QuantStrategyLab · Pigbibi · May 24, 2026 · May 24, 2026
@@ -31,7 +31,7 @@ jobs:
       SELFHOSTED_CODEX_REVIEW_ENABLED: ${{ vars.SELFHOSTED_CODEX_REVIEW_ENABLED || 'true' }}
       SELFHOSTED_CODEX_REVIEW_REPOSITORY: ${{ vars.SELFHOSTED_CODEX_REVIEW_REPOSITORY || 'QuantStrategyLab/CryptoCodexAuditBridge' }}
       SELFHOSTED_CODEX_REVIEW_MODE: ${{ vars.SELFHOSTED_CODEX_REVIEW_MODE || 'review_and_fix' }}
-      SELFHOSTED_CODEX_REVIEW_PROVIDER: ${{ vars.SELFHOSTED_CODEX_REVIEW_PROVIDER || 'codex' }}
+      SELFHOSTED_CODEX_REVIEW_PROVIDER: ${{ vars.SELFHOSTED_CODEX_REVIEW_PROVIDER || 'auto' }}
       SELFHOSTED_CODEX_REVIEW_AUTO_MERGE: ${{ vars.SELFHOSTED_CODEX_REVIEW_AUTO_MERGE || 'false' }}
 
     steps:

@@ -535,9 +535,9 @@ Behavior:
 
 After the monthly report bundle is assembled, the workflow creates a GitHub Issue containing the full `ai_review_input.md` content. The automated review route dispatches `QuantStrategyLab/CryptoCodexAuditBridge`. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`:
 
-- `codex` (default): run Codex on the self-hosted VPS runner, post the audit result, and open a PR directly for safe low-risk fixes.
+- `auto` (default): run Codex first; if Codex fails and the bridge has `OPENAI_API_KEY`, post the API review fallback from the bridge. If the API fallback is not configured, fail loudly.
+- `codex`: run Codex on the self-hosted VPS runner, post the audit result, and open a PR directly for safe low-risk fixes without API fallback.
 - `openai`: run an API review inside the bridge and post a review comment only.
-- `auto`: try Codex first; if Codex fails and the bridge has `OPENAI_API_KEY`, post the API review fallback from the bridge.
 
 If the bridge dispatch itself fails, the monthly publish workflow fails loudly instead of silently skipping review.
 
@@ -553,7 +553,7 @@ Review output is posted back to the monthly issue.
 
 ### Optional Bridge API Fallback
 
-- `SELFHOSTED_CODEX_REVIEW_PROVIDER`: set to `openai` or `auto` in this source repository.
+- `SELFHOSTED_CODEX_REVIEW_PROVIDER`: defaults to `auto`; set to `codex` to disable API fallback or `openai` for API-only review.
 - `OPENAI_API_KEY`: configure in `CryptoCodexAuditBridge`, not this source repository.
 - `OPENAI_MODEL`: optional bridge repository variable, default `gpt-5.4-mini`.
 

@@ -382,9 +382,9 @@ make monthly-review-briefing
 
 月报 bundle 组装完成后，workflow 会自动创建一个 GitHub Issue，内容为完整的 `ai_review_input.md`。自动审阅路径会 dispatch `QuantStrategyLab/CryptoCodexAuditBridge`，由 bridge 统一决定 provider：
 
-- `codex`（默认）：由 self-hosted VPS runner 上已登录的 Codex CLI 读取月报 Issue、回帖审计结果，并在发现安全、低风险的问题时直接创建修复 PR。
+- `auto`（默认）：先跑 Codex；如果 Codex 失败且 bridge 配置了 `OPENAI_API_KEY`，由 bridge 回落到 OpenAI API 审阅；如果 API fallback 没配置则明确失败。
+- `codex`：只跑 Codex，不使用 API fallback。
 - `openai`：在 bridge 内运行 API 审阅，只回帖，不改代码。
-- `auto`：先跑 Codex；如果 Codex 失败且 bridge 配置了 `OPENAI_API_KEY`，由 bridge 回落到 OpenAI API 审阅。
 
 如果 bridge dispatch 本身失败，monthly publish workflow 会直接失败，而不是静默跳过审阅。
 
@@ -400,7 +400,7 @@ AI 审阅覆盖范围：
 
 ### 可选 Bridge API Fallback
 
-- `SELFHOSTED_CODEX_REVIEW_PROVIDER`：在当前 source repo 设置为 `openai` 或 `auto`。
+- `SELFHOSTED_CODEX_REVIEW_PROVIDER`：默认 `auto`；设置为 `codex` 可关闭 API fallback，设置为 `openai` 可只跑 API 审阅。
 - `OPENAI_API_KEY`：配置在 `CryptoCodexAuditBridge`，不要配置在当前 source repo。
 - `OPENAI_MODEL`：可选 bridge repo variable，默认 `gpt-5.4-mini`。
 

@@ -76,7 +76,7 @@ Boundary rules:
 
 ## Monthly Codex Remediation
 
-The monthly publish workflow creates a `monthly-review` issue, then dispatches `CryptoCodexAuditBridge` as the automated review and remediation path. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`: `codex` runs self-hosted Codex and may open focused PRs, `openai` posts an API review comment only, and `auto` falls back to OpenAI review when Codex fails and the bridge has `OPENAI_API_KEY`.
+The monthly publish workflow creates a `monthly-review` issue, then dispatches `CryptoCodexAuditBridge` as the automated review and remediation path. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`: `auto` is the default and runs self-hosted Codex first, falls back to OpenAI review when Codex fails and the bridge has `OPENAI_API_KEY`, and fails loudly when the API fallback is not configured. `codex` disables API fallback; `openai` posts an API review comment only.
 
 If the bridge dispatch fails, the monthly publish workflow fails loudly. The older source-local `ai_review.yml` workflow remains only as a manual compatibility path.
 

@@ -49,6 +49,7 @@ def test_monthly_review_issue_creation_does_not_require_gh_cli(self) -> None:
         self.assertIn("Trigger Monthly Review Automation", workflow)
         self.assertIn("CODEX_AUDIT_DISPATCH_TOKEN", workflow)
         self.assertIn("SELFHOSTED_CODEX_REVIEW_PROVIDER", workflow)
+        self.assertIn("SELFHOSTED_CODEX_REVIEW_PROVIDER || 'auto'", workflow)
         self.assertIn("REVIEW_PROVIDER", workflow)
         self.assertIn('"provider": provider', workflow)
         self.assertNotIn("ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}", workflow)