loreli 1.0.0 → 2.0.0

package/packages/classify/prompts/feedback.md

@@ -0,0 +1,14 @@
+Classify this code review feedback into exactly one category.
+
+Categories:
+- naming: Feedback about naming conventions, variable names, or renaming suggestions
+- architecture: Feedback about code structure, module organization, or refactoring
+- testing: Feedback about test coverage, assertions, or testing practices
+- documentation: Feedback about documentation, README, JSDoc, or code comments
+- performance: Feedback about performance optimization, memory, or caching
+- security: Feedback about security, secrets, authentication, or vulnerabilities
+
+Respond with ONLY a JSON object. Do not wrap in markdown. Do not add any other text.
+{"category": "<name>", "reasoning": "<one sentence explanation>", "confidence": <0.0 to 1.0>}
+
+{{{content}}}

package/packages/classify/prompts/pane-state.md

@@ -0,0 +1,20 @@
+Classify this terminal output from an AI coding agent into exactly one state.
+{{#model}}
+The agent was launched with model `{{model}}` on the `{{backend}}` backend (role: {{role}}).
+{{/model}}
+
+States:
+- working: Agent is mid-task, output is progressing normally
+- waiting_for_input: Agent at a prompt waiting for user input
+- option_dialog: Agent showing a Y/N or selection dialog that needs a keystroke
+- error_loop: Agent repeating the same error without making progress
+- idle: Agent finished all tasks or has no pending work
+- fatal: Agent hit a fatal infrastructure error (rate limit, auth failure, budget exhaustion, invalid model)
+- dead: Agent process exited or crashed — output shows exit code, stack trace, or abrupt termination
+
+For option_dialog, include the tmux key names needed to dismiss the dialog in `remedy` (e.g. "Enter", "Down Enter", "Escape"). For all other states, set remedy to null.
+
+Respond with ONLY a JSON object. Do not wrap in markdown. Do not add any other text.
+{"category": "<state>", "reasoning": "<one sentence explanation>", "confidence": <0.0 to 1.0>, "remedy": "<tmux keys or null>"}
+
+{{{content}}}

package/packages/classify/src/index.js

@@ -0,0 +1,81 @@
+/**
+ * Prompt-driven LLM classification.
+ *
+ * Loads a named Mustache template from disk, renders it with the provided
+ * content and variables, sends the result through `backends.oneshot()`,
+ * and returns the parsed JSON response. The prompt template defines the
+ * response shape — classify is generic plumbing.
+ *
+ * @module loreli/classify
+ */
+
+import { readFile } from 'node:fs/promises';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import Mustache from 'mustache';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const prompts = join(__dirname, '..', 'prompts');
+
+/**
+ * Extract a JSON object from LLM response text.
+ *
+ * LLMs sometimes wrap JSON in markdown fences or add preamble.
+ * This extracts the first `{...}` block from the response.
+ *
+ * @param {string} raw - Raw LLM response.
+ * @returns {object} Parsed JSON object.
+ * @throws {Error} When no valid JSON is found in the response.
+ */
+function extract(raw) {
+  const fenced = raw.match(/```(?:json)?\s*([\s\S]*?)```/);
+  const json = fenced ? fenced[1].trim() : raw.trim();
+
+  const start = json.indexOf('{');
+  const end = json.lastIndexOf('}');
+  if (start === -1 || end === -1) {
+    throw new Error('classify: LLM response contains no JSON object');
+  }
+
+  try {
+    return JSON.parse(json.slice(start, end + 1));
+  } catch (err) {
+    throw new Error(`classify: failed to parse JSON from LLM response — ${err.message}`);
+  }
+}
+
+/**
+ * Run a named classification prompt against content via LLM.
+ *
+ * Loads `prompts/<name>.md`, renders it with Mustache using `content`
+ * and any extra `vars`, sends the rendered prompt through
+ * `backends.oneshot()`, and returns the parsed JSON from the response.
+ *
+ * @param {string} name - Prompt template name (resolves to `prompts/<name>.md`).
+ * @param {string} content - Text to classify — injected as `{{{content}}}`.
+ * @param {object} opts - Options.
+ * @param {object} opts.backends - BackendRegistry instance with a `oneshot()` method. Required.
+ * @param {object} [opts.config] - Config instance for model/timeout resolution.
+ * @param {string} [opts.model] - Model alias override.
+ * @param {number} [opts.timeout] - Timeout for the oneshot call in ms.
+ * @param {object} [opts.vars] - Extra Mustache variables beyond `content`.
+ * @returns {Promise<object>} Parsed JSON from the LLM response. Shape is prompt-defined.
+ * @throws {Error} When backends is missing, template not found, oneshot fails, or response has no valid JSON.
+ */
+export async function classify(name, content, opts = {}) {
+  const { backends, config, model, timeout, vars } = opts;
+
+  if (!backends) throw new Error('classify() requires a backends instance');
+
+  const path = join(prompts, `${name}.md`);
+  const template = await readFile(path, 'utf8');
+  const rendered = Mustache.render(template, { content, ...vars });
+
+  const raw = await backends.oneshot(rendered, {
+    model: model ?? config?.get?.('classify.model') ?? 'fast',
+    config,
+    timeout: timeout ?? config?.get?.('classify.timeout') ?? 60000
+  });
+
+  return extract(raw);
+}

