vibe-coding-master 0.2.13 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +9 -6
  2. package/dist/backend/adapters/claude-adapter.js +4 -1
  3. package/dist/backend/api/codex-hook-routes.js +9 -0
  4. package/dist/backend/api/codex-review-routes.js +58 -0
  5. package/dist/backend/api/translation-routes.js +2 -2
  6. package/dist/backend/cli/install-vcm-harness.js +68 -0
  7. package/dist/backend/gateway/gateway-service.js +4 -3
  8. package/dist/backend/server.js +25 -0
  9. package/dist/backend/services/app-settings-service.js +12 -4
  10. package/dist/backend/services/artifact-service.js +2 -1
  11. package/dist/backend/services/claude-hook-service.js +3 -3
  12. package/dist/backend/services/codex-hook-service.js +87 -0
  13. package/dist/backend/services/codex-review-service.js +850 -0
  14. package/dist/backend/services/harness-service.js +90 -3
  15. package/dist/backend/services/message-service.js +8 -7
  16. package/dist/backend/services/project-service.js +2 -2
  17. package/dist/backend/services/round-service.js +29 -25
  18. package/dist/backend/services/session-service.js +141 -12
  19. package/dist/backend/services/task-service.js +2 -0
  20. package/dist/backend/templates/harness/claude-root.js +2 -0
  21. package/dist/backend/templates/harness/codex-review.js +605 -0
  22. package/dist/backend/templates/harness/project-manager-agent.js +13 -3
  23. package/dist/backend/templates/harness/vcm-final-acceptance-skill.js +6 -1
  24. package/dist/shared/constants.js +15 -1
  25. package/dist/shared/types/app-settings.js +4 -3
  26. package/dist/shared/types/codex-hook.js +1 -0
  27. package/dist/shared/types/codex-review.js +5 -0
  28. package/dist/shared/types/session.js +44 -0
  29. package/dist-frontend/assets/index-BavJjWQY.js +92 -0
  30. package/dist-frontend/assets/index-CR1EOe-w.css +32 -0
  31. package/dist-frontend/index.html +2 -2
  32. package/docs/ARCHITECTURE.md +1 -0
  33. package/docs/TESTING.md +82 -0
  34. package/docs/codex-review-gates.md +553 -0
  35. package/docs/gateway-design.md +5 -4
  36. package/docs/known-issues.md +1 -0
  37. package/docs/product-design.md +55 -10
  38. package/package.json +1 -1
  39. package/scripts/verify-package.mjs +4 -0
  40. package/dist-frontend/assets/index-CT20u9Fk.js +0 -92
  41. package/dist-frontend/assets/index-DC9-SB7F.css +0 -32
@@ -0,0 +1,553 @@
1
+ # Codex Review Gates
2
+
3
+ Last updated: 2026-06-14
4
+
5
+ This document defines the Codex Review Gates feature for VCM.
6
+
7
+ The goal is to add an independent cross-model review layer to complex VCM
8
+ tasks. VCM keeps the four Claude Code execution roles and adds a fifth role,
9
+ `codex-reviewer`, for external review. Claude Code remains the primary role
10
+ execution engine, while Codex reviews key artifacts at three gates where
11
+ mistakes are expensive if found late:
12
+
13
+ 1. Architecture plan review before coder implementation.
14
+ 2. Validation adequacy review after reviewer output.
15
+ 3. Final diff review before final acceptance and PR preparation.
16
+
17
+ ## 1. Product Goal
18
+
19
+ Complex tasks should not rely on a single model family or a single role chain.
20
+ VCM already separates work into project-manager, architect, coder, and reviewer
21
+ roles, but those roles can still share blind spots. Codex Review Gates add
22
+ `codex-reviewer` as a fifth role that is outside the normal Claude Code role
23
+ loop.
24
+
25
+ Codex is not the task owner. It does not implement code, rewrite plans, replace
26
+ the VCM reviewer, assign ownership, or decide whether user intervention is
27
+ required. It only reviews the specified gate evidence and reports whether that
28
+ gate can pass.
