AI_Sandbox/lv-civdef-drone-threat-public-address
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.2

Browse Source
This commit is contained in:
rg4444
2026-05-18 14:05:37 +03:00
parent 3da6362c49
commit ed1d44e94a
16 changed files with 1686 additions and 867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
resources/guardrails.yaml
View File

@@ -1,37 +1,61 @@
# UAPF-IP guardrails policy for the Drone Threat Public Address process.
# Loaded by the runtime at session start as an immutable policy snapshot;
# enforced by the host before every capability invocation (see UAPF-IP SPEC §10).
kind: uapf.guardrails
version: "0.3.0"
scope:
domain: civil-defence
classification: restricted
legal_basis: national-civil-protection-law
# UAPF-IP guardrails enforced at every capability call made by a UAPF-IP host
# running this package. Guardrails are evaluated before and after capability
# execution; a violation blocks the call and is logged to the audit trail.
ai:
allowed_models:
- claude-opus-4-7
- claude-sonnet-4-6
forbidden_inputs:
- classified-radar-tracks
- personal-data-of-residents
- source-identifying-osint
pii_redactor: required
# AI may never autonomously complete a step in a national public-warning
# process; a confidence ceiling of 0 forces human confirmation every time.
max_confidence_for_autocomplete: 0.0
decisions_ai_may_make_unattended: []
decisions_ai_may_recommend:
- air_threat_severity
- disinformation_classification
principles:
- id: GR-1
name: AI is advisory, never authoritative
rule: >-
AI agents and MCP tools (ai.classify, ai.complete) may only produce
recommendations. Object classification, threat severity, public-broadcast
authorisation, interception authorisation and origin attribution must be
confirmed by an accountable human role before any downstream effect.
appliesTo: [Decision_ObjectClassification, Decision_AirThreatSeverity,
Decision_InterceptionAuthorization, HT_OriginAttribution]
human_oversight:
required_for:
- cell_broadcast_dispatch
- interception_authorization
- public_communication
- incident_closure
reviewer_role: nbs-joint-staff-duty-officer
- id: GR-2
name: No autonomous use of force
rule: >-
No capability may move the process to an interception "engage" outcome
without a recorded manual authorisation by NBS Joint Staff. The
Decision_InterceptionAuthorization table is decision support only.
appliesTo: [Task_AuthorizeInterception, Task_GroundEngage, Task_RequestBAP]
audit:
vc_signature_per_step: required
retention_years: 10
- id: GR-3
name: Notification SLA is a hard floor
rule: >-
broadcastSlaSeconds from Decision_NotificationUrgency is a maximum, not a
target. The SLA-breach boundary timer must remain enabled; disabling it
is a safeguard removal and must be recorded.
appliesTo: [Task_DispatchBroadcast, Boundary_SlaBreach]
- id: GR-4
name: Public messaging is human-authored
rule: >-
Cell-broadcast and all-clear messages are selected from pre-approved,
human-authored templates (MSG_*). Free-text generation of public alert
content by an AI agent is prohibited.
appliesTo: [Task_DispatchBroadcast, Task_AllClearBroadcast, HT_PressBriefing]
- id: GR-5
name: Auditability
rule: >-
Every decision evaluation records its inputs, the matched rule id and the
output, with actor identity and timestamp, retained per metadata/policies.yaml.
appliesTo: ["*"]
- id: GR-6
name: Data minimisation in disinformation monitoring
rule: >-
The OSINT monitoring tool processes only public posts; it must not ingest
or store personal data of identifiable citizens beyond what is required
to classify a post.
appliesTo: [HT_DisinfoMonitor]
enforcement:
onViolation: block
audit: required
reviewAuthority: "Ministry of Defence (algorithm governance)"

427
resources/mappings.yaml
View File

@@ -1,268 +1,347 @@
kind: uapf.resources.mapping
version: "0.3.0"
