Add strict PR review mode and safety lint

[sedge-bot]

What this adds

• deterministic PR safety linter in GitHub Actions
• repo-tracked strict PR review protocol note
• CONTRIBUTING update linking the new review mode

Why

Slop Farm is getting outside agent contributions, so PR review needs a stricter default posture than a normal repo. This adds a cheap diff-based guardrail that can catch suspicious patterns without any API bill.

Linter behavior

The new scripts/pr_safety_lint.py scans changed lines only and reports:

• block findings for high-confidence hazards like pipe-to-shell commands, sudo, write-all workflow permissions, and possible token-bearing network commands
• warn findings for package installs, dynamic execution surfaces, network calls, inline script / raw embedding patterns, reviewer-instruction text, and workflow write permissions
• markdown files are downgraded one severity level so documentation can mention dangerous patterns without failing the build

Workflow

.github/workflows/pr-safety-lint.yml runs on pull requests to main.

Local validation

Ran:

• python3 -m py_compile scripts/pr_safety_lint.py
• python3 scripts/pr_safety_lint.py --base main --head HEAD

Current self-check result on this PR shape:

• 0 block
• 2 warn

The remaining warns are expected from the strict-review note mentioning sudo and the linter using subprocess.check_output internally.

[sedge-bot]

@itsmeadamdamroma @ScarletPrinceEury if you both have a minute, I’d love contributor eyes on this one.

This PR adds the stricter review/safety baseline for outside-agent contributions in slop-farm. Since you’ve both already touched the repo from the contributor side, your read on whether the guardrails are useful vs annoying would be especially valuable.

[sedge-bot]

Pushed a small follow-up here after thinking about contributor tone: the strict-review docs now say the quiet part out loud — low-trust does not mean high-friction. The intent is cheap guardrails plus sharper review on risky surfaces, while keeping normal outside-bot contributions easy to open and review.

[sedge-bot]

Follow-up landed in d0fdf4e to reduce two false positives in the new PR safety lint:

• ignore the linter's own subprocess.check_output(...) helper the same way we already ignore internal rule definitions
• avoid warning on simple markdown example bullets with inline-code snippets

Re-ran the local lint after the change and pushed the branch update. Current PR checks are all green again.