{
  "_meta": {
    "source": "ENGINEERING_REVIEW_SCORECARD.md (workspace review 2026-05-30)",
    "note": "One tracker item per affected product/area, derived from the P0-P3 action plan. productId values use the ByteLyst ecosystem slugs; standalone repos use a descriptive slug. Seed with seed-tracker-items.mjs.",
    "repoToProductId": {
      "learning_ai_common_plat / ecosystem infra": "platform",
      "learning_ai_devops_tools": "platform",
      "learning_voice_ai_agent": "lysnrai",
      "learning_multimodal_memory_agents": "mindlyst",
      "learning_ai_clock": "chronomind",
      "learning_ai_jarvis_jr": "jarvisjr",
      "learning_ai_fastgap": "nomgap",
      "learning_ai_peakpulse": "peakpulse",
      "learning_ai_flowmonk": "flowmonk",
      "learning_ai_notes": "notelett",
      "learning_ai_trails": "actiontrail",
      "learning_ai_local_memory_gpt": "localmemgpt",
      "learning_ai_efforise": "efforise",
      "learning_ai_2nd_brain": "secondbrain",
      "learning_ai_mac_tooling": "mactooling",
      "learning_ai_productivity_web": "productivityweb",
      "learning_ai_webui_copilot": "webuicopilot",
      "learning_agent_monitoring_fx": "agentmonitoring",
      "learning_ai_magic_clipboard_mgr": "magicclipboard"
    }
  },
  "items": [
    {
      "productId": "platform",
      "type": "task",
      "priority": "critical",
      "title": "[P0] Restore a working CI gate on learning_ai_common_plat",
      "description": "GitHub Actions is disabled (billing) on the platform monorepo that every product depends on; gitea CI exists but isn't an enforced gate. Re-enable GH Actions or make gitea CI the mandatory pre-merge gate. Ref: ENGINEERING_REVIEW_SCORECARD.md P0#1.",
      "labels": ["eng-review-2026-05", "p0", "ci", "platform"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "platform",
      "type": "task",
      "priority": "critical",
      "title": "[P0] Resolve ~14 dirty repos and add git upstreams",
      "description": "About 14 repos had uncommitted work / were behind origin at review time. Review+commit or discard intentionally, and add upstreams for learning_pytorch_todo_predictor and learning_sidecar_setup (currently no remote). Ref: scorecard P0#2.",
      "labels": ["eng-review-2026-05", "p0", "hygiene", "git"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "platform",
      "type": "task",
      "priority": "high",
      "title": "[P0] Define agent-queue daemon run policy (stop writing to live trees)",
      "description": "The agent-queue daemon + devin agents were running in --permission-mode dangerous and writing directly to live working trees, causing constant dirtiness and duplicate work landing upstream. Define a least-privilege, branch-per-task policy. Ref: scorecard P0#3 + SOP §8.",
      "labels": ["eng-review-2026-05", "p0", "agents", "devops"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "platform",
      "type": "task",
      "priority": "high",
      "title": "[P1] Add healthchecks + ordered depends_on to docker-compose.ecosystem.yml",
      "description": "The ecosystem compose orchestrates ~20 services with 30 restart policies and 24 build contexts but 0 healthcheck blocks. Add healthcheck to each backend/web service and depends_on: condition: service_healthy. Ref: scorecard D + P1#4.",
      "labels": ["eng-review-2026-05", "p1", "devops", "docker"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "platform",
      "type": "bug",
      "priority": "high",
      "title": "[P2] Remove NODE_TLS_REJECT_UNAUTHORIZED=0 and add rate-limiting to prototype APIs",
      "description": "TLS verification is disabled in some Docker setups; thin/zero input validation and no rate limiting in the Python prototype apps (webui_copilot, mac_tooling). Remove the TLS bypass where a real CA/host override exists and add rate limits. Ref: scorecard F + P2#10.",
      "labels": ["eng-review-2026-05", "p2", "security"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "platform",
      "type": "task",
      "priority": "low",
      "title": "[P3] Portfolio-wide coverage + dependency-audit in CI",
      "description": "Add coverage reporting and npm audit / pip-audit / cargo audit steps across the portfolio CI. Ref: scorecard P3#11.",
      "labels": ["eng-review-2026-05", "p3", "ci"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "platform",
      "type": "task",
      "priority": "low",
      "title": "[P3] Lightweight release/issue cadence for the 3 flagships (notelett, actiontrail, chronomind)",
