From 6cd5b20670d7ecd3d48539ff898e021988f2a503 Mon Sep 17 00:00:00 2001
From: soryu <soryu@soryu.co>
Date: Tue, 27 Jan 2026 01:05:25 +0000
Subject: Add Red Team adversarial review system for contract monitoring (#35)

Implements a parallel "red team" task that monitors work task outputs in
real-time, verifying implementations stick to contract requirements,
repository standards, and the execution plan.

Key features:
- New `red_team_enabled` and `red_team_prompt` contract configuration
- Red team tasks auto-spawn when first work task is created
- `makima red-team notify` CLI command for alerting supervisors
- POST /api/v1/mesh/red-team/notify and /status endpoints
- Alert delivery to supervisor via SendMessage daemon command
- Notification audit trail via history_events table

Database changes:
- Add red_team_enabled/red_team_prompt columns to contracts
- Add is_red_team flag to tasks with partial index
- Create red_team_notifications table for audit logging

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
---
 makima/src/server/handlers/mesh.rs | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'makima/src/server/handlers/mesh.rs')

diff --git a/makima/src/server/handlers/mesh.rs b/makima/src/server/handlers/mesh.rs
index 19958e7..c4d862c 100644
--- a/makima/src/server/handlers/mesh.rs
+++ b/makima/src/server/handlers/mesh.rs
@@ -2239,6 +2239,7 @@ pub async fn reassign_task(
         plan: updated_plan.clone(),
         parent_task_id: task.parent_task_id,
         is_supervisor: task.is_supervisor,
+        is_red_team: task.is_red_team,
         priority: task.priority,
         repository_url: task.repository_url.clone(),
         base_branch: task.base_branch.clone(),
@@ -3010,6 +3011,7 @@ pub async fn fork_task(
         plan: req.new_task_plan.clone(),
         parent_task_id: None, // Forked tasks are independent
         is_supervisor: false,
+        is_red_team: false,
         priority: task.priority,
         repository_url: task.repository_url.clone(),
         base_branch: task.base_branch.clone(),
@@ -3167,6 +3169,7 @@ pub async fn resume_from_checkpoint(
         plan: req.plan,
         parent_task_id: None,
         is_supervisor: false,
+        is_red_team: false,
         priority: task.priority,
         repository_url: task.repository_url.clone(),
         base_branch: task.base_branch.clone(),
@@ -3502,6 +3505,7 @@ pub async fn branch_task(
         plan: req.message,
         parent_task_id: None,
         is_supervisor: false,
+        is_red_team: false,
         priority: source_task.priority,
         repository_url: source_task.repository_url.clone(),
         base_branch: source_task.base_branch.clone(),
-- 
cgit v1.2.3