vibe-coding-master 0.3.25 → 0.3.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -7
- package/dist/backend/api/codex-hook-routes.js +0 -7
- package/dist/backend/api/gate-review-routes.js +58 -0
- package/dist/backend/api/task-routes.js +2 -2
- package/dist/backend/cli/install-vcm-harness.js +17 -57
- package/dist/backend/server.js +7 -8
- package/dist/backend/services/app-settings-service.js +15 -15
- package/dist/backend/services/claude-hook-service.js +138 -28
- package/dist/backend/services/codex-hook-service.js +8 -50
- package/dist/backend/services/{codex-review-service.js → gate-review-service.js} +108 -108
- package/dist/backend/services/harness-service.js +17 -63
- package/dist/backend/services/session-service.js +275 -49
- package/dist/backend/services/task-service.js +2 -2
- package/dist/backend/templates/harness/claude-root.js +2 -2
- package/dist/backend/templates/harness/{codex-review.js → gate-review.js} +35 -278
- package/dist/backend/templates/harness/project-manager-agent.js +7 -7
- package/dist/backend/templates/harness/vcm-final-acceptance-skill.js +5 -5
- package/dist/shared/constants.js +8 -5
- package/dist/shared/types/{codex-review.js → gate-review.js} +1 -1
- package/dist-frontend/assets/{index-CKWy15WL.js → index-DVy34Iwn.js} +31 -31
- package/dist-frontend/index.html +1 -1
- package/docs/codex-translation-plan.md +9 -9
- package/docs/gate-review-gates.md +133 -0
- package/docs/product-design.md +37 -40
- package/package.json +1 -1
- package/scripts/verify-package.mjs +4 -4
- package/dist/backend/api/codex-review-routes.js +0 -58
- package/docs/codex-review-gates.md +0 -593
|
@@ -1,593 +0,0 @@
|
|
|
1
|
-
# Codex Review Gates
|
|
2
|
-
|
|
3
|
-
Last updated: 2026-06-14
|
|
4
|
-
|
|
5
|
-
This document defines the Codex Review Gates feature for VCM.
|
|
6
|
-
|
|
7
|
-
The goal is to add an independent cross-model review layer to complex VCM
|
|
8
|
-
tasks. VCM keeps the four Claude Code execution roles and adds a fifth role,
|
|
9
|
-
`codex-reviewer`, for external review. Claude Code remains the primary role
|
|
10
|
-
execution engine, while Codex reviews key artifacts at three gates where
|
|
11
|
-
mistakes are expensive if found late:
|
|
12
|
-
|
|
13
|
-
1. Architecture plan review before coder implementation.
|
|
14
|
-
2. Validation adequacy review after reviewer output.
|
|
15
|
-
3. Final diff review before final acceptance and PR preparation.
|
|
16
|
-
|
|
17
|
-
## 1. Product Goal
|
|
18
|
-
|
|
19
|
-
Complex tasks should not rely on a single model family or a single role chain.
|
|
20
|
-
VCM already separates work into project-manager, architect, coder, and reviewer
|
|
21
|
-
roles, but those roles can still share blind spots. Codex Review Gates add
|
|
22
|
-
`codex-reviewer` as a fifth role that is outside the normal Claude Code role
|
|
23
|
-
loop.
|
|
24
|
-
|
|
25
|
-
Codex is not the task owner. It does not implement code, rewrite plans, replace
|
|
26
|
-
the VCM reviewer, assign ownership, or decide whether user intervention is
|
|
27
|
-
required. It only reviews the specified gate evidence and reports whether that
|
|
28
|
-
gate can pass.
