Merge upstream v2.67.0 with fork customizations preserved

Synced 79 commits from EveryInc/compound-engineering-plugin upstream while
preserving fork-specific customizations (Python/FastAPI pivot, Zoominfo-internal
review agents, deploy-wiring operational lessons, custom personas).

## Triage decisions (15 conflicts resolved)

Keep deleted (7) -- fork already removed these in prior cleanups:
- agents/design/{design-implementation-reviewer,design-iterator,figma-design-sync}
  (no fork successor; backend-Python focus doesn't need UI/Figma agents)
- agents/docs/ankane-readme-writer (replaced by python-package-readme-writer)
- agents/review/{data-migration-expert,performance-oracle,security-sentinel}
  (replaced by *-reviewer naming convention: data-migrations-reviewer,
  performance-reviewer, security-reviewer)

Keep local (1):
- agents/workflow/lint.md (Python tooling: ruff/mypy/djlint/bandit; upstream
  deleted the file). Fixed pre-existing duplicate "2." numbering bug.

Restore from upstream (1):
- agents/review/data-integrity-guardian.md (kept for GDPR/CCPA privacy
  compliance angle not covered by data-migrations-reviewer)

Merge both (6) -- upstream structural wins layered with fork intent:
- agents/research/best-practices-researcher.md (upstream <examples> removal +
  fork's Rails/Ruby -> Python/FastAPI translations)
- skills/ce-brainstorm/SKILL.md (universal-brainstorming routing + Slack
  context + non-obvious angles + fork's Deploy wiring flag)
- skills/ce-plan/SKILL.md (universal-planning routing + planning-bootstrap +
  fork's two Deploy wiring check bullets)
- skills/ce-review/SKILL.md (Run ID, model tiering haiku->sonnet, compact-JSON
  artifact contract, file-type awareness, cli-readiness-reviewer + fork's
  zip-agent-validator, design-conformance-reviewer, Stage 6 Zip Agent
  Validation)
- skills/ce-review/references/persona-catalog.md (cli-readiness row + adversarial
  refinement + fork's Language & Framework Conditional layer; 22 personas total)
- skills/ce-work/SKILL.md (Parallel Safety Check, parallel-subagent constraints,
  Phase 3-4 compression + fork's deploy-values self-review row, with duplicate
  checklist bullet collapsed to single occurrence)

## Auto-applied (no triage needed)

- 225 remote-only files: accepted as-is (new docs, brainstorms, plans,
  upstream skills, tests, scripts)
- 70 local-only files: 46 preserved as-is (kieran-python, tiangolo-fastapi,
  zip-agent-validator, design-conformance-reviewer, essay/proof commands,
  excalidraw-png-export, etc.); 24 stayed deleted (dhh-rails-style,
  andrew-kane-gem-writer, dspy-ruby Ruby skills no longer needed)

## README updated

- Removed Design section (3 deleted agents)
- Removed deleted Review entries (data-migration-expert, dhh-rails-reviewer,
  kieran-rails-reviewer, performance-oracle, security-sentinel)
- Added new Review entries: design-conformance-reviewer, previous-comments-reviewer,
  tiangolo-fastapi-reviewer, zip-agent-validator
- Workflow: added lint
- Docs: replaced ankane-readme-writer with python-package-readme-writer

## Known issues (not introduced by merge decisions)

- 9 detect-project-type.sh tests fail on macOS bash 3.2 (script uses
  `declare -A` which requires bash 4+). Upstream regression in commit 070092d
  (#568). Resolution: install bash 4+ via `brew install bash` locally;
  upstream fix tracked separately.
- 2 review-skill-contract tests reference deleted agents (dhh-rails-reviewer,
  data-migration-expert). Pre-existing fork inconsistency, not new.

bun run release:validate: passes (46 agents, 51 skills, 0 MCP servers)

plugins/compound-engineering/skills/todo-create/SKILL.md

@@ -48,8 +48,22 @@ dependencies: ["001"]     # Issue IDs this is blocked by
 
 **Required sections:** Problem Statement, Findings, Proposed Solutions, Recommended Action (filled during triage), Acceptance Criteria, Work Log.
 
+**Required for code review findings:** Assessment (Pressure Test) — verify the finding before acting on it.
+
+- **Assessment**: Clear & Correct | Unclear | Likely Incorrect | YAGNI
+- **Recommended Action**: Fix now | Clarify | Push back | Skip
+- **Verified**: Code, Tests, Usage, Prior Decisions (Yes/No with details)
+- **Technical Justification**: Why this finding is valid or should be skipped
+
 **Optional sections:** Technical Details, Resources, Notes.
 
+**Required for code review findings:** Assessment (Pressure Test) — verify the finding before acting on it.
+
+- **Assessment**: Clear & Correct | Unclear | Likely Incorrect | YAGNI
+- **Recommended Action**: Fix now | Clarify | Push back | Skip
+- **Verified**: Code, Tests, Usage, Prior Decisions (Yes/No with details)
+- **Technical Justification**: Why this finding is valid or should be skipped
+
 ## Workflows
 
 > **Tool preference:** Use native file-search/glob and content-search tools instead of shell commands for finding and reading todo files. Shell only for operations with no native equivalent (`mv`, `mkdir -p`).

plugins/compound-engineering/skills/todo-create/assets/todo-template.md

@@ -19,6 +19,22 @@ What is broken, missing, or needs improvement? Provide clear context about why t
 - Email service is missing proper error handling for rate-limit scenarios
 - Documentation doesn't cover the new authentication flow
 
+## Assessment (Pressure Test)
+
+*(For findings from code review or automated agents)*
+
+| Criterion | Result |
+|-----------|--------|
+| **Assessment** | Clear & Correct / Unclear / Likely Incorrect / YAGNI |
+| **Recommended Action** | Fix now / Clarify / Push back / Skip |
+| **Verified Code?** | Yes/No - [what was checked] |
+| **Verified Tests?** | Yes/No - [existing coverage] |
+| **Verified Usage?** | Yes/No - [how code is used] |
+| **Prior Decisions?** | Yes/No - [any intentional design] |
+
+**Technical Justification:**
+[If pushing back or marking YAGNI, provide specific technical reasoning. Reference codebase constraints, requirements, or trade-offs.]
+
 ## Findings
 
 Investigation results, root cause analysis, and key discoveries.