@motivation-labs/crosscheck 0.8.0 → 0.9.0-beta.16

package/get-started.md

@@ -786,7 +786,7 @@ If no errors are found in recent logs, crosscheck prints `No errors found in rec
 
 On re-runs, `onboard` updates only the fields it collected answers for. Everything else survives unchanged.
 
-**Updated on every run:** `deployment`, `orgs`, `repos`, `mode`, `vendors.*.enabled`, `vendors.*.effort`, `quality.tier`, `tunnel.*`, `post_review.auto_fix.*`
+**Updated on every run:** `deployment`, `orgs`, `repos`, `mode`, `clone_protocol`, `vendors.*.enabled`, `vendors.*.effort`, `quality.tier`, `tunnel.*`, `post_review.auto_fix.*`
 
 **Initialised on first run, never overwritten:** `routing.allowed_authors`, `routing.author_routes`, `routing.fallback_reviewer`
 
@@ -798,9 +798,9 @@ On re-runs, `onboard` updates only the fields it collected answers for. Everythi
 
 crosscheck stores its config in `~/.crosscheck/config.yml` by default — persistent across projects, no per-repo file needed. It also looks in these locations (first found wins):
 
-1. `./crosscheck.config.yml`
-2. `./.crosscheck.yml`
-3. `~/.crosscheck/config.yml` ← **default location**
+1. `~/.crosscheck/config.yml` ← **default location**
+2. `./crosscheck.config.yml`
+3. `./.crosscheck.yml`
 
 Run `crosscheck init` to generate `~/.crosscheck/config.yml` with all options documented.
 
@@ -820,6 +820,13 @@ Logs are written to `~/.crosscheck/logs/YYYY-MM-DD.ndjson` and retained for 30 d
 # cross-vendor:  Claude ↔ Codex review each other
 mode: cross-vendor
 
+# ── Clone protocol ────────────────────────────────────────────────────────────
+# ssh   — git@github.com:owner/repo.git (uses local SSH keys)
+# https — https://github.com/owner/repo.git (uses GitHub token)
+# Pick https if you have multi-account SSH setup or your default SSH key
+# cannot access target repos. Independent of `gh config get git_protocol`.
+clone_protocol: ssh
+
 # ── Vendors ───────────────────────────────────────────────────────────────────
 vendors:
   codex:
@@ -915,17 +922,10 @@ impact:
   defect_cost_usd: 150               # per issue caught, for --money estimate
 
 # ── Post-review auto-fix ──────────────────────────────────────────────────────
-# Runs after each review. When issues are found, the authoring vendor opens a
-# fix PR targeting the original branch. You approve and merge it; the original
-# PR updates automatically.
+# Controls HOW fixes are delivered. Step sequencing (which steps run, when,
+# and with which vendor) is configured in ~/.crosscheck/workflow.yml.
 post_review:
   auto_fix:
-    enabled: true
-    trigger: on_issues        # on_issues | always | never
-    min_severity: warning     # error | warning | info — skip cosmetic findings
-    # same-as-author: the vendor that wrote the PR also applies the fix
-    # In cross-vendor mode: Claude-authored → Claude fixes; Codex-authored → Codex fixes
-    fixer: same-as-author     # same-as-author | same-as-reviewer | codex | claude
     delivery:
       mode: pull_request      # pull_request | commit | comment
       # pull_request → fix PR targets original branch; human approves before merge
@@ -934,6 +934,16 @@ post_review:
       pr_title: "fix: address CR issues in #{original_pr_title}"
       label: cr-autofix       # GitHub label applied to the fix PR
 
+# ── Backtrace ─────────────────────────────────────────────────────────────────
+# On startup, scan all open PRs in the monitored scope and review any that
+# haven't received a [crosscheck] comment yet. Off by default.
+# Enable with:
+#   backtrace.enabled: true  (persistent — runs every startup)
+#   --backtrace flag         (this session only)
+#   --no-backtrace flag      (suppress even when enabled: true)
+# backtrace:
+#   enabled: true
+
 # ── Server ────────────────────────────────────────────────────────────────────
 server:
   port: 7891
@@ -1080,7 +1090,7 @@ GitHub can fire both `opened` and `synchronize` events for the same push. crossc
 - **Webhook signature** — every request verified with HMAC-SHA256 before parsing
 - **Temp isolation** — each PR cloned into a fresh temp dir, deleted after review
 - **Read-only tools** — Claude restricted to `git diff` and `git log` only
-- **No credentials in clones** — `gh repo clone` uses the gh credential helper; no tokens written to disk
+- **Temp credential isolation** — with `clone_protocol: ssh` (default) no tokens touch disk; with `clone_protocol: https` a short-lived token is embedded in the temp clone's remote URL and removed when the temp dir is deleted after review
 
 ---