F6 Pre-Activation Macro SQL — Scanner Read-Only Path + Payload Shaping
-- F-6 SCANNER READ-ONLY PATH (Objective B/D) — NO WRITES OF ANY KIND. -- Runnable via query_pg (read-only role) or psql. Produces the coverage rollup, -- per-scope / per-group drill-downs, and the issue/event PAYLOAD SHAPES that the -- write-half of the scanner WOULD emit (shaped as SELECT expressions, never inserted). -- The scanner WRITE-half (governance_candidate_state / candidate_scan_run / -- system_issues / event_outbox) is activation-gated and intentionally absent here.
-- 1) COVERAGE SUMMARY (single row) ------------------------------------------- WITH inv AS (SELECT count() c FROM v_governance_object_inventory WHERE requires_owner AND born), scopes AS (SELECT count() c FROM governance_responsibility_scope WHERE status='active'), covered AS ( SELECT count() c FROM v_object_effective_owner eo JOIN v_governance_object_inventory i ON i.object_type=eo.object_type AND i.object_ref=eo.object_ref WHERE eo.owner_kind='accountable'), gap AS (SELECT count() c FROM v_object_owner_gap), conflict AS (SELECT count() c FROM v_object_owner_conflict), own AS (SELECT count() c FROM governance_object_ownership) SELECT inv.c AS governed_objects, scopes.c AS active_scopes, inv.cscopes.c AS ceiling, covered.c AS covered_cells, gap.c AS gap_cells, conflict.c AS conflict_cells, own.c AS ownership_rows, round(100.0covered.c/NULLIF(inv.cscopes.c,0),2) AS coverage_pct, (covered.c+gap.c = inv.cscopes.c) AS invariant_holds FROM inv,scopes,covered,gap,conflict,own;
-- 2) PER-SCOPE and PER-GROUP gap drill-down ---------------------------------- SELECT 'per_scope' AS dim, g.scope AS key, count() AS gap_cells FROM v_object_owner_gap g GROUP BY g.scope UNION ALL SELECT 'per_group', ct.parent_ref, count() FROM v_object_owner_gap g JOIN v_governance_object_containment ct ON ct.object_type=g.object_type AND ct.object_ref=g.object_ref GROUP BY ct.parent_ref ORDER BY dim, key;
-- 3) ISSUE / EVENT PAYLOAD SHAPES (read-only; NEVER inserted) ----------------- -- system_issues has 9 triggers and event_outbox has 1 trigger; persisting to -- either is NOT inert. These payloads are shaped purely for review. WITH sample_gap AS (SELECT object_type,object_ref,scope FROM v_object_owner_gap ORDER BY object_ref,scope LIMIT 1) SELECT json_build_object('code','GAP-'||g.object_ref||'-'||g.scope,'issue_type','governance_coverage_gap', 'issue_class','ownership','severity','warning','entity_type',g.object_type,'entity_code',g.object_ref, 'source','gov_coverage_scanner','coalesce_key','gap:'||g.object_type||':'||g.object_ref||':'||g.scope, 'evidence_snapshot',json_build_object('object',g.object_ref,'scope',g.scope,'missing','accountable_owner') ) AS gap_issue_payload, json_build_object('event_domain','governance','event_type','coverage.gap.detected', 'event_stream','gov_coverage','delivery_lane','internal','payload_classification','safe', 'event_subject_table','governance_object_ownership','event_subject_ref',g.object_ref||':'||g.scope, 'safe_payload',json_build_object('object',g.object_ref,'scope',g.scope,'kind','missing_accountable_owner') ) AS event_payload_template FROM sample_gap g;