KB-1114
Process / Trigger Axes Risk Register
2 min read Revision 1
Process / Trigger Axes — Risk Register
2026-06-04. Live-grounded risks and current mitigations.
| # | risk | likelihood | impact | mitigation (live) | residual |
|---|---|---|---|---|---|
| R1 | An AI agent writes canon / casts a vote | low | critical | handlers STABLE + human-only gate1 + president-vote gate2; proven fail-closed | none |
| R2 | 381 enabled DB triggers fire ungoverned | med | low | classified INFRA_NO_PROCESS; audit item HIGH_RISK_ENABLED_NO_PROCESS | classify backlog |
| R3 | 27 stale-disabled triggers re-enabled by mistake | low | med | flagged STALE_DISABLED; retirement runbook (D13) | owner review |
| R4 | Unsafe REAL_RUN of dot:kg | low | high | triple-locked dot_config + preflight NO_GO + loopback executor + killswitch | owner authority |
| R5 | UI deploy over diverged public git breaks site | med | med | handoff-only; lint-clean packet; build-test step in strategy | operator |
| R6 | Officialization without owner (fake official) | low | critical | axis_assignment 0; canon gate OWNER_ONLY; no fake | none |
| R7 | Birth fan-out from canon write | low | high | axis_assignment not birth-tracked; PROC-OWN rows already exist; no new approvals | none |
| R8 | Drift between report claims and live state | med | med | dual-path verification every macro; birth-guard on every apply | continuous |
| R9 | 19 process candidates never get owners | med | med | owner gate surfaces them; decision playbook | owner cadence |
| R10 | Scanner/executor silently stops | low | med | systemd timers active; executor healthy; readiness dashboard (Phase I) | monitoring |
Top current exposure
R2/R9 are the largest open engineering-adjacent surfaces, but both are owner-gated, not agent-fixable. R1/R6/R7 — the catastrophic ones — are structurally closed (fail-closed by construction).