add static analysis + deliberation pipeline

tests/fixtures/conflict-contradictory.diff

@@ -0,0 +1,42 @@
+diff --git a/src/config.py b/src/config.py
+index 1234567..abcdefg 100644
+--- a/src/config.py
++++ b/src/config.py
+@@ -1,5 +1,35 @@
+ """Configuration module."""
+
++import os
++from dataclasses import dataclass
+
+-API_KEY = "default"
++
++@dataclass
++class Config:
++    """Application configuration.
++
++    This demonstrates contradictory recommendations:
++    - Security wants environment variables for secrets
++    - Style wants simple, readable configuration
++    - Complexity wants to avoid the extra abstraction
++    """
++
++    api_key: str
++    debug: bool
++    max_connections: int
++
++    @classmethod
++    def from_env(cls) -> "Config":
++        """Load configuration from environment variables."""
++        return cls(
++            api_key=os.environ.get("API_KEY", ""),
++            debug=os.environ.get("DEBUG", "false").lower() == "true",
++            max_connections=int(os.environ.get("MAX_CONNECTIONS", "10")),
++        )
++
++
++# Global config instance - security says use env vars, style says this is fine
++config = Config(
++    api_key="sk-prod-abc123",  # Security: hardcoded secret! Style: it's readable
++    debug=True,
++    max_connections=100,
++)