vibe-coding-master 0.3.26 → 0.3.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/README.md +33 -29
  2. package/dist/backend/api/codex-hook-routes.js +0 -7
  3. package/dist/backend/api/gate-review-routes.js +58 -0
  4. package/dist/backend/api/task-routes.js +2 -2
  5. package/dist/backend/cli/install-vcm-harness.js +15 -57
  6. package/dist/backend/server.js +6 -8
  7. package/dist/backend/services/app-settings-service.js +15 -15
  8. package/dist/backend/services/codex-hook-service.js +8 -50
  9. package/dist/backend/services/{codex-review-service.js → gate-review-service.js} +108 -108
  10. package/dist/backend/services/harness-service.js +15 -63
  11. package/dist/backend/services/session-service.js +257 -41
  12. package/dist/backend/services/task-service.js +2 -2
  13. package/dist/backend/templates/harness/claude-root.js +2 -2
  14. package/dist/backend/templates/harness/{codex-review.js → gate-review.js} +35 -278
  15. package/dist/backend/templates/harness/project-manager-agent.js +7 -7
  16. package/dist/backend/templates/harness/vcm-final-acceptance-skill.js +5 -5
  17. package/dist/shared/constants.js +8 -5
  18. package/dist/shared/types/{codex-review.js → gate-review.js} +1 -1
  19. package/dist-frontend/assets/{index-CKWy15WL.js → index-x9I-bGUt.js} +37 -37
  20. package/dist-frontend/index.html +1 -1
  21. package/docs/codex-translation-plan.md +83 -136
  22. package/docs/full-harness-baseline.md +113 -207
  23. package/docs/gate-review-gates.md +133 -0
  24. package/docs/gateway-design.md +6 -8
  25. package/docs/product-design.md +66 -38
  26. package/docs/v0.2-implementation-plan.md +4 -0
  27. package/docs/vcm-cc-best-practices.md +36 -33
  28. package/package.json +1 -1
  29. package/scripts/verify-package.mjs +4 -4
  30. package/dist/backend/api/codex-review-routes.js +0 -58
  31. package/docs/codex-review-gates.md +0 -593
@@ -1,593 +0,0 @@
1
- # Codex Review Gates
2
-
3
- Last updated: 2026-06-14
4
-
5
- This document defines the Codex Review Gates feature for VCM.
6
-
7
- The goal is to add an independent cross-model review layer to complex VCM
8
- tasks. VCM keeps the four Claude Code execution roles and adds a fifth role,
9
- `codex-reviewer`, for external review. Claude Code remains the primary role
10
- execution engine, while Codex reviews key artifacts at three gates where
11
- mistakes are expensive if found late:
12
-
13
- 1. Architecture plan review before coder implementation.
14
- 2. Validation adequacy review after reviewer output.
15
- 3. Final diff review before final acceptance and PR preparation.
16
-
17
- ## 1. Product Goal
18
-
19
- Complex tasks should not rely on a single model family or a single role chain.
20
- VCM already separates work into project-manager, architect, coder, and reviewer
21
- roles, but those roles can still share blind spots. Codex Review Gates add
22
- `codex-reviewer` as a fifth role that is outside the normal Claude Code role
23
- loop.
24
-
25
- Codex is not the task owner. It does not implement code, rewrite plans, replace
26
- the VCM reviewer, assign ownership, or decide whether user intervention is
27
- required. It only reviews the specified gate evidence and reports whether that
28
- gate can pass.
