Universal Workflow Scanner + Candidate Lifecycle Explainer

2026-06-04 · how processes are discovered, triaged, and moved toward officialization.

1. The discovery problem

Processes hide in many places: DB functions, DOT tools, host crontab, systemd timers, container scripts, and the KB. Before they can be governed they must be enumerated. The universal workflow scanner builds one census across 16 sources (10 DB-live adapters + 6 host/FS/KB adapters), yielding a universe of 453 process-definition entrypoints (373 DB + 80 host-unmanaged).

2. Adapters and the scheduler

• 16/16 source adapters healthy; host adapters snapshot crontab (54), systemd timers (22), dot_bin (287), scripts (42), docker (11), KB (partial).
• Scheduler: systemd wf-universal-scanner.timer (daily 04:10) → orchestrator /opt/incomex/dot/scanners/wf_scan_orchestrator.sh. Operational note (2026-06-04): the timer is enabled but currently shows inactive (dead) / Trigger: n/a — it must be re-armed (systemctl start / verify OnCalendar) for the daily census to run.

3. Candidate lifecycle (state machine)

object discovered → wf_process_candidate_member (raw membership, 143) → clustered into wf_process_candidate (19; anti-explosion 143→17 clusters→6 PROCESS_CANDIDATE) → AI review (ai_review_state: AI_REVIEWED_PASS 14 / NEEDS_MORE_EVIDENCE 5) → triage (wf_remediation_triage, 143/143) → owner gate (UNASSIGNED today, owner_status) → birth request (birth_status NOT_REQUESTED) → canon (canon_gate_status CANDIDATE_STAGE).

4. Actions available on a candidate

Via wf_candidate_action_vocabulary (11) executed by fn_wf_candidate_action_execute (fail-closed): SAFE_TRIAGE (7), FAIL_CLOSED_OWNER (2), FAIL_CLOSED_PRESIDENT (2). Safe actions (review/confirm/reject/request-evidence/split/merge/send-to-governance) are AI-delegatable; owner/president actions are blocked without authority.

5. RP visibility after candidate stage

v_ax_process_rp_visibility_after_candidate_stage: candidate_visible 69, not_process 40, owner_gated 11, needs_review 23 (+373 DB). Official AX-PROCESS RP remains 0/453 — the candidate layer is operational and listable, but nothing is canon until the owner gate opens.

6. Residual hardening

v_workflow_residual_evidence_hardening_v4 reduced owner-reconcile residual 8→2 via live script-header evidence. Remaining 2 = dot-pivot-update (governed tool) + 1 undecoded crontab hash.

7. The takeaway

Discovery, clustering, AI review, and triage are fully automated and safe. The only thing standing between a verified candidate (e.g. job:cut) and an official process is a human-president vote and a recorded owner — by design.