|
|
29
|
-
|
|
30
|
-
The product outcome is higher task accuracy through earlier detection of:
|
|
31
|
-
|
|
32
|
-
- misunderstood requirements
|
|
33
|
-
- flawed architecture plans
|
|
34
|
-
- unverifiable implementation plans
|
|
35
|
-
- inadequate tests
|
|
36
|
-
- missed edge cases
|
|
37
|
-
- hidden regressions in the final diff
|
|
38
|
-
- unexplained or high-risk file changes
|
|
39
|
-
|
|
40
|
-
## 2. Non-Goals
|
|
41
|
-
|
|
42
|
-
The first version should not:
|
|
43
|
-
|
|
44
|
-
- require every task to start Codex Reviewer manually
|
|
45
|
-
- let Codex edit repository files directly
|
|
46
|
-
- automatically accept, reject, route, or replan a task
|
|
47
|
-
- replace human approval for high-risk decisions
|
|
48
|
-
- require every small task to run all three gates
|
|
49
|
-
- halt all workflows when Codex is unavailable
|
|
50
|
-
- send repository secrets or unrelated local state to a hosted model
|
|
51
|
-
|
|
52
|
-
## 3. Gate Summary
|
|
53
|
-
|
|
54
|
-
```text
|
|
55
|
-
project-manager
|
|
56
|
-
-> architect architecture plan
|
|
57
|
-
-> Codex Gate 1: Architecture Plan Review
|
|
58
|
-
-> coder implementation
|
|
59
|
-
-> reviewer independent validation
|
|
60
|
-
-> Codex Gate 2: Validation Adequacy Review
|
|
61
|
-
-> architect docs sync
|
|
62
|
-
-> project-manager final acceptance
|
|
63
|
-
-> Codex Gate 3: Final Diff Review
|
|
64
|
-
-> PR preparation
|
|
65
|
-
```
|
|
66
|
-
|
|
67
|
-
Each gate returns exactly one decision:
|
|
68
|
-
|
|
69
|
-
```text
|
|
70
|
-
approve
|
|
71
|
-
request_changes
|
|
72
|
-
```
|
|
73
|
-
|
|
74
|
-
- `approve`: the current evidence is good enough to continue.
|
|
75
|
-
- `request_changes`: one or more findings mean the gate should not pass yet.
|
|
76
|
-
|
|
77
|
-
PM owns routing after `request_changes`. Architecture plan findings go back to
|
|
78
|
-
architect. Validation adequacy findings go back to reviewer. Final diff
|
|
79
|
-
findings go to architect first for assessment; architect may resolve simple
|
|
80
|
-
debug issues directly or route complex issues through Replan.
|
|
81
|
-
|
|
82
|
-
Gate triggering is PM-driven through the `vcm-codex-review-gate` skill. PM uses
|
|
83
|
-
the skill at the three gate trigger points. The skill checks VCM-provided Codex
|
|
84
|
-
review state and asks VCM to start a review when the gate is enabled, required,
|
|
85
|
-
and not already approved for the current input.
|
|
86
|
-
|
|
87
|
-
VCM owns execution. When review starts, the VCM flow remains running and enters
|
|
88
|
-
a Codex review stage. VCM ensures the long-lived `codex-reviewer` embedded
|
|
89
|
-
terminal session is running, sends the gate prompt into that session, records
|
|
90
|
-
state, validates the report shape, and calls PM back when review finishes. PM
|
|
91
|
-
then reads the report and continues or routes by gate type. The same Codex
|
|
92
|
-
Reviewer terminal remains available after the gate so the user or PM can
|
|
93
|
-
continue discussing, challenging, or confirming the review result in context.
|
|
94
|
-
Codex execution failure is VCM/tool failure, not `request_changes`; VCM offers
|
|
95
|
-
retry, skip, or override and records the chosen exception state.
|
|
96
|
-
|
|
97
|
-
```text
|
|
98
|
-
PM reaches gate trigger
|
|
99
|
-
-> PM uses vcm-codex-review-gate
|
|
100
|
-
-> skill checks VCM Codex gate state
|
|
101
|
-
-> skill requests VCM start review
|
|
102
|
-
-> VCM state = codex-review:running
|
|
103
|
-
-> VCM sends gate prompt to Codex Reviewer terminal
|
|
104
|
-
-> Codex Reviewer writes report
|
|
105
|
-
-> VCM records completed / failed / skipped / overridden
|
|
106
|
-
-> VCM emits Codex review callback to PM
|
|
107
|
-
-> PM reads report and continues or routes
|
|
108
|
-
```
|
|
109
|
-
|
|
110
|
-
## 4. Gate 1: Architecture Plan Review
|
|
111
|
-
|
|
112
|
-
Run after architect produces the architecture plan and before coder begins
|
|
113
|
-
implementation.