29
+
30
+ The product outcome is higher task accuracy through earlier detection of:
31
+
32
+ - misunderstood requirements
33
+ - flawed architecture plans
34
+ - unverifiable implementation plans
35
+ - inadequate tests
36
+ - missed edge cases
37
+ - hidden regressions in the final diff
38
+ - unexplained or high-risk file changes
39
+
40
+ ## 2. Non-Goals
41
+
42
+ The first version should not:
43
+
44
+ - require every task to start Codex Reviewer manually
45
+ - let Codex edit repository files directly
46
+ - automatically accept, reject, route, or replan a task
47
+ - replace human approval for high-risk decisions
48
+ - require every small task to run all three gates
49
+ - halt all workflows when Codex is unavailable
50
+ - send repository secrets or unrelated local state to a hosted model
51
+
52
+ ## 3. Gate Summary
53
+
54
+ ```text
55
+ project-manager
56
+ -> architect architecture plan
57
+ -> Codex Gate 1: Architecture Plan Review
58
+ -> coder implementation
59
+ -> reviewer independent validation
60
+ -> Codex Gate 2: Validation Adequacy Review
61
+ -> architect docs sync
62
+ -> project-manager final acceptance
63
+ -> Codex Gate 3: Final Diff Review
64
+ -> PR preparation
65
+ ```
66
+
67
+ Each gate returns exactly one decision:
68
+
69
+ ```text
70
+ approve
71
+ request_changes
72
+ ```
73
+
74
+ - `approve`: the current evidence is good enough to continue.
75
+ - `request_changes`: one or more findings mean the gate should not pass yet.
76
+
77
+ PM owns routing after `request_changes`. Architecture plan findings go back to
78
+ architect. Validation adequacy findings go back to reviewer. Final diff
79
+ findings go to architect first for assessment; architect may resolve simple
80
+ debug issues directly or route complex issues through Replan.
81
+
82
+ Gate triggering is PM-driven through the `vcm-codex-review-gate` skill. PM uses
83
+ the skill at the three gate trigger points. The skill checks VCM-provided Codex
84
+ review state and asks VCM to start a review when the gate is enabled, required,
85
+ and not already approved for the current input.
86
+
87
+ VCM owns execution. When review starts, the VCM flow remains running and enters
88
+ a Codex review stage. VCM ensures the long-lived `codex-reviewer` embedded
89
+ terminal session is running, sends the gate prompt into that session, records
90
+ state, validates the report shape, and calls PM back when review finishes. PM
91
+ then reads the report and continues or routes by gate type. The same Codex
92
+ Reviewer terminal remains available after the gate so the user or PM can
93
+ continue discussing, challenging, or confirming the review result in context.
94
+ Codex execution failure is VCM/tool failure, not `request_changes`; VCM offers
95
+ retry, skip, or override and records the chosen exception state.
96
+
97
+ ```text
98
+ PM reaches gate trigger
99
+ -> PM uses vcm-codex-review-gate
100
+ -> skill checks VCM Codex gate state
101
+ -> skill requests VCM start review
102
+ -> VCM state = codex-review:running
103
+ -> VCM sends gate prompt to Codex Reviewer terminal
104
+ -> Codex Reviewer writes report
105
+ -> VCM records completed / failed / skipped / overridden
106
+ -> VCM emits Codex review callback to PM
107
+ -> PM reads report and continues or routes
108
+ ```
109
+
110
+ ## 4. Gate 1: Architecture Plan Review
111
+
112
+ Run after architect produces the architecture plan and before coder begins
113
+ implementation.
114
+
115
+ Primary artifact:
116
+
117
+ ```text
118
+ .ai/vcm/handoffs/architecture-plan.md
119
+ ```
120
+
121
+ Recommended inputs:
122
+
123
+ - original user request
124
+ - project-manager route message or durable task plan when present
125
+ - architecture plan
126
+ - relevant durable architecture docs
127
+ - `docs/TESTING.md` when the plan depends on validation strategy
128
+ - changed file list when architect created scaffolding
129
+
130
+ Codex should review whether:
131
+
132
+ - the plan matches the user request
133
+ - the architecture boundaries are clear and compatible with the existing repo
134
+ - file responsibilities and public contracts are specific enough for coder
135
+ - the plan avoids unnecessary scope expansion
136
+ - risks, dependencies, migrations, permissions, data, and error paths are named
137
+ - acceptance and validation evidence can be produced
138
+ - the plan leaves no critical decisions for coder to guess
139
+
140
+ Output artifact:
141
+
142
+ ```text
143
+ .ai/vcm/codex-reviews/architecture-plan-review.md
144
+ ```
145
+
146
+ Routing:
147
+
148
+ - `approve`: project-manager may route to coder.
