10 — Evidence Quality & False-Positive Controls

To avoid fake completeness, the census applies explicit anti-inflation rules:

Negative / exclusion rules (applied)

1. Triggers & functions are COMPONENTS, not processes. pg_trigger(410) + pg_proc_functions(571) are recorded with in_process_discovery=NO and class TRIGGER_FUNCTION; they are NOT added to the 373 process-definition denominator. Counting them as processes would be a false positive.
2. DOT family = one process, two roles. dot_family_pairs uses LEAST/GREATEST keying so a producer-verifier pair is one process, not two.
3. Approval requests: governance workflow vs governed object. approval_requests(230) = many RUNS of ONE governed-approval workflow class, not 230 processes.
4. Document mentions ≠ process. kb_sop_docs is left UNKNOWN rather than guessed; an adapter must distinguish "defines a process" from "mentions one" before any count is trusted.
5. Service/container is a process source only if it exhibits runtime workflow behavior — containers recorded as EXTERNAL_SERVICE candidates, not auto-classified as processes.
6. Trigger support functions are components, surfaced under user_trigger_unmodelled at LOW severity (not promoted to candidates).

Evidence quality flags (stored in wf_census_digest.evidence_quality)

• LIVE (10 DB sources), STALE_MANUAL_PROBE (5 host sources, one probe), UNKNOWN (kb_sop_docs).

Duplicate / split controls

• duplicate_risk: IU-command(54) vs DOT overlap flagged; REQUEST_MERGE action added for human resolution.
• split_needed: dot:kg 10-definition split deferred to REAL_RUN (carried from prior macros).

Verified gate integrity (re-proven)

verified_candidates_v3 = 1 (job:cut ONLY). Simulated/dry-run/structural never reach verified. dot:kg remains correlated_dryrun_observed, NOT verified — not faked.