Plan: add audit_1 launch-readiness gap-closure backlog

[davidahmann]

Problem

Audit follow-up items needed to be converted into an execution-ready Wrkr backlog plan with prioritization, story decomposition, test requirements, and CI matrix wiring.

Changes

• added new backlog plan document at product/audit_1.md
• organized recommendations into dependency-aware epics and stories
• included required plan sections: global decisions, baseline, exit criteria, recommendation traceability, test matrix wiring, minimum-now sequence, non-goals, and definition of done
• mapped all requested gap-closure items (pin drift, CLI help exit contract, status docs, compliance coverage messaging, security policy hardening)

Validation

• make prepush-full
• go run ./cmd/wrkr scan --path scenarios/wrkr/scan-mixed-org/repos --json

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 592e560a2b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Use repo-relative paths in the audit plan

This plan hard-codes a local workstation path (/Users/davidahmann/Projects/wrkr/...) for referenced files, which makes the backlog non-portable for other contributors and CI environments and can cause task links/checklists to fail outside that machine. Since this document is meant to drive shared execution, paths should be repository-relative (for example product/dev_guides.md) so the instructions remain actionable in every clone.

Useful? React with 👍 / 👎.