07 — Auto-Workflow Policy Scheduler / Orphan Scan (Workstream F) — OPERATIONAL

Scheduler choice

No pg_cron on this PG. Host already runs systemd timers for self-ops (e.g. mcp-writes-perms.timer). → used a systemd timer driving a read-only scan script.

Installed (LIVE, additive, reversible)

• /opt/incomex/scripts/process-discovery-policy-scan.sh — READ-ONLY (only SELECTs against monitor views via docker exec postgres psql); writes a markdown digest to /opt/incomex/docs/mcp-writes/process-discovery-policy-scans/scan-<ts>.md + latest.md. No DB mutation.
• /etc/systemd/system/process-discovery-policy-scan.service (oneshot).
• /etc/systemd/system/process-discovery-policy-scan.timer — OnCalendar=*-*-* 06:30:00, Persistent=true, enabled. Next run 2026-06-05 06:30.
• First run executed; digest verified.

Monitored signals (live views)

• v_process_discovery_orphan_components = 84
• v_process_discovery_correlation_gaps = 17
• v_process_discovery_drift_signals = 17
• v_process_discovery_auto_workflow_policy_gaps — per-candidate gates: component_graph / correlation / dry_run / real_run / owner / endpoint, with policy_state + next_required_action.
• v8 …_process_axis_operational_status = FIRST_TRUE_DRY_RUN_DONE_NO_REAL_RUN.
• births + guard_alerts tracked each scan (drift tripwire).

6-gate policy (now with real dry-run gate satisfied for dot:kg)

component graph → correlation → endpoint → dry-run → negative control → owner. For dot:kg: component_graph✓, endpoint✓, dry-run✓ (this run), negative-control✓ (REAL_RUN 403 + verifier rejects hallucination), correlation✗ (next), owner✗.

Safety: no blocking flip. The scan never mutates; it only reports. Birth/owner/event gates remain manual.

Rollback

systemctl disable --now process-discovery-policy-scan.timer; rm /etc/systemd/system/process-discovery-policy-scan.{service,timer} /opt/incomex/scripts/process-discovery-policy-scan.sh; systemctl daemon-reload

Completion: policy is monitorable on a daily schedule, report-only.