Policy Fields
Every configurable policy field in Critique — types, defaults, validation, and how each field affects review behavior.
Policies control how Critique reviews pull requests. They can be set at two levels — installation (applies to all repos under that GitHub App installation) and repository (overrides installation defaults for a specific repo).
Policy resolution
Policies resolve in layers:
- System defaults — hardcoded safe values used when no stored policy exists.
- Installation policy — overrides system defaults for all repos under the installation.
- Repository policy — overrides installation policy for a specific repo.
For most fields, the repository value fully replaces the installation value. For pathEscalations, the repository value wins if non-empty, otherwise it inherits from the installation. For model fields (reviewLeadModel, reviewSpecialistModel, remedyModel), the repository value wins if non-null, otherwise it inherits from the installation.
Field reference
enabledSpecialists
| Property | Value |
|---|---|
| Type | SpecialistKind[] |
| Default | ['SECURITY', 'TESTS', 'ARCHITECTURE', 'PERFORMANCE'] |
| Validation | Array of specialist kinds, at least one required |
| API | z.array(z.enum(['SECURITY', 'TESTS', 'ARCHITECTURE', 'PERFORMANCE'])).min(1) |
Controls which specialist agents run during a review. SCOUT and LEAD always run and cannot be disabled — they are structural stages, not optional specialists.
Path escalations can dynamically add specialists to this set at review time, even if they were not in the base configuration.
strictness
| Property | Value |
|---|---|
| Type | 'INFO' | 'WARNING' | 'FAIL' |
| Default | 'FAIL' |
| Validation | One of the three severity levels |
| API | z.enum(['INFO', 'WARNING', 'FAIL']) |
The severity threshold that triggers a FAIL verdict. Each severity has a weight:
| Severity | Weight |
|---|---|
INFO | 1 |
WARNING | 2 |
FAIL | 3 |
If any finding's severity weight meets or exceeds the strictness weight, the verdict is FAIL. With the default of 'FAIL' (weight 3), only FAIL-severity findings trigger a failing verdict. Setting strictness to 'WARNING' means WARNING findings will also cause a FAIL verdict.
This value is also injected into specialist prompts as Policy threshold: {strictness} and passed to Remedy blueprints as review.strictness.
rerunAllowed
| Property | Value |
|---|---|
| Type | boolean |
| Default | true |
| Validation | Boolean |
| API | z.boolean() |
Gates whether a user can re-trigger a review run from the dashboard. When false, the rerun API endpoint returns HTTP 403 with "Reruns are disabled for this repository policy.".
pathEscalations
| Property | Value |
|---|---|
| Type | PolicyPathEscalation[] |
| Default | See below |
| Validation | Array of escalation objects, at least one required |
Path-based rules that dynamically force additional specialists when changed file paths match patterns. Each escalation has three fields:
| Sub-field | Type | Description |
|---|---|---|
label | string | Human-readable name for the rule (e.g., 'auth-boundaries') |
patterns | string[] | Substrings matched case-insensitively against file paths |
requireSpecialists | SpecialistKind[] | Specialists to force-enable when matched |
Default escalations:
auth-boundaries
patterns: auth, session, permission, rbac
requireSpecialists: SECURITY, TESTS
billing-mutators
patterns: billing, invoice, stripe, subscription
requireSpecialists: SECURITY, TESTS, ARCHITECTUREAt review time, every changed file path is lowercased and checked against each escalation's patterns. When matched, the required specialists are added to the enabled set regardless of the base enabledSpecialists configuration.
Escalation matches are recorded in the execution audit trail and visible in the "Why this ran" board entry.
reviewLeadModel
| Property | Value |
|---|---|
| Type | string | null |
| Default | null (uses system default: openai/gpt-5.4) |
| Validation | Must be a valid model ID in the runtime catalog with role review-lead, and allowed by the plan |
| API | z.string().trim().min(1).nullable().optional() |
Overrides the default lead model for the review pipeline. Validated against the runtime model catalog via isRuntimeModelSupported(value, 'review-lead') and against the entitlement plan via isRuntimeModelAllowed(planKey, 'review-lead', value).
When set, replaces the system-wide lead model and its fallback chain.
reviewSpecialistModel
| Property | Value |
|---|---|
| Type | string | null |
| Default | null (uses system default: google/gemini-3.1-flash-lite-preview:nitro) |
| Validation | Must be a valid model ID with role review-specialist, and allowed by the plan |
| API | z.string().trim().min(1).nullable().optional() |
Overrides the default specialist model. When set, this also clears per-specialist model overrides — all four specialists will use this single model instead of having individual model assignments.
remedyModel
| Property | Value |
|---|---|
| Type | string | null |
| Default | null (uses system default: xiaomi/mimo-v2-pro:nitro) |
| Validation | Must be a valid model ID with role remedy, and allowed by the plan |
| API | z.string().trim().min(1).nullable().optional() |
Overrides the Remedy execution model. Used when building the Remedy blueprint and stored in the execution explanation.
API endpoints
| Method | Route | Scope |
|---|---|---|
PATCH | /api/repositories/[repositoryId]/policy | Repository |
PATCH | /api/installations/[installationId]/policy | Installation |
Both endpoints accept the same body schema and follow the same flow:
- Parse the request body against the Zod schema.
- Validate each model field against the entitlement plan.
- Coerce through
coercePolicyRuleSet()to sanitize and default any invalid input. - Upsert the
ReviewPolicyrow (update if exists, create if not). - Return
{ ok: true, policyId: string }.
Policy consumers
| Consumer | Fields used |
|---|---|
| Specialist execution | enabledSpecialists — gates which heuristic functions run |
| OpenRouter specialist prompt | strictness, enabledSpecialists — injected into system/user prompts |
| Verdict derivation | strictness — threshold for FAIL verdict |
| Path escalation | pathEscalations — dynamically augments enabled specialists |
| Model selection | reviewLeadModel, reviewSpecialistModel — override system defaults |
| Remedy model selection | remedyModel, strictness — passed to blueprint builder |
| Rerun gating | rerunAllowed — blocks rerun if false |
| Board entries | remedyModel, escalations — recorded for observability |
Policy and verdict interaction
The most common policy change is adjusting strictness. Moving from 'FAIL' to 'WARNING' significantly increases the chance of a failing verdict, since WARNING-severity findings (which are more common) will now trigger FAIL. This is useful for high-risk repositories where you want stricter control.