From 19fd052754fb77623de7d697f11f6c41faec3a80 Mon Sep 17 00:00:00 2001
From: Pigbibi <20649888+Pigbibi@users.noreply.github.com>
Date: Sun, 24 May 2026 17:13:01 +0800
Subject: [PATCH] docs: document dual API review fallback

---
 .github/workflows/monthly_publish.yml         | 2 +-
 README.md                                     | 9 +++++++--
 README.zh-CN.md                               | 9 +++++++--
 docs/operator_runbook.md                      | 2 +-
 tests/test_monthly_publish_workflow_config.py | 3 +++
 5 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/monthly_publish.yml b/.github/workflows/monthly_publish.yml
index 14b6c6a..22abc02 100644
--- a/.github/workflows/monthly_publish.yml
+++ b/.github/workflows/monthly_publish.yml
@@ -254,7 +254,7 @@ jobs:
               if mode not in {"review_only", "review_and_fix"}:
                   raise RuntimeError(f"Unsupported Codex review mode: {mode}")
               provider = os.environ["REVIEW_PROVIDER"].strip() or "codex"
-              if provider not in {"codex", "openai", "auto"}:
+              if provider not in {"api", "anthropic", "codex", "openai", "auto"}:
                   raise RuntimeError(f"Unsupported Codex review provider: {provider}")
               payload = {
                   "ref": "main",
diff --git a/README.md b/README.md
index 225d29d..abb943a 100644
--- a/README.md
+++ b/README.md
@@ -534,9 +534,11 @@ Behavior:
 
 After the monthly report bundle is assembled, the workflow creates a GitHub Issue containing the full `ai_review_input.md` content. The automated review route dispatches `QuantStrategyLab/CryptoCodexAuditBridge`. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`:
 
-- `auto` (default): run the self-hosted Codex path first; if Codex setup or execution fails and the bridge has `OPENAI_API_KEY`, post the API review fallback from the bridge. If the API fallback is not configured, fail loudly.
+- `auto` (default): run the self-hosted Codex path first; if Codex setup or execution fails, post the configured API fallback review from the bridge. Configure both `OPENAI_API_KEY` and `ANTHROPIC_API_KEY` in the bridge for dual-AI fallback. If no API fallback key is configured, fail loudly.
 - `codex`: run Codex on the self-hosted VPS runner, post the audit result, and open a PR directly for safe low-risk fixes without API fallback.
+- `api`: run the configured API fallback reviewers inside the bridge and post a combined review comment only.
 - `openai`: run an API review inside the bridge and post a review comment only.
+- `anthropic`: run a Claude API review inside the bridge and post a review comment only.
 
 If the bridge dispatch itself fails, the monthly publish workflow fails loudly instead of silently skipping review.
 
@@ -552,9 +554,11 @@ Review output is posted back to the monthly issue.
 
 ### Optional Bridge API Fallback
 
-- `SELFHOSTED_CODEX_REVIEW_PROVIDER`: defaults to `auto`; set to `codex` to disable API fallback or `openai` for API-only review.
+- `SELFHOSTED_CODEX_REVIEW_PROVIDER`: defaults to `auto`; set to `codex` to disable API fallback, `api` for configured API reviewers, or `openai` / `anthropic` for a single API reviewer.
 - `OPENAI_API_KEY`: configure in `CryptoCodexAuditBridge`, not this source repository.
+- `ANTHROPIC_API_KEY`: configure in `CryptoCodexAuditBridge`, not this source repository.
 - `OPENAI_MODEL`: optional bridge repository variable, default `gpt-5.4-mini`.
+- `ANTHROPIC_MODEL`: optional bridge repository variable, default `claude-sonnet-4-6`.
 
 The default production configuration does not need model API secrets because it uses Codex through `CryptoCodexAuditBridge`.
 
@@ -563,6 +567,7 @@ Setup:
 ```bash
 gh variable set SELFHOSTED_CODEX_REVIEW_PROVIDER --body auto
 gh secret set OPENAI_API_KEY --repo QuantStrategyLab/CryptoCodexAuditBridge --body "sk-..."
+gh secret set ANTHROPIC_API_KEY --repo QuantStrategyLab/CryptoCodexAuditBridge --body "sk-ant-..."
 ```
 
 Source-local legacy AI review workflows are intentionally not kept in this repository. Provider fallback lives in `CryptoCodexAuditBridge`, so this source repository does not need Anthropic/OpenAI secrets.
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 9f2d90c..6fdcd7e 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -381,9 +381,11 @@ make monthly-review-briefing
 
 月报 bundle 组装完成后，workflow 会自动创建一个 GitHub Issue，内容为完整的 `ai_review_input.md`。自动审阅路径会 dispatch `QuantStrategyLab/CryptoCodexAuditBridge`，由 bridge 统一决定 provider：
 
-- `auto`（默认）：先跑 self-hosted Codex 路径；如果 Codex 准备或执行失败且 bridge 配置了 `OPENAI_API_KEY`，由 bridge 回落到 OpenAI API 审阅；如果 API fallback 没配置则明确失败。
+- `auto`（默认）：先跑 self-hosted Codex 路径；如果 Codex 准备或执行失败，由 bridge 回落到已配置的 API 审阅。要启用双 AI fallback，把 `OPENAI_API_KEY` 和 `ANTHROPIC_API_KEY` 都配置在 bridge；如果没有任何 API fallback key，则明确失败。
 - `codex`：只跑 Codex，不使用 API fallback。
+- `api`：在 bridge 内运行已配置的 API fallback reviewers，只回帖，不改代码。
 - `openai`：在 bridge 内运行 API 审阅，只回帖，不改代码。
+- `anthropic`：在 bridge 内运行 Claude API 审阅，只回帖，不改代码。
 
