Per UAPF v2.5.0, tests move from sidecar files
(tests/algorithms/<card-id>.test.yaml — removed in v2.5.0) into a
top-level tests array on each algorithm card. Minimum two entries per
card; the Algorithm Card viewer (UAPF chapter 13.16, ProcessGit
Preview tab) consumes these as its primary interaction surface.
This package's three cards now carry embedded tests:
- algo.semantic_document_analysis.pii_redactor (deterministic redactor)
— 3 cases: Latvian personas kods inline (positive — three entity
types detected), plain administrative text (negative — no PII
signals), financial figures with IBAN (mixed — financial yes,
personas_kods no).
- algo.semantic_document_analysis.vdvc_semantic_extractor (stochastic
LLM extractor, EU AI Act high-risk + mandatory oversight) — 2
cases: regulatory construction-permit appeal (in-domain, expected
topic + applicable_regulations), non-regulatory thank-you note
(out-of-domain, low confidence). Both carry ai_confidence_score
tolerance bands appropriate for a stochastic output.
- algo.semantic_document_analysis.completion_event_emitter
(deterministic CloudEvents emitter) — 2 cases: successful
completion event, failure completion event. The emitter does not
gate on payload contents, so both succeed.
Other changes:
- uapf.yaml + manifest.json: version 3.1.0 -> 3.2.0
- README.md: v3.2.0 section added describing embedded tests and the
removed sidecar location
BPMN file unchanged from v3.1.0 — uapf:algorithmCardRef on each
service task per UAPF v2.4.0 + ioSpecification synthesis. Mappings
unchanged. DMN tables unchanged.
uapf-cli validate against v2.5.0 schemas passes cleanly.
UAPF v2.4.0 reverses the v2.3.0 decision to place algorithm card
references on resource targets. The card belongs on the BPMN task
itself, where it is visible as a first-class process element and its
inputs/outputs render as visible data objects on the diagram.
Changes from v3.0.0:
- bpmn/semantic-document-analysis.bpmn: each of 3 service tasks now
carries xmlns:uapf24=https://uapf.dev/bpmn/v2.4 + the
uapf24:algorithmCardRef attribute pointing at the governing card,
plus a <bpmn:ioSpecification> synthesised from the card's io block
so inputs/outputs render as visible data objects
- resources/mappings.yaml: algorithm_card dropped from each of the
3 targets (they go back to being just dispatch endpoints)
- uapf.yaml + manifest.json: version 3.0.0 -> 3.1.0
- README rewritten with v3.1.0 delta + audit-question table
Cards themselves are unchanged. DMN files are unchanged.
Wrap the three opaque UAPF-IP capabilities (ai.redact@1, ai.extract@1,
event.emit@1) in Algorithm Cards under algorithms/, per UAPF v2.3.0
chapter 13. Each Card supplies intent, IO contract, ownership,
validation history, risk class, audit configuration, and (where
relevant) privacy/risk extensions. Cards are referenced from resource
targets in resources/mappings.yaml.
Changes:
- NEW algorithms/pii_redactor.card.yaml — deterministic redactor
- NEW algorithms/vdvc_semantic_extractor.card.yaml — stochastic LLM
extractor, EU AI Act high-risk, human oversight mandatory
- NEW algorithms/completion_event_emitter.card.yaml — deterministic
CloudEvents 1.0 emitter
- uapf.yaml + manifest.json: version 2.0.0 -> 3.0.0,
+ paths.algorithms, + algorithm_cards: true
- resources/mappings.yaml: single agent.semantic-extractor target
split into 3 algorithm-specific targets, each w/ algorithm_card ref
- bpmn/: UNCHANGED (algorithm-card refs live on resource targets,
not in BPMN — no extension elements required)
- Removed provides_decisions from manifest (was not in SSOT manifest
schema; DMN decisions are self-describing via the dmn/ cornerstone)
- README rewritten with algorithm-card audit-question table
The 1.x package was a single ai.extract call wrapped in three BPMN
service tasks. No decision logic, no dmn cornerstone, no weights — the
risk/routing/validation algorithm lived invisibly in host code. There
was nothing for a runtime to actually execute.
2.0.0 makes it a real process:
- dmn cornerstone added with three decision tables:
* assess-personal-data-risk — PII regex signals -> risk level
* gdpr-processing-route — risk x centralisation -> CENTRAL/LOCAL,
anonymisation, redaction level
* human-validation-gate — confidence thresholds + PII re-scan
-> REJECTED/PENDING_REVIEW/APPROVED_AUTO
- BPMN expanded 3 -> 6 nodes (3 serviceTask + 3 businessRuleTask),
with horizontal DI.
- Task ids, mappings, docs, manifest (dmn:true), uapf.yaml, lifecycle
and eval-set updated; added a PII-bearing fixture.
Only the semantic extraction remains a model step. Risk classification,
GDPR routing and validation gating are now explicit ranked DMN rules —
inspectable, versioned, portable. Breaking change: structure + outputs.