# ===========================================================================
# HOW TO READ THIS FILE
# ---------------------------------------------------------------------------
# Targets — the institutions, systems and agents that execute work in this
# process. Only primary binding targets are listed; consulted/informed parties
# (VARAM, IZM, NATO Baltic Air Policing, the Government Crisis Management
# Council) are recorded in binding `notes` and in docs/02-raci.md.
# Endpoints and credentials below are ILLUSTRATIVE placeholders for a draft.
# UAPF separates the *logic* of a process (the BPMN / DMN / CMMN cornerstones)
# from the *resources* that execute it (institutions, systems, AI agents).
# This file is that binding layer.
#
# targets - every institution, system or agent that can do work here.
# bindings - one row per executable element in the three cornerstones.
# Each row names the element, says which target performs it,
# and in which execution mode.
#
# Each binding carries:
# element - "<cornerstone>.<kind>:<id>" e.g. bpmn.task:Task_DispatchBroadcast
# label - the human label as it appears in the diagram, so a reader can
# point at a box on the canvas and find its row here.
# targetId - the single primary target that performs the element.
# mode - manual : a person performs it, no automation
# assisted : a system/AI proposes, a person approves
# supervised : a system performs it, a person monitors
# autonomous : a system performs it without per-call review
#
# Consulted / informed parties (RACI C and I) are NOT bindings; they are in
# docs/02-raci.md. Endpoints and credentials below are ILLUSTRATIVE draft
# placeholders.
# ===========================================================================
legend:
cornerstones:
bpmn: bpmn/drone-threat-public-address.bpmn
dmn: dmn/air-threat-decisions.dmn
cmmn: cmmn/field-response-investigation.cmmn
element_kinds:
bpmn.task: A BPMN activity (plain, business-rule or user task).
dmn.decision: A DMN decision evaluated by a BPMN business-rule task.
cmmn.humanTask: A discretionary human task inside the investigation case.
modes: [manual, assisted, supervised, autonomous]
# ---------------------------------------------------------------------------
targets:
- id: nbs.air-surveillance
type: system_api
name: NBS air surveillance and radar network
name: NBS air-surveillance & radar network
description: Detection and tracking feed for airborne objects near the eastern border.
capabilities:
- lv.gov.civdef.air_surveillance_feed
capabilities: [lv.gov.civdef.air_surveillance_feed]
endpoint: "https://surveillance.mil.lv/api/v1"
authentication:
method: mtls
availability:
schedule: always
timezone: Europe/Riga
authentication: {method: mtls}
availability: {schedule: always, timezone: Europe/Riga}
- id: nbs.joint-staff
type: human_role
name: NBS Joint Staff (Apvienotais stabs), operational duty
description: Holds threat-classification and notification-request authority.
availability:
schedule: always
timezone: Europe/Riga
description: >-
Holds air-threat classification, public-notification request and
interception authorisation authority. The decision owner of this process.
availability: {schedule: always, timezone: Europe/Riga}
- id: nbs.air-defence
type: human_role
name: NBS air-defence units (pretgaisa aizsardziba)
description: Ground air-defence; coordinates interception, including with NATO Baltic Air Policing.
description: Ground-based air defence; executes or coordinates interception.
- id: vugd.duty
type: human_role
name: VUGD operational duty / 112 (State Fire and Rescue Service)
description: Receives 112 calls and executes site fire and rescue response.
description: Receives 112 calls; executes site fire and rescue response.
- id: vugd.cell-broadcast
type: system_api
name: Cell-broadcast system (sunu apraide), operated by VUGD
description: Public early-warning cell-broadcast platform.
capabilities:
- lv.gov.civdef.cell_broadcast
description: >-
Public early-warning cell-broadcast platform. The 40-minute dispatch
delay to Rezekne on 7 May 2026 is the failure this package addresses.
capabilities: [lv.gov.civdef.cell_broadcast]
endpoint: "https://cb.vugd.gov.lv/api/v1"
authentication:
method: api_key
configRef: secrets/vugd-cell-broadcast
availability:
schedule: always
timezone: Europe/Riga
authentication: {method: api_key, configRef: secrets/vugd-cell-broadcast}
availability: {schedule: always, timezone: Europe/Riga}
- id: vp.duty
type: human_role
name: State Police (Valsts policija) operational duty
description: Scene security, access control and public order at incident sites.
description: Scene security, cordon and public order at incident sites.
- id: nmpd.duty
type: human_role
name: Emergency Medical Service (NMPD) operational duty
description: Casualty assessment and pre-hospital medical response.
- id: kvc
type: human_role
name: Crisis Management Centre (Krizes vadibas centrs)
description: Cross-institutional crisis coordination and after-action review.
description: Cross-institutional crisis coordination, escalation and after-action review.
- id: iem.duty
type: human_role
name: Ministry of the Interior (Iekslietu ministrija) duty
description: Interior-sector coordination across VP, VUGD and the State Border Guard.
