docs(config-audit): straggler sweep for v5.0.0 — sync all badge counts

Reconcile README/CLAUDE.md/commands/agents to filesystem truth ahead of v5.0.0
release. Self-audit --check-readme now passes (counts: scanners 12, commands 18,
tests 635, knowledge 8, agents 6, hooks 4).

Self-audit (scanners/self-audit.mjs):
- Exclude plugin-health-scanner.mjs from countScannerShape (it is a "standalone"
  scanner per README/CLAUDE.md taxonomy; orchestrated scanners stay at 12)
- countTestCases: spawn `node --test` and parse the `tests N` line so the badge
  reflects test cases (635), not test files (36). countTestFiles kept as
  fallback when subprocess fails.

README.md:
- Badges: scanners 9→12, commands 17→18, tests 543→635
- Body counts updated: 8 quality scanners → 12 deterministic scanners; 8 quality
  areas → 10 (incl. Plugin Hygiene from N6); 9 Node.js scanners → 12
- Scanner table extended with CPS / DIS / COL rows; TOK row reflects the v5
  Pattern E/F/N1 expansion (sonnet-era removed)
- CLI table adds manifest, whats-active, --accurate-tokens, --with-telemetry-recipe
- Knowledge table adds opus-4.7-patterns.md and cache-telemetry-recipe.md
- Scanner Lib table notes WEIGHTS export, severity-weighted scoring, tokenizer-api
- Action Engines table adds manifest.mjs, whats-active.mjs, token-hotspots-cli.mjs
- Test count text 486→635, file count 27→36 (12 lib + 23 scanner + 1 hook)
- Tokens command: 4-pattern phrasing → 6 patterns + --accurate-tokens
- Adds /config-audit manifest and /config-audit whats-active to command tables

CLAUDE.md:
- Posture row: 8 → 10 quality areas
- Tokens row: 4 patterns (incl. sonnet-era) → 6 patterns + --accurate-tokens
- Adds /config-audit manifest entry
- Scanner table: TOK description rewritten; CPS, DIS, COL rows added
- Scanner Lib table: tokenizer-api.mjs added; v5 annotations on severity, output,
  scoring, active-config-reader
- Action Engines table: manifest.mjs added; token-hotspots-cli.mjs flags expanded
- Knowledge table: cache-telemetry-recipe.md added; configuration-best-practices
  notes Opus-4.7 cache-stability rewrite
- Finding ID examples extended with CA-TOK-005, CA-CPS-001, CA-DIS-001, CA-COL-001
- Test count text 543→635, file count 31→36

commands/help.md: tokens/manifest added to Core
commands/posture.md: 8 → 10 quality areas
commands/config-audit.md: argument-hint adds tokens/manifest; router adds tokens
  and manifest; "Running 8 configuration scanners" → 12
agents/feature-gap-agent.md: 8 → 10 quality areas

No production code paths changed beyond self-audit's badge-counting heuristic.
All 635 tests still green.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