29
-
30
- The product outcome is higher task accuracy through earlier detection of:
31
-
32
- - misunderstood requirements
33
- - flawed architecture plans
34
- - unverifiable implementation plans
35
- - inadequate tests
36
- - missed edge cases
37
- - hidden regressions in the final diff
38
- - unexplained or high-risk file changes
39
-
40
- ## 2. Non-Goals
41
-
42
- The first version should not:
43
-
44
- - require every task to start Codex Reviewer manually
45
- - let Codex edit repository files directly
46
- - automatically accept, reject, route, or replan a task
47
- - replace human approval for high-risk decisions
48
- - require every small task to run all three gates
49
- - halt all workflows when Codex is unavailable
50
- - send repository secrets or unrelated local state to a hosted model
51
-
52
- ## 3. Gate Summary
53
-
54
- ```text
55
- project-manager
56
- -> architect architecture plan
57
- -> Codex Gate 1: Architecture Plan Review
58
- -> coder implementation
59
- -> reviewer independent validation
60
- -> Codex Gate 2: Validation Adequacy Review
61
- -> architect docs sync
62
- -> project-manager final acceptance
63
- -> Codex Gate 3: Final Diff Review
64
- -> PR preparation
65
- ```
66
-
67
- Each gate returns exactly one decision:
68
-
69
- ```text
70
- approve
71
- request_changes
72
- ```
73
-
74
- - `approve`: the current evidence is good enough to continue.
75
- - `request_changes`: one or more findings mean the gate should not pass yet.
76
-
77
- PM owns routing after `request_changes`. Architecture plan findings go back to
78
- architect. Validation adequacy findings go back to reviewer. Final diff
79
- findings go to architect first for assessment; architect may resolve simple
80
- debug issues directly or route complex issues through Replan.
81
-
82
- Gate triggering is PM-driven through the `vcm-codex-review-gate` skill. PM uses
83
- the skill at the three gate trigger points. The skill checks VCM-provided Codex
84
- review state and asks VCM to start a review when the gate is enabled, required,
85
- and not already approved for the current input.
86
-
87
- VCM owns execution. When review starts, the VCM flow remains running and enters
88
- a Codex review stage. VCM ensures the long-lived `codex-reviewer` embedded
89
- terminal session is running, sends the gate prompt into that session, records
90
- state, validates the report shape, and calls PM back when review finishes. PM
91
- then reads the report and continues or routes by gate type. The same Codex
92
- Reviewer terminal remains available after the gate so the user or PM can
93
- continue discussing, challenging, or confirming the review result in context.
94
- Codex execution failure is VCM/tool failure, not `request_changes`; VCM offers
95
- retry, skip, or override and records the chosen exception state.
96
-
97
- ```text
98
- PM reaches gate trigger
99
- -> PM uses vcm-codex-review-gate
100
- -> skill checks VCM Codex gate state
101
- -> skill requests VCM start review
102
- -> VCM state = codex-review:running
103
- -> VCM sends gate prompt to Codex Reviewer terminal
104
- -> Codex Reviewer writes report
105
- -> VCM records completed / failed / skipped / overridden
106
- -> VCM emits Codex review callback to PM
107
- -> PM reads report and continues or routes
108
- ```
109
-
110
- ## 4. Gate 1: Architecture Plan Review
111
-
112
- Run after architect produces the architecture plan and before coder begins
113
- implementation.
114
-
115
- Primary artifact:
116
-
117
- ```text
118
- .ai/vcm/handoffs/architecture-plan.md
119
- ```
120
-
121
- Recommended inputs:
122
-
123
- - original user request
124
- - project-manager route message or durable task plan when present
125
- - architecture plan
126
- - Scaffold Manifest and any architect-created scaffold diff
127
- - relevant durable architecture docs
128
- - `docs/TESTING.md` when the plan depends on validation strategy
129
- - changed file list when architect created scaffolding
130
-
131
- Codex should review whether:
132
-
133
- - the plan matches the user request
134
- - the architecture boundaries are clear and compatible with the existing repo
135
- - file responsibilities and public contracts are specific enough for coder
136
- - the Scaffold Manifest carries task-specific context and coder guidance instead
137
- of putting that information in source-code comments
138
- - the plan avoids unnecessary scope expansion
139
- - risks, dependencies, migrations, permissions, data, and error paths are named
140
- - acceptance and validation evidence can be produced
141
- - the plan leaves no critical decisions for coder to guess
142
-
143
- Output artifact:
144
-
145
- ```text
146
- .ai/vcm/codex-reviews/architecture-plan-review.md
147
- ```
148
-
149
- Routing:
150
-
151
- - `approve`: project-manager may route to coder.
