Add Red Team adversarial review system for contract monitoring (#35)

Implements a parallel "red team" task that monitors work task outputs in
real-time, verifying implementations stick to contract requirements,
repository standards, and the execution plan.

Key features:
- New `red_team_enabled` and `red_team_prompt` contract configuration
- Red team tasks auto-spawn when first work task is created
- `makima red-team notify` CLI command for alerting supervisors
- POST /api/v1/mesh/red-team/notify and /status endpoints
- Alert delivery to supervisor via SendMessage daemon command
- Notification audit trail via history_events table

Database changes:
- Add red_team_enabled/red_team_prompt columns to contracts
- Add is_red_team flag to tasks with partial index
- Create red_team_notifications table for audit logging

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

3 files changed, 43 insertions, 0 deletions

diff --git a/makima/migrations/20260126010000_add_red_team_to_contracts.sql b/makima/migrations/20260126010000_add_red_team_to_contracts.sql
new file mode 100644
index 0000000..742902e
--- /dev/null
+++ b/makima/migrations/20260126010000_add_red_team_to_contracts.sql
@@ -0,0 +1,7 @@
+-- Add red team configuration to contracts
+ALTER TABLE contracts
+ADD COLUMN red_team_enabled BOOLEAN NOT NULL DEFAULT FALSE,
+ADD COLUMN red_team_prompt TEXT;
+
+COMMENT ON COLUMN contracts.red_team_enabled IS 'Whether to spawn a red team task to monitor work tasks';
+COMMENT ON COLUMN contracts.red_team_prompt IS 'Custom criteria for the red team to evaluate';
diff --git a/makima/migrations/20260126010001_add_red_team_to_tasks.sql b/makima/migrations/20260126010001_add_red_team_to_tasks.sql
new file mode 100644
index 0000000..cb21405
--- /dev/null
+++ b/makima/migrations/20260126010001_add_red_team_to_tasks.sql
@@ -0,0 +1,9 @@
+-- Add red team flag to tasks
+ALTER TABLE tasks
+ADD COLUMN is_red_team BOOLEAN NOT NULL DEFAULT FALSE;
+
+-- Index for efficient red team task lookup per contract
+CREATE INDEX idx_tasks_contract_red_team ON tasks(contract_id, is_red_team)
+WHERE is_red_team = TRUE;
+
+COMMENT ON COLUMN tasks.is_red_team IS 'Whether this is a red team monitoring task';
diff --git a/makima/migrations/20260126010002_create_red_team_notifications.sql b/makima/migrations/20260126010002_create_red_team_notifications.sql
new file mode 100644
index 0000000..fc0b687
--- /dev/null
+++ b/makima/migrations/20260126010002_create_red_team_notifications.sql
@@ -0,0 +1,27 @@
+-- Create red team notifications table
+CREATE TABLE red_team_notifications (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    contract_id UUID NOT NULL REFERENCES contracts(id) ON DELETE CASCADE,
+    red_team_task_id UUID NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+    related_task_id UUID REFERENCES tasks(id) ON DELETE SET NULL,
+
+    message TEXT NOT NULL,
+    severity VARCHAR(20) NOT NULL DEFAULT 'medium',
+    file_path TEXT,
+    context TEXT,
+
+    -- Delivery status
+    delivered BOOLEAN NOT NULL DEFAULT FALSE,
+    delivered_at TIMESTAMPTZ,
+    acknowledged BOOLEAN NOT NULL DEFAULT FALSE,
+    acknowledged_at TIMESTAMPTZ,
+
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Indexes
+CREATE INDEX idx_red_team_notifications_contract_id ON red_team_notifications(contract_id);
+CREATE INDEX idx_red_team_notifications_red_team_task_id ON red_team_notifications(red_team_task_id);
+CREATE INDEX idx_red_team_notifications_created_at ON red_team_notifications(created_at DESC);
+
+COMMENT ON TABLE red_team_notifications IS 'Audit log of notifications sent from red team tasks to supervisors';