plugins/config-audit/CLAUDE.md

@@ -16,8 +16,9 @@ Analyzes and optimizes Claude Code configuration across three pillars:
 | Command | Description |
 |---------|-------------|
 | `/config-audit` | Full audit with auto-scope detection (no setup needed) |
-| `/config-audit posture` | Quick health scorecard (A-F grades, 8 quality areas incl. Token Efficiency) |
-| `/config-audit tokens` | Opus-4.7-aware token hotspots (4 patterns: cache-breaking, redundant perms, deep imports, sonnet-era) |
+| `/config-audit posture` | Quick health scorecard (A-F grades, 10 quality areas incl. Token Efficiency, Plugin Hygiene) |
+| `/config-audit tokens` | Opus-4.7-aware token hotspots (6 patterns: cache-breaking, redundant perms, deep imports, oversized cascade, bloated SKILL.md desc, MCP tool-schema budget) — optional `--accurate-tokens` API calibration, `--with-telemetry-recipe` cache-hit recipe pointer |
+| `/config-audit manifest` | Ranked table of every system-prompt token source (CLAUDE.md, plugins, skills, MCP, hooks) sorted by estimated tokens |
 | `/config-audit feature-gap` | Context-aware feature recommendations grouped by impact |
 | `/config-audit fix` | Auto-fix deterministic issues with backup + verification |
 | `/config-audit rollback` | Restore configuration from backup |
@@ -65,24 +66,28 @@ Scanner CLI: `node scanners/scan-orchestrator.mjs <path> [--global] [--full-mach
 | `import-resolver.mjs` | IMP | Broken @imports, circular refs, deep chains, tilde paths |
 | `conflict-detector.mjs` | CNF | Settings conflicts, permission contradictions, hook duplicates |
 | `feature-gap-scanner.mjs` | GAP | 25 feature checks across 4 tiers — shown as opportunities, not grades |
-| `token-hotspots.mjs` | TOK | Cache-breaking volatile content, redundant tool permissions, deep import chains, sonnet-era setups (Opus 4.7 patterns) |
+| `token-hotspots.mjs` | TOK | Cache-breaking volatile content, redundant tool permissions, deep import chains, oversized cascade, bloated SKILL.md descriptions, MCP tool-schema budget (Opus 4.7 patterns) |
+| `cache-prefix-scanner.mjs` | CPS | Volatile content in lines 31–150 of CLAUDE.md cascade (beyond Pattern A's top-30 window) |
+| `disabled-in-schema-scanner.mjs` | DIS | Tools listed in BOTH `permissions.deny` AND `permissions.allow` — deny wins, allow entries are dead config |
+| `collision-scanner.mjs` | COL | Cross-plugin skill name collisions (low); user-vs-plugin overlaps (medium); `details.namespaces` payload |
 
 ### Scanner Lib (`scanners/lib/`)
 
 | Module | Purpose |
 |--------|---------|
-| `severity.mjs` | Severity constants, risk scoring, verdict logic |
-| `output.mjs` | Finding objects (CA-XXX-NNN format), scanner results, envelope |
+| `severity.mjs` | Severity constants, risk scoring, verdict logic, `WEIGHTS` named export (v5 F3) |
+| `output.mjs` | Finding objects (CA-XXX-NNN format), scanner results, envelope, optional `details` payload (v5 N6) |
 | `file-discovery.mjs` | Config file discovery: single-path, multi-path (`discoverConfigFilesMulti`), full-machine (`discoverFullMachinePaths`) |
 | `yaml-parser.mjs` | Frontmatter parsing, JSON parsing, @import/section extraction |
 | `string-utils.mjs` | Line counting, truncation, similarity, key extraction |
-| `scoring.mjs` | Area scoring, health scorecard, legacy utilization/maturity |
+| `scoring.mjs` | Severity-weighted `scoreByArea` (v5 F3), health scorecard, dedup-by-area (v5 N3), `scoringVersion: 'v5'` |
 | `backup.mjs` | Backup creation, manifest parsing, checksum verification |
 | `diff-engine.mjs` | Drift diffing: diffEnvelopes(), formatDiffReport() |
 | `baseline.mjs` | Baseline save/load/list/delete for drift detection |
 | `report-generator.mjs` | Unified markdown reports: posture, drift, plugin health |
 | `suppression.mjs` | .config-audit-ignore parsing, finding suppression, audit trail |
-| `active-config-reader.mjs` | Read-only inventory: readActiveConfig(), detectGitRoot(), walkClaudeMdCascade(), readClaudeJsonProjectSlice() (longest-prefix match), enumeratePlugins(), enumerateSkills(), readActiveHooks(), readActiveMcpServers(), estimateTokens() |
+| `active-config-reader.mjs` | Read-only inventory: readActiveConfig(), detectGitRoot(), walkClaudeMdCascade(), readClaudeJsonProjectSlice() (longest-prefix match), enumeratePlugins(), enumerateSkills(), readActiveHooks(), readActiveMcpServers() (with cache → package.json tool-count fallback), estimateTokens() (v5: `'mcp'` kind = 500 + toolCount × 200) |
+| `tokenizer-api.mjs` | Anthropic `count_tokens` wrapper for `--accurate-tokens` (v5 N5); 5s AbortController timeout, exponential 429 backoff, key masking |
 
