Define CIP execution on each Business Entity so governed capabilities compile to vendor calls with RBAC/ABAC applied at runtime.
Prerequisites
- Root identity bands set (
key,entityType,resourceType,primaryKey) - Configure OpenAPI operations aligned with CIP operation keys
- Configure AI contract with enabled capabilities
Where it lives
| Layer | Location |
|---|---|
| CIP operations | <datasourceKey>.json → execution.cip.operations |
| Step bindings | Same file — fetch.openapiRef must match openapi.operations keys |
| UI | Business Entity Data Flow tab (?tab=cip) |
Manifest section: datasource.execution.
Builder MCP
| Manifest section | datasource.execution |
| UI tab | Data Flow (?tab=cip) |
| Help topics | section, cipOverview, dependencyGraph |
| Repair hooks | Usually none — validate after edits |
Read help topic section with sectionKey: datasource.execution before Builder API patches. Full topic registry: Build reference.
How to set
- Prefer generated CIP from OpenAPI import — extend only for transforms or multi-step calls.
- Set
execution.engine: cipand enable operations matching capability keys:
{
"execution": {
"engine": "cip",
"cip": {
"version": "1.0",
"operations": {
"list": {
"enabled": true,
"description": "List records scoped by ABAC",
"steps": [
{
"fetch": {
"source": "openapi",
"openapiRef": "list"
}
}
]
}
}
}
}
}
- Align
openapiRefwithopenapi.operationskeys on the same file. - Validate — see CIP execution for
testPayloadand E2E practices.
Validate
Follow CLI workflow: aifabrix validate <systemKey> → test-integration → datasource test-e2e when live credentials exist.
Common mistakes
| Mistake | Fix |
|---|---|
Legacy pipeline.steps shape |
Use execution.cip.operations |
| OpenAPI ref mismatch | Rename openapi.operations or openapiRef |
| CIP without capabilities | Enable matching keys on capabilities[] |