# CMIS Capability Maturity Scorecard

Status: draft
Created: 2026-05-08

## Purpose

The CMIS scorecard is an interpretation layer over guide-board evidence. It does
not replace the raw evidence, findings, mappings, or assessment package. It
summarizes how mature the target appears across Browser Binding capability
groups.

It does not certify CMIS conformance.

## Generate

After a guide-board run:

```sh
cd /home/worsch/open-cmis-tck
PYTHONPATH=src python3 scripts/cmis_scorecard.py \
  --run-dir /tmp/open-cmis-tck-live
```

Outputs:

```text
/tmp/open-cmis-tck-live/reports/cmis-maturity-scorecard.json
/tmp/open-cmis-tck-live/reports/cmis-maturity-scorecard.md
```

To preview without writing:

```sh
PYTHONPATH=src python3 scripts/cmis_scorecard.py \
  --run-dir /tmp/open-cmis-tck-live \
  --print
```

## Capability Groups

The first model scores:

- repository/type metadata
- object/content services
- navigation services
- query
- relationships
- ACL/policy
- versioning
- change log
- extensions and known gaps

## Levels

Each group receives a 0-4 score:

- `0`: not assessed or unknown
- `1`: blocked, infrastructure-blocked, or unexpectedly failing
- `2`: scoped gap, unsupported by design, skipped, manual, or incomplete
- `3`: partial, warnings need review
- `4`: demonstrated by mapped passing evidence

The overall score is a weighted percentage across all groups. Core repository
and object/content groups carry more weight than optional or gap-review groups.

## Evidence Boundary

The scorecard uses:

- `normalized/evidence.json`
- `normalized/findings.json`
- `normalized/mappings.json`
- `reports/assessment-package.json`

It keeps conformance evidence separate from maturity interpretation. A formal
review should always inspect the underlying evidence and raw artifacts.