npm - maestro-flow - Versions diffs - 0.3.2 → 0.3.4 - Mend

maestro-flow 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

package/.claude/skills/team-tech-debt/SKILL.md CHANGED Viewed

@@ -1,128 +1,128 @@
----
-name: team-tech-debt
-description: Unified team skill for tech debt identification and remediation. Scans codebase for tech debt, assesses severity, plans and executes fixes with validation. Uses team-worker agent architecture with roles/ for domain logic. Coordinator orchestrates pipeline, workers are team-worker agents. Triggers on "team tech debt".
-allowed-tools: Agent, AskUserQuestion, Read, Write, Edit, Bash, Glob, Grep, TaskList, TaskGet, TaskUpdate, TaskCreate, TeamCreate, TeamDelete, SendMessage, mcp__ace-tool__search_context, mcp__ccw-tools__read_file, mcp__ccw-tools__write_file, mcp__ccw-tools__edit_file, mcp__ccw-tools__team_msg
----
-# Team Tech Debt
-Systematic tech debt governance: scan -> assess -> plan -> fix -> validate. Built on **team-worker agent architecture** — all worker roles share a single agent definition with role-specific Phase 2-4 loaded from `roles/<role>/role.md`.
-## Architecture
-```
-Skill(skill="team-tech-debt", args="task description")
-                    |
-         SKILL.md (this file) = Router
-                    |
-     +--------------+--------------+
-     |                             |
-  no --role flag              --role <name>
-     |                             |
-  Coordinator                  Worker
-  roles/coordinator/role.md    roles/<name>/role.md
-     |
-     +-- analyze → dispatch → spawn workers → STOP
-                                    |
-                    +-------+-------+-------+-------+
-                    v       v       v       v       v
-           [team-worker agents, each loads roles/<role>/role.md]
-          scanner  assessor  planner  executor  validator
-```
-## Role Registry
-| Role | Path | Prefix | Inner Loop |
-|------|------|--------|------------|
-| coordinator | [roles/coordinator/role.md](roles/coordinator/role.md) | — | — |
-| scanner | [roles/scanner/role.md](roles/scanner/role.md) | TDSCAN-* | false |
-| assessor | [roles/assessor/role.md](roles/assessor/role.md) | TDEVAL-* | false |
-| planner | [roles/planner/role.md](roles/planner/role.md) | TDPLAN-* | false |
-| executor | [roles/executor/role.md](roles/executor/role.md) | TDFIX-* | true |
-| validator | [roles/validator/role.md](roles/validator/role.md) | TDVAL-* | false |
-## Role Router
-Parse `$ARGUMENTS`:
-- Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
-- No `--role` → `@roles/coordinator/role.md`, execute entry router
-## Shared Constants
-- **Session prefix**: `TD`
-- **Session path**: `.workflow/.team/TD-<slug>-<date>/`
-- **CLI tools**: `maestro cli --mode analysis` (read-only), `maestro cli --mode write` (modifications)
-- **Message bus**: `mcp__ccw-tools__team_msg(session_id=<session-id>, ...)`
-- **Max GC rounds**: 3
-## Worker Spawn Template
-Coordinator spawns workers using this template:
-```
-Agent({
-  subagent_type: "team-worker",
-  description: "Spawn <role> worker for <task-id>",
-  team_name: "tech-debt",
-  name: "<role>",
-  run_in_background: true,
-  prompt: `## Role Assignment
-role: <role>
-role_spec: <skill_root>/roles/<role>/role.md
-session: <session-folder>
-session_id: <session-id>
-team_name: tech-debt
-requirement: <task-description>
-inner_loop: <true|false>
-## Progress Milestones
-session_id: <session-id>
-Report progress via team_msg at natural phase boundaries (context loaded -> core work done -> verification).
-Report blockers immediately via team_msg type="blocker".
-Report completion via team_msg type="task_complete" after final SendMessage.
-Read role_spec file (@<skill_root>/roles/<role>/role.md) to load Phase 2-4 domain instructions.
