memento-mori-jester 0.1.95 → 0.1.96

package/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to Memento Mori Jester are tracked here.
 
 ## Unreleased
 
+## 0.1.96
+
+- Added a checked public-safe support backlog review checklist for deciding whether backlog records remain docs clarifications, fixture backlog items, rule-review candidates, or close with no action.
+- Extended `npm run support:check` and production-readiness checks so review decisions, source records, required checks, and privacy guidance stay aligned with support backlog records.
+- Updated README, maintainer triage docs, support examples, production-readiness docs, roadmap, and release notes for deterministic backlog aging review.
+
 ## 0.1.95
 
 - Added checked public-safe support backlog records for turning closed/prioritized support outcomes into docs clarification, fixture backlog, or rule-review candidate artifacts.

package/README.md

@@ -76,7 +76,7 @@ For trust-building output examples, see [examples/reports](examples/reports). `n
 
 If one of those reports is confusing or stale, use the public-safe [report gallery feedback template](examples/reports/feedback-template.md). It asks for version, nearest gallery example, sanitized command/output summaries, and redacted diagnostics without private repo code or secrets.
 
-Maintainers can use the checked [support lifecycle overview](examples/support/support-lifecycle.md), [outcome prioritization guide](examples/support/outcome-prioritization.md), [support backlog records](examples/support/backlog-records.md), [support triage playbook](examples/support), [response snippets](examples/support/response-snippets.md), and [support closeout checklist](examples/support/closeout-checklist.md) to turn sanitized reports into a docs example, fixture backlog item, or rule-review candidate without changing behavior first.
+Maintainers can use the checked [support lifecycle overview](examples/support/support-lifecycle.md), [outcome prioritization guide](examples/support/outcome-prioritization.md), [support backlog records](examples/support/backlog-records.md), [support backlog review](examples/support/backlog-review.md), [support triage playbook](examples/support), [response snippets](examples/support/response-snippets.md), and [support closeout checklist](examples/support/closeout-checklist.md) to turn sanitized reports into a docs example, fixture backlog item, or rule-review candidate without changing behavior first.
 
 Expected vibe:
 
@@ -453,6 +453,7 @@ More setup examples:
 - [Support Lifecycle Overview](examples/support/support-lifecycle.md)
 - [Support Outcome Prioritization](examples/support/outcome-prioritization.md)
 - [Support Backlog Records](examples/support/backlog-records.md)
+- [Support Backlog Review](examples/support/backlog-review.md)
 - [Support Triage Playbook](examples/support)
 - [Maintainer Response Snippets](examples/support/response-snippets.md)
 - [Support Closeout Checklist](examples/support/closeout-checklist.md)
@@ -480,6 +481,7 @@ Framework CI examples:
 - [Support Lifecycle Overview](examples/support/support-lifecycle.md)
 - [Support Outcome Prioritization](examples/support/outcome-prioritization.md)
 - [Support Backlog Records](examples/support/backlog-records.md)
+- [Support Backlog Review](examples/support/backlog-review.md)
 - [Support Triage Playbook](examples/support)
 - [Maintainer Response Snippets](examples/support/response-snippets.md)
 - [Support Closeout Checklist](examples/support/closeout-checklist.md)
@@ -539,7 +541,7 @@ Maintainers can use [docs/MAINTAINER_TRIAGE.md](docs/MAINTAINER_TRIAGE.md) to tu
 Run `npm run fixtures:check` before merging fixture changes; it catches duplicate IDs, missing rule metadata, weak descriptions, unsafe-looking content, and duplicate content.
 Run `npm run fixtures:report` to see fixture coverage by rule, rule family, preset slice, kind, verdict, quiet-pass boundaries, feasible pass-case gaps, and curation-next guidance before choosing the next fixture. Use `npm run fixtures:report -- --markdown` when you want a paste-ready summary for release notes or GitHub issues.
 Run `npm run reports:check` after editing [examples/reports](examples/reports); it verifies the public report gallery against an installed package in a temporary consumer project.
-Run `npm run support:check` after editing issue templates, support docs, the report gallery feedback path, the [support lifecycle overview](examples/support/support-lifecycle.md), [outcome prioritization guide](examples/support/outcome-prioritization.md), [support backlog records](examples/support/backlog-records.md), [support triage playbook](examples/support), [response snippets](examples/support/response-snippets.md), or [support closeout checklist](examples/support/closeout-checklist.md); it verifies the public templates ask for useful redacted context without inviting secrets or private code.
+Run `npm run support:check` after editing issue templates, support docs, the report gallery feedback path, the [support lifecycle overview](examples/support/support-lifecycle.md), [outcome prioritization guide](examples/support/outcome-prioritization.md), [support backlog records](examples/support/backlog-records.md), [support backlog review](examples/support/backlog-review.md), [support triage playbook](examples/support), [response snippets](examples/support/response-snippets.md), or [support closeout checklist](examples/support/closeout-checklist.md); it verifies the public templates ask for useful redacted context without inviting secrets or private code.
 Run `npm run promo:card` to regenerate the repo-local social preview card after changing its copy or design.
 Run `npm run promo:check` after editing promo assets; it checks the current demo video, stills, docs, and fixture evidence numbers stay in sync.
 Run `npm run site:check` after editing the repo-local landing page; it verifies the start command, demo links, social card, repo, release, and npm links.

package/ROADMAP.md

@@ -6,6 +6,7 @@ Memento Mori Jester is usable today as a CLI, MCP server, GitHub Action, and git
 