|
|
114
|
-
|
|
115
|
-
Primary artifact:
|
|
116
|
-
|
|
117
|
-
```text
|
|
118
|
-
.ai/vcm/handoffs/architecture-plan.md
|
|
119
|
-
```
|
|
120
|
-
|
|
121
|
-
Recommended inputs:
|
|
122
|
-
|
|
123
|
-
- original user request
|
|
124
|
-
- project-manager route message or durable task plan when present
|
|
125
|
-
- architecture plan
|
|
126
|
-
- Scaffold Manifest and any architect-created scaffold diff
|
|
127
|
-
- relevant durable architecture docs
|
|
128
|
-
- `docs/TESTING.md` when the plan depends on validation strategy
|
|
129
|
-
- changed file list when architect created scaffolding
|
|
130
|
-
|
|
131
|
-
Codex should review whether:
|
|
132
|
-
|
|
133
|
-
- the plan matches the user request
|
|
134
|
-
- the architecture boundaries are clear and compatible with the existing repo
|
|
135
|
-
- file responsibilities and public contracts are specific enough for coder
|
|
136
|
-
- the Scaffold Manifest carries task-specific context and coder guidance instead
|
|
137
|
-
of putting that information in source-code comments
|
|
138
|
-
- the plan avoids unnecessary scope expansion
|
|
139
|
-
- risks, dependencies, migrations, permissions, data, and error paths are named
|
|
140
|
-
- acceptance and validation evidence can be produced
|
|
141
|
-
- the plan leaves no critical decisions for coder to guess
|
|
142
|
-
|
|
143
|
-
Output artifact:
|
|
144
|
-
|
|
145
|
-
```text
|
|
146
|
-
.ai/vcm/codex-reviews/architecture-plan-review.md
|
|
147
|
-
```
|
|
148
|
-
|
|
149
|
-
Routing:
|
|
150
|
-
|
|
151
|
-
- `approve`: project-manager may route to coder.
|
|
152
|
-
- `request_changes`: project-manager routes back to architect.
|
|
153
|
-
|
|
154
|
-
## 5. Gate 2: Validation Adequacy Review
|
|
155
|
-
|
|
156
|
-
Run after reviewer produces the review report and before docs sync or final
|
|
157
|
-
acceptance.
|
|
158
|
-
|
|
159
|
-
Primary artifact:
|
|
160
|
-
|
|
161
|
-
```text
|
|
162
|
-
.ai/vcm/handoffs/review-report.md
|
|
163
|
-
```
|
|
164
|
-
|
|
165
|
-
Recommended inputs:
|
|
166
|
-
|
|
167
|
-
- original user request
|
|
168
|
-
- architecture plan
|
|
169
|
-
- changed file list
|
|
170
|
-
- implementation diff summary
|
|
171
|
-
- reviewer report
|
|
172
|
-
- validation commands and results
|
|
173
|
-
- tests added or changed
|
|
174
|
-
- known issues
|
|
175
|
-
|
|
176
|
-
Codex should review whether:
|
|
177
|
-
|
|
178
|
-
- the validation evidence proves the requested behavior
|
|
179
|
-
- tests cover important edge cases, failure paths, and regressions
|
|
180
|
-
- skipped checks are justified and have a clear final validation point
|
|
181
|
-
- reviewer findings are resolved or routed
|
|
182
|
-
- tests are not only testing implementation details
|
|
183
|
-
- high-risk areas such as permissions, state, persistence, concurrency, data
|
|
184
|
-
deletion, and external integrations are covered when relevant
|
|
185
|
-
- the reviewer report is specific enough for final acceptance
|
|
186
|
-
|
|
187
|
-
Output artifact:
|
|
188
|
-
|
|
189
|
-
```text
|
|
190
|
-
.ai/vcm/codex-reviews/validation-adequacy-review.md
|
|
191
|
-
```
|
|
192
|
-
|
|
193
|
-
Routing:
|
|
194
|
-
|
|
195
|
-
- `approve`: project-manager may request architect docs sync or proceed toward
|
|
196
|
-
final acceptance.
|
|
197
|
-
- `request_changes`: project-manager routes back to reviewer.
|
|
198
|
-
|
|
199
|
-
## 6. Gate 3: Final Diff Review
|
|
200
|
-
|
|
201
|
-
Run after normal final acceptance evidence exists and before PR preparation or
|
|
202
|
-
task completion.
|
|
203
|
-
|
|
204
|
-
Recommended inputs:
|
|
205
|
-
|
|
206
|
-
- original user request
|
|
207
|
-
- architecture plan
|
|
208
|
-
- review report
|
|
209
|
-
- docs-sync report
|
|
210
|
-
- final acceptance draft when present
|
|
211
|
-
- full git diff against the task base branch
|
|
212
|
-
- changed file list
|
|
213
|
-
- validation summary
|
|
214
|
-
- known issues disposition
|
|
215
|
-
|
|
216
|
-
Codex should review whether:
|
|
217
|
-
|
|
218
|
-
- the final diff satisfies the user request
|
|
219
|
-
- the implementation contains correctness bugs or behavior regressions
|
|
220
|
-
- the code follows existing project conventions
|
|
221
|
-
- source and test comments contain no task-specific process notes, phase notes,
|
|
222
|
-
current-task rationale, or coder instructions
|
|
223
|
-
- tests and implementation remain aligned
|
|
224
|
-
- durable docs and generated artifacts are consistent with the diff
|
|
225
|
-
- files outside the expected scope are explained
|
|
226
|
-
- high-risk changes are approved or routed
|
|
227
|
-
- PR text can honestly summarize the change, validation, and risks
|
|
228
|
-
|
|
229
|
-
Output artifact:
|
|
230
|
-
|
|
231
|
-
```text
|
|
232
|
-
.ai/vcm/codex-reviews/final-diff-review.md
|
|
233
|
-
```
|
|
234
|
-
|
|
235
|
-
Routing:
|
|
236
|
-
|
|
237
|
-
- `approve`: project-manager may complete final acceptance and prepare the PR.