149
+ - `request_changes`: project-manager routes back to architect.
150
+
151
+ ## 5. Gate 2: Validation Adequacy Review
152
+
153
+ Run after reviewer produces the review report and before docs sync or final
154
+ acceptance.
155
+
156
+ Primary artifact:
157
+
158
+ ```text
159
+ .ai/vcm/handoffs/review-report.md
160
+ ```
161
+
162
+ Recommended inputs:
163
+
164
+ - original user request
165
+ - architecture plan
166
+ - changed file list
167
+ - implementation diff summary
168
+ - reviewer report
169
+ - validation commands and results
170
+ - tests added or changed
171
+ - known issues
172
+
173
+ Codex should review whether:
174
+
175
+ - the validation evidence proves the requested behavior
176
+ - tests cover important edge cases, failure paths, and regressions
177
+ - skipped checks are justified and have a clear final validation point
178
+ - reviewer findings are resolved or routed
179
+ - tests are not only testing implementation details
180
+ - high-risk areas such as permissions, state, persistence, concurrency, data
181
+ deletion, and external integrations are covered when relevant
182
+ - the reviewer report is specific enough for final acceptance
183
+
184
+ Output artifact:
185
+
186
+ ```text
187
+ .ai/vcm/codex-reviews/validation-adequacy-review.md
188
+ ```
189
+
190
+ Routing:
191
+
192
+ - `approve`: project-manager may request architect docs sync or proceed toward
193
+ final acceptance.
194
+ - `request_changes`: project-manager routes back to reviewer.
195
+
196
+ ## 6. Gate 3: Final Diff Review
197
+
198
+ Run after normal final acceptance evidence exists and before PR preparation or
199
+ task completion.
200
+
201
+ Recommended inputs:
202
+
203
+ - original user request
204
+ - architecture plan
205
+ - review report
206
+ - docs-sync report
207
+ - final acceptance draft when present
208
+ - full git diff against the task base branch
209
+ - changed file list
210
+ - validation summary
211
+ - known issues disposition
212
+
213
+ Codex should review whether:
214
+
215
+ - the final diff satisfies the user request
216
+ - the implementation contains correctness bugs or behavior regressions
217
+ - the code follows existing project conventions
218
+ - tests and implementation remain aligned
219
+ - durable docs and generated artifacts are consistent with the diff
220
+ - files outside the expected scope are explained
221
+ - high-risk changes are approved or routed
222
+ - PR text can honestly summarize the change, validation, and risks
223
+
224
+ Output artifact:
225
+
226
+ ```text
227
+ .ai/vcm/codex-reviews/final-diff-review.md
228
+ ```
229
+
230
+ Routing:
231
+
232
+ - `approve`: project-manager may complete final acceptance and prepare the PR.
233
+ - `request_changes`: project-manager routes to architect for assessment.
234
+ Architect decides whether the issue is simple enough for Debug Mode or needs
235
+ the normal Replan flow.
