memento-mori-jester 0.1.94 → 0.1.95

package/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to Memento Mori Jester are tracked here.
 
 ## Unreleased
 
+## 0.1.95
+
+- Added checked public-safe support backlog records for turning closed/prioritized support outcomes into docs clarification, fixture backlog, or rule-review candidate artifacts.
+- Extended `npm run support:check` and production-readiness checks so backlog record IDs, evidence thresholds, required checks, and privacy guidance stay aligned with the support lifecycle.
+- Updated README, maintainer triage docs, support examples, production-readiness docs, roadmap, and release notes for deterministic support backlog recording.
+
 ## 0.1.94
 
 - Added a checked public-safe support outcome prioritization guide for deciding whether closed support reports become docs clarifications, fixture backlog items, or rule-review candidates.

package/README.md

@@ -76,7 +76,7 @@ For trust-building output examples, see [examples/reports](examples/reports). `n
 
 If one of those reports is confusing or stale, use the public-safe [report gallery feedback template](examples/reports/feedback-template.md). It asks for version, nearest gallery example, sanitized command/output summaries, and redacted diagnostics without private repo code or secrets.
 
-Maintainers can use the checked [support lifecycle overview](examples/support/support-lifecycle.md), [outcome prioritization guide](examples/support/outcome-prioritization.md), [support triage playbook](examples/support), [response snippets](examples/support/response-snippets.md), and [support closeout checklist](examples/support/closeout-checklist.md) to turn sanitized reports into a docs example, fixture backlog item, or rule-review candidate without changing behavior first.
+Maintainers can use the checked [support lifecycle overview](examples/support/support-lifecycle.md), [outcome prioritization guide](examples/support/outcome-prioritization.md), [support backlog records](examples/support/backlog-records.md), [support triage playbook](examples/support), [response snippets](examples/support/response-snippets.md), and [support closeout checklist](examples/support/closeout-checklist.md) to turn sanitized reports into a docs example, fixture backlog item, or rule-review candidate without changing behavior first.
 
 Expected vibe:
 
@@ -452,6 +452,7 @@ More setup examples:
 - [Report Gallery Feedback Template](examples/reports/feedback-template.md)
 - [Support Lifecycle Overview](examples/support/support-lifecycle.md)
 - [Support Outcome Prioritization](examples/support/outcome-prioritization.md)
+- [Support Backlog Records](examples/support/backlog-records.md)
 - [Support Triage Playbook](examples/support)
 - [Maintainer Response Snippets](examples/support/response-snippets.md)
 - [Support Closeout Checklist](examples/support/closeout-checklist.md)
@@ -478,6 +479,7 @@ Framework CI examples:
 - [Report Gallery Feedback Template](examples/reports/feedback-template.md)
 - [Support Lifecycle Overview](examples/support/support-lifecycle.md)
 - [Support Outcome Prioritization](examples/support/outcome-prioritization.md)
+- [Support Backlog Records](examples/support/backlog-records.md)
 - [Support Triage Playbook](examples/support)
 - [Maintainer Response Snippets](examples/support/response-snippets.md)
 - [Support Closeout Checklist](examples/support/closeout-checklist.md)
@@ -537,7 +539,7 @@ Maintainers can use [docs/MAINTAINER_TRIAGE.md](docs/MAINTAINER_TRIAGE.md) to tu
 Run `npm run fixtures:check` before merging fixture changes; it catches duplicate IDs, missing rule metadata, weak descriptions, unsafe-looking content, and duplicate content.
 Run `npm run fixtures:report` to see fixture coverage by rule, rule family, preset slice, kind, verdict, quiet-pass boundaries, feasible pass-case gaps, and curation-next guidance before choosing the next fixture. Use `npm run fixtures:report -- --markdown` when you want a paste-ready summary for release notes or GitHub issues.
 Run `npm run reports:check` after editing [examples/reports](examples/reports); it verifies the public report gallery against an installed package in a temporary consumer project.
-Run `npm run support:check` after editing issue templates, support docs, the report gallery feedback path, the [support lifecycle overview](examples/support/support-lifecycle.md), [outcome prioritization guide](examples/support/outcome-prioritization.md), [support triage playbook](examples/support), [response snippets](examples/support/response-snippets.md), or [support closeout checklist](examples/support/closeout-checklist.md); it verifies the public templates ask for useful redacted context without inviting secrets or private code.
+Run `npm run support:check` after editing issue templates, support docs, the report gallery feedback path, the [support lifecycle overview](examples/support/support-lifecycle.md), [outcome prioritization guide](examples/support/outcome-prioritization.md), [support backlog records](examples/support/backlog-records.md), [support triage playbook](examples/support), [response snippets](examples/support/response-snippets.md), or [support closeout checklist](examples/support/closeout-checklist.md); it verifies the public templates ask for useful redacted context without inviting secrets or private code.
 Run `npm run promo:card` to regenerate the repo-local social preview card after changing its copy or design.
 Run `npm run promo:check` after editing promo assets; it checks the current demo video, stills, docs, and fixture evidence numbers stay in sync.
 Run `npm run site:check` after editing the repo-local landing page; it verifies the start command, demo links, social card, repo, release, and npm links.

package/ROADMAP.md

@@ -6,6 +6,7 @@ Memento Mori Jester is usable today as a CLI, MCP server, GitHub Action, and git
 