 ## Recently Shipped
 
+- Checked support backlog review in v0.1.96, helping maintainers revisit backlog records and keep them as docs, fixture, or rule-review work, or close them with no action when evidence goes stale.
 - Checked support backlog records in v0.1.95, turning closed and prioritized support outcomes into public-safe docs clarification, fixture backlog, or rule-review candidate artifacts.
 - Checked support outcome prioritization in v0.1.94, helping maintainers turn closed support reports into docs, fixture backlog, or rule-review work based on public-safe evidence thresholds.
 - Checked support lifecycle overview in v0.1.93, tying report-gallery feedback, triage playbook entries, response snippets, and closeout records together by outcome.
@@ -85,6 +86,7 @@ Memento Mori Jester is usable today as a CLI, MCP server, GitHub Action, and git
 ## Product Ideas
 
 - Collect real-world reports and fold the strongest redacted cases into more framework tuning cookbook recipes.
+- Add a small checked maintainer dashboard or report that summarizes open support backlog review states from public-safe JSON.
 - Use support backlog record counts to choose the next docs, fixture, report-gallery, or rule-guidance batch.
 - Use repeated prioritized support outcomes to choose the next redacted fixture, report-gallery update, or rule-guidance review.
 - Add a hosted-page option or GitHub Pages instructions once the static page has settled.

package/docs/MAINTAINER_TRIAGE.md

@@ -21,7 +21,7 @@ For users who just need to understand what a healthy report looks like, point th
 
 For users who say a gallery report is confusing, stale, or hard to compare with their local output, point them at [examples/reports/feedback-template.md](../examples/reports/feedback-template.md) or the GitHub [report gallery feedback issue template](../.github/ISSUE_TEMPLATE/report_gallery_feedback.yml). It asks for the nearest checked example, sanitized command and output summaries, version, and redacted diagnostics without asking for private code.
 
-When a report has enough public-safe detail to triage, start with the checked [support lifecycle overview](../examples/support/support-lifecycle.md) to see the whole path from report to closeout. Then compare it with the checked [support triage playbook](../examples/support). The playbook walks sanitized report-gallery and false-positive reports through first response, classification, and a follow-up outcome. Use [response-snippets.md](../examples/support/response-snippets.md) to reply consistently after choosing the outcome, then use [closeout-checklist.md](../examples/support/closeout-checklist.md) to record whether the docs clarification shipped or queued, fixture backlog was created, or rule-review candidate was opened. Use [outcome-prioritization.md](../examples/support/outcome-prioritization.md) after closeout to decide whether the follow-up work is low-priority docs, medium-priority fixture backlog, or high-priority rule review. Use [backlog-records.md](../examples/support/backlog-records.md) when that prioritized follow-up needs a public-safe backlog artifact.
+When a report has enough public-safe detail to triage, start with the checked [support lifecycle overview](../examples/support/support-lifecycle.md) to see the whole path from report to closeout. Then compare it with the checked [support triage playbook](../examples/support). The playbook walks sanitized report-gallery and false-positive reports through first response, classification, and a follow-up outcome. Use [response-snippets.md](../examples/support/response-snippets.md) to reply consistently after choosing the outcome, then use [closeout-checklist.md](../examples/support/closeout-checklist.md) to record whether the docs clarification shipped or queued, fixture backlog was created, or rule-review candidate was opened. Use [outcome-prioritization.md](../examples/support/outcome-prioritization.md) after closeout to decide whether the follow-up work is low-priority docs, medium-priority fixture backlog, or high-priority rule review. Use [backlog-records.md](../examples/support/backlog-records.md) when that prioritized follow-up needs a public-safe backlog artifact, then use [backlog-review.md](../examples/support/backlog-review.md) to revisit whether that artifact remains active or closes with no action.
 
 Do not ask users to paste secrets, private code, customer data, live credentials, complete CI logs, or unredacted SARIF. If the report involves credential exposure, command execution, unexpected network access, private code disclosure, package publishing, or MCP data exposure, route it through [SECURITY.md](../SECURITY.md).
 
@@ -65,7 +65,7 @@ Use the playbook outcomes consistently:
 - `fixture-backlog`: the reduced report looks safe and should become a pass or quiet-pass fixture.
 - `rule-review-candidate`: repeated sanitized reports suggest guidance or matching may need review, but not from a single report.
 
-Use the matching lifecycle row and response snippet for the first public reply, then adapt only the project-neutral parts: the rule id, minimal command summary, fixture id, and next command. After the reply, record the closeout with the matching checklist entry so the issue has a public-safe decision record. If follow-up work remains, choose its priority from the outcome prioritization guide before opening a docs, fixture, or rule-review backlog item, then record that choice with the matching backlog record. Do not add private code, private paths, tokens, full logs, or exploitable details to the response, closeout, or backlog item.
+Use the matching lifecycle row and response snippet for the first public reply, then adapt only the project-neutral parts: the rule id, minimal command summary, fixture id, and next command. After the reply, record the closeout with the matching checklist entry so the issue has a public-safe decision record. If follow-up work remains, choose its priority from the outcome prioritization guide before opening a docs, fixture, or rule-review backlog item, then record that choice with the matching backlog record. During later reviews, keep the item as docs clarification, fixture backlog, or rule-review candidate only when the public-safe evidence still holds; otherwise close it as `closed-no-action`. Do not add private code, private paths, tokens, full logs, or exploitable details to the response, closeout, backlog item, or backlog review.
 