package/packages/config/README.md

@@ -44,6 +44,20 @@ const found = await config.load(hub, 'owner/repo');
 // found === true if loreli.yml exists
 ```
 
+### `config.loadLocal(path?)` -> `boolean`
+
+Read local `loreli.yml` from disk (default `./loreli.yml`) using the same parser and schema validation as `load()`. Returns `true` when the file exists and parses, `false` otherwise.
+
+The following example demonstrates loading config in standalone CLI contexts where no Hub instance is available yet:
+
+```js
+import { Config } from 'loreli/config';
+
+const config = new Config();
+const found = config.loadLocal('loreli.yml');
+// found === true when local loreli.yml exists
+```
+
 ### `config.merge(overrides)`
 
 Apply a plain object on top of all other layers. Nested objects are shallow-merged one level deep. Values are validated through the schema -- invalid types are silently discarded.
@@ -63,6 +77,7 @@ The following example demonstrates accessing nested and top-level values:
 
 ```js
 config.get('theme');           // 'transformers'
+config.get('repo');            // 'owner/repo' (when configured)
 config.get('merge.method');    // 'squash'
 config.get('timeouts.stall');  // 600000
 config.get('reviewers');       // []
@@ -135,6 +150,13 @@ theme: transformers          # string or list: transformers | pokemon | marvel |
 # Change when: You want a global quality/cost baseline shift for all agents.
 model: balanced              # fast | balanced | powerful | exact model string
 
+# repo
+# What: Optional repository slug fallback for standalone tool contexts before start runs.
+# Impact: Enables tools like `loreli tools context`, `start_work`, and `hitl` to resolve repository scope without session hydration.
+# Signal: CLI tools report "No repository configured" outside agent/start sessions.
+# Change when: You regularly run Loreli tools directly from a shell and want a persistent repo default.
+# repo: owner/repo
+
 # --- Merge gate ---
 # reviewers
 # What: GitHub usernames for HITL review requests.
@@ -225,6 +247,14 @@ timeouts:
   # Change when: Startup failures are missed (increase) or false positives occur (decrease).
   rapidDeath: 15s
 
+  # timeouts.proxyDiscovery
+  # What: HTTP timeout for proxy model discovery calls used by claude/codex.
+  # Impact: Lower values fail fast on unhealthy proxies; higher values tolerate slower proxy endpoints.
+  # Signal: Discovery often logs timeout failures on healthy but slow networks (increase),
+  #         or startup blocks too long on dead proxy endpoints (decrease).
+  # Change when: Proxy-backed environments need slower/faster discovery behavior.
+  proxyDiscovery: 5s
+
   # timeouts.nudge
   # What: Enables/disables tier-1 "you appear stalled" message.
   # Impact: true may interrupt deep work; false keeps escalation signals without message interruption.
@@ -255,16 +285,40 @@ watch:
   # Change when: Agents are underutilized (increase) or overloaded (decrease).
   maxClaims: 3
 