 ## Recently Shipped
 
+- Checked support backlog records in v0.1.95, turning closed and prioritized support outcomes into public-safe docs clarification, fixture backlog, or rule-review candidate artifacts.
 - Checked support outcome prioritization in v0.1.94, helping maintainers turn closed support reports into docs, fixture backlog, or rule-review work based on public-safe evidence thresholds.
 - Checked support lifecycle overview in v0.1.93, tying report-gallery feedback, triage playbook entries, response snippets, and closeout records together by outcome.
 - Checked support closeout checklist in v0.1.92, recording whether docs clarifications shipped or queued, fixture backlogs were created, or rule-review candidates were opened.
@@ -84,6 +85,7 @@ Memento Mori Jester is usable today as a CLI, MCP server, GitHub Action, and git
 ## Product Ideas
 
 - Collect real-world reports and fold the strongest redacted cases into more framework tuning cookbook recipes.
+- Use support backlog record counts to choose the next docs, fixture, report-gallery, or rule-guidance batch.
 - Use repeated prioritized support outcomes to choose the next redacted fixture, report-gallery update, or rule-guidance review.
 - Add a hosted-page option or GitHub Pages instructions once the static page has settled.
 

package/docs/MAINTAINER_TRIAGE.md

@@ -21,7 +21,7 @@ For users who just need to understand what a healthy report looks like, point th
 
 For users who say a gallery report is confusing, stale, or hard to compare with their local output, point them at [examples/reports/feedback-template.md](../examples/reports/feedback-template.md) or the GitHub [report gallery feedback issue template](../.github/ISSUE_TEMPLATE/report_gallery_feedback.yml). It asks for the nearest checked example, sanitized command and output summaries, version, and redacted diagnostics without asking for private code.
 
-When a report has enough public-safe detail to triage, start with the checked [support lifecycle overview](../examples/support/support-lifecycle.md) to see the whole path from report to closeout. Then compare it with the checked [support triage playbook](../examples/support). The playbook walks sanitized report-gallery and false-positive reports through first response, classification, and a follow-up outcome. Use [response-snippets.md](../examples/support/response-snippets.md) to reply consistently after choosing the outcome, then use [closeout-checklist.md](../examples/support/closeout-checklist.md) to record whether the docs clarification shipped or queued, fixture backlog was created, or rule-review candidate was opened. Use [outcome-prioritization.md](../examples/support/outcome-prioritization.md) after closeout to decide whether the follow-up work is low-priority docs, medium-priority fixture backlog, or high-priority rule review.
+When a report has enough public-safe detail to triage, start with the checked [support lifecycle overview](../examples/support/support-lifecycle.md) to see the whole path from report to closeout. Then compare it with the checked [support triage playbook](../examples/support). The playbook walks sanitized report-gallery and false-positive reports through first response, classification, and a follow-up outcome. Use [response-snippets.md](../examples/support/response-snippets.md) to reply consistently after choosing the outcome, then use [closeout-checklist.md](../examples/support/closeout-checklist.md) to record whether the docs clarification shipped or queued, fixture backlog was created, or rule-review candidate was opened. Use [outcome-prioritization.md](../examples/support/outcome-prioritization.md) after closeout to decide whether the follow-up work is low-priority docs, medium-priority fixture backlog, or high-priority rule review. Use [backlog-records.md](../examples/support/backlog-records.md) when that prioritized follow-up needs a public-safe backlog artifact.
 
 Do not ask users to paste secrets, private code, customer data, live credentials, complete CI logs, or unredacted SARIF. If the report involves credential exposure, command execution, unexpected network access, private code disclosure, package publishing, or MCP data exposure, route it through [SECURITY.md](../SECURITY.md).
 
@@ -65,7 +65,7 @@ Use the playbook outcomes consistently:
 - `fixture-backlog`: the reduced report looks safe and should become a pass or quiet-pass fixture.
 - `rule-review-candidate`: repeated sanitized reports suggest guidance or matching may need review, but not from a single report.
 
-Use the matching lifecycle row and response snippet for the first public reply, then adapt only the project-neutral parts: the rule id, minimal command summary, fixture id, and next command. After the reply, record the closeout with the matching checklist entry so the issue has a public-safe decision record. If follow-up work remains, choose its priority from the outcome prioritization guide before opening a docs, fixture, or rule-review backlog item. Do not add private code, private paths, tokens, full logs, or exploitable details to the response, closeout, or backlog item.
+Use the matching lifecycle row and response snippet for the first public reply, then adapt only the project-neutral parts: the rule id, minimal command summary, fixture id, and next command. After the reply, record the closeout with the matching checklist entry so the issue has a public-safe decision record. If follow-up work remains, choose its priority from the outcome prioritization guide before opening a docs, fixture, or rule-review backlog item, then record that choice with the matching backlog record. Do not add private code, private paths, tokens, full logs, or exploitable details to the response, closeout, or backlog item.
 