 After editing report support docs or issue templates, run:
 

package/docs/PRODUCTION_READINESS.md

@@ -47,7 +47,7 @@ This checklist defines what "production grade" means for Memento Mori Jester rig
 - `README.md` leads with a no-write first run, project bootstrap, agent setup, and optional hooks/CI.
 - `docs/GETTING_STARTED.md`, `docs/CLI.md`, `docs/RELEASE.md`, and `docs/TRUSTED_PUBLISHING.md` cover the core adoption and release paths.
 - `examples/reports` provides checked, public-safe report examples for fresh install diagnostics, summary output, blocked command reviews, and report-gallery feedback.
-- `examples/support` provides a checked support lifecycle overview, outcome prioritization guide, backlog records, maintainer triage playbook, response snippets, and closeout checklist for first response, classification, follow-up outcomes, public-safe decision records, backlog prioritization, and backlog artifacts from sanitized support reports.
+- `examples/support` provides a checked support lifecycle overview, outcome prioritization guide, backlog records, backlog review checklist, maintainer triage playbook, response snippets, and closeout checklist for first response, classification, follow-up outcomes, public-safe decision records, backlog prioritization, backlog artifacts, and aging review from sanitized support reports.
 - `site/index.html` gives maintainers a static one-page share surface that reuses the demo, social card, start command, and public links.
 - Every public release has matching `CHANGELOG.md` notes and `docs/RELEASE_NOTES_vX.Y.Z.md`.
 
@@ -60,14 +60,14 @@ This checklist defines what "production grade" means for Memento Mori Jester rig
 - GitHub issue templates collect bug reports, false-positive reports, report-gallery feedback, and feature requests with the diagnostic context maintainers need.
 - `SECURITY.md` routes vulnerability reports away from public issues and asks for redacted diagnostics.
 - `docs/MAINTAINER_TRIAGE.md` explains how to turn useful false-positive reports into fixture coverage before changing rule logic.
-- `examples/support` shows maintainers how to audit the support lifecycle, classify sanitized reports as a docs example, fixture backlog item, or rule-review candidate before changing behavior, then reply with public-safe response snippets, record the closeout, prioritize follow-up work, and create a public-safe backlog record.
+- `examples/support` shows maintainers how to audit the support lifecycle, classify sanitized reports as a docs example, fixture backlog item, or rule-review candidate before changing behavior, then reply with public-safe response snippets, record the closeout, prioritize follow-up work, create a public-safe backlog record, and review aging records for keep-or-close decisions.
 - `npm run fixtures:check` validates fixture IDs, metadata, unsafe-looking content, duplicate content, and explicit expected/absent rule intent.
 - `npm run fixtures:report` shows fixture coverage by rule, rule family, preset slice, kind, verdict, quiet-pass rule boundaries, and feasible pass-case gaps so maintainers can pick the next fixture target; `npm run fixtures:report -- --markdown` produces a paste-ready maintainer snapshot.
 - `npm run framework:tuning:check` keeps the framework tuning guide, cookbook JSON, cookbook README, and fixture IDs aligned.
 - `npm run framework:tuning:doctor` runs the cookbook tune commands through the built CLI with temporary preset configs, so package consumers do not inherit stale recipes.
 - `npm run consumer:quickstart:check` installs the package into a temporary minimal project and runs `doctor`, `summary`, and packaged framework tuning checks from that consumer side.
 - `npm run reports:check` installs the package into a temporary minimal project and runs the report gallery's `doctor`, `summary`, and blocked-command examples through that consumer side.
-- `npm run support:check` verifies issue templates, support docs, the report gallery feedback template, the support lifecycle overview, outcome prioritization guide, backlog records, maintainer triage playbook, response snippets, and closeout checklist stay public-safe and ask for useful redacted context.
+- `npm run support:check` verifies issue templates, support docs, the report gallery feedback template, the support lifecycle overview, outcome prioritization guide, backlog records, backlog review checklist, maintainer triage playbook, response snippets, and closeout checklist stay public-safe and ask for useful redacted context.
 - `npm run promo:card` regenerates the deterministic social preview card, and `npm run promo:check` verifies current repo-local promo assets against the current fixture evidence before maintainers post or refresh the demo.
 - `npm run site:check` verifies the static landing page before maintainers post or host it.
 - npm publish has a manual workflow fallback, but the normal release path is tag-driven trusted publishing.

package/docs/RELEASE_NOTES_v0.1.96.md

@@ -0,0 +1,58 @@
+# Memento Mori Jester v0.1.96
+
+## Summary
+
+This release adds a checked public-safe support backlog review checklist. It helps maintainers revisit backlog records over time and decide whether each item remains a docs clarification, fixture backlog item, rule-review candidate, or closes with no action.
+
+## What Changed
+
+- Added `examples/support/backlog-review.md`.
+- Added `examples/support/backlog-review.json`.
+- Extended `scripts/check-support-triage.mjs` to validate review decisions, source records, cadence, criteria, required checks, and privacy review guidance.
+- Extended production-readiness checks for the backlog review checklist.
+- Updated README, maintainer triage docs, support examples, production-readiness docs, roadmap, and changelog.
+
+## Public Interface
+
+- No CLI command changes.
+- No MCP tool changes.
+- No config schema changes.
+- No review rule, scoring, matching, or verdict behavior changes.
+- No GitHub Action input changes.
+- Support docs and package examples now include checked backlog aging review guidance.
+
+## Release Validation
+
+```powershell
+npm.cmd test
+npm.cmd run support:check
+npm.cmd run reports:check
+npm.cmd run demo:svg:check
+npm.cmd run promo:card:check
+npm.cmd run promo:check
+npm.cmd run fixtures:report
+npm.cmd run fixtures:report -- --json
+npm.cmd run fixtures:report -- --markdown
+npm.cmd run pack:dry
+git diff --check
+node .\dist\cli.js doctor
+node .\dist\cli.js summary --kind command "git reset --hard"
+git diff | node .\dist\cli.js diff --fail-on block --subject "v0.1.96 checked support backlog review"
+```
+
+Expected:
+
+- `support:check` verifies issue templates, feedback templates, the support lifecycle overview, outcome prioritization guide, backlog records, backlog review checklist, maintainer triage playbook, response snippets, and closeout checklist.
+- `reports:check` still verifies the installed-package report gallery.
+- fixture report still shows `Fixtures: 222`.
+- GitHub Release and npm Publish complete from the `v0.1.96` tag.
+
+After publish:
+
+```powershell
+npm.cmd view memento-mori-jester version --silent
+npx.cmd -y memento-mori-jester@latest doctor
+npx.cmd -y memento-mori-jester@latest summary --kind command "git reset --hard"
+npm.cmd run support:check
+npm.cmd run reports:check -- --package memento-mori-jester@latest
+```