-# --- Review policy ---
-review:
-  # review.skipRiskAssessment
-  # What: Skips mandatory risk verdict checks in review flow.
-  # Impact: Faster review path with less explicit risk gating.
-  # Signal: Teams intentionally bypassing risk gates for speed, or conversely incidents from insufficient risk checks (set false).
-  # Change when: You intentionally prefer speed over formal risk signoff.
-  skipRiskAssessment: false
+# --- Workflow policy (per-role) ---
+# workflows.{role}
+# What: Per-role model, scaling, trace, prompt, and risk-skip overrides.
+# Impact: Fine-grained control over each workflow without global changes.
+# Signal: One role needs different model/scaling/trace than others.
+# Change when: You want role-specific tuning.
+# Resolution: workflows.{role}.model → global model → 'balanced'
+# Each role may also set: prompt (file path), trace.{enabled,maxOutputChars}
+# Risk additionally supports: skip (skips mandatory risk verdict checks)
+workflows:
+  action:
+    model: balanced
+    maxAgents: 3
+  reviewer:
+    model: balanced
+    maxAgents: 2
+    trace:
+      enabled: true
+      maxOutputChars: 4000
+  risk:
+    model: fast
+    maxAgents: 3
+    skip: false
+    trace:
+      enabled: true
+      maxOutputChars: 2000
+  planner:
+    model: powerful
+    maxAgents: 1
+    trace:
+      enabled: true
+      maxOutputChars: 4000
 
-# --- Scaling policy ---
+# --- Scaling policy (global) ---
 scaling:
   # scaling.maxAgents
   # What: Global cap for active non-dormant agents.
@@ -273,35 +327,6 @@ scaling:
   # Change when: You need more throughput (increase) or tighter resource limits (decrease).
   maxAgents: 8
 
-  maxPerRole:
-    # scaling.maxPerRole.action
-    # What: Max concurrent action agents.
-    # Impact: Controls parallel implementation throughput.
-    # Signal: Large implementation queue with insufficient coding capacity.
-    # Change when: Work backlog is implementation-heavy.
-    action: 3
-
-    # scaling.maxPerRole.reviewer
-    # What: Max concurrent reviewer agents.
-    # Impact: Controls review bottleneck relief.
-    # Signal: PRs are ready but waiting on reviewer assignment/completion.
-    # Change when: PR queue waits on reviews.
-    reviewer: 2
-
-    # scaling.maxPerRole.risk
-    # What: Max concurrent risk agents.
-    # Impact: Controls parallel risk assessment capacity.
-    # Signal: Reviews blocked on risk verdicts.
-    # Change when: Risk checks become the bottleneck.
-    risk: 3
-
-    # scaling.maxPerRole.planner
-    # What: Max concurrent planner agents.
-    # Impact: Limits parallel planning/discussion churn.
-    # Signal: Planning queue grows (increase) or discussion noise overwhelms maintainers (decrease).
-    # Change when: You want more/fewer simultaneous planning threads.
-    planner: 1
-
   # scaling.maxPerTick
   # What: Spawn budget per reactor tick.
   # Impact: Higher values ramp up faster but can spike load.
@@ -369,9 +394,14 @@ agents:
 # --- Backend model/env overrides ---
 # backends.{name}.models
 # What: Per-backend tier/provider model routing overrides.
-# Impact: Changes model selection without code changes.
-# Signal: Specific backend underperforms at current tier/provider mapping.
-# Change when: You need backend-specific model tuning.
+# Impact: Changes model selection without code changes — overrides both
+#         runtime discovery and static defaults. Required for LiteLLM/proxy setups.
+# Signal: Specific backend underperforms at current tier/provider mapping,
+#         or you're behind a proxy that uses different model names.
+# Change when: You need backend-specific model tuning or custom proxy routing.
+# Resolution: config override > runtime discovery > static defaults > pass-through
+# Note: When cursor-agent is available, models are auto-discovered at startup
+#       via `--list-models`. Config overrides always take precedence over discovery.
 #
 # backends.{name}.env
 # What: Env vars injected into backend launcher scripts.
@@ -412,7 +442,8 @@ agents:
 #         anthropic: opus-4.6-thinking
 #         openai: gpt-5.1-codex-max
 
-# --- Trace capture ---
+# --- Trace capture (global defaults) ---
+# Per-role trace overrides live under workflows.{role}.trace
 trace:
   # trace.enabled
   # What: Master switch for workflow trace collection.
@@ -435,34 +466,6 @@ trace:
   # Change when: Useful context is being truncated too aggressively.
   maxOutputChars: 8000
 