152
- - `request_changes`: project-manager routes back to architect.
153
-
154
- ## 5. Gate 2: Validation Adequacy Review
155
-
156
- Run after reviewer produces the review report and before docs sync or final
157
- acceptance.
158
-
159
- Primary artifact:
160
-
161
- ```text
162
- .ai/vcm/handoffs/review-report.md
163
- ```
164
-
165
- Recommended inputs:
166
-
167
- - original user request
168
- - architecture plan
169
- - changed file list
170
- - implementation diff summary
171
- - reviewer report
172
- - validation commands and results
173
- - tests added or changed
174
- - known issues
175
-
176
- Codex should review whether:
177
-
178
- - the validation evidence proves the requested behavior
179
- - tests cover important edge cases, failure paths, and regressions
180
- - skipped checks are justified and have a clear final validation point
181
- - reviewer findings are resolved or routed
182
- - tests are not only testing implementation details
183
- - high-risk areas such as permissions, state, persistence, concurrency, data
184
- deletion, and external integrations are covered when relevant
185
- - the reviewer report is specific enough for final acceptance
186
-
187
- Output artifact:
188
-
189
- ```text
190
- .ai/vcm/codex-reviews/validation-adequacy-review.md
191
- ```
192
-
193
- Routing:
194
-
195
- - `approve`: project-manager may request architect docs sync or proceed toward
196
- final acceptance.
197
- - `request_changes`: project-manager routes back to reviewer.
198
-
199
- ## 6. Gate 3: Final Diff Review
200
-
201
- Run after normal final acceptance evidence exists and before PR preparation or
202
- task completion.
203
-
204
- Recommended inputs:
205
-
206
- - original user request
207
- - architecture plan
208
- - review report
209
- - docs-sync report
210
- - final acceptance draft when present
211
- - full git diff against the task base branch
212
- - changed file list
213
- - validation summary
214
- - known issues disposition
215
-
216
- Codex should review whether:
217
-
218
- - the final diff satisfies the user request
219
- - the implementation contains correctness bugs or behavior regressions
220
- - the code follows existing project conventions
221
- - source and test comments contain no task-specific process notes, phase notes,
222
- current-task rationale, or coder instructions
223
- - tests and implementation remain aligned
224
- - durable docs and generated artifacts are consistent with the diff
225
- - files outside the expected scope are explained
226
- - high-risk changes are approved or routed
227
- - PR text can honestly summarize the change, validation, and risks
228
-
229
- Output artifact:
230
-
231
- ```text
232
- .ai/vcm/codex-reviews/final-diff-review.md
233
- ```
234
-
235
- Routing:
236
-
237
- - `approve`: project-manager may complete final acceptance and prepare the PR.
238
- - `request_changes`: project-manager routes to architect for assessment.
239
- Architect decides whether the issue is simple enough for Debug Mode or needs
240
- the normal Replan flow.
241
-
242
- ## 7. Review Report Format
243
-
244
- Each Codex review report must start with stable fields so VCM can reject stale
245
- or malformed reports:
246
-
247
- ```md
248
- Gate: <architecture-plan|validation-adequacy|final-diff>
249
- Request: <request-id>
250
- Decision: approve|request_changes
251
- Summary: <one or two sentences>
252
-
253
- ## Findings
254
-
255
- ### <severity>: <title>
256
-
257
- - File: <path or none>
258
- - Line: <line or none>
259
- - Evidence: <what Codex observed>
260
- - Expected: <gate requirement that is not satisfied>
261
- - Gap: <what is missing, stale, contradictory, risky, or incorrect>
262
- - Risk: <why it matters>
263
-
264
- ## Residual Risks
265
-
266
- - <risk or "None identified">
267
-
268
- ## Inputs Reviewed
269
-
270
- - <artifact or command output summary>
271
- ```
272
-
273
- Severity values:
274
-
275
- ```text
276
- critical
277
- high
278
- medium
279
- low
280
- ```
281
-
282
- Decision rules:
283
-
284
- - Any `critical` or unresolved `high` finding requires `request_changes`.