-Execute built-in Phase 1 (task discovery) -> role Phase 2-4 -> built-in Phase 5 (report).`
-})
-```
-## User Commands
-| Command | Action |
-|---------|--------|
-| `check` / `status` | View execution status graph |
-| `resume` / `continue` | Advance to next step |
-| `--mode=scan` | Run scan-only pipeline (TDSCAN + TDEVAL) |
-| `--mode=targeted` | Run targeted pipeline (TDPLAN + TDFIX + TDVAL) |
-| `--mode=remediate` | Run full pipeline (default) |
-| `-y` / `--yes` | Skip confirmations |
-## Specs Reference
-- [specs/pipelines.md](specs/pipelines.md) — Pipeline definitions and task registry
-## Session Directory
-```
-.workflow/.team/TD-<slug>-<date>/
-├── .msg/
-│   ├── messages.jsonl      # Team message bus
-│   └── meta.json           # Pipeline config + role state snapshot
-├── scan/                   # Scanner output
-├── assessment/             # Assessor output
-├── plan/                   # Planner output
-├── fixes/                  # Executor output
-├── validation/             # Validator output
-└── wisdom/                 # Cross-task knowledge
-```
-## Error Handling
-| Scenario | Resolution |
-|----------|------------|
-| Unknown command | Error with available command list |
-| Role not found | Error with role registry |
-| Session corruption | Attempt recovery, fallback to manual |
-| Fast-advance conflict | Coordinator reconciles on next callback |
-| Completion action fails | Default to Keep Active |
-| Scanner finds no debt | Report clean codebase, skip to summary |
+---
+name: team-tech-debt
+description: Unified team skill for tech debt identification and remediation. Scans codebase for tech debt, assesses severity, plans and executes fixes with validation. Uses team-worker agent architecture with roles/ for domain logic. Coordinator orchestrates pipeline, workers are team-worker agents. Triggers on "team tech debt".
+allowed-tools: Agent, AskUserQuestion, Read, Write, Edit, Bash, Glob, Grep, TaskList, TaskGet, TaskUpdate, TaskCreate, TeamCreate, TeamDelete, SendMessage, mcp__ace-tool__search_context, mcp__ccw-tools__read_file, mcp__ccw-tools__write_file, mcp__ccw-tools__edit_file, mcp__ccw-tools__team_msg
+---
+# Team Tech Debt
+Systematic tech debt governance: scan -> assess -> plan -> fix -> validate. Built on **team-worker agent architecture** — all worker roles share a single agent definition with role-specific Phase 2-4 loaded from `roles/<role>/role.md`.
+## Architecture
+```
+Skill(skill="team-tech-debt", args="task description")
+                    |
+         SKILL.md (this file) = Router
+                    |
+     +--------------+--------------+
+     |                             |
+  no --role flag              --role <name>
+     |                             |
+  Coordinator                  Worker
+  roles/coordinator/role.md    roles/<name>/role.md
+     |
+     +-- analyze → dispatch → spawn workers → STOP
+                                    |
+                    +-------+-------+-------+-------+
+                    v       v       v       v       v
+           [team-worker agents, each loads roles/<role>/role.md]
+          scanner  assessor  planner  executor  validator
+```
+## Role Registry
+| Role | Path | Prefix | Inner Loop |
+|------|------|--------|------------|
+| coordinator | [roles/coordinator/role.md](roles/coordinator/role.md) | — | — |
+| scanner | [roles/scanner/role.md](roles/scanner/role.md) | TDSCAN-* | false |
+| assessor | [roles/assessor/role.md](roles/assessor/role.md) | TDEVAL-* | false |
+| planner | [roles/planner/role.md](roles/planner/role.md) | TDPLAN-* | false |
+| executor | [roles/executor/role.md](roles/executor/role.md) | TDFIX-* | true |
+| validator | [roles/validator/role.md](roles/validator/role.md) | TDVAL-* | false |
+## Role Router
+Parse `$ARGUMENTS`:
+- Has `--role <name>` → Read `roles/<name>/role.md`, execute Phase 2-4
+- No `--role` → `@roles/coordinator/role.md`, execute entry router
+## Shared Constants
+- **Session prefix**: `TD`
+- **Session path**: `.workflow/.team/TD-<slug>-<date>/`
+- **CLI tools**: `maestro delegate --mode analysis` (read-only), `maestro delegate --mode write` (modifications)
+- **Message bus**: `mcp__ccw-tools__team_msg(session_id=<session-id>, ...)`
+- **Max GC rounds**: 3
+## Worker Spawn Template
+Coordinator spawns workers using this template:
+```
+Agent({
+  subagent_type: "team-worker",
+  description: "Spawn <role> worker for <task-id>",
+  team_name: "tech-debt",
+  name: "<role>",
+  run_in_background: true,
+  prompt: `## Role Assignment
+role: <role>
+role_spec: <skill_root>/roles/<role>/role.md
+session: <session-folder>
+session_id: <session-id>
+team_name: tech-debt
+requirement: <task-description>
+inner_loop: <true|false>
+## Progress Milestones
+session_id: <session-id>
+Report progress via team_msg at natural phase boundaries (context loaded -> core work done -> verification).