|
|
238
|
-
- `request_changes`: project-manager routes to architect for assessment.
|
|
239
|
-
Architect decides whether the issue is simple enough for Debug Mode or needs
|
|
240
|
-
the normal Replan flow.
|
|
241
|
-
|
|
242
|
-
## 7. Review Report Format
|
|
243
|
-
|
|
244
|
-
Each Codex review report must start with stable fields so VCM can reject stale
|
|
245
|
-
or malformed reports:
|
|
246
|
-
|
|
247
|
-
```md
|
|
248
|
-
Gate: <architecture-plan|validation-adequacy|final-diff>
|
|
249
|
-
Request: <request-id>
|
|
250
|
-
Decision: approve|request_changes
|
|
251
|
-
Summary: <one or two sentences>
|
|
252
|
-
|
|
253
|
-
## Findings
|
|
254
|
-
|
|
255
|
-
### <severity>: <title>
|
|
256
|
-
|
|
257
|
-
- File: <path or none>
|
|
258
|
-
- Line: <line or none>
|
|
259
|
-
- Evidence: <what Codex observed>
|
|
260
|
-
- Expected: <gate requirement that is not satisfied>
|
|
261
|
-
- Gap: <what is missing, stale, contradictory, risky, or incorrect>
|
|
262
|
-
- Risk: <why it matters>
|
|
263
|
-
|
|
264
|
-
## Residual Risks
|
|
265
|
-
|
|
266
|
-
- <risk or "None identified">
|
|
267
|
-
|
|
268
|
-
## Inputs Reviewed
|
|
269
|
-
|
|
270
|
-
- <artifact or command output summary>
|
|
271
|
-
```
|
|
272
|
-
|
|
273
|
-
Severity values:
|
|
274
|
-
|
|
275
|
-
```text
|
|
276
|
-
critical
|
|
277
|
-
high
|
|
278
|
-
medium
|
|
279
|
-
low
|
|
280
|
-
```
|
|
281
|
-
|
|
282
|
-
Decision rules:
|
|
283
|
-
|
|
284
|
-
- Any `critical` or unresolved `high` finding requires `request_changes`.
|
|
285
|
-
- `medium` findings require `request_changes` when they affect task
|
|
286
|
-
correctness, validation confidence, or maintainability.
|
|
287
|
-
- `low` findings do not prevent approval by themselves unless they reveal a
|
|
288
|
-
pattern that affects the gate.
|
|
289
|
-
|
|
290
|
-
## 8. State Model
|
|
291
|
-
|
|
292
|
-
Codex reviewer runtime files live under:
|
|
293
|
-
|
|
294
|
-
```text
|
|
295
|
-
.ai/codex/
|
|
296
|
-
```
|
|
297
|
-
|
|
298
|
-
Codex review outputs live under:
|
|
299
|
-
|
|
300
|
-
```text
|
|
301
|
-
.ai/vcm/codex-reviews/index.json
|
|
302
|
-
.ai/vcm/codex-reviews/architecture-plan-review.md
|
|
303
|
-
.ai/vcm/codex-reviews/validation-adequacy-review.md
|
|
304
|
-
.ai/vcm/codex-reviews/final-diff-review.md
|
|
305
|
-
.ai/vcm/codex-reviews/requests/<request-id>.json
|
|
306
|
-
```
|
|
307
|
-
|
|
308
|
-
VCM stores Codex Review Gate switches outside the repository in the global
|
|
309
|
-
`<vcmDataDir>/settings.json` file as one VCM-wide selected gate list. The
|
|
310
|
-
project-local `.ai/codex/config.toml` must not store gate enablement, VCM must
|
|
311
|
-
not key these switches by project or task, and VCM must not create a separate
|
|
312
|
-
Codex review settings file for them.
|
|
313
|
-
|
|
314
|
-
VCM owns `.ai/vcm/codex-reviews/index.json` as task runtime state. It mirrors
|
|
315
|
-
the global settings enablement marker, active gate, gate status, report path,
|
|
316
|
-
decision, input hash, execution error, skip / override reason, and timestamps.