 After editing report support docs or issue templates, run:
 

package/docs/PRODUCTION_READINESS.md

@@ -47,7 +47,7 @@ This checklist defines what "production grade" means for Memento Mori Jester rig
 - `README.md` leads with a no-write first run, project bootstrap, agent setup, and optional hooks/CI.
 - `docs/GETTING_STARTED.md`, `docs/CLI.md`, `docs/RELEASE.md`, and `docs/TRUSTED_PUBLISHING.md` cover the core adoption and release paths.
 - `examples/reports` provides checked, public-safe report examples for fresh install diagnostics, summary output, blocked command reviews, and report-gallery feedback.
-- `examples/support` provides a checked support lifecycle overview, outcome prioritization guide, maintainer triage playbook, response snippets, and closeout checklist for first response, classification, follow-up outcomes, public-safe decision records, and backlog prioritization from sanitized support reports.
+- `examples/support` provides a checked support lifecycle overview, outcome prioritization guide, backlog records, maintainer triage playbook, response snippets, and closeout checklist for first response, classification, follow-up outcomes, public-safe decision records, backlog prioritization, and backlog artifacts from sanitized support reports.
 - `site/index.html` gives maintainers a static one-page share surface that reuses the demo, social card, start command, and public links.
 - Every public release has matching `CHANGELOG.md` notes and `docs/RELEASE_NOTES_vX.Y.Z.md`.
 
@@ -60,14 +60,14 @@ This checklist defines what "production grade" means for Memento Mori Jester rig
 - GitHub issue templates collect bug reports, false-positive reports, report-gallery feedback, and feature requests with the diagnostic context maintainers need.
 - `SECURITY.md` routes vulnerability reports away from public issues and asks for redacted diagnostics.
 - `docs/MAINTAINER_TRIAGE.md` explains how to turn useful false-positive reports into fixture coverage before changing rule logic.
-- `examples/support` shows maintainers how to audit the support lifecycle, classify sanitized reports as a docs example, fixture backlog item, or rule-review candidate before changing behavior, then reply with public-safe response snippets, record the closeout, and prioritize follow-up work.
+- `examples/support` shows maintainers how to audit the support lifecycle, classify sanitized reports as a docs example, fixture backlog item, or rule-review candidate before changing behavior, then reply with public-safe response snippets, record the closeout, prioritize follow-up work, and create a public-safe backlog record.
 - `npm run fixtures:check` validates fixture IDs, metadata, unsafe-looking content, duplicate content, and explicit expected/absent rule intent.
 - `npm run fixtures:report` shows fixture coverage by rule, rule family, preset slice, kind, verdict, quiet-pass rule boundaries, and feasible pass-case gaps so maintainers can pick the next fixture target; `npm run fixtures:report -- --markdown` produces a paste-ready maintainer snapshot.
 - `npm run framework:tuning:check` keeps the framework tuning guide, cookbook JSON, cookbook README, and fixture IDs aligned.
 - `npm run framework:tuning:doctor` runs the cookbook tune commands through the built CLI with temporary preset configs, so package consumers do not inherit stale recipes.
 - `npm run consumer:quickstart:check` installs the package into a temporary minimal project and runs `doctor`, `summary`, and packaged framework tuning checks from that consumer side.
 - `npm run reports:check` installs the package into a temporary minimal project and runs the report gallery's `doctor`, `summary`, and blocked-command examples through that consumer side.
-- `npm run support:check` verifies issue templates, support docs, the report gallery feedback template, the support lifecycle overview, outcome prioritization guide, maintainer triage playbook, response snippets, and closeout checklist stay public-safe and ask for useful redacted context.
+- `npm run support:check` verifies issue templates, support docs, the report gallery feedback template, the support lifecycle overview, outcome prioritization guide, backlog records, maintainer triage playbook, response snippets, and closeout checklist stay public-safe and ask for useful redacted context.
 - `npm run promo:card` regenerates the deterministic social preview card, and `npm run promo:check` verifies current repo-local promo assets against the current fixture evidence before maintainers post or refresh the demo.
 - `npm run site:check` verifies the static landing page before maintainers post or host it.
 - npm publish has a manual workflow fallback, but the normal release path is tag-driven trusted publishing.

package/docs/RELEASE_NOTES_v0.1.95.md

@@ -0,0 +1,58 @@
+# Memento Mori Jester v0.1.95
+
+## Summary
+
+This release adds checked public-safe support backlog records. It helps maintainers turn a closed and prioritized support outcome into a docs clarification, fixture backlog item, or rule-review candidate without changing rule behavior first.
+
+## What Changed
+
+- Added `examples/support/backlog-records.md`.
+- Added `examples/support/backlog-records.json`.
+- Extended `scripts/check-support-triage.mjs` to validate backlog record IDs, outcome mapping, source closeouts, evidence thresholds, required checks, and privacy review guidance.
+- Extended production-readiness checks for the backlog records.
+- Updated README, maintainer triage docs, support examples, production-readiness docs, roadmap, and changelog.
+
+## Public Interface
+
+- No CLI command changes.
+- No MCP tool changes.
+- No config schema changes.
+- No review rule, scoring, matching, or verdict behavior changes.
+- No GitHub Action input changes.
+- Support docs and package examples now include checked follow-up backlog records.
+
+## Release Validation
+
+```powershell
+npm.cmd test
+npm.cmd run support:check
+npm.cmd run reports:check
+npm.cmd run demo:svg:check
+npm.cmd run promo:card:check
+npm.cmd run promo:check
+npm.cmd run fixtures:report
+npm.cmd run fixtures:report -- --json
+npm.cmd run fixtures:report -- --markdown
+npm.cmd run pack:dry
+git diff --check
+node .\dist\cli.js doctor
+node .\dist\cli.js summary --kind command "git reset --hard"
+git diff | node .\dist\cli.js diff --fail-on block --subject "v0.1.95 checked support backlog records"
+```
+
+Expected:
+
+- `support:check` verifies issue templates, feedback templates, the support lifecycle overview, outcome prioritization guide, backlog records, maintainer triage playbook, response snippets, and closeout checklist.
+- `reports:check` still verifies the installed-package report gallery.
+- fixture report still shows `Fixtures: 222`.
+- GitHub Release and npm Publish complete from the `v0.1.95` tag.
+
+After publish:
+
+```powershell
+npm.cmd view memento-mori-jester version --silent
+npx.cmd -y memento-mori-jester@latest doctor
+npx.cmd -y memento-mori-jester@latest summary --kind command "git reset --hard"
+npm.cmd run support:check
+npm.cmd run reports:check -- --package memento-mori-jester@latest
+```

