemented with profiled access points.
## Endpoint Setup
Install the service dependencies and run the FastAPI application:
```sh
python3 -m pip install -e '.[service]'
uvicorn kontextual_engine.api.app:create_app --factory --host 127.0.0.1 --port 8000
```
The CMIS access-point catalog is available at:
```text
GET /cmis
```
Each configured profile is exposed as a Browser Binding MVP access point:
```text
GET /cmis/{access_point_id}/browser
GET /cmis/{access_point_id}/browser/types
GET /cmis/{access_point_id}/browser/children
GET /cmis/{access_point_id}/browser/object/{object_id}
GET /cmis/{access_point_id}/browser/content/{object_id}
GET /cmis/{access_point_id}/browser/acl/{object_id}
GET /cmis/{access_point_id}/browser/query
GET /cmis/{access_point_id}/browser/relationships
GET /cmis/{access_point_id}/browser/changes
POST /cmis/{access_point_id}/browser/document
POST /cmis/{access_point_id}/browser/object/{object_id}/properties
POST /cmis/{access_point_id}/browser/object/{object_id}/content
POST /cmis/{access_point_id}/browser/object/{object_id}/delete
```
Supported `access_point_id` values:
- `readonly-browser`
- `governed-authoring`
- `admin-export`
- `compat-tck`
Actor context is passed through the existing service headers, especially:
- `X-Actor-Id`
- `X-Actor-Type`
- `X-Correlation-Id`
- `X-Request-Scope`
- `X-Policy-Scope`
`admin-export` requires `X-Actor-Type: service_account`.
## Profile Capability Matrix
| Capability | readonly-browser | governed-authoring | admin-export | compat-tck |
| --- | --- | --- | --- | --- |
| Browser Binding repository info | yes | yes | yes | yes |
| Type definitions | yes | yes | yes | yes |
| Synthetic navigation | yes | yes | yes | yes |
| Object reads | yes | yes | yes | yes |
| Content stream descriptors | yes | yes | yes | yes |
| ACL projection | discover | discover | discover | discover |
| Relationship projection | yes | yes | yes | yes |
| Change log projection | yes | yes | yes | yes |
| Query subset | document select only | document select only | document select only | document select only |
| Create document | no | yes | no | yes |
| Update properties | no | yes | no | yes |
| Set content stream | no | yes | no | yes |
| Delete object | no | delete-request lifecycle transition | no | delete-request lifecycle transition |
| Confidential/restricted visibility | hidden | hidden | service-account visible | hidden |
| AtomPub binding | deferred | deferred | deferred | deferred |
| Web Services binding | deferred | deferred | deferred | deferred |
## Supported Query Subset
The MVP supports:
```sql
SELECT * FROM cmis:document
SELECT * FROM kontextual:document
```
Unsupported query grammar returns structured validation diagnostics. Full CMIS
SQL joins and broader predicate parsing are intentionally deferred.
## Compatibility Posture
This implementation is a CMIS 1.1 Browser Binding MVP, not a broad CMIS
certification claim. It is suitable for:
- clients that can consume JSON Browser Binding-style repository, type, object,
query, relationship, ACL, and change-log envelopes,
- controlled integrations that can target a specific profile,
- internal validation against deterministic fixtures,
- optional selected OpenCMIS TCK checks through `compat-tck`.
It is not yet suitable for clients that require:
- AtomPub,
- SOAP/Web Services,
- full CMIS SQL,
- multifiling/unfiling,
- private-working-copy semantics,
- retention/hold mutation,
- rendition streams,
- bulk update properties,
- apply/remove policy,
- strict byte-stream download semantics instead of content stream descriptors.
## Optional OpenCMIS TCK
The optional harness boundary lives in:
- `tests/cmis/opencmis-tck/README.md`
- `tests/cmis/opencmis-tck/tck-subset-map.json`
- `tests/cmis/opencmis-tck/tck-result-template.json`
Default Python tests validate the fixture/TCK mapping but do not execute
Java/Maven. Optional TCK runs should target:
```text
http://127.0.0.1:8000/cmis/compat-tck/browser
```
Record results using the compact result template and map failures back to
capability groups before treating them as implementation bugs.
## Operational Notes
- Hidden objects should be treated as not found by CMIS clients.
- Relationship and change-log responses are filtered through the same visibility
gates as object reads.
- Mutations always pass through engine services and produce normal engine audit
events.
- Delete is currently a governed lifecycle transition to `delete_requested`,
not physical removal.
- Compatibility should be discussed per profile and per client rather than as a
repo-wide binary property.
Reference in New Issue View Git Blame Copy Permalink