docs: document dual API review fallback

.github/workflows/monthly_publish.yml

@@ -254,7 +254,7 @@ jobs:
               if mode not in {"review_only", "review_and_fix"}:
                   raise RuntimeError(f"Unsupported Codex review mode: {mode}")
               provider = os.environ["REVIEW_PROVIDER"].strip() or "codex"
-              if provider not in {"codex", "openai", "auto"}:
+              if provider not in {"api", "anthropic", "codex", "openai", "auto"}:
                   raise RuntimeError(f"Unsupported Codex review provider: {provider}")
               payload = {
                   "ref": "main",

README.md

@@ -534,9 +534,11 @@ Behavior:
 
 After the monthly report bundle is assembled, the workflow creates a GitHub Issue containing the full `ai_review_input.md` content. The automated review route dispatches `QuantStrategyLab/CryptoCodexAuditBridge`. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`:
 
-- `auto` (default): run the self-hosted Codex path first; if Codex setup or execution fails and the bridge has `OPENAI_API_KEY`, post the API review fallback from the bridge. If the API fallback is not configured, fail loudly.
+- `auto` (default): run the self-hosted Codex path first; if Codex setup or execution fails, post the configured API fallback review from the bridge. Configure both `OPENAI_API_KEY` and `ANTHROPIC_API_KEY` in the bridge for dual-AI fallback. If no API fallback key is configured, fail loudly.
 - `codex`: run Codex on the self-hosted VPS runner, post the audit result, and open a PR directly for safe low-risk fixes without API fallback.
+- `api`: run the configured API fallback reviewers inside the bridge and post a combined review comment only.
 - `openai`: run an API review inside the bridge and post a review comment only.
+- `anthropic`: run a Claude API review inside the bridge and post a review comment only.
 
 If the bridge dispatch itself fails, the monthly publish workflow fails loudly instead of silently skipping review.
 
@@ -552,9 +554,11 @@ Review output is posted back to the monthly issue.
 
 ### Optional Bridge API Fallback
 
-- `SELFHOSTED_CODEX_REVIEW_PROVIDER`: defaults to `auto`; set to `codex` to disable API fallback or `openai` for API-only review.
+- `SELFHOSTED_CODEX_REVIEW_PROVIDER`: defaults to `auto`; set to `codex` to disable API fallback, `api` for configured API reviewers, or `openai` / `anthropic` for a single API reviewer.
 - `OPENAI_API_KEY`: configure in `CryptoCodexAuditBridge`, not this source repository.
+- `ANTHROPIC_API_KEY`: configure in `CryptoCodexAuditBridge`, not this source repository.
 - `OPENAI_MODEL`: optional bridge repository variable, default `gpt-5.4-mini`.
+- `ANTHROPIC_MODEL`: optional bridge repository variable, default `claude-sonnet-4-6`.
 
 The default production configuration does not need model API secrets because it uses Codex through `CryptoCodexAuditBridge`.
 
@@ -563,6 +567,7 @@ Setup:
 ```bash
 gh variable set SELFHOSTED_CODEX_REVIEW_PROVIDER --body auto
 gh secret set OPENAI_API_KEY --repo QuantStrategyLab/CryptoCodexAuditBridge --body "sk-..."
+gh secret set ANTHROPIC_API_KEY --repo QuantStrategyLab/CryptoCodexAuditBridge --body "sk-ant-..."
 ```
 
 Source-local legacy AI review workflows are intentionally not kept in this repository. Provider fallback lives in `CryptoCodexAuditBridge`, so this source repository does not need Anthropic/OpenAI secrets.

README.zh-CN.md

@@ -381,9 +381,11 @@ make monthly-review-briefing
 
 月报 bundle 组装完成后，workflow 会自动创建一个 GitHub Issue，内容为完整的 `ai_review_input.md`。自动审阅路径会 dispatch `QuantStrategyLab/CryptoCodexAuditBridge`，由 bridge 统一决定 provider：
 
-- `auto`（默认）：先跑 self-hosted Codex 路径；如果 Codex 准备或执行失败且 bridge 配置了 `OPENAI_API_KEY`，由 bridge 回落到 OpenAI API 审阅；如果 API fallback 没配置则明确失败。
+- `auto`（默认）：先跑 self-hosted Codex 路径；如果 Codex 准备或执行失败，由 bridge 回落到已配置的 API 审阅。要启用双 AI fallback，把 `OPENAI_API_KEY` 和 `ANTHROPIC_API_KEY` 都配置在 bridge；如果没有任何 API fallback key，则明确失败。
 - `codex`：只跑 Codex，不使用 API fallback。
+- `api`：在 bridge 内运行已配置的 API fallback reviewers，只回帖，不改代码。
 - `openai`：在 bridge 内运行 API 审阅，只回帖，不改代码。
+- `anthropic`：在 bridge 内运行 Claude API 审阅，只回帖，不改代码。
 
