v1.0.0: dev.uapf.semantic-document-analysis

UAPF v1.1 SSOT-conformant Level 4 process package — reusable semantic document analysis, shareable across DMS / intake / mailroom systems. Structure: - uapf.yaml (kind: uapf.package, level 4) + manifest.json engine-compat - bpmn/semantic-document-analysis.bpmn.xml — 3 service tasks invoking reserved UAPF-IP capabilities ai.redact@1, ai.extract@1, event.emit@1 - resources/mappings.yaml — task->target bindings with I/O contracts - resources/schemas/vdvc-semantic-summary.schema.json — output contract - resources/guardrails.yaml — GDPR + EU AI Act constraints - metadata/ownership.yaml + metadata/lifecycle.yaml - docs/, fixtures/, tests/eval-set.json Validates clean against UAPFormat/UAPF-specification schemas.
2026-05-16 09:32:55 +00:00
commit ae0c646021
16 changed files with 422 additions and 0 deletions
--- a/docs/00-overview.md
+++ b/docs/00-overview.md
@@ -0,0 +1,32 @@
+# dev.uapf.semantic-document-analysis — Overview
+
+**UAPF v1.1 SSOT-conformant** Level 4 process package providing
+reusable semantic document analysis.
+
+## What
+
+A 3-step BPMN process that, given free-text document content:
+
+1. Redacts PII via `ai.redact@1`
+2. Extracts VDVC v1.1 structured semantic metadata via `ai.extract@1`
+3. Emits `document.semantic-analysis.completed.v1` CloudEvent via `event.emit@1`
+
+## What's portable
+
+The package ships:
+- The BPMN flow (the algorithm shape)
+- The VDVC output JSON Schema (the output contract)
+- The resource mapping (input/output contracts, timeouts, retries)
+- The guardrails policy (GDPR + EU AI Act constraints)
+
+The host system supplies the actual AI agent that fulfils the three
+capabilities. Multiple hosts can implement the same capabilities;
+multiple packages can require the same capabilities.
+
+## How to consume
+
+Drop this `.uapf` into any UAPF-conformant runtime. The runtime
+exposes `uapf.run_process` (per UAPF-specification §6.3.1) targeting
+`Process_SemanticDocumentAnalysis`. The runtime resolves the resource
+mapping to find a target with the three required capabilities and
+invokes them in order per the BPMN flow.
--- a/docs/01-eu-ai-act.md
+++ b/docs/01-eu-ai-act.md
@@ -0,0 +1,14 @@
+# EU AI Act analysis
+
+**Classification:** Annex III §5(a) and §8(a) — high-risk AI system
+under Regulation 2024/1689 when used for triage in public-service or
+justice-administration contexts.
+
+**Operator obligations** (the deploying organisation, not this package):
+
+- Art. 13 transparency — output records `summarySource`, `aiConfidenceScore`, `aiModelVersion`
+- Art. 14 human oversight — `humanValidationStatus` blocks consequential action
+- Art. 9 risk management — see `resources/guardrails.yaml`
+- Art. 12 logging — host MUST log invocation with package version + model id
+
+See `resources/guardrails.yaml` for the machine-readable policy.
--- a/docs/02-integration.md
+++ b/docs/02-integration.md
@@ -0,0 +1,21 @@
+# Integration with UAPF-conformant runtimes
+
+This package validates against the UAPF v1.1 SSOT schemas:
+- `uapf.yaml` → `uapf-manifest.schema.json`
+- `metadata/ownership.yaml` → `ownership.schema.json`
+- `metadata/lifecycle.yaml` → `lifecycle.schema.json`
+- `resources/mappings.yaml` → `resource-mapping.schema.json`
+
+It conforms to UAPF Conformance Checklist §"Level 4 requirements":
+- ✓ uapf.yaml present
+- ✓ ≥1 BPMN file (`bpmn/semantic-document-analysis.bpmn.xml`)
+- ✓ `resources/mappings.yaml` present
+- ✓ `metadata/ownership.yaml` + `metadata/lifecycle.yaml` present
+- ✓ Cornerstones declared correctly (bpmn + resources)
+
+## Engine compatibility notes
+
+`uapf-engine@1.0.0` only reads `manifest.json` (pre-v1.1 file naming).
+This package ships both `uapf.yaml` (SSOT-mandated) and `manifest.json`
+(byte-identical-semantics JSON copy) for compatibility until upstream
+engine supports YAML.