fix: address review feedback on deferred-work read-back workflows

- Align parsing to actual bmad-code-review output format (## headings with date)
- Make Category optional with heuristic keyword-based derivation
- Replace undefined {{item_title}} with {{description}} in subtask template
- Add {{matched_count}} computation before it is referenced
- Guard against missing/empty deferred-work.md (initialize counts to 0)
- Add deferred_work_file to create-story Input Files table

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/bmm-skills/4-implementation/bmad-create-story/workflow.md

@@ -45,6 +45,7 @@ Load config from `{project-root}/_bmad/bmm/config.yaml` and resolve:
 | architecture | Architecture (fallback - epics file should have relevant sections) | whole: `{planning_artifacts}/*architecture*.md`, sharded: `{planning_artifacts}/*architecture*/*.md` | SELECTIVE_LOAD |
 | ux | UX design (fallback - epics file should have relevant sections) | whole: `{planning_artifacts}/*ux*.md`, sharded: `{planning_artifacts}/*ux*/*.md` | SELECTIVE_LOAD |
 | epics | Enhanced epics+stories file with BDD and source hints | whole: `{planning_artifacts}/*epic*.md`, sharded: `{planning_artifacts}/*epic*/*.md` | SELECTIVE_LOAD |
+| deferred_work | Deferred items from code reviews (optional) | `{deferred_work_file}` | FULL_LOAD (optional) |
 
 ---
 
@@ -236,11 +237,21 @@ Load config from `{project-root}/_bmad/bmm/config.yaml` and resolve:
   <!-- Deferred work items analysis -->
   <check if="{deferred_work_file} exists AND has content">
     <action>Load {deferred_work_file} completely</action>
-    <action>Parse all deferred items, extracting for each:
+    <action>Parse all deferred items. The file uses level-2 headings produced by bmad-code-review:
+      `## Deferred from: code review of story-X.Y (YYYY-MM-DD)`
+      Each heading is followed by bullet items (one per deferred finding).
+
+      For each bullet item extract:
       - File paths mentioned (e.g., [src/foo.ts:42])
-      - Category (bug, security, tech-debt, style, etc.)
+      - Originating review: the heading text above the bullet (e.g., "code review of story-2.3 (2026-03-18)")
-      - Originating review (e.g., "Deferred from: code review of story-2.3")
+      - Description text: the bullet content
-      - Description text
+      - Category: if the producer included an explicit category, use it; otherwise derive heuristically from keywords in the description:
+        - "security" / "auth" / "injection" / "XSS" / "CSRF" → security
+        - "bug" / "crash" / "error" / "null" / "undefined" / "NaN" → bug
+        - "performance" / "slow" / "N+1" / "cache" → performance
+        - "style" / "lint" / "formatting" / "naming" → style
+        - otherwise → tech-debt
+      - Set `inferred_category = true` when the category was derived heuristically
     </action>
 
     <action>From epics content and architecture analysis, build a list of files this story will likely touch:
@@ -257,6 +268,7 @@ Load config from `{project-root}/_bmad/bmm/config.yaml` and resolve:
 
     <check if="overlapping deferred items found">
       <action>Store {{matched_deferred_items}} for inclusion in the story file</action>
+      <action>Set {{matched_count}} = number of items in {{matched_deferred_items}}</action>
       <action>Classify matches by priority:
         - HIGH: security fixes, bugs in files this story will modify
         - MEDIUM: tech-debt in the same module, performance issues in touched code
@@ -376,7 +388,7 @@ The following items were deferred from previous code reviews and overlap with fi
     </template-output>
 
     <action>In the Tasks/Subtasks section, add corresponding subtasks for HIGH-priority deferred items:
-      - [ ] [Deferred] {{item_title}} [{{file_ref}}] (from previous review)
+      - [ ] [Deferred] {{description}} [{{file_ref}}] (from previous review)
     </action>
   </check>
 

src/bmm-skills/4-implementation/bmad-retrospective/workflow.md

@@ -256,12 +256,12 @@ Charlie (Senior Dev): "Good idea - those dev notes always have gold in them."
   <action>Parse all deferred items and compute:</action>
 