 ### Action Engines (`scanners/`)
 
@@ -93,7 +98,8 @@ Scanner CLI: `node scanners/scan-orchestrator.mjs <path> [--global] [--full-mach
 | `fix-cli.mjs` | CLI: `node fix-cli.mjs <path> [--apply] [--json] [--global]` |
 | `drift-cli.mjs` | CLI: `node drift-cli.mjs <path> [--save] [--baseline name] [--json]` |
 | `whats-active.mjs` | CLI: `node whats-active.mjs <path> [--json] [--verbose] [--suggest-disables]` — read-only active-config inventory |
-| `token-hotspots-cli.mjs` | CLI: `node token-hotspots-cli.mjs <path> [--json] [--global] [--output-file path]` — Opus-4.7 token hotspots ranking |
+| `token-hotspots-cli.mjs` | CLI: `node token-hotspots-cli.mjs <path> [--json] [--global] [--output-file path] [--accurate-tokens] [--with-telemetry-recipe]` — Opus-4.7 token hotspots ranking with optional API calibration |
+| `manifest.mjs` | CLI: `node manifest.mjs <path> [--json]` — ranked system-prompt token-source table (v5 N2) |
 
 ### Standalone Scanner
 
@@ -107,12 +113,13 @@ Scanner CLI: `node scanners/scan-orchestrator.mjs <path> [--global] [--full-mach
 | File | Content |
 |------|---------|
 | `claude-code-capabilities.md` | Feature register: 18 config surfaces, Anthropic guidance, relevance table |
-| `configuration-best-practices.md` | Per-layer best practices |
+| `configuration-best-practices.md` | Per-layer best practices (v5: Opus 4.7 cache-stability guidance replaces Sonnet-era 200-line rule) |
 | `anti-patterns.md` | Common mistakes mapped to scanner IDs |
 | `hook-events-reference.md` | All 26 hook events with details |
 | `feature-evolution.md` | Feature timeline for staleness detection |
 | `gap-closure-templates.md` | Config-specific templates for closing gaps |
-| `opus-4.7-patterns.md` | Token-cost dynamics for Opus 4.7 era — 4 patterns powering the TOK scanner |
+| `opus-4.7-patterns.md` | Token-cost dynamics for Opus 4.7 era — patterns powering the TOK scanner |
+| `cache-telemetry-recipe.md` | Manual `jq` recipe for verifying prompt-cache hit rate from session transcripts (v5 M7) |
 
 ## Hooks
 
@@ -150,7 +157,7 @@ Default: auto-detects scope from git context. Override with `/config-audit full|
 ```
 
 ### Finding ID Format
-`CA-{SCANNER}-{NNN}` — e.g. `CA-CML-001`, `CA-SET-003`, `CA-HKV-002`, `CA-RUL-005`
+`CA-{SCANNER}-{NNN}` — e.g. `CA-CML-001`, `CA-SET-003`, `CA-HKV-002`, `CA-RUL-005`, `CA-TOK-005`, `CA-CPS-001`, `CA-DIS-001`, `CA-COL-001`
 
 ## Testing
 
@@ -158,7 +165,7 @@ Default: auto-detects scope from git context. Override with `/config-audit full|
 node --test 'tests/**/*.test.mjs'
 ```
 
-543 tests across 31 test files (11 lib + 19 scanner + 1 hook). Test fixtures in `tests/fixtures/`.
+635 tests across 36 test files (12 lib + 23 scanner + 1 hook). Test fixtures in `tests/fixtures/`.
 
 ## Gotchas