kind: uapf.package id: dev.uapf.semantic-document-analysis name: Semantic Document Analysis description: | Level-4 UAPF process for semantic analysis of free-text documents. Three BPMN service tasks invoke the UAPF-IP capabilities ai.redact@1, ai.extract@1 and event.emit@1. Three DMN decision tables encode the deterministic algorithm the host previously hid inside application code: assess-personal-data-risk maps PII regex signals to a risk level; gdpr-processing-route selects CENTRAL vs LOCAL processing, anonymisation and redaction level; human-validation-gate applies the confidence thresholds that decide REJECTED / PENDING_REVIEW / APPROVED_AUTO. Only the semantic extraction is a model step. Risk classification, GDPR routing and the validation gate are explicit ranked rules in versioned DMN — inspectable, auditable, portable. Extraction output validates against the VDVC v1.1 semantic-summary JSON Schema. v3.0.0: the three opaque host capabilities (ai.redact@1, ai.extract@1, event.emit@1) are now governed by Algorithm Cards in algorithms/ per UAPF v2.3.0 chapter 13. Each Card supplies the intent, IO contract, ownership, validation history, risk class, and audit configuration for one algorithm. Cards are referenced from resource targets in resources/mappings.yaml. level: 4 version: "3.0.0" # ── UAPF-IP integration (capability needs + profile + guardrails) ── requires_capabilities: - ai.redact@1+ - ai.extract@1+ - event.emit@1+ profiles_supported: - uapf-ip-orchestrated guardrails: resources/guardrails.yaml includes: [] dependencies: {} cornerstones: bpmn: true dmn: true cmmn: false resources: true paths: bpmn: bpmn dmn: dmn cmmn: cmmn resources: resources metadata: metadata algorithms: algorithms algorithm_cards: true exposure: mcp: enabled: true runnable: true exposedEntrypoints: - "Process_SemanticDocumentAnalysis" exposedArtifacts: - manifest - bpmn - dmn - docs owners: - type: team id: uapf-stewards contact: stewards@uapf.dev lifecycle: draft