package/examples/support/README.md

@@ -2,9 +2,9 @@
 
 This playbook shows how to handle sanitized adopter reports without turning every surprise into an immediate rule change. It pairs with [docs/MAINTAINER_TRIAGE.md](../../docs/MAINTAINER_TRIAGE.md), the [report gallery feedback template](../reports/feedback-template.md), and the GitHub issue templates.
 
-Start with the checked [support lifecycle overview](support-lifecycle.md) when you need the whole path in one place. The lifecycle source is [support-lifecycle.json](support-lifecycle.json). Use [outcome-prioritization.md](outcome-prioritization.md) after closeout to decide whether follow-up work should become docs, fixture backlog, or rule-review work.
+Start with the checked [support lifecycle overview](support-lifecycle.md) when you need the whole path in one place. The lifecycle source is [support-lifecycle.json](support-lifecycle.json). Use [outcome-prioritization.md](outcome-prioritization.md) after closeout to decide whether follow-up work should become docs, fixture backlog, or rule-review work. Use [backlog-records.md](backlog-records.md) to turn that decision into a public-safe backlog artifact.
 
-The checked source is [triage-playbook.json](triage-playbook.json). Use [response-snippets.md](response-snippets.md) for copy-paste replies after a report is classified. The snippet source is [response-snippets.json](response-snippets.json). Use [closeout-checklist.md](closeout-checklist.md) to record what happened after the response. The closeout source is [closeout-checklist.json](closeout-checklist.json).
+The checked source is [triage-playbook.json](triage-playbook.json). Use [response-snippets.md](response-snippets.md) for copy-paste replies after a report is classified. The snippet source is [response-snippets.json](response-snippets.json). Use [closeout-checklist.md](closeout-checklist.md) to record what happened after the response. The closeout source is [closeout-checklist.json](closeout-checklist.json). The backlog source is [backlog-records.json](backlog-records.json).
 
 | ID | Source | Classification | Follow-up |
 | --- | --- | --- | --- |
@@ -25,10 +25,11 @@ The checked source is [triage-playbook.json](triage-playbook.json). Use [respons
 6. Close with the next command the user can run.
 7. Use the matching response snippet so replies stay public-safe and consistent.
 8. Record the closeout with the matching checklist entry: docs clarification shipped or queued, fixture backlog created, or rule-review candidate opened.
+9. If follow-up work remains, create the matching backlog record: docs clarification, fixture backlog item, or rule-review candidate.
 