236
+
237
+ ## 7. Review Report Format
238
+
239
+ Each Codex review report must start with stable fields so VCM can reject stale
240
+ or malformed reports:
241
+
242
+ ```md
243
+ Gate: <architecture-plan|validation-adequacy|final-diff>
244
+ Request: <request-id>
245
+ Decision: approve|request_changes
246
+ Summary: <one or two sentences>
247
+
248
+ ## Findings
249
+
250
+ ### <severity>: <title>
251
+
252
+ - File: <path or none>
253
+ - Line: <line or none>
254
+ - Evidence: <what Codex observed>
255
+ - Expected: <gate requirement that is not satisfied>
256
+ - Gap: <what is missing, stale, contradictory, risky, or incorrect>
257
+ - Risk: <why it matters>
258
+
259
+ ## Residual Risks
260
+
261
+ - <risk or "None identified">
262
+
263
+ ## Inputs Reviewed
264
+
265
+ - <artifact or command output summary>
266
+ ```
267
+
268
+ Severity values:
269
+
270
+ ```text
271
+ critical
272
+ high
273
+ medium
274
+ low
275
+ ```
276
+
277
+ Decision rules:
278
+
279
+ - Any `critical` or unresolved `high` finding requires `request_changes`.
280
+ - `medium` findings require `request_changes` when they affect task
281
+ correctness, validation confidence, or maintainability.
282
+ - `low` findings do not prevent approval by themselves unless they reveal a
283
+ pattern that affects the gate.
284
+
285
+ ## 8. State Model
286
+
287
+ Codex reviewer runtime files live under:
288
+
289
+ ```text
290
+ .ai/codex/
291
+ ```
292
+
293
+ Codex review outputs live under:
294
+
295
+ ```text
296
+ .ai/vcm/codex-reviews/index.json
297
+ .ai/vcm/codex-reviews/architecture-plan-review.md
298
+ .ai/vcm/codex-reviews/validation-adequacy-review.md
299
+ .ai/vcm/codex-reviews/final-diff-review.md
300
+ .ai/vcm/codex-reviews/requests/<request-id>.json
301
+ ```
302
+
303
+ VCM owns `.ai/vcm/codex-reviews/index.json`. It records the enablement marker,
304
+ active gate, gate status, report path, decision, input hash, execution error,
305
+ skip / override reason, and timestamps. PM reads this state through VCM turn
306
+ context or the `vcm-codex-review-gate` skill; PM must not infer Codex state from
307
+ report files alone.
308
+
309
+ The `.ai/codex/` directory is VCM-managed runtime configuration for the fifth
310
+ role. It should contain:
311
+
312
+ ```text
313
+ .ai/codex/AGENTS.md
314
+ .ai/codex/config.toml
315
+ .ai/codex/.codex/config.toml
316
+ .ai/codex/.codex/hooks.json
317
+ .ai/codex/prompts/architecture-plan-gate.md
318
+ .ai/codex/prompts/validation-adequacy-gate.md
319
+ .ai/codex/prompts/final-diff-gate.md
320
+ .ai/codex/schemas/codex-review-result.schema.json
321
+ ```
322
+
323
+ `.ai/codex/AGENTS.md` is the role definition for `codex-reviewer`. It should be
324
+ the only durable role instruction source VCM provides to Codex for review
325
+ gates. VCM should not require a root-level `AGENTS.md`, and it should not
326
+ require `.codex/agents/vcm-codex-reviewer.toml` for the first implementation.
327
+ The VCM-owned template portion must be bounded by the standard managed block:
328
+
329
+ ```md
330
+ <!-- VCM:BEGIN version=1 -->
331
+ ...
332
+ <!-- VCM:END -->
333
+ ```
334
+
335
+ The managed block should include the Codex reviewer role, evidence sources,
336
+ three gate-specific review criteria, finding format, and write constraints.
337
+ Project-local custom notes may live outside the block.
338
+
339
+ `.ai/codex/config.toml` is VCM-owned launch configuration. Codex does not
340
+ natively discover arbitrary `.ai/codex/config.toml` files the way it discovers
341
+ `$CODEX_HOME/config.toml` or layered `$CODEX_HOME/<profile>.config.toml` files,
342
+ so the VCM Codex adapter reads this file and maps supported keys to the Codex
343
+ CLI invocation.