285
- - `medium` findings require `request_changes` when they affect task
286
- correctness, validation confidence, or maintainability.
287
- - `low` findings do not prevent approval by themselves unless they reveal a
288
- pattern that affects the gate.
289
-
290
- ## 8. State Model
291
-
292
- Codex reviewer runtime files live under:
293
-
294
- ```text
295
- .ai/codex/
296
- ```
297
-
298
- Codex review outputs live under:
299
-
300
- ```text
301
- .ai/vcm/codex-reviews/index.json
302
- .ai/vcm/codex-reviews/architecture-plan-review.md
303
- .ai/vcm/codex-reviews/validation-adequacy-review.md
304
- .ai/vcm/codex-reviews/final-diff-review.md
305
- .ai/vcm/codex-reviews/requests/<request-id>.json
306
- ```
307
-
308
- VCM stores Codex Review Gate switches outside the repository in the global
309
- `<vcmDataDir>/settings.json` file as one VCM-wide selected gate list. The
310
- project-local `.ai/codex/config.toml` must not store gate enablement, VCM must
311
- not key these switches by project or task, and VCM must not create a separate
312
- Codex review settings file for them.
313
-
314
- VCM owns `.ai/vcm/codex-reviews/index.json` as task runtime state. It mirrors
315
- the global settings enablement marker, active gate, gate status, report path,
316
- decision, input hash, execution error, skip / override reason, and timestamps.
317
- PM reads this state through VCM turn context or the `vcm-codex-review-gate`
318
- skill; PM must not infer Codex state from report files alone.
319
-
320
- The `.ai/codex/` directory is VCM-managed runtime configuration for the fifth
321
- role. It should contain:
322
-
323
- ```text
324
- .ai/codex/AGENTS.md
325
- .ai/codex/config.toml
326
- .ai/codex/.codex/config.toml
327
- .ai/codex/.codex/hooks.json
328
- .ai/codex/prompts/architecture-plan-gate.md
329
- .ai/codex/prompts/validation-adequacy-gate.md
330
- .ai/codex/prompts/final-diff-gate.md
331
- .ai/codex/schemas/codex-review-result.schema.json
332
- ```
333
-
334
- `.ai/codex/AGENTS.md` is the role definition for `codex-reviewer`. It should be
335
- the only durable role instruction source VCM provides to Codex for review
336
- gates. VCM should not require a root-level `AGENTS.md`, and it should not
337
- require `.codex/agents/vcm-codex-reviewer.toml` for the first implementation.
338
- The VCM-owned template portion must be bounded by the standard managed block:
339
-
340
- ```md
341
- <!-- VCM:BEGIN version=1 -->
342
- ...
343
- <!-- VCM:END -->
344
- ```
345
-
346
- The managed block should include the Codex reviewer role, evidence sources,
347
- three gate-specific review criteria, finding format, and write constraints.
348
- Project-local custom notes may live outside the block.
349
-
350
- `.ai/codex/config.toml` is stable VCM-owned Codex Reviewer permission
351
- configuration. It must not contain Codex Review Gate switches, default
352
- `command = "codex"` boilerplate, or model / effort values that the VCM UI owns.
