KB-7122
02 — Remediation Item Triage (143/143)
3 min read Revision 1
02 — Remediation Item Triage
All 143 orphan rows triaged, 0 left unclassified. Stored in wf_remediation_triage (1 row per orphan, UNIQUE(source_key,object_key)). Each orphan was joined to its snapshot to recover command/path_or_ref, then classified by a deterministic rule set into one of the candidate clusters (§03). triaged_rows = 143 == orphan_rows = 143.
Triage rule order (most-specific first)
*.pre-* / *.retired / *.anchors / pre-claude / pre-fix / pre-phase / *.bak / *.old→ BACKUP_OR_NOISE (quarantine)- source=
kb_sop_docs→ DOCUMENT_DEFINED (link) - source=
docker_containers→ NEEDS_OWNER (runtime service) - source=
systemd_timersORe2scrub|debian-sa1|certbot|ip route|run/systemd|sysstat→ OS_LEVEL_INFRA (accept) auto_apply_approval|expire_stale_approval|fn_expire→ approval lifecycle (PROCESS_CANDIDATE)dot-nrm/dot-hc-executor→ DOT_IMPLEMENTATION_ONLY (merge to existing DOT)reconcile/ backup family / permission family / health family / publish family / kuma-ensure / process-discovery-scan → respective PROCESS_CANDIDATE or COMPONENTcron-env→ shared lib (COMPONENT, not-process)docker exec … psql(inline, throttled) → NEEDS_MORE_EVIDENCE (exact fn truncated)/dot/bin/or source=fs_dot_bin→ DOT_IMPLEMENTATION_ONLY (reconcile to dot_tools)- else → NEEDS_MORE_EVIDENCE (catch-all; none hit in practice)
Classification distribution (143 objects)
| classification | objects | next action |
|---|---|---|
| PROCESS_CANDIDATE | 50 | confirm candidate |
| DOT_IMPLEMENTATION_ONLY | 34 | merge/reconcile to DOT |
| OS_LEVEL_INFRA | 29 | accept OS-level |
| COMPONENT_OF_EXISTING_PROCESS | 11 | attach as component / mark not-process |
| NEEDS_OWNER | 11 | assign owner (docker) |
| NEEDS_MORE_EVIDENCE | 4 | request evidence (throttled DB jobs) |
| BACKUP_OR_NOISE | 3 | quarantine |
| NEEDS_HUMAN_REVIEW | 1 | human review (infra config) |
Every row carries recommended_next_action; the 4 NEEDS_MORE_EVIDENCE + 1 NEEDS_HUMAN_REVIEW rows carry the exact missing_evidence field ("exact invoked target/function — cron command truncated — or runtime run-row"). No row is left without a classification and an action.