coulomb/kontextual-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c2bc7071d74f40b8a52f6be0526a4fbe30543714
kontextual-engine/docs/cmis-deployment-compatibility.md
tegwick 81e132b33b projection-only multifiling
2026-05-07 02:52:49 +02:00

4.9 KiB
Raw Blame History

CMIS Deployment And Compatibility

Date: 2026-05-07

Status: Browser Binding MVP implemented with profiled access points.

Endpoint Setup

Install the service dependencies and run the FastAPI application:

python3 -m pip install -e '.[service]'
uvicorn kontextual_engine.api.app:create_app --factory --host 127.0.0.1 --port 8000

The CMIS access-point catalog is available at:

GET /cmis

Each configured profile is exposed as a Browser Binding MVP access point:

GET  /cmis/{access_point_id}/browser
GET  /cmis/{access_point_id}/browser/types
GET  /cmis/{access_point_id}/browser/children
GET  /cmis/{access_point_id}/browser/object/{object_id}
GET  /cmis/{access_point_id}/browser/content/{object_id}
GET  /cmis/{access_point_id}/browser/acl/{object_id}
GET  /cmis/{access_point_id}/browser/parents/{object_id}
GET  /cmis/{access_point_id}/browser/query
GET  /cmis/{access_point_id}/browser/relationships
GET  /cmis/{access_point_id}/browser/changes
POST /cmis/{access_point_id}/browser/document
POST /cmis/{access_point_id}/browser/object/{object_id}/properties
POST /cmis/{access_point_id}/browser/object/{object_id}/content
POST /cmis/{access_point_id}/browser/object/{object_id}/delete

Supported access_point_id values:

  • readonly-browser
  • governed-authoring
  • admin-export
  • compat-tck

Actor context is passed through the existing service headers, especially:

  • X-Actor-Id
  • X-Actor-Type
  • X-Correlation-Id
  • X-Request-Scope
  • X-Policy-Scope

admin-export requires X-Actor-Type: service_account.

Profile Capability Matrix

Capability readonly-browser governed-authoring admin-export compat-tck
Browser Binding repository info yes yes yes yes
Type definitions yes yes yes yes
Synthetic navigation yes yes yes yes
Projection-only multifiling yes yes yes yes
Object reads yes yes yes yes
Content stream descriptors yes yes yes yes
ACL projection discover discover discover discover
Relationship projection yes yes yes yes
Change log projection yes yes yes yes
Query subset document select only document select only document select only document select only
Create document no yes no yes
Update properties no yes no yes
Set content stream no yes no yes
Delete object no delete-request lifecycle transition no delete-request lifecycle transition
Confidential/restricted visibility hidden hidden service-account visible hidden
AtomPub binding deferred deferred deferred deferred
Web Services binding deferred deferred deferred deferred

Supported Query Subset

The MVP supports:

SELECT * FROM cmis:document
SELECT * FROM kontextual:document

Unsupported query grammar returns structured validation diagnostics. Full CMIS SQL joins and broader predicate parsing are intentionally deferred.

Compatibility Posture

This implementation is a CMIS 1.1 Browser Binding MVP, not a broad CMIS certification claim. It is suitable for:

  • clients that can consume JSON Browser Binding-style repository, type, object, query, relationship, ACL, and change-log envelopes,
  • controlled integrations that can target a specific profile,
  • internal validation against deterministic fixtures,
  • optional selected OpenCMIS TCK checks through compat-tck.

It is not yet suitable for clients that require:

  • AtomPub,
  • SOAP/Web Services,
  • full CMIS SQL,
  • mutating multifiling/unfiling,
  • private-working-copy semantics,
  • retention/hold mutation,
  • rendition streams,
  • bulk update properties,
  • apply/remove policy,
  • strict byte-stream download semantics instead of content stream descriptors.

Optional OpenCMIS TCK

The optional harness boundary lives in:

  • tests/cmis/opencmis-tck/README.md
  • tests/cmis/opencmis-tck/tck-subset-map.json
  • tests/cmis/opencmis-tck/tck-result-template.json

Default Python tests validate the fixture/TCK mapping but do not execute Java/Maven. Optional TCK runs should target:

http://127.0.0.1:8000/cmis/compat-tck/browser

Record results using the compact result template and map failures back to capability groups before treating them as implementation bugs.

Operational Notes

  • Hidden objects should be treated as not found by CMIS clients.
  • Multifiling is projection-only: assets may appear under multiple derived folder paths without changing canonical asset identity.
  • Relationship and change-log responses are filtered through the same visibility gates as object reads.
  • Mutations always pass through engine services and produce normal engine audit events.
  • Delete is currently a governed lifecycle transition to delete_requested, not physical removal.
  • Compatibility should be discussed per profile and per client rather than as a repo-wide binary property.
Reference in New Issue View Git Blame Copy Permalink