Incomex AI Portal
KB-7C85

08 — Scanner Scheduling & Mandatory Preflight Guard (P6)

3 min read Revision 1
preflight-guardschedulerpg_cronfail-closedfn_assert_safe_for_dot_action2026-06-03

08 — Scanner Scheduling & Mandatory Preflight Guard (P6)

File: sql/06_preflight_guard.sql (sha256 0519c10e…7626b8). Author-mode.

Scheduler decision

pg_cron is NOT installed (verified live). The orphan/misclass scanner DOTs (DOT-115/116) have cron_schedule NULL. Standing up a real scheduler is an infra/owner task and is not required to make the system safe. Decision: ship a mandatory preflight guard (deterministic, read-only, fail-closed) as the enforceable minimum, callable as the first statement of any future DOT/RP mutation. A scheduled re-scan can be added later (operator: install pg_cron, or run collect_dot_bin_inventory.sh + fn_backfill_scan() from an external cron/CI).

fn_preflight_guard() dimensions

check_name source severity blocks?
birth_orphan_critical_active v_birth_orphan (critical_family AND active) critical yes if >0
birth_phantom_real v_birth_phantom (phantom_class='REAL_MISSING') high yes if >0
fs_dot_file_no_registry v_dot_fs_reconciliation (FILE_NO_REGISTRY) high yes if >0
governance_row_born_unowned v_governance_row_object_gap (BORN_BUT_UNOWNED) medium warn
governance_gate_ospa governance_object_ownership active count info reports OPEN/CLOSED

fn_assert_safe_for_dot_action() raises an exception listing every BLOCK dimension that is non-zero; WARN/INFO never block. Accepted-exceptions table _preflight_accepted_exceptions lets known/quarantined items (e.g. SYNTHETIC_TEST phantoms) be acknowledged so they don't block forever.

Minimum preflight before any DOT/RP mutation (the contract list)

  • birth orphan critical count — ✅
  • birth phantom critical (real) count — ✅
  • filesystem DOT orphan/drift count — ✅ (once P2 snapshot loaded)
  • governance row-gap critical/unknown count — ✅ (BORN_BUT_UNOWNED surfaced; warn while gate closed)
  • accepted/quarantined exceptions list — ✅ (_preflight_accepted_exceptions)
  • L2/governance rollout status — ✅ (governance_gate_ospa OPEN/CLOSED)

Usage pattern

Open a transaction, call fn_assert_safe_for_dot_action() first (it aborts the transaction if unsafe), perform the lawful DOT-driven change, then commit.

Rollback

Drop function fn_assert_safe_for_dot_action, function fn_preflight_guard, table _preflight_accepted_exceptions. Exact in sql/99_rollback_all.sql.

Back to Knowledge Hub knowledge/dev/reports/architecture/birth-orphan-dot-filesystem-hardening-macro-2026-06-03/08-scanner-scheduling-and-mandatory-preflight-guard.md