lv-civdef-drone-threat-public-address/docs/04-validation-report.md

# 04 — Validation Report

> Records the conformance status of this package against UAPF specification
> **v2.2.0** (repo `UAPFormat/UAPF-specification`, `VERSION` = 2.2.0).

## Result

```
BPMN tasks: 11 | DMN decisions: 3 | CMMN tasks: 9 | targets: 11 | bindings: 19
ERRORS: 0
WARNINGS: 0
RESULT: PASS — package is UAPF v2.2.0 conformant
```

## What was validated

Schema validation (`schemas/**`, JSON Schema draft 2020-12):

- `uapf.yaml` against `uapf-manifest.schema.json` — PASS
- `resources/mappings.yaml` against `resource-mapping.schema.json` — PASS
- `metadata/ownership.yaml` against `ownership.schema.json` — PASS
- `metadata/lifecycle.yaml` against `lifecycle.schema.json` — PASS
- `metadata/policies.yaml` against `policies.schema.json` — PASS
- `enterprise/enterprise.yaml` against `enterprise-index.schema.json` — PASS

Structural checks (`07-package-format.md`, `04-folder-structure.md`):

- Level-4 package has ≥1 `.bpmn` file, `resources/mappings.yaml`, and both
  mandatory metadata files — PASS

Semantic rules (`11-semantic-validation.md`):

- SEM-001 BPMN/CMMN element references resolve — PASS
- SEM-002 DMN decision references resolve — PASS
- SEM-003 binding `targetId` values exist in `targets` — PASS
- SEM-009 no duplicate binding for the same source — PASS
- SEM-011 every cornerstone carries OMG diagram interchange (BPMNDI / DMNDI /
  CMMNDI) — PASS
- SEM-004/005/006/010 (warnings) — none raised: every user task is bound, no
  unused targets, declared `requiredCapabilities` match target capabilities,
  all fallback targets resolve

YAML safety (`12-yaml-guidelines.md`): manifest `version` is a quoted string.

## How to re-validate

```
python3 validate.py <workspace-root> <path-to-UAPF-specification-repo>
```

`validate.py` is included at the workspace root. It loads the schemas directly
from a checkout of `UAPFormat/UAPF-specification` and implements the schema,
structural and SEM-001..011 rules.

## Two upstream issues found in the specification repository

This package follows the **normative specification text**, which
`specification/00-ssot.md` declares authoritative over any tool or example.
While validating, two defects were found in the spec repo itself — neither is a
defect in this package, but both are worth reporting to `UAPFormat`:

1. **Stale reference CLI.** `tools/uapf-cli/uapf.py` checks for `*.bpmn.xml`
   files, but `specification/07-package-format.md` ("File naming") normatively
   requires the `.bpmn` / `.dmn` / `.cmmn` extensions, and the canonical
   examples (`examples/minimal-l4-package/bpmn/process.bpmn`,
   `examples/approve-expense-l4/bpmn/approve-expense.bpmn`) use `.bpmn`.
   Consequently the reference CLI wrongly rejects a spec-conformant Level-4
   package with: `ERROR: Level 4 requires at least one *.bpmn.xml file`.
   This package uses `.bpmn` / `.dmn` / `.cmmn` per the normative text.

2. **Malformed schema JSON.** `schemas/enterprise-index.schema.json` contains
   regex patterns with raw `\.` and `\s` escapes that are not valid JSON
   string escapes, so a strict JSON parser fails to load it
   (`Invalid \escape: line 28`). The bundled `validate.py` works around this by
   repairing the escapes on load; the upstream schema file should be fixed
   (double the backslashes).

## Status

`lifecycle.status: draft`. Conformance is structural and semantic only — it
does **not** mean the modelled algorithm is operationally approved. The
institutional gaps and open policy questions in `01-institutional-gap-analysis.md`
must be resolved before any change to `approved`.