# CMIS Profiles Status: draft Created: 2026-05-07 ## Purpose `open-cmis-tck` uses guide-board target and assessment profiles without adding a separate persisted profile format. This keeps the extension compatible with the guide-board planner while still giving CMIS-specific diagnostics through `open_cmis_tck.profile.validate_cmis_profile_config`. ## Target Profile Fields The CMIS target profile uses the guide-board `target-profile` schema: - `subject_type`: use `cmis-browser-binding-endpoint`. - `endpoints`: include one endpoint with `binding` set to `cmis-browser` and `url` set to the Browser Binding service document URL. - `credentials_ref`: use `null` for anonymous/local development targets, or a secret reference for authenticated repositories. - `declared_capabilities`: list the CMIS requirement refs the target claims to support, such as `cmis.repository-info`, `cmis.type-definitions`, `cmis.object-services`, `cmis.content-streams`, `cmis.query`, `cmis.acl`, and `cmis.versioning`. - `known_gaps`: list unsupported optional requirements with a stable gap ID, requirement refs, reason, and status such as `unsupported_by_design`. Templates live under `profiles/targets/templates/`: - `cmis-browser-anonymous.json` - `cmis-browser-basic-auth-env.json` - `cmis-browser-basic-auth-file.json` ## Credential References Secrets should not be committed to the repository or preserved in guide-board artifacts. Supported credential reference forms: ```text null env:CMIS_TCK_USER,CMIS_TCK_PASSWORD file:/absolute/path/to/cmis-tck-credentials.json ``` Environment variables are useful for local runs: ```sh export CMIS_TCK_USER='alice' export CMIS_TCK_PASSWORD='local-secret' ``` File credentials use JSON: ```json { "user": "alice", "password": "local-secret" } ``` The ConsoleRunner adapter writes a private session properties file only for the duration of the run and retains `session.properties.redacted` as the artifact. Validate target profiles through guide-board before running: ```sh cd ../guide-board PYTHONPATH=src python3 -m guide_board \ profile validate-target \ ../open-cmis-tck/profiles/targets/kontextual-cmis-compat.json ``` ## Assessment Runtime Fields Repository selection and harness execution settings live in the assessment profile because they are run policy, not target identity: ```json { "runtime_policy": { "offline": false, "timeout_seconds": 300, "opencmis_tck": { "repository_id": "compat-tck", "requires_java_maven": true, "command": [ "python3", "{extension_path}/adapters/opencmis_console_adapter.py", "--browser-url", "{browser_url}", "--repository-id", "{repository_id}", "--check-group", "{check_group}", "--artifact-dir", "{artifact_dir}", "--run-dir", "{run_dir}", "--extension-path", "{extension_path}", "--credentials-ref", "{credentials_ref}", "--target-profile-dir", "{target_profile_dir}", "--timeout-seconds", "{timeout_seconds}" ] } } } ``` `repository_id` is optional for preflight. If omitted, preflight selects the first repository from the Browser Binding service document. A real TCK command usually needs it. `command` is optional. When absent, the wrapper reports `tck_invocation_not_configured` as a structured, expected bootstrap blocker. ## Diagnostics Use the extension helper from tests or local scripts: ```python from open_cmis_tck.profile import validate_cmis_profile_config diagnostics = validate_cmis_profile_config(target_profile, assessment_profile) ``` The result contains `status`, `diagnostics`, and the interpreted `cmis_config`. Diagnostics are intentionally actionable: they point to the field that should be changed and explain what the extension expects.