 ## Checks
 
-Run this after editing support docs, issue templates, the lifecycle overview, outcome prioritization, the playbook, response snippets, or closeout checklist:
+Run this after editing support docs, issue templates, the lifecycle overview, outcome prioritization, backlog records, the playbook, response snippets, or closeout checklist:
 
 ```powershell
 npm run support:check

package/examples/support/backlog-records.json

@@ -0,0 +1,78 @@
+[
+  {
+    "id": "docs-clarification-backlog-record",
+    "outcome": "docs-example",
+    "priority": "low",
+    "sourceCloseout": "docs-clarification-closeout",
+    "prioritizationSource": "outcome-prioritization.json",
+    "backlogType": "docs clarification",
+    "publicTitle": "Clarify checked report-gallery wording",
+    "publicSummary": "Update docs or report-gallery wording so expected behavior is easier to compare with local output.",
+    "evidence": [
+      "Nearest checked report or docs page is identified.",
+      "Observed output matches current behavior or differs only in wording/context.",
+      "No rule behavior change is requested before a clearer explanation is tried."
+    ],
+    "nextAction": "Open or update a docs issue with the public-safe wording change and link the matching checked report.",
+    "privacyReview": [
+      "No secrets, private code, private paths, customer data, full logs, or unredacted SARIF are included.",
+      "Any private project names are replaced with placeholders.",
+      "Sensitive reports are routed to SECURITY.md instead of a public backlog item."
+    ],
+    "requiredChecks": [
+      "npm run reports:check",
+      "npm run support:check"
+    ]
+  },
+  {
+    "id": "fixture-backlog-record",
+    "outcome": "fixture-backlog",
+    "priority": "medium",
+    "sourceCloseout": "fixture-backlog-closeout",
+    "prioritizationSource": "outcome-prioritization.json",
+    "backlogType": "pass or quiet-pass fixture",
+    "publicTitle": "Add a quiet-pass fixture for a minimized false-positive boundary",
+    "publicSummary": "Track a redacted fixture candidate before changing matching, scoring, or verdict behavior.",
+    "evidence": [
+      "Smallest sanitized command, plan, diff, or final-answer text is available.",
+      "Rule id and redacted `jester tune <rule-id> --json` evidence are available.",
+      "The safe boundary is not already covered by an existing pass or quiet-pass fixture."
+    ],
+    "nextAction": "Open a fixture backlog item with the candidate rule id, expected verdict, and absentRuleIds or expectedRuleIds.",
+    "privacyReview": [
+      "No secrets, private code, private paths, customer data, full logs, or unredacted SARIF are included.",
+      "The reduced reproduction uses placeholders such as <repo>, <path>, or <redacted>.",
+      "Sensitive reports are routed to SECURITY.md instead of a public backlog item."
+    ],
+    "requiredChecks": [
+      "npm run fixtures:check",
+      "npm run fixtures:report",
+      "npm run support:check"
+    ]
+  },
+  {
+    "id": "rule-review-candidate-backlog-record",
+    "outcome": "rule-review-candidate",
+    "priority": "high",
+    "sourceCloseout": "rule-review-closeout",
+    "prioritizationSource": "outcome-prioritization.json",
+    "backlogType": "rule-review candidate",
+    "publicTitle": "Compare repeated sanitized reports for a rule boundary",
+    "publicSummary": "Track repeated public-safe reports so maintainers can compare fixture evidence before changing guidance or matching.",
+    "evidence": [
+      "At least two sanitized reports or checked examples point at the same rule boundary.",
+      "Redacted `jester tune <rule-id> --json` or fixture report evidence is referenced.",
+      "The candidate explains why docs clarification or a single fixture backlog item is not enough."
+    ],
+    "nextAction": "Open a rule-review candidate issue linking the sanitized examples, fixture evidence, and current guidance.",
+    "privacyReview": [
+      "No secrets, private code, private paths, customer data, full logs, or unredacted SARIF are included.",
+      "Repeated examples are summarized without exposing private project details.",
+      "Sensitive reports are routed to SECURITY.md instead of a public backlog item."
+    ],
+    "requiredChecks": [
+      "npm run fixtures:report -- --markdown",
+      "npm run support:check"
+    ]
+  }
+]

package/examples/support/backlog-records.md

@@ -0,0 +1,57 @@
+# Support Backlog Records
+
+Use this after the [support lifecycle overview](support-lifecycle.md), [outcome prioritization guide](outcome-prioritization.md), and [closeout checklist](closeout-checklist.md) have identified follow-up work. The checked source is [backlog-records.json](backlog-records.json).
+
+These records show how a closed, prioritized, public-safe support outcome becomes a backlog artifact without changing rule behavior first.
+
+| Outcome | Priority | Backlog record | Destination | Required checks |
+| --- | --- | --- | --- | --- |
+| `docs-example` | low | `docs-clarification-backlog-record` | docs clarification | `npm run reports:check`, `npm run support:check` |
+| `fixture-backlog` | medium | `fixture-backlog-record` | pass or quiet-pass fixture | `npm run fixtures:check`, `npm run fixtures:report`, `npm run support:check` |
+| `rule-review-candidate` | high | `rule-review-candidate-backlog-record` | rule-review candidate | `npm run fixtures:report -- --markdown`, `npm run support:check` |
+
+## Docs Clarification
+
+Use `docs-clarification-backlog-record` when the behavior is expected but the checked report, README, or guide made it hard to compare local output with the known-good example.
+
+Enough evidence:
+
+- nearest checked report or docs page,
+- observed output summary,
+- confirmation that no rule behavior change is requested before clearer wording is tried.
+
+Next action: open or update a docs issue with the public-safe wording change and link the matching checked report.
+
+## Fixture Backlog
+
+Use `fixture-backlog-record` when a minimized false-positive report looks safe but should be protected by a pass or quiet-pass fixture before any matcher changes are considered.
+