344
+
345
+ `.ai/codex/.codex/config.toml` and `.ai/codex/.codex/hooks.json` are the
346
+ Codex CLI project-level hook configuration. Because VCM starts Codex with
347
+ `.ai/codex` as the current Codex project, this nested `.codex` directory is
348
+ discovered by the interactive Codex CLI. The config enables hooks, and the
349
+ hooks post `UserPromptSubmit` and `Stop` events to VCM:
350
+
351
+ ```text
352
+ POST /api/hooks/codex-reviewer
353
+ POST /api/hooks/codex-reviewer/stop
354
+ ```
355
+
356
+ The hook payload records Codex's own session id, transcript path, cwd, and hook
357
+ event name. VCM stores those events on the `codex-reviewer` role session and in
358
+ the shared Round state, so a Codex review keeps the VCM flow running until the
359
+ Codex `Stop` event is observed and the normal settle timer completes.
360
+
361
+ VCM should start Codex from `.ai/codex` so that `.ai/codex/AGENTS.md` is
362
+ discovered naturally. Because the current session root is then `.ai/codex`, the
363
+ permission profile must add the task repository as a profile-defined workspace
364
+ root using a relative path:
365
+
366
+ ```toml
367
+ [permissions.vcm_codex_reviewer.workspace_roots]
368
+ "../.." = true
369
+
370
+ [permissions.vcm_codex_reviewer.filesystem]
371
+ ":minimal" = "read"
372
+
373
+ [permissions.vcm_codex_reviewer.filesystem.":workspace_roots"]
374
+ "." = "read"
375
+ ".ai/codex" = "read"
376
+ ".ai/vcm/codex-reviews" = "write"
377
+ "**/*.env" = "deny"
378
+ ```
379
+
380
+ With `--cd <taskRepoRoot>/.ai/codex`, `../..` points back to
381
+ `<taskRepoRoot>`. Codex then applies the `:workspace_roots` rules to both the
382
+ runtime root and the profile-defined task repository root, allowing read access
383
+ to the repository while granting write access only to
384
+ `.ai/vcm/codex-reviews/`.
385
+
386
+ The task repository must ignore `.ai/vcm/`, because review reports and task
387
+ runtime state are transient. It should not ignore the whole `.ai/codex/`
388
+ directory if `.ai/codex/AGENTS.md`, `.ai/codex/config.toml`, prompts, or schemas
389
+ are intended to be durable project configuration. Ignore only transient Codex
390
+ runtime files inside `.ai/codex/`, such as logs or temporary materialized
391
+ profiles.
392
+
393
+ Shared types live in `src/shared/types/codex-review.ts`. Gate status is one of
394
+ `disabled`, `not_required`, `pending`, `running`, `completed`, `failed`,
395
+ `skipped`, or `overridden`.
396
+
397
+ ## 9. Backend Shape
398
+
399
+ Implemented files:
400
+
401
+ ```text
402
+ src/shared/types/codex-review.ts
403
+ src/shared/types/codex-hook.ts
404
+ src/backend/services/codex-review-service.ts
405
+ src/backend/services/codex-hook-service.ts
406
+ src/backend/api/codex-review-routes.ts
407
+ src/backend/api/codex-hook-routes.ts
408
+ ```
409
+
410
+ Implemented API:
411
+
412
+ ```text
413
+ GET /api/tasks/:taskSlug/codex-review
414
+ PUT /api/tasks/:taskSlug/codex-review/settings
415
+ POST /api/tasks/:taskSlug/codex-review/:gate/request
416
+ POST /api/tasks/:taskSlug/codex-review/:gate/retry
417
+ POST /api/tasks/:taskSlug/codex-review/:gate/skip
418
+ POST /api/tasks/:taskSlug/codex-review/:gate/override
419
+ GET /api/tasks/:taskSlug/codex-review/:gate/report
420
+ POST /api/hooks/codex-reviewer
421
+ POST /api/hooks/codex-reviewer/stop
422
+ ```
423
+
424
+ Provider implementations should be swappable:
425
+
426
+ - Codex CLI review command
427
+ - OpenAI API reviewer model
428
+ - OpenAI-compatible reviewer model
429
+ - manual imported review result
430
+
431
+ The service should assemble gate-specific inputs, run the provider, parse the
432
+ decision and findings, write the Markdown report, and update `index.json`.
433
+ `requestReviewGate` is the API used by the PM-facing skill / helper. It returns
434
+ one of `disabled`, `not_required`, `already_approved`, `running`, `started`, or
435
+ `failed_to_start`.