- id: am
type: human_role
name: Ministry of Defence (Aizsardzibas ministrija)
description: Public communication, origin attribution oversight and algorithm governance.
description: Public communication, origin attribution oversight, algorithm governance.
- id: municipal.civil-protection
type: human_role
name: Municipal civil-protection commissions (cooperation territories)
description: Local civil-protection response and resident enquiry handling.
- id: nato.bap
type: external_party
name: NATO Baltic Air Policing
description: Allied air-policing detachment; executes air interception when tasked.
- id: agent.threat-assessment
type: ai_agent
name: Civil-defence threat-assessment assistant
description: AI assistant that recommends air-threat severity; advisory only.
capabilities:
- ai.classify
- ai.complete
description: >-
AI assistant that recommends object classification and air-threat
severity. Advisory only; never authorises action (see guardrails).
capabilities: [ai.classify, ai.complete]
endpoint: "mcp://agents/civdef-threat-assessment"
authentication:
method: did
authentication: {method: did}
- id: mcp.osint-monitor
type: mcp_tool
name: OSINT / disinformation monitoring MCP tool
description: MCP tool that surfaces and classifies disinformation about the incident.
capabilities:
- ai.classify
description: Surfaces and classifies disinformation about the incident.
capabilities: [ai.classify]
endpoint: "mcp://lv-civdef/osint-monitor"
authentication:
method: oauth2
configRef: secrets/osint-monitor-oauth
authentication: {method: oauth2, configRef: secrets/osint-monitor-oauth}
# ---------------------------------------------------------------------------
# Bindings — each process / decision / case element bound to exactly one
# primary target. mode: manual = human only, assisted = AI suggests / human
# approves, autonomous = system executes, supervised = system executes with
# monitoring.
# ---------------------------------------------------------------------------
bindings:
# --- BPMN process tasks ---
- source:
type: bpmn.task
ref: "Task_Classify"
# ---- BPMN process tasks ----
- element: "bpmn.task:Task_TrackObject"
label: "Establish & maintain object track"
targetId: nbs.air-surveillance
mode: supervised
requiredCapabilities:
- lv.gov.civdef.air_surveillance_feed
contract:
timeout: "60s"
notes: "NBS Joint Staff supervises classification of the surveillance feed."
requiredCapabilities: [lv.gov.civdef.air_surveillance_feed]
contract: {timeout: "continuous"}
- source:
type: bpmn.task
ref: "Task_RequestBroadcast"
targetId: nbs.joint-staff
mode: manual
contract:
timeout: "5m"
fallback:
escalationPath:
- kvc
onTimeout: escalate
notes: >-
GAP G2: in the AS-IS algorithm this request is the single trigger. The
escalation path to KVC is a proposed v0.3 fallback authority, not yet
institutionally agreed.
- source:
type: bpmn.task
ref: "Task_CellBroadcast"
targetId: vugd.cell-broadcast
mode: autonomous
requiredCapabilities:
- lv.gov.civdef.cell_broadcast
contract:
timeout: "30s"
retries:
maxAttempts: 2
backoffMs: 2000
notes: "VUGD operational duty owns the platform; dispatch is automated on request."
- source:
type: bpmn.task
ref: "Task_NotifyAgencies"
targetId: nbs.joint-staff
mode: assisted
notes: >-
Parallel notification to KVC, IeM and municipal civil-protection
commissions. KVC, IeM and municipalities are informed parties.
- source:
type: bpmn.task
ref: "Task_CoordBAP"
targetId: nbs.air-defence
mode: manual
notes: >-
NBS air-defence coordinates the response; air interception is executed by
NATO Baltic Air Policing per Decision_InterceptionAuthorization rationale
R_BAP_AIR. NATO BAP is an external party reached through this binding.
- source:
type: bpmn.task
ref: "Task_LocalResponse"
targetId: municipal.civil-protection
mode: manual
notes: >-
State Police support scene response; the Ministry of Education and
Science (IZM) is consulted for school-closure guidance (GAP G8).
- source:
type: bpmn.task
ref: "Task_AllClear"
targetId: vugd.cell-broadcast
mode: autonomous
contract:
timeout: "30s"
notes: "All-clear broadcast issued on NBS Joint Staff declaration."
# --- DMN decisions ---
- source:
type: dmn.decision
ref: "Decision_AirThreatSeverity"
- element: "bpmn.task:Task_ClassifyObject"
label: "Classify object [Object classification]"
targetId: agent.threat-assessment
mode: assisted
requiredCapabilities:
- ai.classify
notes: "AI recommends severity; NBS Joint Staff confirms. Advisory only per guardrails."
requiredCapabilities: [ai.classify]
notes: "AI proposes the object class; NBS Air Surveillance confirms."