|
|
317
|
-
PM reads this state through VCM turn context or the `vcm-codex-review-gate`
|
|
318
|
-
skill; PM must not infer Codex state from report files alone.
|
|
319
|
-
|
|
320
|
-
The `.ai/codex/` directory is VCM-managed runtime configuration for the fifth
|
|
321
|
-
role. It should contain:
|
|
322
|
-
|
|
323
|
-
```text
|
|
324
|
-
.ai/codex/AGENTS.md
|
|
325
|
-
.ai/codex/config.toml
|
|
326
|
-
.ai/codex/.codex/config.toml
|
|
327
|
-
.ai/codex/.codex/hooks.json
|
|
328
|
-
.ai/codex/prompts/architecture-plan-gate.md
|
|
329
|
-
.ai/codex/prompts/validation-adequacy-gate.md
|
|
330
|
-
.ai/codex/prompts/final-diff-gate.md
|
|
331
|
-
.ai/codex/schemas/codex-review-result.schema.json
|
|
332
|
-
```
|
|
333
|
-
|
|
334
|
-
`.ai/codex/AGENTS.md` is the role definition for `codex-reviewer`. It should be
|
|
335
|
-
the only durable role instruction source VCM provides to Codex for review
|
|
336
|
-
gates. VCM should not require a root-level `AGENTS.md`, and it should not
|
|
337
|
-
require `.codex/agents/vcm-codex-reviewer.toml` for the first implementation.
|
|
338
|
-
The VCM-owned template portion must be bounded by the standard managed block:
|
|
339
|
-
|
|
340
|
-
```md
|
|
341
|
-
<!-- VCM:BEGIN version=1 -->
|
|
342
|
-
...
|
|
343
|
-
<!-- VCM:END -->
|
|
344
|
-
```
|
|
345
|
-
|
|
346
|
-
The managed block should include the Codex reviewer role, evidence sources,
|
|
347
|
-
three gate-specific review criteria, finding format, and write constraints.
|
|
348
|
-
Project-local custom notes may live outside the block.
|
|
349
|
-
|
|
350
|
-
`.ai/codex/config.toml` is stable VCM-owned Codex Reviewer permission
|
|
351
|
-
configuration. It must not contain Codex Review Gate switches, default
|
|
352
|
-
`command = "codex"` boilerplate, or model / effort values that the VCM UI owns.
|
|
353
|
-
|
|
354
|
-
`.ai/codex/.codex/config.toml` and `.ai/codex/.codex/hooks.json` are the
|
|
355
|
-
Codex CLI project-level hook configuration. Because VCM starts Codex with
|
|
356
|
-
`.ai/codex` as the current Codex project, this nested `.codex` directory is
|
|
357
|
-
discovered by the interactive Codex CLI. The config enables hooks, and the
|
|
358
|
-
hooks post `UserPromptSubmit` and `Stop` events to VCM:
|
|
359
|
-
|
|
360
|
-
```text
|
|
361
|
-
POST /api/hooks/codex-reviewer
|
|
362
|
-
POST /api/hooks/codex-reviewer/stop
|
|
363
|
-
```
|
|
364
|
-
|
|
365
|
-
The hook payload records Codex's own session id, transcript path, cwd, and hook
|
|
366
|
-
event name. VCM stores those events on the `codex-reviewer` role session and in
|
|
367
|
-
the shared Round state, so a Codex review keeps the VCM flow running until the
|
|
368
|
-
Codex `Stop` event is observed and the normal settle timer completes.
|
|
369
|
-
|
|
370
|
-
VCM should start Codex from `.ai/codex` so that `.ai/codex/AGENTS.md` is
|
|
371
|
-
discovered naturally. Because the current session root is then `.ai/codex`, the
|
|
372
|
-
permission profile must add the task repository as a profile-defined workspace
|
|
373
|
-
root using a relative path:
|
|
374
|
-
|
|
375
|
-
```toml
|
|
376
|
-
[permissions.vcm_codex_reviewer.workspace_roots]
|
|
377
|
-
"../.." = true
|
|
378
|
-
|
|
379
|
-
[permissions.vcm_codex_reviewer.filesystem]
|
|
380
|
-
":minimal" = "read"
|
|
381
|
-
|
|
382
|
-
[permissions.vcm_codex_reviewer.filesystem.":workspace_roots"]
|
|
383
|
-
"." = "read"
|
|
384
|
-
".ai/codex" = "read"
|
|
385
|
-
".ai/vcm/codex-reviews" = "write"
|
|
386
|
-
"**/*.env" = "deny"
|
|
387
|
-
|
|
388
|
-
[permissions.vcm_codex_reviewer.network]
|
|
389
|
-
enabled = true
|
|
390
|
-
```
|
|
391
|
-
|
|
392
|
-
With `--cd <taskRepoRoot>/.ai/codex`, `../..` points back to
|
|
393
|
-
`<taskRepoRoot>`. Codex then applies the `:workspace_roots` rules to both the
|
|
394
|
-
runtime root and the profile-defined task repository root, allowing read access
|
|
395
|
-
to the repository while granting write access only to
|
|
396
|
-
`.ai/vcm/codex-reviews/`.