   - Total items deferred across all reviews
-  - Items originating from this epic's stories (match by "Deferred from: code review of story-{{epic_number}}.*")
+  - Items originating from this epic's stories (match by level-2 headings: `## Deferred from: code review of story-{{epic_number}}.* (YYYY-MM-DD)`)
-  - Items originating from previous epics (carried forward)
+  - Items originating from previous epics (carried forward — headings referencing other epic numbers)
   - Items that were addressed during this epic (cross-reference with story file lists and git history)
   - Items still outstanding
 
-  <action>Classify outstanding items by severity:</action>
+  <action>Classify outstanding items by severity. If the producer included an explicit category use it; otherwise derive heuristically from description keywords (security/auth/injection → security; bug/crash/error/null → bug; performance/slow/cache → performance; style/lint/naming → style; default → tech-debt):</action>
 
   - Security issues: count and list
   - Bugs: count and list

src/bmm-skills/4-implementation/bmad-sprint-status/workflow.md

@@ -124,14 +124,21 @@ Enter corrections (e.g., "1=in-progress, 2=backlog") or "skip" to continue witho
 <action>Analyze deferred work backlog (if {deferred_work_file} exists):</action>
 
   <check if="{deferred_work_file} exists AND has content">
-    <action>Parse all deferred items from {deferred_work_file}</action>
+    <action>Parse all deferred items from {deferred_work_file}. The file uses level-2 headings produced by bmad-code-review:
-    <action>Count total deferred items</action>
+      `## Deferred from: code review of story-X.Y (YYYY-MM-DD)`
-    <action>Group items by originating review/story</action>
+      Each heading is followed by bullet items (one per deferred finding).
-    <action>Classify items by severity if identifiable (security, bug, tech-debt, style)</action>
+    </action>
-    <action>Store counts: {{deferred_total}}, {{deferred_high}} (security/bug), {{deferred_medium}} (tech-debt), {{deferred_low}} (style/minor)</action>
+    <action>Count total deferred items (bullet items, not headings)</action>
+    <action>Group items by originating review/story (derived from the heading above each group)</action>
+    <action>Classify items by severity: if the item includes an explicit category use it; otherwise derive heuristically from description keywords (security/auth/injection → security; bug/crash/error/null → bug; performance/slow/cache → performance; style/lint/naming → style; default → tech-debt)</action>
+    <action>Store counts: {{deferred_total}}, {{deferred_high}} (security/bug), {{deferred_medium}} (tech-debt/performance), {{deferred_low}} (style/minor)</action>
     <action>IF {{deferred_total}} > 20: add risk "Deferred work backlog is large ({{deferred_total}} items) — consider triaging with SM agent"</action>
     <action>IF {{deferred_high}} > 0: add risk "{{deferred_high}} high-priority deferred items (security/bugs) need attention"</action>
   </check>
+
+  <check if="{deferred_work_file} does NOT exist OR is empty">
+    <action>Set {{deferred_total}} = 0, {{deferred_high}} = 0, {{deferred_medium}} = 0, {{deferred_low}} = 0</action>
+  </check>
   </step>
 
 <step n="3" goal="Select next action recommendation">
@@ -213,7 +220,7 @@ If the command targets a story, set `story_key={{next_story_id}}` when prompted.
 <!-- ========================= -->
 
 <step n="20" goal="Data mode output">
-  <action>Load and parse {sprint_status_file} same as Step 2</action>
+  <action>Load and parse {sprint_status_file} same as Step 2 (including deferred work analysis — set deferred counts to 0 when file is missing/empty)</action>
   <action>Compute recommendation same as Step 3</action>
   <template-output>next_workflow_id = {{next_workflow_id}}</template-output>
   <template-output>next_story_id = {{next_story_id}}</template-output>