-
-
Notifications
You must be signed in to change notification settings - Fork 4
Feature Second Opinion
What it is. N additional, fully independent blind recon+audit passes over the same already-ingested scope/repo, run after SCA-adjacent dependency scanning and before Adversarial Validation. Each pass gets its own isolated run directory and its own recon synthesis — it never sees the primary pass's findings — so a bug the primary audit missed still has a real, independent chance to surface, and a bug both passes converge on independently becomes a genuine corroboration signal rather than a restated opinion.
This formalizes a manual technique already used on real disclosures (fastjson2, open62541, moquette): a single LLM audit is one noisy sample of what a careful reader would find, not the answer. A second independent read — optionally on a different backend — recovers misses and validates hits the way a second human reviewer would.
Re-running the same audit prompt against the same recon output would mostly reproduce the same findings for the same reason it found them the first time — the sampling isn't independent of whatever the first pass's recon synthesis already fixated on. A genuine second opinion needs its own recon pass (its own read of the ground truth, its own invariant/carve-out extraction) so its audit is shaped by an independently-derived understanding of the code, not a copy of the first pass's.
Each pass's raw findings are tagged with source_pass ("second-opinion-1", "second-opinion-2",
…) and dropped into the primary's own findings_dir before validate runs. No new matching logic was
needed: validate's existing structural dedup (dedup_key = sha1(normalize(file + line + cwe))) and
semantic dedup (the batched near-duplicate LLM pass that already collapses cross-focus duplicates
within one audit) collapse cross-pass duplicates the exact same way. The only addition is
bookkeeping — a survivor that collapsed from more than one pass gets corroborating_passes set to
the sorted list of every pass that (independently) found it, surfaced in the report as
"independently confirmed by N blind audit passes."
A finding found by only one pass is never penalized or dropped for lacking corroboration — it's kept exactly as validate would keep any other survivor. Corroboration is a positive signal added on top, not a filter.
-
Opt-in, off by default (
second_opinion_passes = 0) —--second-opinion Nonpipeline, orargo second-opinion --run RUN_ID --passes Nstandalone against a run that already has findings. -
--second-opinion-backend BACKENDruns the extra passes on a different backend than the primary (e.g. Claude for a Codex primary run) for genuine cross-engine diversity instead of re-sampling the same model twice. Omit it to reuse the primary's own backend. - Uses the same model tiers as recon/audit (
model_for("recon")/model_for("audit")) — no dedicated stage model to tune. - A failed pass is skipped, never fatal — if a sub-pass's recon or audit session dies, that pass contributes zero findings and the primary's own results are completely unaffected. Same downgrade-don't-delete instinct as the rest of the pipeline, applied to the passes themselves rather than to individual findings.
- Each pass shares the primary's already-parsed
scope.jsonand already-acquired repo (no re-ingest, no re-clone) — only recon and audit re-run, so the added cost is close to one extra audit's worth per pass, not a second full pipeline run.
- Adversarial Validation — the stage right after second-opinion; its existing structural + semantic dedup is the only matching machinery this feature relies on.
- Feature Deep Verify — a different way of getting a second, skeptical read, but on the validated survivor set from a single audit rather than an independent blind pass over the raw scope; the two are complementary, not redundant — second-opinion widens recall before validation, deep-verify tightens precision after it.
-
Multi-Backend — what makes
--second-opinion-backenda genuine cross-engine second opinion rather than resampling the same model.