 如果 bridge dispatch 本身失败，monthly publish workflow 会直接失败，而不是静默跳过审阅。
 
@@ -399,9 +401,11 @@ AI 审阅覆盖范围：
 
 ### 可选 Bridge API Fallback
 
-- `SELFHOSTED_CODEX_REVIEW_PROVIDER`：默认 `auto`；设置为 `codex` 可关闭 API fallback，设置为 `openai` 可只跑 API 审阅。
+- `SELFHOSTED_CODEX_REVIEW_PROVIDER`：默认 `auto`；设置为 `codex` 可关闭 API fallback，设置为 `api` 可跑已配置的 API reviewers，设置为 `openai` / `anthropic` 可只跑单一 API 审阅。
 - `OPENAI_API_KEY`：配置在 `CryptoCodexAuditBridge`，不要配置在当前 source repo。
+- `ANTHROPIC_API_KEY`：配置在 `CryptoCodexAuditBridge`，不要配置在当前 source repo。
 - `OPENAI_MODEL`：可选 bridge repo variable，默认 `gpt-5.4-mini`。
+- `ANTHROPIC_MODEL`：可选 bridge repo variable，默认 `claude-sonnet-4-6`。
 
 默认生产配置不需要模型 API secrets，因为默认使用 `CryptoCodexAuditBridge` 的 Codex provider。
 
@@ -410,6 +414,7 @@ AI 审阅覆盖范围：
 ```bash
 gh variable set SELFHOSTED_CODEX_REVIEW_PROVIDER --body auto
 gh secret set OPENAI_API_KEY --repo QuantStrategyLab/CryptoCodexAuditBridge --body "sk-..."
+gh secret set ANTHROPIC_API_KEY --repo QuantStrategyLab/CryptoCodexAuditBridge --body "sk-ant-..."
 ```
 
 本仓库不再保留 source-local `ai_review.yml` 或 Claude 自动优化 workflow。provider fallback 统一放在 `CryptoCodexAuditBridge`，因此当前 source repo 不需要配置 Anthropic/OpenAI secrets。

docs/operator_runbook.md

@@ -76,7 +76,7 @@ Boundary rules:
 
 ## Monthly Codex Remediation
 
-The monthly publish workflow creates a `monthly-review` issue, then dispatches `CryptoCodexAuditBridge` as the automated review and remediation path. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`: `auto` is the default and runs the self-hosted Codex path first, falls back to OpenAI review when Codex setup or execution fails and the bridge has `OPENAI_API_KEY`, and fails loudly when the API fallback is not configured. `codex` disables API fallback; `openai` posts an API review comment only.
+The monthly publish workflow creates a `monthly-review` issue, then dispatches `CryptoCodexAuditBridge` as the automated review and remediation path. The bridge owns provider selection through `SELFHOSTED_CODEX_REVIEW_PROVIDER`: `auto` is the default and runs the self-hosted Codex path first, falls back to the configured API reviewers when Codex setup or execution fails, and fails loudly when no API fallback key is configured. `codex` disables API fallback; `api` posts a combined API review; `openai` and `anthropic` post a single-provider API review only.
 
 If the bridge dispatch fails, the monthly publish workflow fails loudly. Source-local legacy AI review workflows are intentionally removed; provider fallback lives in `CryptoCodexAuditBridge`.
 

tests/test_monthly_publish_workflow_config.py

@@ -51,6 +51,8 @@ def test_monthly_review_issue_creation_does_not_require_gh_cli(self) -> None:
         self.assertIn("SELFHOSTED_CODEX_REVIEW_PROVIDER || 'auto'", workflow)
         self.assertIn("REVIEW_PROVIDER", workflow)
         self.assertIn('"provider": provider', workflow)
+        self.assertIn('"anthropic"', workflow)
+        self.assertIn('"api"', workflow)
         self.assertNotIn("ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}", workflow)
         self.assertNotIn("OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}", workflow)
         self.assertNotIn("legacy API review fallback", workflow)
@@ -76,6 +78,7 @@ def test_chinese_readme_matches_current_monthly_review_defaults(self) -> None:
         self.assertIn("CryptoCodexAuditBridge", readme)
         self.assertIn("SELFHOSTED_CODEX_REVIEW_PROVIDER", readme)
         self.assertIn("OPENAI_API_KEY", readme)
+        self.assertIn("ANTHROPIC_API_KEY", readme)
         self.assertIn("配置在 `CryptoCodexAuditBridge`", readme)
         self.assertIn("必须从 GitHub variable 读取", readme)
         self.assertIn("本仓库不再保留 source-local `ai_review.yml`", readme)