package/examples/support/README.md

@@ -2,9 +2,9 @@
 
 This playbook shows how to handle sanitized adopter reports without turning every surprise into an immediate rule change. It pairs with [docs/MAINTAINER_TRIAGE.md](../../docs/MAINTAINER_TRIAGE.md), the [report gallery feedback template](../reports/feedback-template.md), and the GitHub issue templates.
 
-Start with the checked [support lifecycle overview](support-lifecycle.md) when you need the whole path in one place. The lifecycle source is [support-lifecycle.json](support-lifecycle.json). Use [outcome-prioritization.md](outcome-prioritization.md) after closeout to decide whether follow-up work should become docs, fixture backlog, or rule-review work. Use [backlog-records.md](backlog-records.md) to turn that decision into a public-safe backlog artifact.
+Start with the checked [support lifecycle overview](support-lifecycle.md) when you need the whole path in one place. The lifecycle source is [support-lifecycle.json](support-lifecycle.json). Use [outcome-prioritization.md](outcome-prioritization.md) after closeout to decide whether follow-up work should become docs, fixture backlog, or rule-review work. Use [backlog-records.md](backlog-records.md) to turn that decision into a public-safe backlog artifact, then use [backlog-review.md](backlog-review.md) to decide whether the item stays active or closes with no action.
 
-The checked source is [triage-playbook.json](triage-playbook.json). Use [response-snippets.md](response-snippets.md) for copy-paste replies after a report is classified. The snippet source is [response-snippets.json](response-snippets.json). Use [closeout-checklist.md](closeout-checklist.md) to record what happened after the response. The closeout source is [closeout-checklist.json](closeout-checklist.json). The backlog source is [backlog-records.json](backlog-records.json).
+The checked source is [triage-playbook.json](triage-playbook.json). Use [response-snippets.md](response-snippets.md) for copy-paste replies after a report is classified. The snippet source is [response-snippets.json](response-snippets.json). Use [closeout-checklist.md](closeout-checklist.md) to record what happened after the response. The closeout source is [closeout-checklist.json](closeout-checklist.json). The backlog source is [backlog-records.json](backlog-records.json). The review source is [backlog-review.json](backlog-review.json).
 
 | ID | Source | Classification | Follow-up |
 | --- | --- | --- | --- |
@@ -26,10 +26,11 @@ The checked source is [triage-playbook.json](triage-playbook.json). Use [respons
 7. Use the matching response snippet so replies stay public-safe and consistent.
 8. Record the closeout with the matching checklist entry: docs clarification shipped or queued, fixture backlog created, or rule-review candidate opened.
 9. If follow-up work remains, create the matching backlog record: docs clarification, fixture backlog item, or rule-review candidate.
+10. Review backlog records over time as `remains-docs-clarification`, `remains-fixture-backlog`, `remains-rule-review-candidate`, or `closed-no-action`.
 