+Enough evidence:
+
+- smallest sanitized command, plan, diff, or final-answer text,
+- candidate rule id plus redacted `jester tune <rule-id> --json` evidence,
+- confirmation that no existing pass or quiet-pass fixture covers the safe boundary.
+
+Next action: open a fixture backlog item with the candidate rule id, expected verdict, and `absentRuleIds` or `expectedRuleIds`.
+
+## Rule-Review Candidate
+
+Use `rule-review-candidate-backlog-record` when repeated sanitized reports point at the same rule boundary and a docs clarification or single fixture backlog item is not enough.
+
+Enough evidence:
+
+- at least two sanitized reports or checked examples,
+- fixture report or tune evidence for the rule,
+- a short explanation of why the decision needs rule-review attention.
+
+Next action: open a rule-review candidate issue linking the sanitized examples, fixture evidence, and current guidance.
+
+## Privacy
+
+Do not create a public backlog record when the report includes secrets, private code, private paths, customer data, full CI logs, unredacted SARIF, credential-handling details, command-execution vulnerability details, package publishing compromise, or MCP data exposure. Use [SECURITY.md](../../SECURITY.md) instead.
+
+Run this after editing support backlog records:
+
+```powershell
+npm run support:check
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "memento-mori-jester",
-  "version": "0.1.94",
+  "version": "0.1.95",
   "description": "A local court-jester sidecar for AI coding agents: review plans, commands, diffs, and final claims before they get too pleased with themselves.",
   "type": "module",
   "repository": {

package/scripts/check-production-readiness.mjs

@@ -94,6 +94,8 @@ for (const path of [
   "examples/reports/feedback-template.md",
   "examples/reports/report-gallery.json",
   "examples/support/README.md",
+  "examples/support/backlog-records.md",
+  "examples/support/backlog-records.json",
   "examples/support/closeout-checklist.md",
   "examples/support/closeout-checklist.json",
   "examples/support/outcome-prioritization.md",
@@ -136,6 +138,7 @@ requireText("README.md", /response-snippets\.md/, "support response snippets lin
 requireText("README.md", /closeout-checklist\.md/, "support closeout checklist link");
 requireText("README.md", /support-lifecycle\.md/, "support lifecycle overview link");
 requireText("README.md", /outcome-prioritization\.md/, "support outcome prioritization link");
+requireText("README.md", /backlog-records\.md/, "support backlog records link");
 requireText("README.md", /report gallery feedback/i, "report gallery feedback guidance");
 requireText("README.md", /License: PolyForm Noncommercial/, "the noncommercial license badge");
 requireText("docs/PRODUCTION_READINESS.md", /npm package/i, "npm package readiness");
@@ -161,6 +164,7 @@ requireText("docs/PRODUCTION_READINESS.md", /response snippets/i, "support respo
 requireText("docs/PRODUCTION_READINESS.md", /closeout checklist/i, "support closeout checklist readiness");
 requireText("docs/PRODUCTION_READINESS.md", /support lifecycle overview/i, "support lifecycle overview readiness");
 requireText("docs/PRODUCTION_READINESS.md", /outcome prioritization guide/i, "support outcome prioritization readiness");
+requireText("docs/PRODUCTION_READINESS.md", /backlog records/i, "support backlog records readiness");
 requireText("docs/PRODUCTION_READINESS.md", /quiet-pass/, "quiet-pass fixture readiness");
 requireText("docs/CLI.md", /jester doctor --json/, "doctor JSON CLI docs");
 requireText("docs/CLI.md", /quiet-pass fixture/, "quiet-pass fixture CLI docs");
@@ -189,6 +193,7 @@ requireText("docs/MAINTAINER_TRIAGE.md", /response-snippets\.md/, "support respo
 requireText("docs/MAINTAINER_TRIAGE.md", /closeout-checklist\.md/, "support closeout checklist link");
 requireText("docs/MAINTAINER_TRIAGE.md", /support-lifecycle\.md/, "support lifecycle overview link");
 requireText("docs/MAINTAINER_TRIAGE.md", /outcome-prioritization\.md/, "support outcome prioritization link");
+requireText("docs/MAINTAINER_TRIAGE.md", /backlog-records\.md/, "support backlog records link");
 requireText("docs/MAINTAINER_TRIAGE.md", /docs-example/, "docs example triage outcome");
 requireText("docs/MAINTAINER_TRIAGE.md", /fixture-backlog/, "fixture backlog triage outcome");
 requireText("docs/MAINTAINER_TRIAGE.md", /rule-review-candidate/, "rule review triage outcome");
@@ -225,6 +230,7 @@ requireText("examples/support/README.md", /response-snippets\.md/, "support resp
 requireText("examples/support/README.md", /closeout-checklist\.md/, "support closeout checklist link");
 requireText("examples/support/README.md", /support-lifecycle\.md/, "support lifecycle overview link");
 requireText("examples/support/README.md", /outcome-prioritization\.md/, "support outcome prioritization link");
+requireText("examples/support/README.md", /backlog-records\.md/, "support backlog records link");
 requireText("examples/support/README.md", /docs-example/, "support triage docs outcome");
 requireText("examples/support/README.md", /fixture-backlog/, "support triage fixture outcome");
 requireText("examples/support/README.md", /rule-review-candidate/, "support triage rule-review outcome");
@@ -262,6 +268,16 @@ requireText("examples/support/outcome-prioritization.md", /at least two sanitize
 requireText("examples/support/outcome-prioritization.json", /docs-clarification-closeout/, "support outcome prioritization docs closeout");
 requireText("examples/support/outcome-prioritization.json", /fixture-backlog-closeout/, "support outcome prioritization fixture closeout");
 requireText("examples/support/outcome-prioritization.json", /rule-review-closeout/, "support outcome prioritization rule-review closeout");
+requireText("examples/support/backlog-records.md", /Support Backlog Records/, "support backlog records heading");
+requireText("examples/support/backlog-records.md", /backlog-records\.json/, "support backlog records JSON link");
+requireText("examples/support/backlog-records.md", /docs-clarification-backlog-record/, "support docs backlog record");
+requireText("examples/support/backlog-records.md", /fixture-backlog-record/, "support fixture backlog record");
