Check in the 2026-06-11 comprehensive review

[gnovak]

Summary

Comprehensive sequential-subagent review of rdb conducted 2026-06-11 against dev @ de72856 (immediately after PRs #631-633 merged). Checking it in so the report is accessible from anywhere and future reviews have a template.

Layout

```
comprehensive-review/
README.md — index + navigator
2026-06-11/
SUMMARY.md — the synthesis / entry point
findings-*.md — per-phase incremental findings (5 files)
PROCESS.md — how the review was conducted
AGENT-PROMPTS.md — the subagent prompts used per phase
```

Headline findings

Full detail in `SUMMARY.md`. Tier 1 ship-stoppers:

• pr_title shell injection at `lib/resolve.py:1104` — LLM-authored title interpolated into `shell=True gh pr create` with only `"` escaping; `$(...)` and backticks remain live.
• `extra_instructions` interpolated into Python heredocs in 5 council/loop steps (build/review/workshop/delegate jobs) — target-repo config can crash the heredoc or execute arbitrary Python.
• `install.md` curls a deleted yaml template → every fresh install 404s.
• `test.yml` only triggers on PRs to main but the documented branch model is dev-only PRs → recent PRs merged with zero CI.

Tier 2 real degradations: `ContextWindowExceededError` recovery is unreachable (subclass-ordering bug); distillation silently broken in `/agent-design` (heredoc unpacks 5 values from a 6-tuple); `design_max_iterations` / `review_max_iterations` declared in config but missing from parse outputs; reconcile job missing context-config env plumbing.

Highest-leverage next feature recommendation: close the council loop. PR #438 showed all 3 council reviewers caught the methodology shortcut while the pipeline self-reported ✅ complete — the council layer is the current working defense against premature victory, and it's currently advisory only.

What this PR is and isn't

• Adds 9 markdown files under `comprehensive-review/` (~140 KB total).
• Does not change any code. Just the review record.
• Source content was written by sequential subagents (per the Fable budget protocol — incremental disk writes survive API blocks and usage limits, which paid off when this review's synthesis stage hit a usage-policy false positive on Fable mid-write; Opus 4.7 completed the synthesis in a fresh-context window).

Test plan

• All cross-references between docs resolve (SUMMARY.md ↔ findings-*.md)
• No remaining "SOTU" / "State of the Union" references after the rename
• No code changes, no test impact

🤖 Generated with Claude Code