-  workflows:
-    planner:
-      # trace.workflows.planner.enabled / maxOutputChars
-      # What: Planner-specific trace override.
-      # Impact: Fine-grained planner trace tuning.
-      # Signal: Planner traces need different verbosity than global behavior.
-      # Change when: Planner traces need different verbosity than global default.
-      enabled: true
-      maxOutputChars: 4000
-
-    reviewer:
-      # trace.workflows.reviewer.enabled / maxOutputChars
-      # What: Reviewer-specific trace override.
-      # Impact: Fine-grained reviewer trace tuning.
-      # Signal: Reviewer traces are too sparse for diagnosis or too noisy for signal extraction.
-      # Change when: Reviewer traces are too noisy or too sparse.
-      enabled: true
-      maxOutputChars: 4000
-
-    risk:
-      # trace.workflows.risk.enabled / maxOutputChars
-      # What: Risk-specific trace override.
-      # Impact: Fine-grained risk trace tuning.
-      # Signal: Risk reasoning context is truncated (increase) or over-captured (decrease).
-      # Change when: Risk traces need tighter/looser capture bounds.
-      enabled: true
-      maxOutputChars: 2000
-
 # --- Proof of life ---
 proofOfLife:
   # proofOfLife.timeout
@@ -497,18 +500,6 @@ cleanup:
   # Change when: You want explicit/manual cleanup control (set false).
   autoprune: true
 
-# --- Prompt overrides ---
-# prompts.{role}
-# What: Repo-local prompt file overrides for each role.
-# Impact: Changes agent behavior/instructions without code changes.
-# Signal: Repeated instruction gaps that can be fixed with persistent repo-specific guidance.
-# Change when: You need project-specific guardrails or workflow guidance.
-# prompts:
-#   action: .loreli/action.md
-#   reviewer: .loreli/review.md
-#   planner: .loreli/planner.md
-#   risk: .loreli/risk.md
-
 # --- Feedback and knowledge capture ---
 feedback:
   # feedback.enabled
@@ -538,6 +529,13 @@ feedback:
     - performance
     - security
 
+  # feedback.hitl
+  # What: Controls Human In The Loop escalation for feedback-driven PRs at merge time.
+  # Impact: true gates all feedback PRs on human approval; false allows full automation; array gates only listed categories.
+  # Signal: Feedback-driven changes landing without review (set true or list categories), or unnecessary merge friction (set false).
+  # Change when: You want human oversight on specific feedback categories (e.g. architecture, security) while letting others auto-merge.
+  hitl: false
+
 # --- Tmux ---
 tmux:
   # tmux.session
@@ -636,12 +634,23 @@ pr:
 - `pr.validation.command`: defaults to `npm test` and runs in the action agent workspace before PR creation. Non-zero exit blocks `pr/create` and returns command output.
 - `pr.selfReview.enabled`: defaults to `true` and switches `pr/create` into a two-step flow. First call returns a diff/stat preview. Second call must pass `confirm: true` to proceed.
 
+## Feedback HITL
+
+`feedback.hitl` controls per-category Human In The Loop escalation for feedback-driven PRs at merge time. It accepts three shapes:
+
+- **`false`** (default) — no HITL on feedback-driven PRs; they merge after agent sign-off.
+- **`true`** — HITL on all feedback-driven PRs; every such PR requires human approval before merge.
+- **`['architecture', 'security']`** — HITL only for listed categories; PRs driven by feedback in those categories require human approval; others auto-merge after agent sign-off.
+
+`merge.hitl` takes global precedence. When `merge.hitl` is `true`, all PRs (including feedback-driven ones) require human approval regardless of `feedback.hitl`.
+
 ## Built-in Defaults
 
