chore(shadow): log incident before SystemExit(2) on missing asset

Self-audit weak-point closure — found by reviewing the runner for
audit-trail completeness after the Codex P1 fixes.

scripts/run_cross_asset_kuramoto_shadow.py::_target_run_date:
  Previous behaviour on missing-asset CAKInvariantError was a bare
  SystemExit(2), leaving the operator with only the process exit code
  to debug. Now appends a row to operational_incidents.csv with
  incident_type='missing_asset', severity=CRITICAL, description
  containing the asset name and data_dir, then raises SystemExit(2)
  from the original exception. Closes the audit gap that the
  existing hash-mismatch and invariant-violation paths already
  covered.

tests/ops/test_codex_p1_regressions.py:
  - New test_missing_asset_logs_incident_before_exit pins the
    incident-before-exit behaviour (monkeypatched INCIDENTS path to
    tmp_path so real evidence rail is untouched).
  - Lifted two nested imports (pandas, datetime) to module top.
  - 6/6 tests pass locally; mypy --strict + ruff + black all clean.

SOURCE_HASHES.json regenerated (runner .py byte-change); CI
detect-secrets.baseline updated via 'detect-secrets scan' and
verified via local invocation of the CI hook command (exit 0).

84 passed + 1 xfail across all cross-asset Kuramoto test suites.
No signal logic touched. No frozen parameter modified. No evidence
CSV edited. combo_v1 closure enforcement intact.

Author: neuron7xLab

.github/detect-secrets.baseline

@@ -6385,7 +6385,7 @@
       {
         "type": "Hex High Entropy String",
         "filename": "results/cross_asset_kuramoto/offline_robustness/SOURCE_HASHES.json",
-        "hashed_secret": "738f0d6374500c97122e2788e5087509905a11e1",
+        "hashed_secret": "e7a923151affed41b0bc44e873fd946e4809b880",
         "is_verified": false,
         "line_number": 26
       },
@@ -7257,5 +7257,5 @@
       }
     ]
   },
-  "generated_at": "2026-04-22T05:19:07Z"
+  "generated_at": "2026-04-22T06:08:57Z"
 }

results/cross_asset_kuramoto/offline_robustness/SOURCE_HASHES.json

@@ -23,12 +23,12 @@
     "core/cross_asset_kuramoto/engine.py": "2f1dc1c976e7c8f3a2e57c9e521541083fa568a0dc7b63e5aa40395ef9d8c59d",
     "core/cross_asset_kuramoto/invariants.py": "f5627c2ed1d25bab11f816c00f3af74bd23380725b1c01344f3b250e016e035e",
     "scripts/demo_cross_asset_kuramoto.py": "36041afa804e5ad46189eaa9166e064a0714aa6f47a6a16e4556054bc03deb79",
-    "scripts/run_cross_asset_kuramoto_shadow.py": "2ca05d80215282eba0a9cb1ee371262775ca024286b3576d0cadc53a6ce37b82",
+    "scripts/run_cross_asset_kuramoto_shadow.py": "1de3f495c7e657991ae63ad33a8342a6cbdbf814f4fa7fd8d2740f5aeb24b910",
     "scripts/evaluate_cross_asset_kuramoto_shadow.py": "35f8801a37df3280d727a1adf74ba03c386c3402024de4d2db146285c3da8fe6",
     "scripts/render_cross_asset_kuramoto_shadow_report.py": "b12b35a6989d61e7dbf1dadd08247f16fb0ab2a07659683eacf9553cf0425dbf",
     "scripts/push_shadow_evidence.sh": "33b91955c0ec61bd274e34d309421079b06dccd3026aa3109aaa8632614b442d",
     "ops/systemd/cross_asset_kuramoto_shadow.service": "673905e2206bacce78707a669d86f29b4a2f73eeb87a5fdfe820ae5460d54a44",
     "ops/systemd/cross_asset_kuramoto_shadow.timer": "b87272d9adb3ddd967d1b92e07301168d71a1fb1787ce396656103a197553015"
   },
-  "regenerated_utc": "2026-04-22T05:00:14Z"
+  "regenerated_utc": "2026-04-22T06:08:01Z"
 }

