Add agent-constraints/ for issue-lifecycle skill

Summary

Add repo-specific agent-constraints/ files so the issue-lifecycle skill (from the @swamp/issue-lifecycle extension) can triage, plan, review, and implement issues with full context for swamp-extensions' conventions.

Files to create

agent-constraints/triage-conventions.md

• Repository structure: vault extensions (vault/<name>/), datastore extensions (datastore/<name>/), auto-generated models (model/{aws,gcp,hetzner-cloud,digitalocean}/), codegen pipeline (codegen/)
• Critical rule: never hand-edit files under model/ — they're auto-generated, fix the codegen pipeline instead
• Design docs: codegen/designs/{aws,gcp,hetzner,digitalocean}.md
• Bug reproduction: for vault/datastore → test extension locally; for models → check generated output; for codegen → run deno task generate:<provider> and verify idempotency
• Testing: vault/datastore unit tests with mock HTTP servers, conformance helpers from @systeminit/swamp-testing

agent-constraints/planning-conventions.md

• Architecture analysis: identify if changes touch vault/datastore patterns, model generation, or codegen orchestration
• Documentation impact: changes to extension patterns → update README.md; codegen changes → update codegen/designs/<provider>.md
• UAT assessment: check swamp-uat for extension command tests, adversarial tests for concurrent vault/datastore access
• Dependency management: all npm deps pinned to exact versions, deno.lock committed, deno install --frozen to verify
• CI pipeline impact: 17+ check jobs (vault-check, datastore-check, model-check, codegen-verify, deps-audit, etc.)

agent-constraints/adversarial-dimensions.md

• Auto-generated code safety: could malformed schemas crash the generator? Template injection? Schema edge cases (oneOf, anyOf, circular refs)?
• Extension pattern consistency: do new extensions follow existing vault/datastore patterns? Breaking interface changes?
• Lock & concurrency safety: distributed lock acquisition/release/timeout/retry, lock leaks on process crash
• Schema fidelity: does generated Zod schema reflect all source constraints (required, patterns, nullability)?
• Idempotency & versioning: running generation twice produces identical output? Consistent CalVer versioning?
• Dependency management: exact version pins? CVE audit? Lockfile sync?
• CI correctness: could new files be excluded from checks? Does codegen-verify pass?

agent-constraints/implementation-conventions.md

• Per-extension verification: deno check, deno lint, deno fmt, deno test (run from extension directory)
• Codegen verification: run generation, verify idempotency (zero diffs on second run), type-check all generated files
• Testing requirements: mock HTTP servers for vault/datastore tests, sanitizeResources: false for SDK clients, conformance helpers
• No-go conditions: hand-edited model/ files, any types in hand-written code, semver ranges in deps, missing deno.lock, live cloud service tests
• PR/CI: 3 Claude reviews (code, adversarial, CI security), manifest.yaml changes trigger auto-publishing

Context

The issue-lifecycle skill was recently refactored (swamp#1128) to read repo-specific conventions from agent-constraints/ instead of hardcoding swamp-specific details. This makes the skill reusable across repos. Each file is optional — if absent, the skill uses generic defaults.

---

Automoved by swampadmin from GitHub issue #50