353
-
354
- `.ai/codex/.codex/config.toml` and `.ai/codex/.codex/hooks.json` are the
355
- Codex CLI project-level hook configuration. Because VCM starts Codex with
356
- `.ai/codex` as the current Codex project, this nested `.codex` directory is
357
- discovered by the interactive Codex CLI. The config enables hooks, and the
358
- hooks post `UserPromptSubmit` and `Stop` events to VCM:
359
-
360
- ```text
361
- POST /api/hooks/codex-reviewer
362
- POST /api/hooks/codex-reviewer/stop
363
- ```
364
-
365
- The hook payload records Codex's own session id, transcript path, cwd, and hook
366
- event name. VCM stores those events on the `codex-reviewer` role session and in
367
- the shared Round state, so a Codex review keeps the VCM flow running until the
368
- Codex `Stop` event is observed and the normal settle timer completes.
369
-
370
- VCM should start Codex from `.ai/codex` so that `.ai/codex/AGENTS.md` is
371
- discovered naturally. Because the current session root is then `.ai/codex`, the
372
- permission profile must add the task repository as a profile-defined workspace
373
- root using a relative path:
374
-
375
- ```toml
376
- [permissions.vcm_codex_reviewer.workspace_roots]
377
- "../.." = true
378
-
379
- [permissions.vcm_codex_reviewer.filesystem]
380
- ":minimal" = "read"
381
-
382
- [permissions.vcm_codex_reviewer.filesystem.":workspace_roots"]
383
- "." = "read"
384
- ".ai/codex" = "read"
385
- ".ai/vcm/codex-reviews" = "write"
386
- "**/*.env" = "deny"
387
-
388
- [permissions.vcm_codex_reviewer.network]
389
- enabled = true
390
- ```
391
-
392
- With `--cd <taskRepoRoot>/.ai/codex`, `../..` points back to
393
- `<taskRepoRoot>`. Codex then applies the `:workspace_roots` rules to both the
394
- runtime root and the profile-defined task repository root, allowing read access
395
- to the repository while granting write access only to
396
- `.ai/vcm/codex-reviews/`.
397
-
398
- The task repository must ignore `.ai/vcm/`, because review reports and task
399
- runtime state are transient. It should not ignore the whole `.ai/codex/`
400
- directory if `.ai/codex/AGENTS.md`, `.ai/codex/config.toml`, prompts, or schemas
401
- are intended to be durable project configuration. Ignore only transient Codex
402
- runtime files inside `.ai/codex/`, such as logs or temporary materialized
403
- profiles.
404
-
405
- Shared types live in `src/shared/types/codex-review.ts`. Gate status is one of
406
- `disabled`, `not_required`, `pending`, `running`, `completed`, `failed`,
407
- `skipped`, or `overridden`.
408
-
409
- ## 9. Backend Shape
410
-
411
- Implemented files:
412
-
413
- ```text
414
- src/shared/types/codex-review.ts
415
- src/shared/types/codex-hook.ts
416
- src/backend/services/codex-review-service.ts
417
- src/backend/services/codex-hook-service.ts
418
- src/backend/api/codex-review-routes.ts
419
- src/backend/api/codex-hook-routes.ts
420
- ```
421
-
422
- Implemented API:
423
-
424
- ```text
425
- GET /api/tasks/:taskSlug/codex-review
426
- PUT /api/tasks/:taskSlug/codex-review/settings
427
- POST /api/tasks/:taskSlug/codex-review/:gate/request
428
- POST /api/tasks/:taskSlug/codex-review/:gate/retry
429
- POST /api/tasks/:taskSlug/codex-review/:gate/skip
430
- POST /api/tasks/:taskSlug/codex-review/:gate/override
431
- GET /api/tasks/:taskSlug/codex-review/:gate/report
432
- POST /api/hooks/codex-reviewer
433
- POST /api/hooks/codex-reviewer/stop
434
- ```
435
-
436
- Provider implementations should be swappable:
437
-
438
- - Codex CLI review command
439
- - OpenAI API reviewer model
440
- - OpenAI-compatible reviewer model
441
- - manual imported review result
442
-
443
- The service should assemble gate-specific inputs, run the provider, parse the
444
- decision and findings, write the Markdown report, and update `index.json`.