- source:
type: dmn.decision
ref: "Decision_CellBroadcastScope"
- element: "bpmn.task:Task_AssessSeverity"
label: "Assess air-threat severity [Air-threat severity]"
targetId: nbs.joint-staff
mode: assisted
notes: "AI severity recommendation; NBS Joint Staff confirms the threat level."
- element: "bpmn.task:Task_LogAndMonitor"
label: "Log & monitor (no public alert)"
targetId: nbs.air-surveillance
mode: supervised
- element: "bpmn.task:Task_DetermineUrgency"
label: "Determine notification urgency & SLA [Notification urgency]"
targetId: nbs.joint-staff
mode: assisted
notes: "Output broadcastSlaSeconds becomes the timer on Task_DispatchBroadcast."
- element: "bpmn.task:Task_DetermineBroadcast"
label: "Determine cell-broadcast scope [Cell-broadcast scope]"
targetId: nbs.joint-staff
mode: assisted
notes: "VARAM consulted on the cell-broadcast platform; templates are pre-typed (GAP G3)."
- element: "bpmn.task:Task_AuthorizeBroadcast"
label: "Authorize public broadcast"
targetId: nbs.joint-staff
mode: manual
notes: "VARAM consulted on the cell-broadcast platform; message templates are typed (GAP G3)."
contract: {timeout: "PT3M"}
fallback: {escalationPath: [kvc], onTimeout: escalate}
notes: >-
GAP G2: in the AS-IS algorithm this authority is the single point of
failure. The KVC escalation path is a proposed v0.3 fallback authority,
not yet institutionally agreed.
- source:
type: dmn.decision
ref: "Decision_InterceptionAuthorization"
- element: "bpmn.task:Task_DispatchBroadcast"
label: "Dispatch public cell-broadcast"
targetId: vugd.cell-broadcast
mode: autonomous
requiredCapabilities: [lv.gov.civdef.cell_broadcast]
contract:
timeout: "from-decision:broadcastSlaSeconds"
retries: {maxAttempts: 2, backoffMs: 2000}
notes: >-
The non-interrupting SLA-breach boundary timer fires if dispatch is not
confirmed within broadcastSlaSeconds and triggers Task_EscalateSla.
- element: "bpmn.task:Task_EscalateSla"
label: "Escalate SLA breach to Crisis Mgmt"
targetId: kvc
mode: manual
notes: "Runs only when the SLA boundary timer fires; this is the Rezekne safeguard."
- element: "bpmn.task:Task_NotifyAgencies"
label: "Notify KVC, IeM & municipal commissions"
targetId: nbs.joint-staff
mode: assisted
notes: "KVC, IeM and municipal commissions are informed parties."
- element: "bpmn.task:Task_AuthorizeInterception"
label: "Authorize interception [Interception authorization]"
targetId: nbs.joint-staff
mode: manual
notes: "Safety criteria made explicit and inspectable (GAP G7)."
notes: "Decision logic gates engagement on positive hostile ID and safety (GAP G7)."
# --- CMMN case human tasks ---
- source:
type: cmmn.humanTask
ref: "HT_DebrisSearch"
- element: "bpmn.task:Task_GroundEngage"
label: "Ground air-defence engagement"
targetId: nbs.air-defence
mode: manual
- element: "bpmn.task:Task_RequestBAP"
label: "Request NATO BAP engagement"
targetId: nato.bap
mode: manual
notes: "Cross-pool message flow; NATO BAP executes air interception when tasked."
- element: "bpmn.task:Task_MaintainTrack"
label: "Maintain track & monitor"
targetId: nbs.air-surveillance
mode: supervised
- element: "bpmn.task:Task_AssessStandDown"
label: "Assess stand-down criteria [Stand-down & all-clear]"
targetId: nbs.joint-staff
mode: assisted
- element: "bpmn.task:Task_AllClearBroadcast"
label: "Dispatch all-clear broadcast"
targetId: vugd.cell-broadcast
mode: autonomous
requiredCapabilities: [lv.gov.civdef.cell_broadcast]
contract: {timeout: "PT30S"}
- element: "bpmn.task:Task_HandToInvestigation"
label: "Open field-response & investigation case"
targetId: kvc
mode: manual
notes: "Instantiates the CMMN case Case_FieldResponseInvestigation."
