Implementation plan written to .claude/plan.md. Here's the summary:

Approach: New sw-policy-discovery.sh CLI command + lib/policy-discovery.sh scanner library (Alternative 2 — follows existing codebase patterns, low blast radius, all additive).

12 tasks organized into 3 new files + modifications to 7 existing files:

1. scripts/lib/policy-discovery.sh — Scanner library (~300 lines) with functions: pd_scan_hardcoded, pd_scan_fallbacks, pd_cross_reference, pd_priority_rank, pd_generate_report, pd_migration_progress
2. scripts/sw-policy-discovery.sh — CLI router with scan, report, progress subcommands
3. scripts/sw-policy-discovery-test.sh — Test suite (20+ tests)

• sw-loop.sh: CIRCUIT_BREAKER_THRESHOLD=3, EXTENSION_SIZE=5, MAX_EXTENSIONS=3 → _config_get_int
• sw-daemon.sh: PATROL_INTERVAL=3600, PATROL_MAX_ISSUES=5 → _config_get_int

• Leverages existing config.sh / _config_get infrastructure (env > daemon-config > policy > defaults precedence chain)
• Scanner is grep-based (fast, no API calls) — finds direct assignments, fallback patterns, threshold comparisons
• Cross-references against config/defaults.json and config/policy.json to distinguish migrated vs. hardcoded
• All migrations preserve current default values — zero behavior change unless config overrides
• Adaptive tuner integration via tunable_ranges metadata (min/max/step per config key)