 ## Checks
 
-Run this after editing support docs, issue templates, the lifecycle overview, outcome prioritization, backlog records, the playbook, response snippets, or closeout checklist:
+Run this after editing support docs, issue templates, the lifecycle overview, outcome prioritization, backlog records, backlog review, the playbook, response snippets, or closeout checklist:
 
 ```powershell
 npm run support:check

package/examples/support/backlog-review.json

@@ -0,0 +1,90 @@
+[
+  {
+    "id": "docs-clarification-review",
+    "sourceRecord": "docs-clarification-backlog-record",
+    "reviewDecision": "remains-docs-clarification",
+    "outcome": "docs-example",
+    "cadence": "Review before a docs release or when the linked report-gallery example changes.",
+    "decisionCriteria": [
+      "The nearest checked report or docs page is still confusing for a fresh reader.",
+      "Observed output still matches current behavior and differs only in wording/context.",
+      "No rule behavior change is needed before clearer wording is tried."
+    ],
+    "nextAction": "Keep the backlog item as a docs clarification and run the report/support checks after editing copy.",
+    "requiredChecks": [
+      "npm run reports:check",
+      "npm run support:check"
+    ],
+    "privacyReview": [
+      "No secrets, private code, private paths, customer data, full logs, or unredacted SARIF are included.",
+      "Any stale private project names are replaced with placeholders before the review is recorded.",
+      "Sensitive reports are routed to SECURITY.md instead of public backlog review notes."
+    ]
+  },
+  {
+    "id": "fixture-backlog-review",
+    "sourceRecord": "fixture-backlog-record",
+    "reviewDecision": "remains-fixture-backlog",
+    "outcome": "fixture-backlog",
+    "cadence": "Review before a fixture curation batch or when similar false-positive reports arrive.",
+    "decisionCriteria": [
+      "The smallest sanitized reproduction still describes a safe boundary worth preserving.",
+      "The rule id and redacted `jester tune <rule-id> --json` evidence still point at the same rule.",
+      "No existing pass or quiet-pass fixture now covers the same boundary."
+    ],
+    "nextAction": "Keep the item as fixture backlog and add or update the redacted fixture before changing rule behavior.",
+    "requiredChecks": [
+      "npm run fixtures:check",
+      "npm run fixtures:report",
+      "npm run support:check"
+    ],
+    "privacyReview": [
+      "No secrets, private code, private paths, customer data, full logs, or unredacted SARIF are included.",
+      "The reproduction still uses placeholders such as <repo>, <path>, or <redacted>.",
+      "Sensitive reports are routed to SECURITY.md instead of public backlog review notes."
+    ]
+  },
+  {
+    "id": "rule-review-candidate-review",
+    "sourceRecord": "rule-review-candidate-backlog-record",
+    "reviewDecision": "remains-rule-review-candidate",
+    "outcome": "rule-review-candidate",
+    "cadence": "Review before changing guidance or matching, and whenever another sanitized report is linked.",
+    "decisionCriteria": [
+      "At least two sanitized reports or checked examples still point at the same rule boundary.",
+      "Fixture report or tune evidence still shows why docs clarification or a single fixture item is not enough.",
+      "The candidate still avoids changing matching without supporting fixtures around the boundary."
+    ],
+    "nextAction": "Keep the item as a rule-review candidate and compare current fixture evidence before any behavior change.",
+    "requiredChecks": [
+      "npm run fixtures:report -- --markdown",
+      "npm run support:check"
+    ],
+    "privacyReview": [
+      "No secrets, private code, private paths, customer data, full logs, or unredacted SARIF are included.",
+      "Repeated examples are summarized without exposing private project details.",
+      "Sensitive reports are routed to SECURITY.md instead of public backlog review notes."
+    ]
+  },
+  {
+    "id": "closed-no-action-review",
+    "sourceRecord": "<backlog-record-id>",
+    "reviewDecision": "closed-no-action",
+    "outcome": "closed-no-action",
+    "cadence": "Review when evidence is stale, duplicated, no longer reproduces, or has already been resolved elsewhere.",
+    "decisionCriteria": [
+      "The report no longer reproduces on the current package or is already covered by a checked docs/fixture/rule-review artifact.",
+      "The remaining evidence is too thin, private, or security-sensitive for a public backlog item.",
+      "Closing the item will not hide a known regression because current checks still pass."
+    ],
+    "nextAction": "Close the public backlog item with a short no-action note, link the replacement artifact if one exists, and keep sensitive details out of the thread.",
+    "requiredChecks": [
+      "npm run support:check"
+    ],
+    "privacyReview": [
+      "No secrets, private code, private paths, customer data, full logs, or unredacted SARIF are included.",
+      "The closeout note uses placeholders instead of private project names or paths.",
+      "Sensitive reports are routed to SECURITY.md instead of public backlog review notes."
+    ]
+  }
+]

package/examples/support/backlog-review.md

@@ -0,0 +1,40 @@
+# Support Backlog Review
+
+Use this when maintainers review public-safe backlog records over time. The checked source is [backlog-review.json](backlog-review.json). It pairs with [backlog-records.md](backlog-records.md), [outcome-prioritization.md](outcome-prioritization.md), and the [support lifecycle overview](support-lifecycle.md).
+
+The review decision should keep each item in one of four states:
+
+| Review decision | Source record | Keep when | Required checks |
+| --- | --- | --- | --- |
+| `remains-docs-clarification` | `docs-clarification-backlog-record` | wording or a checked report is still confusing | `npm run reports:check`, `npm run support:check` |
+| `remains-fixture-backlog` | `fixture-backlog-record` | a minimized safe boundary still needs a pass or quiet-pass fixture | `npm run fixtures:check`, `npm run fixtures:report`, `npm run support:check` |
+| `remains-rule-review-candidate` | `rule-review-candidate-backlog-record` | repeated sanitized reports still point at the same rule boundary | `npm run fixtures:report -- --markdown`, `npm run support:check` |