436
+
437
+ When a review starts, VCM keeps the task flow running in a Codex review stage.
438
+ When the provider finishes, VCM emits a Codex review callback to PM with gate,
439
+ status, decision, report path, and any failure or exception metadata.
440
+
441
+ The Codex CLI provider uses the long-lived embedded terminal session, not
442
+ `codex exec`, because VCM needs Codex `UserPromptSubmit` and `Stop` hook events
443
+ and the user may continue discussing the review after the report is written.
444
+ Current implementation shape for a fresh terminal:
445
+
446
+ ```bash
447
+ codex \
448
+ --cd <taskRepoRoot>/.ai/codex \
449
+ --add-dir <taskRepoRoot>/.ai/vcm/codex-reviews \
450
+ --sandbox workspace-write \
451
+ --ask-for-approval never \
452
+ --dangerously-bypass-hook-trust \
453
+ --model <model-from-.ai/codex/config.toml> \
454
+ --config model_reasoning_effort="<effort-from-.ai/codex/config.toml>"
455
+ ```
456
+
457
+ Starting from `.ai/codex` causes Codex to load `.ai/codex/AGENTS.md` through
458
+ its normal `AGENTS.md` discovery path and `.ai/codex/.codex/hooks.json` through
459
+ the Codex project hook path. VCM sends the gate prompt into this terminal,
460
+ validates the report path, request id, and decision before marking a gate
461
+ completed, then callbacks PM. `--ask-for-approval never` and the VCM-owned hook
462
+ trust bypass prevent Codex from pausing at permission or hook trust prompts;
463
+ execution failures are recorded as `failed` so the user can retry, skip, or
464
+ override.
465
+
466
+ ## 10. UI Shape
467
+
468
+ Add a `Codex Review Gates` group to the left sidebar. It is visible for the
469
+ connected active task and contains three independent toggles:
470
+
471
+ - Architecture Plan
472
+ - Validation Adequacy
473
+ - Final Diff
474
+
475
+ All three toggles default to `off`. Turning on any gate writes it into
476
+ `.ai/codex/config.toml` under `[vcm.codex_review].required_gates` and sets
477
+ `enabled = true`. Turning all gates off writes `enabled = false` and
478
+ `required_gates = []`.
479
+
480
+ The task workspace must not show a separate Codex Review Gates panel. The UI
481
+ does not expose manual `Run`, `Run Again`, `Retry`, `Skip`, or `Override`
482
+ buttons for gates; PM triggers reviews through the `vcm-codex-review-gate`
483
+ skill, and VCM handles execution failures through its managed retry / skip /
484
+ override path.
485
+
486
+ When at least one gate toggle is on, or when the task already has a saved Codex
487
+ Reviewer session, the task workspace role tabs include a fifth role, `Codex
488
+ Reviewer`. It uses the same embedded terminal surface as the Claude Code roles,
489
+ but starts Codex CLI from `.ai/codex`, uses Codex model and effort selectors,
490
+ and is not part of PM message routing, auto orchestration, or translation. The
491
+ saved launch template still stores the four Claude Code role settings; when a
492
+ Codex gate is enabled and no task sessions exist yet, One-click start launches
493
+ those four Claude Code roles plus `codex-reviewer` with the Codex Reviewer
494
+ defaults.
495
+
496
+ ## 11. Project-Manager Rules
497
+
498
+ Project-manager must treat Codex Review Gates as external evidence.
499
+
500
+ Rules:
501
+
502
+ - Use `vcm-codex-review-gate` at each Codex gate trigger and on each VCM Codex
503
+ review callback.
504
+ - Do not route coder implementation before the architecture plan gate is
505
+ approved, unless the user explicitly skips the gate.
506
+ - Do not start final acceptance before the validation adequacy gate is approved,
507
+ unless an explicit exception is recorded.
508
+ - Do not prepare a PR before the final diff gate is approved, unless an
509
+ explicit exception is recorded.