|
|
397
|
-
|
|
398
|
-
The task repository must ignore `.ai/vcm/`, because review reports and task
|
|
399
|
-
runtime state are transient. It should not ignore the whole `.ai/codex/`
|
|
400
|
-
directory if `.ai/codex/AGENTS.md`, `.ai/codex/config.toml`, prompts, or schemas
|
|
401
|
-
are intended to be durable project configuration. Ignore only transient Codex
|
|
402
|
-
runtime files inside `.ai/codex/`, such as logs or temporary materialized
|
|
403
|
-
profiles.
|
|
404
|
-
|
|
405
|
-
Shared types live in `src/shared/types/codex-review.ts`. Gate status is one of
|
|
406
|
-
`disabled`, `not_required`, `pending`, `running`, `completed`, `failed`,
|
|
407
|
-
`skipped`, or `overridden`.
|
|
408
|
-
|
|
409
|
-
## 9. Backend Shape
|
|
410
|
-
|
|
411
|
-
Implemented files:
|
|
412
|
-
|
|
413
|
-
```text
|
|
414
|
-
src/shared/types/codex-review.ts
|
|
415
|
-
src/shared/types/codex-hook.ts
|
|
416
|
-
src/backend/services/codex-review-service.ts
|
|
417
|
-
src/backend/services/codex-hook-service.ts
|
|
418
|
-
src/backend/api/codex-review-routes.ts
|
|
419
|
-
src/backend/api/codex-hook-routes.ts
|
|
420
|
-
```
|
|
421
|
-
|
|
422
|
-
Implemented API:
|
|
423
|
-
|
|
424
|
-
```text
|
|
425
|
-
GET /api/tasks/:taskSlug/codex-review
|
|
426
|
-
PUT /api/tasks/:taskSlug/codex-review/settings
|
|
427
|
-
POST /api/tasks/:taskSlug/codex-review/:gate/request
|
|
428
|
-
POST /api/tasks/:taskSlug/codex-review/:gate/retry
|
|
429
|
-
POST /api/tasks/:taskSlug/codex-review/:gate/skip
|
|
430
|
-
POST /api/tasks/:taskSlug/codex-review/:gate/override
|
|
431
|
-
GET /api/tasks/:taskSlug/codex-review/:gate/report
|
|
432
|
-
POST /api/hooks/codex-reviewer
|
|
433
|
-
POST /api/hooks/codex-reviewer/stop
|
|
434
|
-
```
|
|
435
|
-
|
|
436
|
-
Provider implementations should be swappable:
|
|
437
|
-
|
|
438
|
-
- Codex CLI review command
|
|
439
|
-
- OpenAI API reviewer model
|
|
440
|
-
- OpenAI-compatible reviewer model
|
|
441
|
-
- manual imported review result
|
|
442
|
-
|
|
443
|
-
The service should assemble gate-specific inputs, run the provider, parse the
|
|
444
|
-
decision and findings, write the Markdown report, and update `index.json`.
|
|
445
|
-
`requestReviewGate` is the API used by the PM-facing skill / helper. It returns
|
|
446
|
-
one of `disabled`, `not_required`, `already_approved`, `running`, `started`, or
|
|
447
|
-
`failed_to_start`.
|
|
448
|
-
|
|
449
|
-
When a review starts, VCM keeps the task flow running in a Codex review stage.
|
|
450
|
-
When the provider finishes, VCM emits a Codex review callback to PM with gate,
|
|
451
|
-
status, decision, report path, and any failure or exception metadata.
|
|
452
|
-
|
|
453
|
-
The Codex CLI provider uses the long-lived embedded terminal session, not
|
|
454
|
-
`codex exec`, because VCM needs Codex `UserPromptSubmit` and `Stop` hook events
|
|
455
|
-
and the user may continue discussing the review after the report is written.