-Every configurable value has a default in `defaults.js`. These are the lowest-priority layer and apply when no other layer provides a value:
+Every configurable value has a default in `defaults.js`. These are the lowest-priority layer and apply when no other layer provides a value. Backend model defaults may be overridden at runtime by auto-discovery (see [Model Discovery](#model-discovery)):
 
 | Key | Default | Description |
 |-----|---------|-------------|
+| `repo` | `undefined` | Optional repository slug fallback (`owner/name`) for standalone tool contexts |
 | `theme` | `transformers` | Agent naming theme (`string` or `string[]` for random per work item) |
 | `reviewers` | `[]` | Human reviewers (empty = auto-merge) |
 | `model` | `balanced` | Default model alias |
@@ -657,21 +666,35 @@ Every configurable value has a default in `defaults.js`. These are the lowest-pr
 | `backends.{name}.env` | *(none)* | Backend-specific env var overrides (flat string map) |
 | `agents.disallowedTools` | `['gh', 'curl']` | Commands agents cannot execute |
 | `scaling.maxAgents` | `8` | Global cap — max agents across all roles |
-| `scaling.maxPerRole.action` | `3` | Max action agents |
-| `scaling.maxPerRole.reviewer` | `2` | Max reviewer agents |
-| `scaling.maxPerRole.risk` | `3` | Max risk agents |
-| `scaling.maxPerRole.planner` | `1` | Max planner agents |
 | `scaling.maxPerTick` | `2` | Max new agents spawned per reactor tick |
 | `scaling.cooldown` | `30000` | Min time between spawns for same role (ms) |
 | `merge.method` | `squash` | PR merge method |
 | `merge.hitl` | `false` | HITL mode: `false` = auto-merge, `true` = human reviewers |
+| `feedback.hitl` | `false` | Per-category HITL for feedback-driven PRs: `false` = none, `true` = all, `string[]` = listed categories only |
 | `merge.base` | `main` | Default PR base branch (scaffolding template sets `loreli` for safety — agents work on a dedicated branch, not main) |
 | `pr.validation.command` | `npm test` | Default shell command run before `pr/create`; non-zero exit blocks PR creation |
 | `pr.selfReview.enabled` | `true` | Require two-step self-review flow (`create` preview, then `create` with `confirm=true`) before PR creation |
+| `workflows.action.model` | `balanced` | Action agent model tier |
+| `workflows.action.maxAgents` | `3` | Max concurrent action agents |
+| `workflows.reviewer.model` | `balanced` | Reviewer agent model tier |
+| `workflows.reviewer.maxAgents` | `2` | Max concurrent reviewer agents |
+| `workflows.reviewer.trace.enabled` | `true` | Reviewer trace capture |
+| `workflows.reviewer.trace.maxOutputChars` | `4000` | Reviewer trace output cap |
+| `workflows.risk.model` | `fast` | Risk agent model tier |
+| `workflows.risk.maxAgents` | `3` | Max concurrent risk agents |
+| `workflows.risk.skip` | `false` | Skip mandatory risk verdict checks |
+| `workflows.risk.trace.enabled` | `true` | Risk trace capture |
+| `workflows.risk.trace.maxOutputChars` | `2000` | Risk trace output cap |
+| `workflows.planner.model` | `powerful` | Planner agent model tier |
+| `workflows.planner.maxAgents` | `1` | Max concurrent planner agents |
+| `workflows.planner.trace.enabled` | `true` | Planner trace capture |
+| `workflows.planner.trace.maxOutputChars` | `4000` | Planner trace output cap |
+| `workflows.{role}.prompt` | `undefined` | Custom prompt file for role (relative to repo root) |
 | `timeouts.stall` | `600000` | Agent stall detection (ms) |
 | `timeouts.shutdown` | `60000` | Graceful shutdown timeout (ms) |
 | `timeouts.poll` | `2000` | Poll interval (ms) |
 | `timeouts.rapidDeath` | `15000` | Spawn-window backend failure detection delay (ms) |
+| `timeouts.proxyDiscovery` | `5000` | Proxy model discovery HTTP timeout (ms) |
 | `timeouts.nudge` | `true` | Enable/disable tier-1 stall nudge messages |
 | `log.level` | `info` | Console log level |
 | `log.maxSize` | `10485760` | Max log file size (bytes) |
@@ -679,10 +702,6 @@ Every configurable value has a default in `defaults.js`. These are the lowest-pr
 | `proofOfLife.timeout` | `300000` | Proof-of-life response timeout (ms, default 5m) |
 | `cleanup.retention` | `43200000` | Prune sessions older than this (ms, default 12h) |
 | `cleanup.autoprune` | `true` | Run prune at start |
-| `prompts.action` | `undefined` | Custom prompt file for action agents (relative to repo root) |
-| `prompts.reviewer` | `undefined` | Custom prompt file for reviewer agents (relative to repo root) |
-| `prompts.planner` | `undefined` | Custom prompt file for planner agents (relative to repo root) |
-| `prompts.risk` | `undefined` | Custom prompt file for risk agents (relative to repo root) |
 | `tmux.session` | `loreli` | Tmux session name |
 | `tmux.capture` | `500` | Pane capture history lines |
 