445
- `requestReviewGate` is the API used by the PM-facing skill / helper. It returns
446
- one of `disabled`, `not_required`, `already_approved`, `running`, `started`, or
447
- `failed_to_start`.
448
-
449
- When a review starts, VCM keeps the task flow running in a Codex review stage.
450
- When the provider finishes, VCM emits a Codex review callback to PM with gate,
451
- status, decision, report path, and any failure or exception metadata.
452
-
453
- The Codex CLI provider uses the long-lived embedded terminal session, not
454
- `codex exec`, because VCM needs Codex `UserPromptSubmit` and `Stop` hook events
455
- and the user may continue discussing the review after the report is written.
456
- Default local implementation shape for a fresh terminal:
457
-
458
- ```bash
459
- codex \
460
- --cd <taskRepoRoot>/.ai/codex \
461
- --add-dir <taskRepoRoot>/.ai/vcm/codex-reviews \
462
- --sandbox workspace-write \
463
- --ask-for-approval never \
464
- --dangerously-bypass-hook-trust \
465
- --search \
466
- --model <model-selected-in-VCM-UI> \
467
- --config model_reasoning_effort="<effort-selected-in-VCM-UI>"
468
- ```
469
-
470
- When VCM runs inside a Dev Container, Docker, Podman, Kubernetes, or Codespaces
471
- environment, the container is the security boundary. VCM auto-detects that
472
- environment and starts Codex Reviewer without Codex's nested filesystem sandbox
473
- to avoid Linux container `bwrap` and `apply_patch` write failures.
474
- `VCM_SANDBOX=devcontainer` remains an explicit override for environments that
475
- cannot be auto-detected:
476
-
477
- ```bash
478
- codex \
479
- --cd <taskRepoRoot>/.ai/codex \
480
- --dangerously-bypass-approvals-and-sandbox \
481
- --dangerously-bypass-hook-trust \
482
- --search \
483
- --model <model-selected-in-VCM-UI> \
484
- --config model_reasoning_effort="<effort-selected-in-VCM-UI>"
485
- ```
486
-
487
- Use this mode only when VCM, Codex, Claude Code, and the target repository all
488
- run inside the same trusted container or VM boundary.
489
-
490
- VCM omits `--model` or `model_reasoning_effort` when the user selects
491
- `Default`, letting Codex CLI use its account or CLI default. `--search` enables
492
- Codex CLI's native web search tool for reviewer checks that need current
493
- external context.
494
-
495
- Starting from `.ai/codex` causes Codex to load `.ai/codex/AGENTS.md` through
496
- its normal `AGENTS.md` discovery path and `.ai/codex/.codex/hooks.json` through
497
- the Codex project hook path. VCM sends the gate prompt into this terminal,
498
- validates the report path, request id, and decision before marking a gate
499
- completed, then callbacks PM. In default local mode, `--ask-for-approval never`
500
- and the VCM-owned hook trust bypass prevent Codex from pausing at permission or
501
- hook trust prompts; in Dev Container mode, the Codex approval and sandbox bypass
502
- does the same while relying on the container boundary. Execution failures are
503
- recorded as `failed` so the user can retry, skip, or override.
504
-
505
- ## 10. UI Shape
506
-
507
- Add a `Codex Review Gates` group to the left sidebar. It is visible for the
508
- connected active task and contains three independent toggles:
509
-
510
- - Architecture Plan
511
- - Validation Adequacy
512
- - Final Diff
513
-
514
- All three toggles default to `off`. Turning on any gate writes the selected
515
- global gate list to `<vcmDataDir>/settings.json`. Turning all gates off stores an
516
- empty selected gate list. VCM then mirrors this global setting into the active
517
- task's `.ai/vcm/codex-reviews/index.json` as runtime state for PM/tool
518
- consumption.
