v0.2

docs/05-validation-report.md

@@ -0,0 +1,42 @@
+# 05 — Validation Report
+
+Package: `lv.civdef.drone-threat-public-address` v0.3.0
+Date: 2026-05-18 · Tool: `validate.py`
+
+## Result: 19 / 19 checks passed
+
+### Structural
+- All three cornerstone files (BPMN, DMN, CMMN) are well-formed XML.
+- All six YAML files parse.
+- `uapf.yaml` validates against `uapf-manifest.schema.json` (UAPF v2.2.0).
+
+### Model integrity
+- BPMN: 26 flow nodes; every `sequenceFlow` source/target resolves.
+- DMN: exactly 6 decisions; every `informationRequirement` href resolves.
+- CMMN: 11 human tasks across 3 stages.
+
+### Quality gates added in v0.3.0 (these are the v0.2.0 defects)
+- **Every DMN decision carries a `<description>`.** v0.2.0 had none.
+- **No declared-but-unused decision inputs.** Every `requiredInput` of every
+  decision is used as a decision-table input column or in an output
+  expression. This is the check that proves the v0.2.0 interception defect —
+  `positiveHostileId` declared but never tested — is fixed.
+- **Every `mappings.yaml` binding resolves to a real diagram element**, and
+  every `targetId` resolves to a declared target. The resource↔process linkage
+  is now machine-checkable.
+
+## What is *not* validated here
+
+- **Semantic correctness of the modelled algorithm** — whether these are the
+  right institutions, thresholds and SLAs — is an institutional review
+  question, tracked in `01-institutional-gap-analysis.md`.
+- **DMN completeness/overlap** of `FIRST`-hit tables is not formally verified;
+  each table ends with a catch-all rule so no input is left without an output.
+- Diagram interchange (DI) renders cleanly in `dmn-js` / `bpmn-js` / `cmmn-js`;
+  visual review in the target viewer is still recommended.
+
+## Reproduce
+
+```
+python3 validate.py    # exits non-zero on any failure
+```