@@ -692,6 +711,7 @@ Only a subset of config values can be overridden via environment variables. Thes
 
 | Config Path | Environment Variable | Purpose |
 |-------------|---------------------|---------|
+| `repo` | `LORELI_REPO` | Repository fallback (`owner/name`) for tool contexts before `start` |
 | `log.level` | `LORELI_LOG_LEVEL` | Override default log level |
 | `github.token` | `GITHUB_TOKEN` | GitHub API token for hub |
 
@@ -735,6 +755,51 @@ backends:
 
 The `env` section is a flat string-to-string map. Non-string values and empty objects are silently discarded by schema validation.
 
+## Model Discovery
+
+At startup, `BackendRegistry.discover()` probes available backends for their supported models. This enables automatic tier classification without relying solely on static defaults that may become stale.
+
+### Resolution Chain
+
+Model aliases (`fast`, `balanced`, `powerful`) resolve through four layers:
+
+1. **Config override** — `backends.{name}.models.{alias}.{provider}` from `loreli.yml`. Always wins. Required for LiteLLM/proxy setups where model names differ from upstream.
+2. **Runtime discovery** — models discovered from backend CLIs and configured proxy endpoints. `cursor-agent` uses `--list-models`; `claude`/`codex` query OpenAI-compatible model listing (`/v1/models` with `/models` fallback) when their base URL overrides are configured.
+3. **Static defaults** — built-in values from `defaults.js`. When discovery data is available, static fallbacks are validated against the discovered list. Invalid IDs trigger a warning and fall back to the backend's default discovered model.
+4. **Pass-through** — exact model strings bypass resolution entirely.
+
+### Discovery by Backend
+
+| Backend | Method | Notes |
+|---------|--------|-------|
+| `cursor-agent` | `--list-models` CLI flag | Parseable output, classified into tiers per provider |
+| `claude` | Proxy model listing (`/v1/models` / `/models`) when `ANTHROPIC_BASE_URL` is configured | Auth key order: `ANTHROPIC_API_KEY`, then `OPENAI_API_KEY` |
+| `codex` | Proxy model listing (`/v1/models` / `/models`) when `OPENAI_BASE_URL` is configured | Auth key order: `OPENAI_API_KEY`, then `ANTHROPIC_API_KEY` |
+
+### Validation
+
+When discovery data is available, resolved model IDs are validated against the discovered model list. This catches stale defaults, typos, and models removed by providers. When validation fails, the backend's default model is used and a warning is logged.
+
+### LiteLLM / Proxy Override
+
+When backends route through a LiteLLM proxy or custom gateway, override model names in `loreli.yml`:
+
+```yaml
+backends:
+  claude:
+    env:
+      ANTHROPIC_BASE_URL: https://your-litellm.example.com/v1
+    models:
+      fast:
+        anthropic: litellm/haiku
+      balanced:
+        anthropic: litellm/sonnet
+      powerful:
+        anthropic: litellm/opus
+```
+
+Config overrides take precedence over both discovery and static defaults. See [packages/agent/README.md](../agent/README.md) for the full model resolution API reference.
+
 ## Tool Blocking
 
 Agents can bypass Loreli's MCP guardrails (stamping, role guards, label enforcement) by using raw CLI tools like `gh` or `curl` to interact with GitHub directly. The `agents.disallowedTools` config prevents this by blocking specified commands across all CLI backends.