+| `closed-no-action` | any backlog record | evidence is stale, duplicated, private, security-sensitive, or already resolved | `npm run support:check` |
+
+## Review Flow
+
+1. Re-read the original public-safe backlog record.
+2. Confirm the linked docs, report-gallery example, fixture evidence, or rule guidance still exists.
+3. Re-run the required checks for the current decision.
+4. Choose one review decision: `remains-docs-clarification`, `remains-fixture-backlog`, `remains-rule-review-candidate`, or `closed-no-action`.
+5. Record only the public-safe summary, next action, and check result.
+
+## Decision Notes
+
+Use `remains-docs-clarification` when current behavior is correct but the wording still makes a checked example hard to compare with local output.
+
+Use `remains-fixture-backlog` when the smallest sanitized reproduction still describes a safe boundary worth preserving and no existing pass or quiet-pass fixture covers it.
+
+Use `remains-rule-review-candidate` when at least two sanitized reports or checked examples still point at the same rule boundary and fixture evidence should be compared before any behavior change.
+
+Use `closed-no-action` when the report no longer reproduces on the current package, has been resolved by another checked artifact, is too thin to act on, or should be routed through [SECURITY.md](../../SECURITY.md) instead of public backlog review.
+
+## Privacy
+
+Do not include secrets, private code, private paths, customer data, full CI logs, unredacted SARIF, credential-handling details, command-execution vulnerability details, package publishing compromise, or MCP data exposure in public backlog review notes. Use placeholders such as `<repo>`, `<path>`, or `<redacted>`, and route sensitive reports through [SECURITY.md](../../SECURITY.md).
+
+Run this after editing support backlog review records:
+
+```powershell
+npm run support:check
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "memento-mori-jester",
-  "version": "0.1.95",
+  "version": "0.1.96",
   "description": "A local court-jester sidecar for AI coding agents: review plans, commands, diffs, and final claims before they get too pleased with themselves.",
   "type": "module",
   "repository": {

package/scripts/check-production-readiness.mjs

@@ -94,6 +94,8 @@ for (const path of [
   "examples/reports/feedback-template.md",
   "examples/reports/report-gallery.json",
   "examples/support/README.md",
+  "examples/support/backlog-review.md",
+  "examples/support/backlog-review.json",
   "examples/support/backlog-records.md",
   "examples/support/backlog-records.json",
   "examples/support/closeout-checklist.md",
@@ -138,6 +140,7 @@ requireText("README.md", /response-snippets\.md/, "support response snippets lin
 requireText("README.md", /closeout-checklist\.md/, "support closeout checklist link");
 requireText("README.md", /support-lifecycle\.md/, "support lifecycle overview link");
 requireText("README.md", /outcome-prioritization\.md/, "support outcome prioritization link");
+requireText("README.md", /backlog-review\.md/, "support backlog review link");
 requireText("README.md", /backlog-records\.md/, "support backlog records link");
 requireText("README.md", /report gallery feedback/i, "report gallery feedback guidance");
 requireText("README.md", /License: PolyForm Noncommercial/, "the noncommercial license badge");
@@ -164,6 +167,7 @@ requireText("docs/PRODUCTION_READINESS.md", /response snippets/i, "support respo
 requireText("docs/PRODUCTION_READINESS.md", /closeout checklist/i, "support closeout checklist readiness");
 requireText("docs/PRODUCTION_READINESS.md", /support lifecycle overview/i, "support lifecycle overview readiness");
 requireText("docs/PRODUCTION_READINESS.md", /outcome prioritization guide/i, "support outcome prioritization readiness");
+requireText("docs/PRODUCTION_READINESS.md", /backlog review/i, "support backlog review readiness");
 requireText("docs/PRODUCTION_READINESS.md", /backlog records/i, "support backlog records readiness");
 requireText("docs/PRODUCTION_READINESS.md", /quiet-pass/, "quiet-pass fixture readiness");
 requireText("docs/CLI.md", /jester doctor --json/, "doctor JSON CLI docs");
@@ -193,6 +197,7 @@ requireText("docs/MAINTAINER_TRIAGE.md", /response-snippets\.md/, "support respo
 requireText("docs/MAINTAINER_TRIAGE.md", /closeout-checklist\.md/, "support closeout checklist link");
 requireText("docs/MAINTAINER_TRIAGE.md", /support-lifecycle\.md/, "support lifecycle overview link");
 requireText("docs/MAINTAINER_TRIAGE.md", /outcome-prioritization\.md/, "support outcome prioritization link");
+requireText("docs/MAINTAINER_TRIAGE.md", /backlog-review\.md/, "support backlog review link");
 requireText("docs/MAINTAINER_TRIAGE.md", /backlog-records\.md/, "support backlog records link");
 requireText("docs/MAINTAINER_TRIAGE.md", /docs-example/, "docs example triage outcome");
 requireText("docs/MAINTAINER_TRIAGE.md", /fixture-backlog/, "fixture backlog triage outcome");
@@ -230,6 +235,7 @@ requireText("examples/support/README.md", /response-snippets\.md/, "support resp
 requireText("examples/support/README.md", /closeout-checklist\.md/, "support closeout checklist link");
 requireText("examples/support/README.md", /support-lifecycle\.md/, "support lifecycle overview link");
 requireText("examples/support/README.md", /outcome-prioritization\.md/, "support outcome prioritization link");
+requireText("examples/support/README.md", /backlog-review\.md/, "support backlog review link");
 requireText("examples/support/README.md", /backlog-records\.md/, "support backlog records link");
 requireText("examples/support/README.md", /docs-example/, "support triage docs outcome");
 requireText("examples/support/README.md", /fixture-backlog/, "support triage fixture outcome");
@@ -278,6 +284,17 @@ requireText("examples/support/backlog-records.md", /SECURITY\.md/, "support back
 requireText("examples/support/backlog-records.json", /docs-clarification-backlog-record/, "support docs backlog record JSON");
 requireText("examples/support/backlog-records.json", /fixture-backlog-record/, "support fixture backlog record JSON");
 requireText("examples/support/backlog-records.json", /rule-review-candidate-backlog-record/, "support rule-review backlog record JSON");
