Record Beat Saber 1.44.1 plugin migration state

docs/ROADMAP.md

@@ -8,6 +8,10 @@ The initial tool should stay conservative:
 
 - Python owns instance discovery, dry-run plans, activation, install state, uninstall, and `UserData` backups.
 - Release assets are selected through registry and lockfile data.
+- Prefer upstream GitHub release artifacts for normal plugins. Use BeatMods as
+  compatibility/dependency metadata, and as an artifact source only for
+  inaccessible upstream artifacts, BeatMods-only packages, or framework/library
+  dependencies.
 - Mutating operations apply an explicit plan and record exact file hashes.
 - Nix packages `plugin-helper`, but does not directly manage the mutable Beat Saber tree.
 
@@ -64,12 +68,25 @@ All modes should still produce the same kind of explicit plan before applying.
 ## Proposed Milestones
 
 1. Keep the Python safety harness stable: scan, plan, apply, uninstall, and backups.
-2. Model one real plugin end to end with the current TOML lockfile and local asset planning.
-3. Add a Nix function that fetches and unpacks one locked plugin asset into a normalized tree.
-4. Generate a full plugin-set derivation for one Beat Saber version.
-5. Teach `plugin-helper plan` to compare a Nix output tree against an instance.
-6. Add `--activation-mode copy|symlink|materialize`.
-7. Move compatibility and dependency metadata toward shared data that both Python and Nix can consume.
+2. Model BSIPA bootstrap as a first-class install phase, preferring upstream GitHub release artifacts while preserving BeatMods `zipHash`/version metadata when used for verification or fallback.
+3. Resolve BeatMods dependency closures by mod-version id for verified mods before ordinary batch planning, but keep artifact sourcing GitHub-preferred.
+4. Model one real plugin end to end with the current TOML lockfile and local asset planning.
+5. Add a Nix function that fetches and unpacks one locked plugin asset into a normalized tree.
+6. Generate a full plugin-set derivation for one Beat Saber version.
+7. Teach `plugin-helper plan` to compare a Nix output tree against an instance.
+8. Add `--activation-mode copy|symlink|materialize`.
+9. Move compatibility and dependency metadata toward shared data that both Python and Nix can consume.
+
+## Warning Follow-Ups From 1.44.1 Bootstrap
+
+The first 1.44.1 BSIPA/SongCore smoketest worked, but it produced warnings worth tracking separately from install success:
+
+- BSML, SiraUtil, and SongCore have older target game-version metadata even though BeatMods verifies the selected releases for 1.44.1. Decide whether plugin-helper should treat BeatMods verification as a compatibility override.
+- The first bootstrap used BeatMods CDN artifacts for speed. BSIPA, BSML, and SiraUtil have now been matched to byte-identical upstream GitHub release assets. SongCore remains a BeatMods CDN fallback because the BeatMods preferred repo `Kylemc1413/SongCore` currently exposes no matching 3.16.0 GitHub release asset.
+- BSML reports missing Windows fonts under Proton. This is likely cosmetic, but may affect Unicode text rendering in mod UI.
+- SongCore warns that `Beat Saber_Data/CustomWIPLevels/Cache` has no `Info.dat`. Either create the expected cache directory shape or classify this warning as harmless.
+- SongCore could not read the audio rate for the built-in `Magic.wav` custom level and approximated duration from map length. Check whether this is a bundled-song oddity or a broader audio metadata issue.
+- The smoketest launcher can leave Beat Saber running after timeout. Prefer explicit teardown and consider a helper command that starts, watches logs, and kills the process tree deterministically.
 
 ## Open Questions