package/packages/config/src/defaults.js

@@ -10,6 +10,7 @@ import ms from 'ms';
  * @type {object}
  */
 export default {
+  repo: undefined,
   theme: 'transformers',
   reviewers: [],
   model: 'balanced',
@@ -34,6 +35,7 @@ export default {
     shutdown: ms('1m'),
     poll: ms('2s'),
     rapidDeath: ms('15s'),
+    proxyDiscovery: ms('5s'),
     nudge: true
   },
   log: {
@@ -50,17 +52,8 @@ export default {
     maxRounds: 7,
     maxClaims: 3
   },
-  review: {
-    skipRiskAssessment: false
-  },
   scaling: {
     maxAgents: 8,
-    maxPerRole: {
-      action: 3,
-      reviewer: 2,
-      risk: 3,
-      planner: 1
-    },
     maxPerTick: 2,
     cooldown: ms('30s')
   },
@@ -94,15 +87,16 @@ export default {
       }
     }
   },
+  classify: {
+    model: 'fast',
+    maxLines: 100,
+    timeout: ms('30s'),
+    maxRetries: 5
+  },
   trace: {
     enabled: true,
     includeOutput: true,
-    maxOutputChars: 8000,
-    workflows: {
-      planner: { enabled: true, maxOutputChars: 4000 },
-      reviewer: { enabled: true, maxOutputChars: 4000 },
-      risk: { enabled: true, maxOutputChars: 2000 }
-    }
+    maxOutputChars: 8000
   },
   agents: {
     disallowedTools: ['gh', 'curl']
@@ -117,16 +111,33 @@ export default {
     retention: ms('12h'),
     autoprune: true
   },
-  prompts: {
-    action: undefined,
-    reviewer: undefined,
-    planner: undefined,
-    risk: undefined
+  workflows: {
+    action: {
+      model: 'balanced',
+      maxAgents: 3
+    },
+    reviewer: {
+      model: 'balanced',
+      maxAgents: 2,
+      trace: { enabled: true, maxOutputChars: 4000 }
+    },
+    risk: {
+      model: 'fast',
+      maxAgents: 3,
+      skip: false,
+      trace: { enabled: true, maxOutputChars: 2000 }
+    },
+    planner: {
+      model: 'powerful',
+      maxAgents: 1,
+      trace: { enabled: true, maxOutputChars: 4000 }
+    }
   },
   feedback: {
     enabled: true,
     threshold: 5,
-    categories: ['naming', 'architecture', 'testing', 'documentation', 'performance', 'security']
+    categories: ['naming', 'architecture', 'testing', 'documentation', 'performance', 'security'],
+    hitl: false
   },
   github: {
     token: undefined

package/packages/config/src/index.js

@@ -1,8 +1,12 @@
 import { resolve } from 'node:path';
+import { readFileSync } from 'node:fs';
 import { parse } from 'yaml';
+import { logger } from 'loreli/log';
 import defaults from './defaults.js';
 import { validate } from './schema.js';
 
+const log = logger('config');
+
 export { defaults };
 export { validate };
 export * as check from './validate.js';
@@ -70,14 +74,40 @@ export class Config {
       const raw = parse(result.content);
       this.file = validate(raw);
       this.found = true;
-    } catch {
-      // File does not exist or is unparseable — defaults will apply
+    } catch (err) {
+      if (err?.status !== 404 && err?.code !== 'ENOENT') {
+        log.warn(`config load failed for ${repo}/${path}: ${err.message}`);
+      }
       this.file = {};
       this.found = false;
     }
     return this.found;
   }
 
+  /**
+   * Load config from a local loreli.yml path.
+   * Returns gracefully if the file does not exist or is unparseable.
+   *
+   * @param {string} [path='loreli.yml'] - Absolute or relative file path.
+   * @returns {boolean} True if config was found and parsed, false otherwise.
+   */
+  loadLocal(path = 'loreli.yml') {
+    try {
+      const content = readFileSync(resolve(path), 'utf8');
+      const raw = parse(content);
+      this.file = validate(raw);
+      this.found = true;
+    } catch (err) {
+      if (err?.code !== 'ENOENT') {
+        log.warn(`config loadLocal failed for ${path}: ${err.message}`);
+      }
+      this.file = {};
+      this.found = false;
+    }
+
+    return this.found;
+  }
+
   /**
    * Merge start params or other overrides on top.
    * Nested objects are shallow-merged one level deep.
@@ -178,6 +208,7 @@ function dig(obj, parts) {
  */
 function env(path) {
   const mapping = {
+    repo: 'LORELI_REPO',
     'log.level': 'LORELI_LOG_LEVEL',
     'github.token': 'GITHUB_TOKEN'
   };