feat: add adversarial plan review and CI polling loop to issue-lifecycle

[stack72]

Summary

• Add adversarial plan review as a mandatory gate before plan approval — after every plan or iterate, the skill challenges the plan across 6 dimensions (architecture, scope, risk, testing, complexity,
  correctness) and verifies claims against the actual codebase
• Critical/high findings block approval via the new adversarial-review-clear pre-flight check; medium/low are shown as warnings
• Add CI polling loop — after pushing a PR, the skill waits 3 minutes then polls ci_status until all checks complete, keeping the human in the conversation instead of requiring manual CI checks
• Green + approved PRs auto-complete; the human can break out of the loop but the skill never voluntarily drops it
• Fix --input-file usage in skill examples: single YAML file with named keys, explicit absolute paths, correct schema fields (order required on steps, no title field, potentialChallenges as array)
• Add no-op version upgrade for 2026.03.26.1

Changes

extensions/models/_lib/schemas.ts

• AdversarialFindingSchema and AdversarialReviewSchema (new resource schemas)
• adversarial_review and resolve_findings added to TRANSITIONS table

extensions/models/issue_lifecycle.ts

• New adversarialReview resource
• New adversarial_review method — persists findings, posts summary to GitHub issue
• New resolve_findings method — marks findings resolved with notes, posts resolution summary
• New adversarial-review-clear check on approve — blocks unless review exists, matches current plan version, and all critical/high findings are resolved
• No-op upgrade entry for 2026.03.26.1

.claude/skills/issue-lifecycle/SKILL.md

• New "Adversarial Plan Review" section with challenge categories and codebase verification steps
• CI polling loop: wait 3min, poll until complete, show results, fix loop, auto-complete on green
• Human controls the exit — skill never breaks out voluntarily
• Fixed all --input-file examples to match CLI constraints (single file, YAML object, absolute paths, correct schema)

Test plan

• deno check passes
• deno lint passes
• deno fmt passes
• 3562 tests pass
• deno run compile succeeds
• Version upgrade verified: existing issue-855 instance upgraded from 2026.03.25.2 to 2026.03.26.1 on method execution

[github-actions]

Code Review

Blocking Issues

None.

Suggestions

1. Silent no-op on unmatched finding IDs in resolve_findings (extensions/models/issue_lifecycle.ts:873-883): If a findingId in the resolutions array doesn't match any existing finding, it's silently ignored. Consider logging a warning or throwing so the caller knows a typo won't appear to succeed while leaving the finding unresolved.

2. Redundant plan-exists check: The new adversarial-review-clear check on approve already fetches the plan and fails if it's missing ("No plan exists."). The pre-existing plan-exists check does the same thing. Not a bug (both return clear errors), but it's a redundant read.

3. adversarial_review proceeds when no plan exists: If readResource("plan-main") returns null, planVersion defaults to 0 and the review is saved against version 0. This is technically reachable (the valid-transition check should prevent it in practice since the phase wouldn't be plan_generated without a plan), but a defensive error or warning would make the contract clearer.

Overall the PR is clean — schemas are well-structured, the approval gate correctly validates version alignment and unresolved severity, state transitions are properly registered, and the SKILL.md instructions are thorough and match the model's actual behavior. The code follows existing patterns in the model and doesn't touch any libswamp internals. No test files exist in extensions/ for any models (not just this one), so the lack of tests here is consistent with the existing convention.