+Report blockers immediately via team_msg type="blocker".
+Report completion via team_msg type="task_complete" after final SendMessage.
+Read role_spec file (@<skill_root>/roles/<role>/role.md) to load Phase 2-4 domain instructions.
+Execute built-in Phase 1 (task discovery) -> role Phase 2-4 -> built-in Phase 5 (report).`
+})
+```
+## User Commands
+| Command | Action |
+|---------|--------|
+| `check` / `status` | View execution status graph |
+| `resume` / `continue` | Advance to next step |
+| `--mode=scan` | Run scan-only pipeline (TDSCAN + TDEVAL) |
+| `--mode=targeted` | Run targeted pipeline (TDPLAN + TDFIX + TDVAL) |
+| `--mode=remediate` | Run full pipeline (default) |
+| `-y` / `--yes` | Skip confirmations |
+## Specs Reference
+- [specs/pipelines.md](specs/pipelines.md) — Pipeline definitions and task registry
+## Session Directory
+```
+.workflow/.team/TD-<slug>-<date>/
+├── .msg/
+│   ├── messages.jsonl      # Team message bus
+│   └── meta.json           # Pipeline config + role state snapshot
+├── scan/                   # Scanner output
+├── assessment/             # Assessor output
+├── plan/                   # Planner output
+├── fixes/                  # Executor output
+├── validation/             # Validator output
+└── wisdom/                 # Cross-task knowledge
+```
+## Error Handling
+| Scenario | Resolution |
+|----------|------------|
+| Unknown command | Error with available command list |
+| Role not found | Error with role registry |
+| Session corruption | Attempt recovery, fallback to manual |
+| Fast-advance conflict | Coordinator reconciles on next callback |
+| Completion action fails | Default to Keep Active |
+| Scanner finds no debt | Report clean codebase, skip to summary |

package/.claude/skills/team-tech-debt/roles/executor/role.md CHANGED Viewed

@@ -1,76 +1,76 @@
----
-role: executor
-prefix: TDFIX
-inner_loop: true
-message_types: [state_update]
----
-# Tech Debt Executor
-Debt cleanup executor. Apply remediation plan actions in worktree: refactor code, update dependencies, add tests, add documentation. Batch-delegate to CLI tools, self-validate after each batch.
-## Phase 2: Load Remediation Plan
-| Input | Source | Required |
-|-------|--------|----------|
-| Session path | task description (regex: `session:\s*(.+)`) | Yes |
-| .msg/meta.json | <session>/.msg/meta.json | Yes |
-| Remediation plan | <session>/plan/remediation-plan.json | Yes |
-| Worktree info | meta.json:worktree.path, worktree.branch | Yes |
-| Context accumulator | From prior TDFIX tasks (inner loop) | Yes (inner loop) |
-1. Extract session path from task description
-2. Read .msg/meta.json for worktree path and branch
-3. Read remediation-plan.json, extract all actions from plan phases
-4. Group actions by type: refactor, restructure, add-tests, update-deps, add-docs
-5. Split large groups (> 10 items) into sub-batches of 10
-6. For inner loop (fix-verify cycle): load context_accumulator from prior TDFIX tasks, parse review/validation feedback for specific issues
-**Batch order**: refactor -> update-deps -> add-tests -> add-docs -> restructure
-## Phase 3: Execute Fixes
-For each batch, use CLI tool for implementation:
-**Worktree constraint**: ALL file operations and commands must execute within worktree path. Use `cd "<worktree-path>" && ...` prefix for all Bash commands.
