You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(#2096): add two-pass review strategy for large PRs
For PRs with 30+ files, the review orchestrator now runs a
lightweight security-triage pre-pass before dispatching dimension
sub-agents. The triage pass uses a haiku-model sub-agent to classify
changed files as security-critical or standard based on path
patterns (e.g., **/mint/**, **/auth/**, **/oidc/**) and diff content
heuristics (auth logic, token handling, permission changes).
Security-critical files identified by the triage pass receive
prioritized context in the security and correctness sub-agent
context packages — their full diffs appear first with explicit
classification headers, ensuring they get dedicated reasoning budget
rather than competing with boilerplate changes.
Changes:
- New sub-agent definition: sub-agents/security-triage.md (haiku
model, read-only classifier)
- New orchestrator step 3c-1 in SKILL.md: security-critical file
triage, runs synchronously before context package assembly
- Updated step 3d in SKILL.md: security-prioritized context package
assembly for security and correctness sub-agents when triage
results are available
- Updated sub-agent roster table with security-triage entry
The 30-file threshold is a starting point that may need tuning.
Triage failures fall back to uniform attention (all files treated as
security-critical) to preserve existing behavior as a safe default.
Closes#2096
0 commit comments