# ---- DMN decisions ----
- element: "dmn.decision:Decision_ObjectClassification"
label: "Object classification & confidence"
targetId: agent.threat-assessment
mode: assisted
requiredCapabilities: [ai.classify]
- element: "dmn.decision:Decision_AirThreatSeverity"
label: "Air-threat severity"
targetId: nbs.joint-staff
mode: assisted
- element: "dmn.decision:Decision_NotificationUrgency"
label: "Notification urgency & SLA"
targetId: nbs.joint-staff
mode: supervised
notes: "Deterministic table; NBS Joint Staff may override the SLA tier upward."
- element: "dmn.decision:Decision_CellBroadcastScope"
label: "Cell-broadcast scope & message"
targetId: nbs.joint-staff
mode: supervised
- element: "dmn.decision:Decision_InterceptionAuthorization"
label: "Interception authorization"
targetId: nbs.joint-staff
mode: manual
notes: "State Police support crash-site localisation."
notes: "Evaluated as decision support; the engage outcome still requires manual command authority."
- source:
type: cmmn.humanTask
ref: "HT_FireSuppression"
- element: "dmn.decision:Decision_StandDownCriteria"
label: "Stand-down & all-clear"
targetId: nbs.joint-staff
mode: supervised
# ---- CMMN case human tasks ----
- element: "cmmn.humanTask:HT_DebrisLocalisation"
label: "Localise crash / debris site"
targetId: nbs.joint-staff
mode: manual
notes: "State Police and municipal commissions support localisation."
- element: "cmmn.humanTask:HT_FireSuppression"
label: "Fire suppression at impact site"
targetId: vugd.duty
mode: manual
- source:
type: cmmn.humanTask
ref: "HT_SceneSecurity"
- element: "cmmn.humanTask:HT_SceneSecurity"
label: "Establish scene cordon & security"
targetId: vp.duty
mode: manual
- source:
type: cmmn.humanTask
ref: "HT_MunicipalQA"
- element: "cmmn.humanTask:HT_CasualtyResponse"
label: "Casualty assessment & medical response"
targetId: nmpd.duty
mode: manual
- element: "cmmn.humanTask:HT_MunicipalEnquiries"
label: "Handle resident enquiries (112 / municipal)"
targetId: municipal.civil-protection
mode: manual
- source:
type: cmmn.humanTask
ref: "HT_TechExam"
- element: "cmmn.humanTask:HT_DebrisCollection"
label: "Collect & catalogue debris"
targetId: nbs.joint-staff
mode: manual
- source:
type: cmmn.humanTask
ref: "HT_OriginAttribution"
- element: "cmmn.humanTask:HT_TechnicalExam"
label: "Technical examination of the UAV"
targetId: nbs.joint-staff
mode: assisted
notes: "Ministry of Defence consulted; AI may assist analysis but not attribute autonomously."
requiredCapabilities: [ai.classify]
notes: "AI may assist component analysis; conclusions are human-confirmed."
- source:
type: cmmn.humanTask
ref: "HT_DisinfoMonitor"
- element: "cmmn.humanTask:HT_OriginAttribution"
label: "Origin attribution analysis"
targetId: nbs.joint-staff
mode: assisted
notes: "Ministry of Defence consulted; AI may assist but never attributes autonomously."
- element: "cmmn.humanTask:HT_DisinfoMonitor"
label: "Monitor & counter disinformation"
targetId: mcp.osint-monitor
mode: assisted
requiredCapabilities:
- ai.classify
notes: "Disinformation surfaced and classified via MCP tool; human reviews before correction."
requiredCapabilities: [ai.classify]
notes: "Disinformation surfaced via MCP tool; a human reviews before any correction."
- source:
type: cmmn.humanTask
ref: "HT_Press"
- element: "cmmn.humanTask:HT_PressBriefing"
label: "Public press briefing"
targetId: am
mode: manual
notes: "KVC consulted; public communication requires human oversight per guardrails."
notes: "KVC consulted; public communication requires human authorship per guardrails."
- source:
type: cmmn.humanTask
ref: "HT_AfterAction"
- element: "cmmn.humanTask:HT_AfterAction"
label: "Inter-institutional after-action review"
targetId: kvc
mode: manual
notes: "Ministry of Defence accountable; Government Crisis Management Council informed."
notes: "Ministry of Defence accountable; feeds algorithm revision."