-**Per-batch delegation**:
-```bash
-maestro cli -p "PURPOSE: Apply tech debt fixes in batch; success = all items fixed without breaking changes
-TASK: <batch-type-specific-tasks>
-MODE: write
-CONTEXT: @<worktree-path>/**/* | Memory: Remediation plan context
-EXPECTED: Code changes that fix debt items, maintain backward compatibility, pass existing tests
-CONSTRAINTS: Minimal changes only | No new features | No suppressions | Read files before modifying
-Batch type: <refactor|update-deps|add-tests|add-docs|restructure>
-Items: <list-of-items-with-file-paths-and-descriptions>" --tool gemini --mode write --cd "<worktree-path>"
-```
-Wait for CLI completion before proceeding to next batch.
-**Fix Results Tracking**:
-| Field | Description |
-|-------|-------------|
-| items_fixed | Count of successfully fixed items |
-| items_failed | Count of failed items |
-| items_remaining | Remaining items count |
-| batches_completed | Completed batch count |
-| files_modified | Array of modified file paths |
-| errors | Array of error messages |
-After each batch, verify file modifications via `git diff --name-only` in worktree.
-## Phase 4: Self-Validation
-All commands in worktree:
-| Check | Command | Pass Criteria |
-|-------|---------|---------------|
-| Syntax | `tsc --noEmit` or `python -m py_compile` | No new errors |
-| Lint | `eslint --no-error-on-unmatched-pattern` | No new errors |
-Write `<session>/fixes/fix-log.json` with fix results. Update .msg/meta.json with `fix_results`.
-Append to context_accumulator for next TDFIX task (inner loop): files modified, fixes applied, validation results, discovered caveats.
+---
+role: executor
+prefix: TDFIX
+inner_loop: true
+message_types: [state_update]
+---
+# Tech Debt Executor
+Debt cleanup executor. Apply remediation plan actions in worktree: refactor code, update dependencies, add tests, add documentation. Batch-delegate to CLI tools, self-validate after each batch.
+## Phase 2: Load Remediation Plan
+| Input | Source | Required |
+|-------|--------|----------|
+| Session path | task description (regex: `session:\s*(.+)`) | Yes |
+| .msg/meta.json | <session>/.msg/meta.json | Yes |
+| Remediation plan | <session>/plan/remediation-plan.json | Yes |
+| Worktree info | meta.json:worktree.path, worktree.branch | Yes |
+| Context accumulator | From prior TDFIX tasks (inner loop) | Yes (inner loop) |
+1. Extract session path from task description
+2. Read .msg/meta.json for worktree path and branch
+3. Read remediation-plan.json, extract all actions from plan phases
+4. Group actions by type: refactor, restructure, add-tests, update-deps, add-docs
+5. Split large groups (> 10 items) into sub-batches of 10
+6. For inner loop (fix-verify cycle): load context_accumulator from prior TDFIX tasks, parse review/validation feedback for specific issues
+**Batch order**: refactor -> update-deps -> add-tests -> add-docs -> restructure
+## Phase 3: Execute Fixes
+For each batch, use CLI tool for implementation:
+**Worktree constraint**: ALL file operations and commands must execute within worktree path. Use `cd "<worktree-path>" && ...` prefix for all Bash commands.
+**Per-batch delegation**:
+```bash
+maestro delegate "PURPOSE: Apply tech debt fixes in batch; success = all items fixed without breaking changes
+TASK: <batch-type-specific-tasks>
+MODE: write
+CONTEXT: @<worktree-path>/**/* | Memory: Remediation plan context
+EXPECTED: Code changes that fix debt items, maintain backward compatibility, pass existing tests
+CONSTRAINTS: Minimal changes only | No new features | No suppressions | Read files before modifying
+Batch type: <refactor|update-deps|add-tests|add-docs|restructure>
+Items: <list-of-items-with-file-paths-and-descriptions>" --tool gemini --mode write --cd "<worktree-path>"
+```
+Wait for CLI completion before proceeding to next batch.
+**Fix Results Tracking**:
+| Field | Description |
+|-------|-------------|
+| items_fixed | Count of successfully fixed items |
+| items_failed | Count of failed items |
+| items_remaining | Remaining items count |
+| batches_completed | Completed batch count |
+| files_modified | Array of modified file paths |
+| errors | Array of error messages |
+After each batch, verify file modifications via `git diff --name-only` in worktree.