      "description": "Pick the production-grade flagships and drive a real launch checklist + release cadence. Ref: scorecard G + P3#12.",
      "labels": ["eng-review-2026-05", "p3", "process"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "nomgap",
      "type": "task",
      "priority": "high",
      "title": "[P1] Stabilize E2E and remove continue-on-error (fastgap/nomgap)",
      "description": "Playwright E2E job is marked continue-on-error: true, so it isn't actually gating. Stabilize smoke E2E, then make it blocking. Ref: scorecard E + P1#5.",
      "labels": ["eng-review-2026-05", "p1", "testing", "e2e"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "flowmonk",
      "type": "task",
      "priority": "high",
      "title": "[P1] Stabilize E2E and remove continue-on-error (flowmonk)",
      "description": "Playwright E2E is non-gating (continue-on-error: true) and visual regression is excluded on Linux CI. Stabilize and make smoke E2E blocking. Ref: scorecard E + P1#5.",
      "labels": ["eng-review-2026-05", "p1", "testing", "e2e"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "jarvisjr",
      "type": "task",
      "priority": "high",
      "title": "[P1] Stabilize E2E and finish native surfaces (jarvisjr)",
      "description": "Playwright E2E is non-gating; watchOS/macOS in progress and Android (Phase 4) not started. Stabilize E2E and close out the 5 visible TODOs / native wiring. Ref: scorecard E/G.",
      "labels": ["eng-review-2026-05", "p1", "testing", "native"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "secondbrain",
      "type": "task",
      "priority": "medium",
      "title": "[P1] Replace 60+ print() calls with logging (learning_ai_2nd_brain)",
      "description": "CLI/intelligence modules use 60+ print() statements (violates the no-print rule). Switch to typer.echo/logging; keep behavior identical; run pytest. Ref: scorecard B + P1#6.",
      "labels": ["eng-review-2026-05", "p1", "code-quality"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "mactooling",
      "type": "task",
      "priority": "medium",
      "title": "[P2] Add tests, split 3k-line files, replace 200+ print() (learning_ai_mac_tooling)",
      "description": "Forensics toolkit has 0 tests, 200+ print() calls, and 3k+-line files (network_transfer_audit.py 3521, api_server.py 3116). Add a smoke test suite, split the large files, and move to logging. Ref: scorecard B/E + P2#9.",
      "labels": ["eng-review-2026-05", "p2", "code-quality", "testing"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "productivityweb",
      "type": "task",
      "priority": "medium",
      "title": "[P2] Add a test suite (learning_ai_productivity_web has 0 tests)",
      "description": "Clean client-only Next.js tool app with 0 tests and no CI. Add unit tests for the tools registry + a smoke test, and a CI job. Ref: scorecard E + P2#7.",
      "labels": ["eng-review-2026-05", "p2", "testing"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "webuicopilot",
      "type": "task",
      "priority": "medium",
      "title": "[P2] Add tests + CI + Docker (learning_ai_webui_copilot)",
      "description": "FastAPI + LangChain app with 0 tests, no CI, no Docker. Add pytest smoke tests for the rules/policy engines and a copilot happy-path, plus a CI job and Dockerfile. Ref: scorecard E/D + P2#7.",
      "labels": ["eng-review-2026-05", "p2", "testing", "devops"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "agentmonitoring",
      "type": "task",
      "priority": "medium",
      "title": "[P2] Add CI, cut console.log, finish native TODOs (learning_agent_monitoring_fx)",
      "description": "No CI; 54 console.log matches; 5 TODOs for native (KMP/iOS/Android) wiring; no Docker. Add CI, reduce logging noise, and close the native TODOs. Ref: scorecard B/D/G.",
      "labels": ["eng-review-2026-05", "p2", "code-quality", "devops"],
      "source": "internal",
      "visibility": "internal"
    },
    {
      "productId": "magicclipboard",
      "type": "task",
      "priority": "medium",
      "title": "[P2] Audit 50+ services for dead/stubbed code (learning_ai_magic_clipboard_mgr)",
      "description": "50+ service files with phase-named test buckets (Phase5-8, RemainingQATests) suggest AI-scaffold smell. Produce a report of wired vs stubbed services and consolidate. Ref: scorecard B + P2#8.",
      "labels": ["eng-review-2026-05", "p2", "code-quality", "audit"],
      "source": "internal",
      "visibility": "internal"
    }
  ]
}