+requireText("examples/support/backlog-review.md", /Support Backlog Review/, "support backlog review heading");
+requireText("examples/support/backlog-review.md", /backlog-review\.json/, "support backlog review JSON link");
+requireText("examples/support/backlog-review.md", /remains-docs-clarification/, "support docs backlog review decision");
+requireText("examples/support/backlog-review.md", /remains-fixture-backlog/, "support fixture backlog review decision");
+requireText("examples/support/backlog-review.md", /remains-rule-review-candidate/, "support rule-review backlog review decision");
+requireText("examples/support/backlog-review.md", /closed-no-action/, "support closed no-action review decision");
+requireText("examples/support/backlog-review.md", /SECURITY\.md/, "support backlog review security redirect");
+requireText("examples/support/backlog-review.json", /docs-clarification-review/, "support docs backlog review JSON");
+requireText("examples/support/backlog-review.json", /fixture-backlog-review/, "support fixture backlog review JSON");
+requireText("examples/support/backlog-review.json", /rule-review-candidate-review/, "support rule-review backlog review JSON");
+requireText("examples/support/backlog-review.json", /closed-no-action-review/, "support closed no-action review JSON");
 requireText("examples/tuning/README.md", /framework-tuning-cookbook\.json/, "framework tuning cookbook JSON link");
 requireText("examples/tuning/README.md", /framework:tuning:doctor/, "framework tuning doctor guidance");
 requireText("examples/tuning/README.md", /jester tune <rule-id> --json|jester tune [a-z0-9-]+ --json/, "framework tuning command guidance");
@@ -316,6 +333,7 @@ requireText("scripts/check-support-triage.mjs", /closeout-checklist\.json/, "sup
 requireText("scripts/check-support-triage.mjs", /support-lifecycle\.json/, "support lifecycle overview guard");
 requireText("scripts/check-support-triage.mjs", /outcome-prioritization\.json/, "support outcome prioritization guard");
 requireText("scripts/check-support-triage.mjs", /backlog-records\.json/, "support backlog records guard");
+requireText("scripts/check-support-triage.mjs", /backlog-review\.json/, "support backlog review guard");
 requireText("scripts/check-support-triage.mjs", /unsafeContentPatterns/, "support triage unsafe content checks");
 requireText("package.json", /"fixtures:check": "node scripts\/check-fixtures\.mjs"/, "fixture authoring check script");
 requireText("package.json", /"fixtures:report": "node scripts\/report-fixtures\.mjs"/, "fixture coverage report script");

package/scripts/check-support-triage.mjs

@@ -25,6 +25,8 @@ const supportFiles = [
   ".github/ISSUE_TEMPLATE/config.yml",
   "examples/reports/feedback-template.md",
   "examples/reports/README.md",
+  "examples/support/backlog-review.md",
+  "examples/support/backlog-review.json",
   "examples/support/backlog-records.md",
   "examples/support/backlog-records.json",
   "examples/support/closeout-checklist.md",
@@ -86,6 +88,7 @@ requireText("examples/reports/README.md", /npm run support:check/, "support chec
 requireText("examples/reports/README.md", /examples\/support|Maintainer Triage Playbook/i, "maintainer triage playbook link");
 
 requireText("examples/support/README.md", /Maintainer Triage Playbook/, "maintainer playbook heading");
+requireText("examples/support/README.md", /backlog-review\.md/, "support backlog review link");
 requireText("examples/support/README.md", /backlog-records\.md/, "support backlog records link");
 requireText("examples/support/README.md", /support-lifecycle\.md/, "support lifecycle overview link");
 requireText("examples/support/README.md", /outcome-prioritization\.md/, "support outcome prioritization link");
@@ -159,6 +162,22 @@ requireText("examples/support/backlog-records.md", /npm run support:check/, "sup
 requireText("examples/support/backlog-records.json", /docs-clarification-backlog-record/, "docs backlog record JSON");
 requireText("examples/support/backlog-records.json", /fixture-backlog-record/, "fixture backlog record JSON");
 requireText("examples/support/backlog-records.json", /rule-review-candidate-backlog-record/, "rule-review backlog record JSON");
+requireText("examples/support/backlog-review.md", /Support Backlog Review/, "support backlog review heading");
+requireText("examples/support/backlog-review.md", /backlog-review\.json/, "support backlog review JSON link");
+requireText("examples/support/backlog-review.md", /backlog-records\.md/, "support backlog records review link");
+requireText("examples/support/backlog-review.md", /outcome-prioritization\.md/, "support prioritization review link");
+requireText("examples/support/backlog-review.md", /support lifecycle overview/, "support lifecycle review link");
+requireText("examples/support/backlog-review.md", /remains-docs-clarification/, "docs clarification review decision");
+requireText("examples/support/backlog-review.md", /remains-fixture-backlog/, "fixture backlog review decision");
+requireText("examples/support/backlog-review.md", /remains-rule-review-candidate/, "rule-review review decision");
+requireText("examples/support/backlog-review.md", /closed-no-action/, "closed no-action review decision");
+requireText("examples/support/backlog-review.md", /jester tune <rule-id> --json|fixture evidence|quiet-pass fixture/, "review fixture evidence guidance");
+requireText("examples/support/backlog-review.md", /SECURITY\.md/, "review security redirect");
+requireText("examples/support/backlog-review.md", /npm run support:check/, "support checker review command");
+requireText("examples/support/backlog-review.json", /docs-clarification-review/, "docs review record JSON");
+requireText("examples/support/backlog-review.json", /fixture-backlog-review/, "fixture review record JSON");
+requireText("examples/support/backlog-review.json", /rule-review-candidate-review/, "rule-review review record JSON");
+requireText("examples/support/backlog-review.json", /closed-no-action-review/, "closed no-action review record JSON");
 requireText("examples/support/response-snippets.md", /Maintainer Response Snippets/, "response snippets heading");
 requireText("examples/support/response-snippets.md", /response-snippets\.json/, "response snippets JSON link");
 requireText("examples/support/response-snippets.md", /docs-example/, "docs response outcome");