+## Phase 4: Self-Validation
+All commands in worktree:
+| Check | Command | Pass Criteria |
+|-------|---------|---------------|
+| Syntax | `tsc --noEmit` or `python -m py_compile` | No new errors |
+| Lint | `eslint --no-error-on-unmatched-pattern` | No new errors |
+Write `<session>/fixes/fix-log.json` with fix results. Update .msg/meta.json with `fix_results`.
+Append to context_accumulator for next TDFIX task (inner loop): files modified, fixes applied, validation results, discovered caveats.

package/.claude/skills/team-tech-debt/roles/scanner/role.md CHANGED Viewed

@@ -1,90 +1,90 @@
----
-role: scanner
-prefix: TDSCAN
-inner_loop: false
-message_types: [state_update]
----
-# Tech Debt Scanner
-Multi-dimension tech debt scanner. Scan codebase across 5 dimensions (code, architecture, testing, dependency, documentation), produce structured debt inventory with severity rankings.
-## Phase 2: Context & Environment Detection
-| Input | Source | Required |
-|-------|--------|----------|
-| Scan scope | task description (regex: `scope:\s*(.+)`) | No (default: `**/*`) |
-| Session path | task description (regex: `session:\s*(.+)`) | Yes |
-| .msg/meta.json | <session>/.msg/meta.json | Yes |
-1. Extract session path and scan scope from task description
-2. Load debug specs: Run `ccw spec load --category debug` for known issues, workarounds, and root-cause notes
-3. Read .msg/meta.json for team context
-3. Detect project type and framework:
-| Signal File | Project Type |
-|-------------|-------------|
-| package.json + React/Vue/Angular | Frontend Node |
-| package.json + Express/Fastify/NestJS | Backend Node |
-| pyproject.toml / requirements.txt | Python |
-| go.mod | Go |
-| No detection | Generic |
-4. Determine scan dimensions (default: code, architecture, testing, dependency, documentation)
-5. Detect perspectives from task description:
-| Condition | Perspective |
-|-----------|-------------|
-| `security\|auth\|inject\|xss` | security |
-| `performance\|speed\|optimize` | performance |
-| `quality\|clean\|maintain\|debt` | code-quality |
-| `architect\|pattern\|structure` | architecture |
-| Default | code-quality + architecture |
-6. Assess complexity:
-| Score | Complexity | Strategy |
-|-------|------------|----------|
-| >= 4 | High | Triple Fan-out: CLI explore + CLI 5 dimensions + multi-perspective Gemini |
-| 2-3 | Medium | Dual Fan-out: CLI explore + CLI 3 dimensions |
-| 0-1 | Low | Inline: ACE search + Grep |
-## Phase 3: Multi-Dimension Scan
-**Low Complexity** (inline):
-- Use `mcp__ace-tool__search_context` for code smells, TODO/FIXME, deprecated APIs, complex functions, dead code, missing tests
-- Classify findings into dimensions
-**Medium/High Complexity** (Fan-out):
-- Fan-out A: CLI exploration (structure, patterns, dependencies angles) via `maestro cli --tool gemini --mode analysis`
-- Fan-out B: CLI dimension analysis (parallel gemini per dimension -- code, architecture, testing, dependency, documentation)
-- Fan-out C (High only): Multi-perspective Gemini analysis (security, performance, code-quality, architecture)
-- Fan-in: Merge results, cross-deduplicate by file:line, boost severity for multi-source findings
-**Standardize each finding**:
-| Field | Description |
-|-------|-------------|
-| `id` | `TD-NNN` (sequential) |
-| `dimension` | code, architecture, testing, dependency, documentation |
-| `severity` | critical, high, medium, low |
-| `file` | File path |
-| `line` | Line number |
-| `description` | Issue description |
-| `suggestion` | Fix suggestion |
-| `estimated_effort` | small, medium, large, unknown |
-### Tech Profile Scan
-After multi-dimension scan, emit context-aware trigger signals (based on detected codebase characteristics):
-1. Check debt dimensions → signals (`legacy_patterns`, `test_gap`, `perf_sensitive`)
-2. Check detected patterns → risk signals (`sql_detected`, `auth_detected`, `scaling_concern`, `injection_risk`)
-3. Include `tech_profile` in Phase 5 state_update data
-## Phase 4: Aggregate & Save
-1. Deduplicate findings across Fan-out layers (file:line key), merge cross-references
-2. Sort by severity (cross-referenced items boosted)
-3. Write `<session>/scan/debt-inventory.json` with scan_date, dimensions, total_items, by_dimension, by_severity, items
-4. Update .msg/meta.json with `debt_inventory` array and `debt_score_before` count
+---
+role: scanner
+prefix: TDSCAN
+inner_loop: false
+message_types: [state_update]
+---
+# Tech Debt Scanner
+Multi-dimension tech debt scanner. Scan codebase across 5 dimensions (code, architecture, testing, dependency, documentation), produce structured debt inventory with severity rankings.
