Supersedes #241 (cross-fork PR by @ozymandiashh — original intent preserved, this branch was built on current main with the review fixes integrated cleanly into the #246 dedup pattern instead of being layered on top of an older base).

Summary

Adds detectLowWorthSessions to codeburn optimize. Flags expensive sessions (≥$2 spend; ≥$3 if no edit turns) with weak delivery signals — no edits, repeated retries, or edit work that never landed in one shot — when no git/gh delivery command is observed in the bash history. Framed as review candidates, not proof of waste.

Detection model

• $2 floor; $3 floor when "no edit turns" is the only signal
• 3 retries to trip the retry reason; 2 retries with edits and zero one-shot edits to trip the "no one-shot edit turns" reason
• categoryBreakdown aggregates preferred when present, falls back to raw turns
• Delivery commands: git commit, git push, gh pr create, gh pr merge (excluding --dry-run in the same pipeline segment)

Review fixes integrated on top of #241's commit

1. Triple-detector dedup (extends feat(optimize): detect context-heavy sessions #246). Priority order: low-worth → context-bloat → outliers. findLowWorthCandidates and findContextBloatCandidates build ID sets ahead of detection; detectContextBloat and detectSessionOutliers accept an excludedSessionIds param and filter accordingly. Real-data top-5 lists are now disjoint across all three findings.
2. commit-tree regex false positive fixed. Used (?:\s|$|--) after commit|push instead of \b, so git commit-tree HEAD^{tree} and git commit-graph write are no longer treated as deliveries while git commit --amend still is. New tests cover both cases.
3. Three impact tiers consistent with feat(optimize): detect context-heavy sessions #246: high (≥10 candidates OR ≥$50 total) · low (≤2 candidates AND <$10 total) · medium otherwise. Replaces the original binary tiering.
4. Replaced the magic 0.5 token-savings ratio with a two-regime model:
   • No-edit sessions: full session token total (the session produced no apparent output to weigh against the spend).
   • Sessions with edits but with retries / no one-shot: retry fraction (retries / totalTurns × tokens, clamped to [0,1]). Edits may still have been useful; we credit the model with that and only flag the retry overhead.
5. Fix-text differentiated from the outlier detector. Outlier still says "tighter constraint, smaller plan." Low-worth now says "name the deliverable in one sentence; stop after 10 minutes without an edit or 2 failures; no retries past 2 attempts on any single fix."

Validation

• npx vitest run — 38 files, 529 tests pass (was 498 before, +31 new)
• Real-data run on a 22.6K-session / $4.8K archive:
  • Top-5 lists across low-worth, context-bloat, outliers are completely disjoint
  • Headline savings: ~17% of spend (was 10% pre-low-worth; would've been 54% with the naive full-session ceiling; was triple-counted in the original PR)
  • Per-finding totals: low-worth $629, context-heavy $54, outliers $123
• tsc --noEmit: pre-existing copilot.ts errors on this base, same as feat(optimize): detect context-heavy sessions #246 had. CI doesn't run tsc (only semgrep). Resolved on the user's local feat branch but not yet on origin/main; not introduced by this PR.

Security

No new attack surface. Bash command strings come from user's session telemetry, regex is anchored, no shell, no eval, no I/O.