@@ -176,6 +195,7 @@ requireText("docs/MAINTAINER_TRIAGE.md", /report_gallery_feedback\.yml/, "report
 requireText("docs/MAINTAINER_TRIAGE.md", /examples\/support/, "maintainer playbook triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /support-lifecycle\.md/, "support lifecycle triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /outcome-prioritization\.md/, "support prioritization triage link");
+requireText("docs/MAINTAINER_TRIAGE.md", /backlog-review\.md/, "support backlog review triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /backlog-records\.md/, "support backlog records triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /closeout-checklist\.md/, "support closeout checklist triage link");
 requireText("docs/MAINTAINER_TRIAGE.md", /response-snippets\.md/, "maintainer response snippets triage link");
@@ -187,6 +207,7 @@ requireText("docs/PRODUCTION_READINESS.md", /support:check/, "support checker re
 requireText("README.md", /feedback-template\.md/, "feedback template README link");
 requireText("README.md", /support-lifecycle\.md/, "support lifecycle README link");
 requireText("README.md", /outcome-prioritization\.md/, "support prioritization README link");
+requireText("README.md", /backlog-review\.md/, "support backlog review README link");
 requireText("README.md", /backlog-records\.md/, "support backlog records README link");
 requireText("README.md", /closeout-checklist\.md/, "support closeout checklist README link");
 requireText("README.md", /examples\/support/, "maintainer triage playbook README link");
@@ -202,6 +223,7 @@ checkCloseoutChecklist();
 checkSupportLifecycle();
 checkOutcomePrioritization();
 checkBacklogRecords();
+checkBacklogReview();
 
 if (failures.length > 0) {
   console.error("Support triage check failed:");
@@ -808,3 +830,116 @@ function checkBacklogRecords() {
     }
   }
 }
+
+function checkBacklogReview() {
+  const path = "examples/support/backlog-review.json";
+  const reviews = readJson(path);
+  if (!reviews) {
+    return;
+  }
+
+  if (!Array.isArray(reviews) || reviews.length !== 4) {
+    failures.push(`${path} should contain exactly four support backlog review decisions.`);
+    return;
+  }
+
+  const expected = [
+    {
+      id: "docs-clarification-review",
+      sourceRecord: "docs-clarification-backlog-record",
+      reviewDecision: "remains-docs-clarification",
+      outcome: "docs-example",
+      checks: ["npm run reports:check", "npm run support:check"],
+      criteria: ["nearest checked report", "Observed output", "No rule behavior change"]
+    },
+    {
+      id: "fixture-backlog-review",
+      sourceRecord: "fixture-backlog-record",
+      reviewDecision: "remains-fixture-backlog",
+      outcome: "fixture-backlog",
+      checks: ["npm run fixtures:check", "npm run fixtures:report", "npm run support:check"],
+      criteria: ["smallest sanitized reproduction", "jester tune <rule-id> --json", "pass or quiet-pass fixture"]
+    },
+    {
+      id: "rule-review-candidate-review",
+      sourceRecord: "rule-review-candidate-backlog-record",
+      reviewDecision: "remains-rule-review-candidate",
+      outcome: "rule-review-candidate",
+      checks: ["npm run fixtures:report -- --markdown", "npm run support:check"],
+      criteria: ["At least two sanitized", "Fixture report or tune evidence", "supporting fixtures"]
+    },
+    {
+      id: "closed-no-action-review",
+      sourceRecord: "<backlog-record-id>",
+      reviewDecision: "closed-no-action",
+      outcome: "closed-no-action",
+      checks: ["npm run support:check"],
+      criteria: ["no longer reproduces", "private, or security-sensitive", "current checks still pass"]
+    }
+  ];
+  const seenIds = new Set();
+
+  for (const [index, review] of reviews.entries()) {
+    const expectedReview = expected[index];
+    if (review?.id !== expectedReview.id) {
+      failures.push(`${path} entry ${index + 1} should have id ${expectedReview.id}.`);
+      continue;
+    }
+
+    if (seenIds.has(review.id)) {
+      failures.push(`${path} has duplicate id ${review.id}.`);
+    }
+    seenIds.add(review.id);
+
+    if (review.sourceRecord !== expectedReview.sourceRecord) {
+      failures.push(`${review.id}.sourceRecord should be ${expectedReview.sourceRecord}.`);
+    }
+
+    if (review.reviewDecision !== expectedReview.reviewDecision) {
+      failures.push(`${review.id}.reviewDecision should be ${expectedReview.reviewDecision}.`);
+    }
+
+    if (review.outcome !== expectedReview.outcome) {
+      failures.push(`${review.id}.outcome should be ${expectedReview.outcome}.`);
+    }
+
+    if (typeof review.cadence !== "string" || review.cadence.length < 40) {
+      failures.push(`${review.id}.cadence should explain when to review the backlog item.`);
+    }
+
+    if (typeof review.nextAction !== "string" || review.nextAction.length < 50) {
+      failures.push(`${review.id}.nextAction should describe the maintainer action.`);
+    }
+
+    if (!Array.isArray(review.decisionCriteria) || review.decisionCriteria.length !== 3) {
+      failures.push(`${review.id}.decisionCriteria should contain exactly three criteria.`);
+    } else {
+      const criteriaText = review.decisionCriteria.join("\n");
+      for (const expectedCriterion of expectedReview.criteria) {
+        if (!criteriaText.includes(expectedCriterion)) {
+          failures.push(`${review.id}.decisionCriteria should include ${expectedCriterion}.`);
+        }
+      }
+    }
+
+    if (!Array.isArray(review.privacyReview) || review.privacyReview.length !== 3) {
+      failures.push(`${review.id}.privacyReview should contain exactly three privacy checks.`);
+    } else {
+      const privacyText = review.privacyReview.join("\n");
+      if (!/secret|private|SECURITY\.md|redacted|placeholder/i.test(privacyText)) {
+        failures.push(`${review.id}.privacyReview should include privacy and security routing guidance.`);
+      }
+    }
+
+    if (!Array.isArray(review.requiredChecks)) {
+      failures.push(`${review.id}.requiredChecks should be an array.`);
+      continue;
+    }
+
+    for (const check of expectedReview.checks) {
+      if (!review.requiredChecks.includes(check)) {
+        failures.push(`${review.id}.requiredChecks should include ${check}.`);
+      }
+    }
+  }
+}