+## Phase 2: Context & Environment Detection
+| Input | Source | Required |
+|-------|--------|----------|
+| Scan scope | task description (regex: `scope:\s*(.+)`) | No (default: `**/*`) |
+| Session path | task description (regex: `session:\s*(.+)`) | Yes |
+| .msg/meta.json | <session>/.msg/meta.json | Yes |
+1. Extract session path and scan scope from task description
+2. Load debug specs: Run `ccw spec load --category debug` for known issues, workarounds, and root-cause notes
+3. Read .msg/meta.json for team context
+3. Detect project type and framework:
+| Signal File | Project Type |
+|-------------|-------------|
+| package.json + React/Vue/Angular | Frontend Node |
+| package.json + Express/Fastify/NestJS | Backend Node |
+| pyproject.toml / requirements.txt | Python |
+| go.mod | Go |
+| No detection | Generic |
+4. Determine scan dimensions (default: code, architecture, testing, dependency, documentation)
+5. Detect perspectives from task description:
+| Condition | Perspective |
+|-----------|-------------|
+| `security\|auth\|inject\|xss` | security |
+| `performance\|speed\|optimize` | performance |
+| `quality\|clean\|maintain\|debt` | code-quality |
+| `architect\|pattern\|structure` | architecture |
+| Default | code-quality + architecture |
+6. Assess complexity:
+| Score | Complexity | Strategy |
+|-------|------------|----------|
+| >= 4 | High | Triple Fan-out: CLI explore + CLI 5 dimensions + multi-perspective Gemini |
+| 2-3 | Medium | Dual Fan-out: CLI explore + CLI 3 dimensions |
+| 0-1 | Low | Inline: ACE search + Grep |
+## Phase 3: Multi-Dimension Scan
+**Low Complexity** (inline):
+- Use `mcp__ace-tool__search_context` for code smells, TODO/FIXME, deprecated APIs, complex functions, dead code, missing tests
+- Classify findings into dimensions
+**Medium/High Complexity** (Fan-out):
+- Fan-out A: CLI exploration (structure, patterns, dependencies angles) via `maestro delegate --to gemini --mode analysis`
+- Fan-out B: CLI dimension analysis (parallel gemini per dimension -- code, architecture, testing, dependency, documentation)
+- Fan-out C (High only): Multi-perspective Gemini analysis (security, performance, code-quality, architecture)
+- Fan-in: Merge results, cross-deduplicate by file:line, boost severity for multi-source findings
+**Standardize each finding**:
+| Field | Description |
+|-------|-------------|
+| `id` | `TD-NNN` (sequential) |
+| `dimension` | code, architecture, testing, dependency, documentation |
+| `severity` | critical, high, medium, low |
+| `file` | File path |
+| `line` | Line number |
+| `description` | Issue description |
+| `suggestion` | Fix suggestion |
+| `estimated_effort` | small, medium, large, unknown |
+### Tech Profile Scan
+After multi-dimension scan, emit context-aware trigger signals (based on detected codebase characteristics):
+1. Check debt dimensions → signals (`legacy_patterns`, `test_gap`, `perf_sensitive`)
+2. Check detected patterns → risk signals (`sql_detected`, `auth_detected`, `scaling_concern`, `injection_risk`)
+3. Include `tech_profile` in Phase 5 state_update data
+## Phase 4: Aggregate & Save
+1. Deduplicate findings across Fan-out layers (file:line key), merge cross-references
+2. Sort by severity (cross-referenced items boosted)
+3. Write `<session>/scan/debt-inventory.json` with scan_date, dimensions, total_items, by_dimension, by_severity, items
+4. Update .msg/meta.json with `debt_inventory` array and `debt_score_before` count