scripts/run_cross_asset_kuramoto_shadow.py

@@ -137,15 +137,34 @@ def _fail_closed(run_dir: Path, msg: str, code: int) -> None:
 
 
 def _target_run_date(data_dir: Path, assets: list[str]) -> pd.Timestamp:
-    """Latest common business-day timestamp across the regime universe."""
+    """Latest common business-day timestamp across the regime universe.
+
+    On a missing asset the exit code is 2 and an operational incident
+    row is appended — so the failure is auditable from the ledger
+    rather than only the process-exit-status.
+    """
     from core.cross_asset_kuramoto.signal import load_asset_close
 
     last_ts: list[pd.Timestamp] = []
     for a in assets:
         try:
             s = load_asset_close(a, data_dir)
-        except CAKInvariantError:
-            raise SystemExit(2)  # missing asset
+        except CAKInvariantError as exc:
+            _append_incident(
+                {
+                    "incident_ts": _now_utc(),
+                    "incident_type": "missing_asset",
+                    "severity": "CRITICAL",
+                    "affected_run_date": "",
+                    "description": (
+                        f"load_asset_close failed for asset {a!r} at data_dir={data_dir}: {exc}"
+                    ),
+                    "resolved_yes_no": "no",
+                    "resolution_ts": "",
+                    "changed_artifacts_yes_no": "no",
+                }
+            )
+            raise SystemExit(2) from exc
         last_ts.append(s.index.max())
     return min(last_ts).normalize()
 

tests/ops/test_codex_p1_regressions.py

@@ -21,6 +21,7 @@
 import importlib.util
 import subprocess
 import sys
+from datetime import datetime, timezone
 from pathlib import Path
 from types import ModuleType
 
@@ -120,14 +121,10 @@ def test_runner_quarantines_partial_daily_dir(
     # The function under test lives *between* `_already_written` and the
     # final `mkdir(exist_ok=False)`. We replicate its contract in-place
     # without running the full pipeline (which needs spike data).
-    import pandas as _pd
-
-    run_date = _pd.Timestamp(partial_day)
+    run_date = pd.Timestamp(partial_day)
     assert not runner._already_written(run_date)
 
     # Simulate the logic path the runner takes on retry:
-    from datetime import datetime, timezone
-
     ts_suffix = datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%SZ")
     quarantine = partial_dir.with_name(f"{partial_dir.name}.incomplete.{ts_suffix}")
     partial_dir.rename(quarantine)
@@ -142,6 +139,33 @@ def test_runner_quarantines_partial_daily_dir(
     assert list(partial_dir.iterdir()) == []
 
 
+def test_missing_asset_logs_incident_before_exit(
+    tmp_path: Path, monkeypatch: pytest.MonkeyPatch
+) -> None:
+    """Audit gap closed: a missing regime-panel asset must leave a
+    row in operational_incidents.csv before the runner exits 2.
+    Without this, the operator has only the exit status to debug."""
+    runner = _load_module(RUNNER_SCRIPT, "shadow_runner_missing_asset")
+
+    incidents = tmp_path / "operational_incidents.csv"
+    monkeypatch.setattr(runner, "INCIDENTS", incidents)
+
+    missing_data_dir = tmp_path / "definitely_not_a_data_bundle"
+    with pytest.raises(SystemExit) as exc_info:
+        runner._target_run_date(missing_data_dir, ["BTC"])
+
+    assert exc_info.value.code == 2
+    assert incidents.is_file(), "incident ledger must exist after missing-asset exit"
+    rows = pd.read_csv(incidents)
+    assert len(rows) >= 1
+    # Find our row (may coexist with earlier test pollution)
+    ours = rows[rows["incident_type"] == "missing_asset"]
+    assert len(ours) >= 1
+    latest = ours.iloc[-1]
+    assert latest["severity"] == "CRITICAL"
+    assert "BTC" in str(latest["description"])
+
+
 def test_runner_retry_logic_matches_source_flow() -> None:
     """Meta-regression: the runner source actually contains the
     partial-dir-retry branch. Catches accidental revert."""