510
+ - Route `request_changes` by gate type, not by any Codex-provided routing field:
511
+ architecture-plan to architect, validation-adequacy to reviewer, and
512
+ final-diff to architect for assessment.
513
+ - Do not call Codex CLI directly from PM; PM requests VCM to start review and
514
+ stops when VCM reports `started`.
515
+ - Do not let Codex findings disappear into chat history. Record the report path
516
+ and disposition in final acceptance.
517
+ - Manual overrides must include who accepted the risk and why.
518
+
519
+ ## 12. Implemented MVP Scope
520
+
521
+ The first implementation is intentionally small:
522
+
523
+ 1. Add `.ai/codex/AGENTS.md`, `.ai/codex/config.toml`, and
524
+ `.ai/codex/.codex/*` as VCM-managed Codex reviewer runtime files.
525
+ 2. Add `vcm-codex-review-gate` as the PM-facing skill / protocol entry.
526
+ 3. Add backend APIs to configure, request, run, retry, skip, override, list,
527
+ and read gate reports.
528
+ 4. Add sidebar toggles for the three gate enablement options.
529
+ 5. Add project-manager and final-acceptance harness rules that require checking
530
+ Codex gate reports for complex tasks.
531
+ 6. Add Codex hook endpoints so the fifth role participates in VCM session and
532
+ Round state.
533
+ 7. Keep gate triggering PM-driven at first.
534
+ 8. Do not automatically route roles from Codex findings in the first version.
535
+
536
+ Later versions can add automatic PM routing, provider selection, stricter
537
+ provider-level read/write policies where supported by Codex CLI, and risk-based
538
+ gate selection.
539
+
540
+ ## 13. Open Questions
541
+
542
+ - Should the first implementation support only Codex CLI, or should the
543
+ provider remain pluggable from the start?
544
+ - Should VCM enforce the gates in backend state, or should project-manager rules
545
+ enforce them first?
546
+ - What task complexity signal should decide whether all three gates are
547
+ required?
548
+ - Should final diff review run against the task branch base, connected base
549
+ repository `HEAD`, or an explicit PR base?
550
+ - How should large diffs be chunked without losing cross-file reasoning?
551
+ - What information must be redacted before sending inputs to a hosted model?
552
+ - Which `.ai/codex/config.toml` keys should VCM support in MVP, and which
553
+ should be rejected to avoid surprising Codex CLI behavior?
@@ -163,7 +163,8 @@ Task lifecycle commands:
163
163
  selects it as the mobile current task, applies the saved launch template, and
164
164
  starts the four role sessions (`project-manager`, `architect`, `coder`,
165
165
  `reviewer`) through the same one-click-start path as the desktop UI. The saved
166
- template controls permission mode, model, auto orchestration, and translation.
166
+ template controls permission mode, model, effort, auto orchestration, and
167
+ translation.
167
168
  If no template has been saved, VCM uses the default launch template.
168
169
  - `/close-task` starts a destructive confirmation flow for the current task.
169
170
  Gateway replies with the exact confirmation command.
@@ -249,7 +250,7 @@ Rules:
249
250
  -> load saved launch template from app preferences
250
251
  -> set orchestration from template
251
252
  -> set gateway/desktop translation state from template
252
- -> start four role sessions with template permission/model
253
+ -> start four role sessions with template permission/model/effort
253
254
  -> switch mobile current role to project-manager
254
255
  -> reply with task slug, branch, worktree, template summary, and session status
255
256
  ```
@@ -584,8 +585,8 @@ Service dependencies:
584
585
  Task cleanup.
585
586
  - `SessionService`: PM session state, Claude session metadata, and role session
586
587
  start for launch-template initialization.
587
- - `AppSettingsService`: saved launch template with permission mode, model, auto
588
- orchestration, and translation defaults.
588
+ - `AppSettingsService`: saved launch template with permission mode, model,
589
+ effort, auto orchestration, and translation defaults.
589
590
  - `MessageService` / orchestration state service: set the newly created task to
590
591
  template auto/manual orchestration mode.
591
592
  - `TerminalRuntime`: controlled PM terminal submission.
@@ -0,0 +1 @@
1
+ # Known Issues