+requireText("examples/support/backlog-records.md", /rule-review-candidate-backlog-record/, "support rule-review backlog record");
+requireText("examples/support/backlog-records.md", /jester tune <rule-id> --json/, "support backlog tuning evidence");
+requireText("examples/support/backlog-records.md", /SECURITY\.md/, "support backlog security redirect");
+requireText("examples/support/backlog-records.json", /docs-clarification-backlog-record/, "support docs backlog record JSON");
+requireText("examples/support/backlog-records.json", /fixture-backlog-record/, "support fixture backlog record JSON");
+requireText("examples/support/backlog-records.json", /rule-review-candidate-backlog-record/, "support rule-review backlog record JSON");
 requireText("examples/tuning/README.md", /framework-tuning-cookbook\.json/, "framework tuning cookbook JSON link");
 requireText("examples/tuning/README.md", /framework:tuning:doctor/, "framework tuning doctor guidance");
 requireText("examples/tuning/README.md", /jester tune <rule-id> --json|jester tune [a-z0-9-]+ --json/, "framework tuning command guidance");
@@ -299,6 +315,7 @@ requireText("scripts/check-support-triage.mjs", /response-snippets\.json/, "supp
 requireText("scripts/check-support-triage.mjs", /closeout-checklist\.json/, "support closeout checklist guard");
 requireText("scripts/check-support-triage.mjs", /support-lifecycle\.json/, "support lifecycle overview guard");
 requireText("scripts/check-support-triage.mjs", /outcome-prioritization\.json/, "support outcome prioritization guard");
+requireText("scripts/check-support-triage.mjs", /backlog-records\.json/, "support backlog records guard");
 requireText("scripts/check-support-triage.mjs", /unsafeContentPatterns/, "support triage unsafe content checks");
 requireText("package.json", /"fixtures:check": "node scripts\/check-fixtures\.mjs"/, "fixture authoring check script");
 requireText("package.json", /"fixtures:report": "node scripts\/report-fixtures\.mjs"/, "fixture coverage report script");

package/scripts/check-support-triage.mjs

@@ -25,6 +25,8 @@ const supportFiles = [
   ".github/ISSUE_TEMPLATE/config.yml",
   "examples/reports/feedback-template.md",
   "examples/reports/README.md",
+  "examples/support/backlog-records.md",
+  "examples/support/backlog-records.json",
   "examples/support/closeout-checklist.md",
   "examples/support/closeout-checklist.json",
   "examples/support/outcome-prioritization.md",
@@ -84,6 +86,7 @@ requireText("examples/reports/README.md", /npm run support:check/, "support chec
 requireText("examples/reports/README.md", /examples\/support|Maintainer Triage Playbook/i, "maintainer triage playbook link");
 
 requireText("examples/support/README.md", /Maintainer Triage Playbook/, "maintainer playbook heading");
+requireText("examples/support/README.md", /backlog-records\.md/, "support backlog records link");
 requireText("examples/support/README.md", /support-lifecycle\.md/, "support lifecycle overview link");
 requireText("examples/support/README.md", /outcome-prioritization\.md/, "support outcome prioritization link");
 requireText("examples/support/README.md", /closeout-checklist\.md/, "support closeout checklist link");
@@ -139,6 +142,23 @@ requireText("examples/support/outcome-prioritization.md", /SECURITY\.md/, "prior
 requireText("examples/support/outcome-prioritization.json", /docs-clarification-closeout/, "docs prioritization closeout");
 requireText("examples/support/outcome-prioritization.json", /fixture-backlog-closeout/, "fixture prioritization closeout");
 requireText("examples/support/outcome-prioritization.json", /rule-review-closeout/, "rule-review prioritization closeout");
+requireText("examples/support/backlog-records.md", /Support Backlog Records/, "support backlog records heading");
+requireText("examples/support/backlog-records.md", /backlog-records\.json/, "support backlog records JSON link");
+requireText("examples/support/backlog-records.md", /support lifecycle overview/, "support lifecycle backlog link");
+requireText("examples/support/backlog-records.md", /outcome prioritization guide/, "support prioritization backlog link");
+requireText("examples/support/backlog-records.md", /closeout checklist/, "support closeout backlog link");
+requireText("examples/support/backlog-records.md", /docs-clarification-backlog-record/, "docs backlog record");
+requireText("examples/support/backlog-records.md", /fixture-backlog-record/, "fixture backlog record");
+requireText("examples/support/backlog-records.md", /rule-review-candidate-backlog-record/, "rule-review backlog record");
+requireText("examples/support/backlog-records.md", /docs-example/, "docs backlog outcome");
+requireText("examples/support/backlog-records.md", /fixture-backlog/, "fixture backlog outcome");
+requireText("examples/support/backlog-records.md", /rule-review-candidate/, "rule-review backlog outcome");
+requireText("examples/support/backlog-records.md", /jester tune <rule-id> --json/, "tune JSON backlog evidence");
+requireText("examples/support/backlog-records.md", /SECURITY\.md/, "backlog security redirect");
+requireText("examples/support/backlog-records.md", /npm run support:check/, "support checker backlog command");
+requireText("examples/support/backlog-records.json", /docs-clarification-backlog-record/, "docs backlog record JSON");
+requireText("examples/support/backlog-records.json", /fixture-backlog-record/, "fixture backlog record JSON");
+requireText("examples/support/backlog-records.json", /rule-review-candidate-backlog-record/, "rule-review backlog record JSON");
 requireText("examples/support/response-snippets.md", /Maintainer Response Snippets/, "response snippets heading");
 requireText("examples/support/response-snippets.md", /response-snippets\.json/, "response snippets JSON link");
 requireText("examples/support/response-snippets.md", /docs-example/, "docs response outcome");
@@ -156,6 +176,7 @@ requireText("docs/MAINTAINER_TRIAGE.md", /report_gallery_feedback\.yml/, "report
 requireText("docs/MAINTAINER_TRIAGE.md", /examples\/support/, "maintainer playbook triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /support-lifecycle\.md/, "support lifecycle triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /outcome-prioritization\.md/, "support prioritization triage link");
