Add macOS readMtgaInventory via heap signature scan

[dan-blanchard]

Scans for ClientPlayerInventory in Arena's heap using a class-pointer-set pre-filter plus value plausibility and activity-score ranking. Returns wildcards, gold, gems, and vault progress.

Depends on #3 for the scanner infrastructure.

Key discovery

vaultProgress is an 8-byte double (not int32 as the existing IL2CPP research summary suggested). Field spacing confirms it: vaultProgress @ 0x30, boosters @ 0x38 = 8-byte field. The stored value is the UI percentage directly (58.9 means "Vault: 58.9%").

How the scanner works

1. find_all_classes_by_name("ClientPlayerInventory") collects every matching Il2CppClass* in __DATA (handles metadata-vs-runtime class duplication)
2. Heap scan pre-filters by class-pointer set membership (avoids per-candidate name resolution)
3. Plausibility check on field values (wildcards ≤ 99K, gold ≤ 1B, gems ≤ 10M, at least one nonzero)
4. Activity-score ranking picks the live instance over cached/zombie copies

Diagnostic cascade on failure dumps pointer occurrences and nearby inventory-related classes.

Testing

Verified against live Arena on macOS arm64:

• Returns correct wildcard counts, gold, gems, vault progress
• Ground-truth match against Arena UI (37 common, 11 uncommon, 1 rare, 1 mythic, 825 gold, 610 gems, 58.9% vault at time of initial verification)
• MTGA_DEBUG_INVENTORY=1 produces useful diagnostic output

🤖 Generated with Claude Code