519
-
520
- The task workspace must not show a separate Codex Review Gates panel. The UI
521
- does not expose manual `Run`, `Run Again`, `Retry`, `Skip`, or `Override`
522
- buttons for gates; PM triggers reviews through the `vcm-codex-review-gate`
523
- skill, and VCM handles execution failures through its managed retry / skip /
524
- override path.
525
-
526
- When at least one gate toggle is on, or when the task already has a saved Codex
527
- Reviewer session, the task workspace role tabs include a fifth role, `Codex
528
- Reviewer`. It uses the same embedded terminal surface as the Claude Code roles,
529
- but starts Codex CLI from `.ai/codex`, uses Codex model and effort selectors,
530
- and is not part of PM message routing, auto orchestration, or translation. The
531
- saved launch template still stores the four Claude Code role settings; when a
532
- Codex gate is enabled and no task sessions exist yet, One-click start launches
533
- those four Claude Code roles plus `codex-reviewer` with the Codex Reviewer
534
- defaults.
535
-
536
- ## 11. Project-Manager Rules
537
-
538
- Project-manager must treat Codex Review Gates as external evidence.
539
-
540
- Rules:
541
-
542
- - Use `vcm-codex-review-gate` at each Codex gate trigger and on each VCM Codex
543
- review callback.
544
- - Do not route coder implementation before the architecture plan gate is
545
- approved, unless the user explicitly skips the gate.
546
- - Do not start final acceptance before the validation adequacy gate is approved,
547
- unless an explicit exception is recorded.
548
- - Do not prepare a PR before the final diff gate is approved, unless an
549
- explicit exception is recorded.
550
- - Route `request_changes` by gate type, not by any Codex-provided routing field:
551
- architecture-plan to architect, validation-adequacy to reviewer, and
552
- final-diff to architect for assessment.
553
- - Do not call Codex CLI directly from PM; PM requests VCM to start review and
554
- stops when VCM reports `started`.
555
- - Do not let Codex findings disappear into chat history. Record the report path
556
- and disposition in final acceptance.
557
- - Manual overrides must include who accepted the risk and why.
558
-
559
- ## 12. Implemented MVP Scope
560
-
561
- The first implementation is intentionally small:
562
-
563
- 1. Add `.ai/codex/AGENTS.md`, `.ai/codex/config.toml`, and
564
- `.ai/codex/.codex/*` as VCM-managed Codex reviewer runtime files.
565
- 2. Add `vcm-codex-review-gate` as the PM-facing skill / protocol entry.
566
- 3. Add backend APIs to configure, request, run, retry, skip, override, list,
567
- and read gate reports.
568
- 4. Add sidebar toggles for the three gate enablement options.
569
- 5. Add project-manager and final-acceptance harness rules that require checking
570
- Codex gate reports for complex tasks.
571
- 6. Add Codex hook endpoints so the fifth role participates in VCM session and
572
- Round state.
573
- 7. Keep gate triggering PM-driven at first.
574
- 8. Do not automatically route roles from Codex findings in the first version.
575
-
576
- Later versions can add automatic PM routing, provider selection, stricter
577
- provider-level read/write policies where supported by Codex CLI, and risk-based
578
- gate selection.
579
-
580
- ## 13. Open Questions
581
-
582
- - Should the first implementation support only Codex CLI, or should the
583
- provider remain pluggable from the start?
584
- - Should VCM enforce the gates in backend state, or should project-manager rules
585
- enforce them first?
586
- - What task complexity signal should decide whether all three gates are
587
- required?
588
- - Should final diff review run against the task branch base, connected base
589
- repository `HEAD`, or an explicit PR base?
590
- - How should large diffs be chunked without losing cross-file reasoning?
591
- - What information must be redacted before sending inputs to a hosted model?
592
- - Which `.ai/codex/config.toml` keys should VCM support in MVP, and which
593
- should be rejected to avoid surprising Codex CLI behavior?