+requireText("docs/MAINTAINER_TRIAGE.md", /backlog-records\.md/, "support backlog records triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /closeout-checklist\.md/, "support closeout checklist triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /response-snippets\.md/, "maintainer response snippets triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /docs-example/, "docs example triage outcome");
@@ -166,6 +187,7 @@ requireText("docs/PRODUCTION_READINESS.md", /support:check/, "support checker re
 requireText("README.md", /feedback-template\.md/, "feedback template README link");
 requireText("README.md", /support-lifecycle\.md/, "support lifecycle README link");
 requireText("README.md", /outcome-prioritization\.md/, "support prioritization README link");
+requireText("README.md", /backlog-records\.md/, "support backlog records README link");
 requireText("README.md", /closeout-checklist\.md/, "support closeout checklist README link");
 requireText("README.md", /examples\/support/, "maintainer triage playbook README link");
 requireText("README.md", /response-snippets\.md/, "maintainer response snippets README link");
@@ -179,6 +201,7 @@ checkResponseSnippets();
 checkCloseoutChecklist();
 checkSupportLifecycle();
 checkOutcomePrioritization();
+checkBacklogRecords();
 
 if (failures.length > 0) {
   console.error("Support triage check failed:");
@@ -665,3 +688,123 @@ function checkOutcomePrioritization() {
     }
   }
 }
+
+function checkBacklogRecords() {
+  const path = "examples/support/backlog-records.json";
+  const records = readJson(path);
+  if (!records) {
+    return;
+  }
+
+  if (!Array.isArray(records) || records.length !== 3) {
+    failures.push(`${path} should contain exactly three support backlog records.`);
+    return;
+  }
+
+  const expected = [
+    {
+      id: "docs-clarification-backlog-record",
+      outcome: "docs-example",
+      priority: "low",
+      sourceCloseout: "docs-clarification-closeout",
+      backlogType: "docs clarification",
+      checks: ["npm run reports:check", "npm run support:check"],
+      evidence: ["Nearest checked report", "Observed output", "No rule behavior change"]
+    },
+    {
+      id: "fixture-backlog-record",
+      outcome: "fixture-backlog",
+      priority: "medium",
+      sourceCloseout: "fixture-backlog-closeout",
+      backlogType: "pass or quiet-pass fixture",
+      checks: ["npm run fixtures:check", "npm run fixtures:report", "npm run support:check"],
+      evidence: ["Smallest sanitized", "jester tune <rule-id> --json", "existing pass or quiet-pass fixture"]
+    },
+    {
+      id: "rule-review-candidate-backlog-record",
+      outcome: "rule-review-candidate",
+      priority: "high",
+      sourceCloseout: "rule-review-closeout",
+      backlogType: "rule-review candidate",
+      checks: ["npm run fixtures:report -- --markdown", "npm run support:check"],
+      evidence: ["At least two sanitized", "fixture report evidence", "single fixture backlog item is not enough"]
+    }
+  ];
+  const seenIds = new Set();
+
+  for (const [index, record] of records.entries()) {
+    const expectedRecord = expected[index];
+    if (record?.id !== expectedRecord.id) {
+      failures.push(`${path} entry ${index + 1} should have id ${expectedRecord.id}.`);
+      continue;
+    }
+
+    if (seenIds.has(record.id)) {
+      failures.push(`${path} has duplicate id ${record.id}.`);
+    }
+    seenIds.add(record.id);
+
+    if (record.outcome !== expectedRecord.outcome) {
+      failures.push(`${record.id}.outcome should be ${expectedRecord.outcome}.`);
+    }
+
+    if (record.priority !== expectedRecord.priority) {
+      failures.push(`${record.id}.priority should be ${expectedRecord.priority}.`);
+    }
+
+    if (record.sourceCloseout !== expectedRecord.sourceCloseout) {
+      failures.push(`${record.id}.sourceCloseout should be ${expectedRecord.sourceCloseout}.`);
+    }
+
+    if (record.prioritizationSource !== "outcome-prioritization.json") {
+      failures.push(`${record.id}.prioritizationSource should be outcome-prioritization.json.`);
+    }
+
+    if (record.backlogType !== expectedRecord.backlogType) {
+      failures.push(`${record.id}.backlogType should be ${expectedRecord.backlogType}.`);
+    }
+
+    if (typeof record.publicTitle !== "string" || record.publicTitle.length < 20) {
+      failures.push(`${record.id}.publicTitle should be a useful public title.`);
+    }
+
+    if (typeof record.publicSummary !== "string" || record.publicSummary.length < 50) {
+      failures.push(`${record.id}.publicSummary should be a useful public summary.`);
+    }
+
+    if (typeof record.nextAction !== "string" || record.nextAction.length < 40) {
+      failures.push(`${record.id}.nextAction should describe the backlog action.`);
+    }
+
+    if (!Array.isArray(record.evidence) || record.evidence.length !== 3) {
+      failures.push(`${record.id}.evidence should contain exactly three evidence items.`);
+    } else {
+      const evidenceText = record.evidence.join("\n");
+      for (const expectedEvidence of expectedRecord.evidence) {
+        if (!evidenceText.includes(expectedEvidence)) {
+          failures.push(`${record.id}.evidence should include ${expectedEvidence}.`);
+        }
+      }
+    }
+
+    if (!Array.isArray(record.privacyReview) || record.privacyReview.length !== 3) {
+      failures.push(`${record.id}.privacyReview should contain exactly three privacy checks.`);
+    } else {
+      const privacyText = record.privacyReview.join("\n");
+      if (!/secret|private|SECURITY\.md|redacted|placeholder/i.test(privacyText)) {
+        failures.push(`${record.id}.privacyReview should include privacy and security routing guidance.`);
+      }
+    }
+
+    if (!Array.isArray(record.requiredChecks)) {
+      failures.push(`${record.id}.requiredChecks should be an array.`);
+      continue;
+    }
+
+    for (const check of expectedRecord.checks) {
+      if (!record.requiredChecks.includes(check)) {
+        failures.push(`${record.id}.requiredChecks should include ${check}.`);
+      }
+    }
+  }
+}