|
|
456
|
-
Default local implementation shape for a fresh terminal:
|
|
457
|
-
|
|
458
|
-
```bash
|
|
459
|
-
codex \
|
|
460
|
-
--cd <taskRepoRoot>/.ai/codex \
|
|
461
|
-
--add-dir <taskRepoRoot>/.ai/vcm/codex-reviews \
|
|
462
|
-
--sandbox workspace-write \
|
|
463
|
-
--ask-for-approval never \
|
|
464
|
-
--dangerously-bypass-hook-trust \
|
|
465
|
-
--search \
|
|
466
|
-
--model <model-selected-in-VCM-UI> \
|
|
467
|
-
--config model_reasoning_effort="<effort-selected-in-VCM-UI>"
|
|
468
|
-
```
|
|
469
|
-
|
|
470
|
-
When VCM runs inside a Dev Container, Docker, Podman, Kubernetes, or Codespaces
|
|
471
|
-
environment, the container is the security boundary. VCM auto-detects that
|
|
472
|
-
environment and starts Codex Reviewer without Codex's nested filesystem sandbox
|
|
473
|
-
to avoid Linux container `bwrap` and `apply_patch` write failures.
|
|
474
|
-
`VCM_SANDBOX=devcontainer` remains an explicit override for environments that
|
|
475
|
-
cannot be auto-detected:
|
|
476
|
-
|
|
477
|
-
```bash
|
|
478
|
-
codex \
|
|
479
|
-
--cd <taskRepoRoot>/.ai/codex \
|
|
480
|
-
--dangerously-bypass-approvals-and-sandbox \
|
|
481
|
-
--dangerously-bypass-hook-trust \
|
|
482
|
-
--search \
|
|
483
|
-
--model <model-selected-in-VCM-UI> \
|
|
484
|
-
--config model_reasoning_effort="<effort-selected-in-VCM-UI>"
|
|
485
|
-
```
|
|
486
|
-
|
|
487
|
-
Use this mode only when VCM, Codex, Claude Code, and the target repository all
|
|
488
|
-
run inside the same trusted container or VM boundary.
|
|
489
|
-
|
|
490
|
-
VCM omits `--model` or `model_reasoning_effort` when the user selects
|
|
491
|
-
`Default`, letting Codex CLI use its account or CLI default. `--search` enables
|
|
492
|
-
Codex CLI's native web search tool for reviewer checks that need current
|
|
493
|
-
external context.
|
|
494
|
-
|
|
495
|
-
Starting from `.ai/codex` causes Codex to load `.ai/codex/AGENTS.md` through
|
|
496
|
-
its normal `AGENTS.md` discovery path and `.ai/codex/.codex/hooks.json` through
|
|
497
|
-
the Codex project hook path. VCM sends the gate prompt into this terminal,
|
|
498
|
-
validates the report path, request id, and decision before marking a gate
|
|
499
|
-
completed, then callbacks PM. In default local mode, `--ask-for-approval never`
|
|
500
|
-
and the VCM-owned hook trust bypass prevent Codex from pausing at permission or
|
|
501
|
-
hook trust prompts; in Dev Container mode, the Codex approval and sandbox bypass
|
|
502
|
-
does the same while relying on the container boundary. Execution failures are
|
|
503
|
-
recorded as `failed` so the user can retry, skip, or override.
|
|
504
|
-
|
|
505
|
-
## 10. UI Shape
|
|
506
|
-
|
|
507
|
-
Add a `Codex Review Gates` group to the left sidebar. It is visible for the
|
|
508
|
-
connected active task and contains three independent toggles:
|
|
509
|
-
|
|
510
|
-
- Architecture Plan
|
|
511
|
-
- Validation Adequacy
|
|
512
|
-
- Final Diff
|
|
513
|
-
|
|
514
|
-
All three toggles default to `off`. Turning on any gate writes the selected
|
|
515
|
-
global gate list to `<vcmDataDir>/settings.json`. Turning all gates off stores an
|
|
516
|
-
empty selected gate list. VCM then mirrors this global setting into the active
|
|
517
|
-
task's `.ai/vcm/codex-reviews/index.json` as runtime state for PM/tool
|
|
518
|
-
consumption.
|
|
519
|
-
|
|
520
|
-
The task workspace must not show a separate Codex Review Gates panel. The UI
|
|
521
|
-
does not expose manual `Run`, `Run Again`, `Retry`, `Skip`, or `Override`
|
|
522
|
-
buttons for gates; PM triggers reviews through the `vcm-codex-review-gate`
|
|
523
|
-
skill, and VCM handles execution failures through its managed retry / skip /
|
|
524
|
-
override path.
