Skip to content

feat(ce-doc-review): add cross-model judgment pass#1092

Open
tmchow wants to merge 3 commits into
mainfrom
tmchow/adversarial-review-doc-review
Open

feat(ce-doc-review): add cross-model judgment pass#1092
tmchow wants to merge 3 commits into
mainfrom
tmchow/adversarial-review-doc-review

Conversation

@tmchow

@tmchow tmchow commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

What

Ports ce-code-review's cross-model adversarial pass to ce-doc-review. Whichever of the conditional judgment trioadversarial-document-reviewer, product-lens-reviewer, security-lens-reviewer — activates for a document also runs on a different model family (Codex↔Claude) in a separate read-only process, folding in as <reviewer-name>-<peer> where agreement with its in-process twin promotes the finding (synthesis 3.4).

Why

ce-doc-review's judgment lenses run single-model, so their blind spots are the host model's. ce-code-review already closes this for its adversarial lens; running the same review through another model manually on documents reliably surfaces issues the single-model pass misses. ce-doc-review differs in one way that shapes the port — its high-value judgment is spread across several lenses, not concentrated in one — so a faithful adversarial-only mirror would leave most of the upside unclaimed.

Key decisions

  • Trio, not adversarial-only — the three lenses whose output diverges most across model families. Convergent lenses (coherence, scope-guardian) gain little from a second opinion.
  • feasibility excluded — it's judgment-heavy but always-on; including it would spawn a peer on every review. Excluding it keeps the pass conditional and targeted.
  • Per-lens peer tieringsecurity-lens is knowledge-bound → flagship model (gpt-5.6-sol / opus); adversarial + product-lens are reasoning-bound → mid model at high reasoning (gpt-5.6-terra / sonnet). Concrete IDs are a documented maintenance point, not the contract.
  • Non-blocking, both modes — a missing/unauthed peer or a timeout skips silently; the review completes exactly as single-model. Runs interactive and headless.

Security

The peer prompt embeds full document content and sends it to a third-party provider (a wider egress than a diff-only review). Mitigations: the peer runs strictly read-only (codex -s read-only; claude dontAsk with mutators/MCP/subagents denied), so impact is bounded to disclosure not repo mutation; the script emits a one-line stderr audit log of each send so the egress is auditable even in headless mode.

The bundled script derives the persona-brief filename from the allowlisted reviewer-name rather than accepting it as an argument — closing a path-traversal→arbitrary-file-egress vector an independent code review surfaced. This simplified the script signature from the plan's stated 7 args to 6 (<peer> <reviewer-name> <document-path> <document-type> <origin> <run-dir>); the plan body was left as its point-in-time decision record.

Validation

  • bun test → 1909 pass / 0 fail; bun run release:validate → in sync (29 skills, no count drift).
  • Script deterministic paths verified without any live model call: all skip paths exit 0 with no output file (invalid peer, empty/non-trio reviewer-name, unreadable document, absent peer CLI, and a ../-bearing value now hitting the allowlist); KTD5 normalization confirmed via jq fixtures (reviewer rewrite to <reviewer-name>-<peer>, soft-array backfill, non-array-findings drop, contract predicate).
  • Behavioral wiring (activation gate, both modes, per-lens dispatch, fold-in + promotion) is validated by the authored skill-creator eval spec (references/cross-model-eval.md); running it is the deferred interactive step, since bun test does not exercise SKILL.md/reference prose (per AGENTS.md "Validating Agent and Skill Changes").

Built via the compound-engineering pipeline (brainstorm → plan → work → simplify → review → ship).

tmchow added 2 commits July 9, 2026 19:21
Run the conditional judgment trio (adversarial, product-lens, security-lens)
through a different model family in a read-only process, folding each in as
<reviewer-name>-<peer> so agreement with its in-process twin promotes the
finding (synthesis 3.4). Mirrors ce-code-review's cross-model design, adapted
for documents: content is embedded (no diff/base-ref), the peer is tiered per
lens (security-lens -> flagship/medium; adversarial/product-lens -> mid/high),
and the pass is non-blocking and runs in both interactive and headless modes.

feasibility and the convergent lenses (coherence, scope-guardian) stay
single-model so the pass only fires on documents that activate a conditional
judgment lens.

The bundled script derives the persona-brief filename from the allowlisted
reviewer-name rather than accepting it as an argument, so no caller value
reaches the brief-read path (closes a path-traversal -> third-party-egress
vector). It embeds full document content into the peer prompt and emits a
one-line stderr audit log of the cross-model send so the egress is auditable
even in headless mode.
Add the cross-model judgment-pass section and FAQ to the skill doc page, and
land the implementation-ready unified plan the feature was built from.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7072049f8e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread skills/ce-doc-review/scripts/cross-model-doc-review.sh
The cross-model peer prompt composed only the persona brief plus a hand-built
<review-context>, omitting the <context-slots-rules> block the in-process
reviewer receives from subagent-template.md. On unified-* artifacts the trio
personas (which only define adaptation for bare requirements/plan) would skip
their adaptation entirely, and the peer could not interpret non-path Origin
values (product_contract_source:<v>). Extract the canonical block at runtime
(single source of truth) and fold it into the peer prompt.

Addresses PR review feedback (#1092)

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c5b8452c7e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

run_codex() {
local prev; case "$-" in *m*) prev=1;; *) prev=0;; esac
set -m
command codex exec - -C "$RUN_DIR" -s read-only -o "$OUT" -m "$CODEX_MODEL" \

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Run the Codex peer from the repo workspace

When the peer is codex on Claude/Cursor hosts, this sets Codex's workspace root to the scratch run dir. The reference tells callers to pass a /tmp/compound-engineering/... run dir, while the Codex CLI reference documents --cd/-C as setting the workspace root and --skip-git-repo-check as the flag that allows running outside a Git repository; with no skip flag, codex exec exits before reviewing in the common /tmp case (or lacks repo context if that check is disabled), so the cross-model pass silently produces no findings. Use the reviewed repo/document root for -C and keep only the output path in the run dir, or explicitly opt into non-repo execution while still granting the repo as context.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant