- Blocker: FlowProposal can't link an l1_walk_session (source_session_id is
NOT NULL FK→ai_sessions, UI links /pilot). Add nullable l1_session_id +
exactly-one CHECK + read-only walked-path link for L1-sourced proposals.
- High: flow_matching_engine matches published flows only; scope match pass
to flows, defer proposal-matching.
- High: notification system is FlowPilot-shaped; enumerate the 3 changes for
l1.session.escalated (VALID_EVENTS, link+body builder, explicit engineer
recipients). Engineer-visible surface is the primary handoff.
- Medium: match before category gate so authored flows aren't blocked.
- Medium: define normalize_walked_path → valid tree with root id, unexplored
branches as needs_review stubs.
- Medium: category write auth needs owner/admin, not engineer; add
require_account_owner_or_admin dep.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Michael Chihlas
f62712d11c