|
|
525
|
-
|
|
526
|
-
When at least one gate toggle is on, or when the task already has a saved Codex
|
|
527
|
-
Reviewer session, the task workspace role tabs include a fifth role, `Codex
|
|
528
|
-
Reviewer`. It uses the same embedded terminal surface as the Claude Code roles,
|
|
529
|
-
but starts Codex CLI from `.ai/codex`, uses Codex model and effort selectors,
|
|
530
|
-
and is not part of PM message routing, auto orchestration, or translation. The
|
|
531
|
-
saved launch template still stores the four Claude Code role settings; when a
|
|
532
|
-
Codex gate is enabled and no task sessions exist yet, One-click start launches
|
|
533
|
-
those four Claude Code roles plus `codex-reviewer` with the Codex Reviewer
|
|
534
|
-
defaults.
|
|
535
|
-
|
|
536
|
-
## 11. Project-Manager Rules
|
|
537
|
-
|
|
538
|
-
Project-manager must treat Codex Review Gates as external evidence.
|
|
539
|
-
|
|
540
|
-
Rules:
|
|
541
|
-
|
|
542
|
-
- Use `vcm-codex-review-gate` at each Codex gate trigger and on each VCM Codex
|
|
543
|
-
review callback.
|
|
544
|
-
- Do not route coder implementation before the architecture plan gate is
|
|
545
|
-
approved, unless the user explicitly skips the gate.
|
|
546
|
-
- Do not start final acceptance before the validation adequacy gate is approved,
|
|
547
|
-
unless an explicit exception is recorded.
|
|
548
|
-
- Do not prepare a PR before the final diff gate is approved, unless an
|
|
549
|
-
explicit exception is recorded.
|
|
550
|
-
- Route `request_changes` by gate type, not by any Codex-provided routing field:
|
|
551
|
-
architecture-plan to architect, validation-adequacy to reviewer, and
|
|
552
|
-
final-diff to architect for assessment.
|
|
553
|
-
- Do not call Codex CLI directly from PM; PM requests VCM to start review and
|
|
554
|
-
stops when VCM reports `started`.
|
|
555
|
-
- Do not let Codex findings disappear into chat history. Record the report path
|
|
556
|
-
and disposition in final acceptance.
|
|
557
|
-
- Manual overrides must include who accepted the risk and why.
|
|
558
|
-
|
|
559
|
-
## 12. Implemented MVP Scope
|
|
560
|
-
|
|
561
|
-
The first implementation is intentionally small:
|
|
562
|
-
|
|
563
|
-
1. Add `.ai/codex/AGENTS.md`, `.ai/codex/config.toml`, and
|
|
564
|
-
`.ai/codex/.codex/*` as VCM-managed Codex reviewer runtime files.
|
|
565
|
-
2. Add `vcm-codex-review-gate` as the PM-facing skill / protocol entry.
|
|
566
|
-
3. Add backend APIs to configure, request, run, retry, skip, override, list,
|
|
567
|
-
and read gate reports.
|
|
568
|
-
4. Add sidebar toggles for the three gate enablement options.
|
|
569
|
-
5. Add project-manager and final-acceptance harness rules that require checking
|
|
570
|
-
Codex gate reports for complex tasks.
|
|
571
|
-
6. Add Codex hook endpoints so the fifth role participates in VCM session and
|
|
572
|
-
Round state.
|
|
573
|
-
7. Keep gate triggering PM-driven at first.
|
|
574
|
-
8. Do not automatically route roles from Codex findings in the first version.
|
|
575
|
-
|
|
576
|
-
Later versions can add automatic PM routing, provider selection, stricter
|
|
577
|
-
provider-level read/write policies where supported by Codex CLI, and risk-based
|
|
578
|
-
gate selection.
|
|
579
|
-
|
|
580
|
-
## 13. Open Questions
|
|
581
|
-
|
|
582
|
-
- Should the first implementation support only Codex CLI, or should the
|
|
583
|
-
provider remain pluggable from the start?
|
|
584
|
-
- Should VCM enforce the gates in backend state, or should project-manager rules
|
|
585
|
-
enforce them first?
|
|
586
|
-
- What task complexity signal should decide whether all three gates are
|
|
587
|
-
required?
|
|
588
|
-
- Should final diff review run against the task branch base, connected base
|
|
589
|
-
repository `HEAD`, or an explicit PR base?
|
|
590
|
-
- How should large diffs be chunked without losing cross-file reasoning?
|
|
591
|
-
- What information must be redacted before sending inputs to a hosted model?
|
|
592
|
-
- Which `.ai/codex/config.toml` keys should VCM support in MVP, and which
|
|
593
|
-
should be rejected to avoid surprising Codex CLI behavior?
|