 如果 bridge dispatch 本身失败，monthly publish workflow 会直接失败，而不是静默跳过审阅。
 
@@ -399,9 +401,11 @@ AI 审阅覆盖范围：
 
 ### 可选 Bridge API Fallback
 
-- `SELFHOSTED_CODEX_REVIEW_PROVIDER`：默认 `auto`；设置为 `codex` 可关闭 API fallback，设置为 `openai` 可只跑 API 审阅。
+- `SELFHOSTED_CODEX_REVIEW_PROVIDER`：默认 `auto`；设置为 `codex` 可关闭 API fallback，设置为 `api` 可跑已配置的 API reviewers，设置为 `openai` / `anthropic` 可只跑单一 API 审阅。
 - `OPENAI_API_KEY`：配置在 `CryptoCodexAuditBridge`，不要配置在当前 source repo。
+- `ANTHROPIC_API_KEY`：配置在 `CryptoCodexAuditBridge`，不要配置在当前 source repo。
 - `OPENAI_MODEL`：可选 bridge repo variable，默认 `gpt-5.4-mini`。
+- `ANTHROPIC_MODEL`：可选 bridge repo variable，默认 `claude-sonnet-4-6`。
 
 默认生产配置不需要模型 API secrets，因为默认使用 `CryptoCodexAuditBridge` 的 Codex provider。
 
@@ -410,6 +414,7 @@ AI 审阅覆盖范围：
 ```bash
 gh variable set SELFHOSTED_CODEX_REVIEW_PROVIDER --body auto
 gh secret set OPENAI_API_KEY --repo QuantStrategyLab/CryptoCodexAuditBridge --body "sk-..."
+gh secret set ANTHROPIC_API_KEY --repo QuantStrategyLab/CryptoCodexAuditBridge --body "sk-ant-..."
 ```
 
 本仓库不再保留 source-local `ai_review.yml` 或 Claude 自动优化 workflow。provider fallback 统一放在 `CryptoCodexAuditBridge`，因此当前 source repo 不需要配置 Anthropic/OpenAI secrets。
diff --git a/docs/operator_runbook.md b/docs/operator_runbook.md
index 586954e..3359f05 100644
--- a/docs/operator_runbook.md
+++ b/docs/operator_runbook.md
@@ -76,7 +76,7 @@ Boundary rules:
 
 ## Monthly Codex Remediation
 
-The monthly publish workflow creates a `monthly-review` issue, then dispatches `CryptoCodexAuditBridge` as the automated review and remediation path. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`: `auto` is the default and runs the self-hosted Codex path first, falls back to OpenAI review when Codex setup or execution fails and the bridge has `OPENAI_API_KEY`, and fails loudly when the API fallback is not configured. `codex` disables API fallback; `openai` posts an API review comment only.
+The monthly publish workflow creates a `monthly-review` issue, then dispatches `CryptoCodexAuditBridge` as the automated review and remediation path. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`: `auto` is the default and runs the self-hosted Codex path first, falls back to the configured API reviewers when Codex setup or execution fails, and fails loudly when no API fallback key is configured. `codex` disables API fallback; `api` posts a combined API review; `openai` and `anthropic` post a single-provider API review only.
 
 If the bridge dispatch fails, the monthly publish workflow fails loudly. Source-local legacy AI review workflows are intentionally removed; provider fallback lives in `CryptoCodexAuditBridge`.
 
diff --git a/tests/test_monthly_publish_workflow_config.py b/tests/test_monthly_publish_workflow_config.py
index 7184717..8195289 100644
--- a/tests/test_monthly_publish_workflow_config.py
+++ b/tests/test_monthly_publish_workflow_config.py
@@ -51,6 +51,8 @@ def test_monthly_review_issue_creation_does_not_require_gh_cli(self) -> None:
         self.assertIn("SELFHOSTED_CODEX_REVIEW_PROVIDER || 'auto'", workflow)
         self.assertIn("REVIEW_PROVIDER", workflow)
         self.assertIn('"provider": provider', workflow)
+        self.assertIn('"anthropic"', workflow)
+        self.assertIn('"api"', workflow)
         self.assertNotIn("ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}", workflow)
         self.assertNotIn("OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}", workflow)
         self.assertNotIn("legacy API review fallback", workflow)
@@ -76,6 +78,7 @@ def test_chinese_readme_matches_current_monthly_review_defaults(self) -> None:
         self.assertIn("CryptoCodexAuditBridge", readme)
         self.assertIn("SELFHOSTED_CODEX_REVIEW_PROVIDER", readme)
         self.assertIn("OPENAI_API_KEY", readme)
+        self.assertIn("ANTHROPIC_API_KEY", readme)
         self.assertIn("配置在 `CryptoCodexAuditBridge`", readme)
         self.assertIn("必须从 GitHub variable 读取", readme)
         self.assertIn("本仓库不再保留 source-local `ai_review.yml`", readme)