refactor(skills): consolidate code verification skills into one (#4854)

* chore: release v0.7.0 (2026.4.3)

168 merged PRs, 223 commits, 46 resolved issues, 40+ contributors.

Highlights: pluggable memory providers, credential pools, Camofox browser,
inline diff previews, API server session continuity, ACP MCP registration,
gateway hardening, secret exfiltration blocking.

* refactor(skills): consolidate code-review + verify-code-changes into requesting-code-review

Merge the passive code-review checklist and the automated verification
pipeline (from PR #4459 by @MorAlekss) into a single requesting-code-review
skill. This eliminates model confusion between three overlapping skills.

Now includes:
- Static security scan (grep on diff lines)
- Baseline-aware quality gates (only flag NEW failures)
- Multi-language tool detection (Python, Node, Rust, Go)
- Independent reviewer subagent with fail-closed JSON verdict
- Auto-fix loop with separate fixer agent (max 2 attempts)
- Git checkpoint and [verified] commit convention

Deletes: skills/software-development/code-review/ (absorbed)
Closes: #406 (independent code verification)

skills/software-development/code-review/SKILL.md

@@ -1,81 +0,0 @@
----
-name: code-review
-description: Guidelines for performing thorough code reviews with security and quality focus
----
-
-# Code Review Skill
-
-Use this skill when reviewing code changes, pull requests, or auditing existing code.
-
-## Review Checklist
-
-### 1. Security First
-- [ ] No hardcoded secrets, API keys, or credentials
-- [ ] Input validation on all user-provided data
-- [ ] SQL queries use parameterized statements (no string concatenation)
-- [ ] File operations validate paths (no path traversal)
-- [ ] Authentication/authorization checks present where needed
-
-### 2. Error Handling
-- [ ] All external calls (API, DB, file) have try/catch
-- [ ] Errors are logged with context (but no sensitive data)
-- [ ] User-facing errors are helpful but don't leak internals
-- [ ] Resources are cleaned up in finally blocks or context managers
-
-### 3. Code Quality
-- [ ] Functions do one thing and are reasonably sized (<50 lines ideal)
-- [ ] Variable names are descriptive (no single letters except loops)
-- [ ] No commented-out code left behind
-- [ ] Complex logic has explanatory comments
-- [ ] No duplicate code (DRY principle)
-
-### 4. Testing Considerations
-- [ ] Edge cases handled (empty inputs, nulls, boundaries)
-- [ ] Happy path and error paths both work
-- [ ] New code has corresponding tests (if test suite exists)
-
-## Review Response Format
-
-When providing review feedback, structure it as:
-
-```
-## Summary
-[1-2 sentence overall assessment]
-
-## Critical Issues (Must Fix)
-- Issue 1: [description + suggested fix]
-- Issue 2: ...
-
-## Suggestions (Nice to Have)
-- Suggestion 1: [description]
-
-## Questions
-- [Any clarifying questions about intent]
-```
-
-## Common Patterns to Flag
-
-### Python
-```python
-# Bad: SQL injection risk
-cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
-
-# Good: Parameterized query
-cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
-```
-
-### JavaScript
-```javascript
-// Bad: XSS risk
-element.innerHTML = userInput;
-
-// Good: Safe text content
-element.textContent = userInput;
-```
-
-## Tone Guidelines
-
-- Be constructive, not critical
-- Explain *why* something is an issue, not just *what*
-- Offer solutions, not just problems
-- Acknowledge good patterns you see