# Sprint Backlog

**Sprint 0 — Reproducibility Gate**

- Wire `just verify` (or equivalent) to run the static checks before every commit/PR.
- Add a CI step that fails on `critical` findings.

**Sprint 1 — Trust Boundary Gate**

- Confirm auth posture for any mutation endpoint flagged as exposed.
- Replace raw SQL interpolation with parameterized queries.

**Sprint 2 — Memory Correctness Gate**

- (Phase E) Wire append-only `.memory/` writes for known-risks + fixed-patterns.
- Add a regression test that re-runs the harness and asserts no regression in confirmed-finding count.

**Sprint 3 — Agent Loop Reality Gate**

- (Phase C) Wire local-Ollama LLM review.
- (Phase D) Validator pass cross-checks every LLM finding against repo evidence.

**Sprint 4 — Deployment Gate**

- Ship the harness as a single static binary (`go build -o review-harness`).
- Document operator runbook (model setup, profile editing, output retention).