feat(lfg-beta): add beta variant with Codex delegation and provider hints

.compound-engineering/config.local.example.yaml

@@ -11,6 +11,13 @@
 # work_delegate_model: gpt-5.4   # any valid codex model (omit to use ~/.codex/config.toml default)
 # work_delegate_effort: high     # minimal | low | medium | high | xhigh (omit to use ~/.codex/config.toml default)
 
+# --- LFG-beta pipeline (autonomous full-feature workflow with delegation + provider hints) ---
+# Tokens on the /lfg-beta invocation override these (delegate:codex|delegate:local, providers:perplexity,codex,..., adversarial:on|off).
+
+# lfg_beta_delegate: codex                     # codex | false (default: false). When codex, step 2 routes to ce-work-beta with delegate:codex.
+# lfg_beta_providers: perplexity,codex         # comma-separated provider names (MCP, CLI, or installed skill). Each name must match [a-z0-9_-]{2,32}. lfg-beta auto-detects what is available and surfaces capabilities to ce-plan / ce-work-beta as an advisory providers_hint annotation. The codex-MCP adversarial review lane is gated by lfg_beta_adversarial_review and MCP availability — NOT by listing `codex` here.
+# lfg_beta_adversarial_review: true            # true (default) | false. When true and codex MCP is loaded, runs a codex-MCP adversarial review lane in step 3 (codex runs first against a frozen diff, then ce-code-review).
+
 # --- Product pulse ---
 # Settings written by /ce-product-pulse first-run interview. Re-run the skill with
 # argument `setup` or `reconfigure` to edit interactively.

plugins/compound-engineering/README.md

@@ -97,6 +97,7 @@ For `/ce-optimize`, see [`skills/ce-optimize/README.md`](./skills/ce-optimize/RE
 |-------|-------------|
 | `ce-polish-beta` | Human-in-the-loop polish phase after /ce-code-review — verifies review + CI, starts a dev server from `.claude/launch.json`, generates a testable checklist, and dispatches polish sub-agents for fixes. Emits stacked-PR seeds for oversized work |
 | `/lfg` | Full autonomous engineering workflow |
+| `/lfg-beta` | Same as `/lfg`, plus optional Codex CLI delegation (`delegate:codex`) and a configurable provider list (`providers:perplexity,codex,...`) that auto-detects available MCP servers, CLIs, and installed skills and surfaces them as hints to `ce-plan` / `ce-work-beta`. Adds a parallel codex-MCP adversarial review lane alongside `ce-code-review` |
 
 ## Agents
 

plugins/compound-engineering/skills/lfg-beta/references/codex-adversarial-prompt.md

@@ -0,0 +1,75 @@
+# Codex Adversarial Review Lane Prompt
+
+This file is loaded by `lfg-beta/SKILL.md` step 3 to compose the prompt sent to `mcp__codex__codex` in parallel with `ce-code-review`.
+
+## Goals
+
+The codex lane is a **second model's** adversarial perspective. It is NOT a duplicate of `ce-adversarial-reviewer` (which runs inside `ce-code-review` on the same model as the orchestrator). Different models catch different blind spots. Pass-through value comes from divergence, not from agreement.
+
+Look for:
+
+- Logic errors, off-by-one bugs, wrong-default branches that the orchestrator may have missed
+- Failure modes the orchestrator's review skipped: race conditions, timeouts, partial writes, retry storms
+- Hidden coupling — implicit ordering assumptions, shared mutable state, leaky abstractions
+- Security: input that flows into shell, SQL, file paths, or external APIs without validation
+- Contract drift in exported types, CLI flags, environment variables, or schema migrations
+- Documentation that diverges from behavior, especially in skill-prose changes
+- Anything the surrounding diff *should* have changed but didn't (sibling files, tests, README)
+
+Do NOT spend tokens on:
+
+- Style nits already enforced by linters
+- Restating issues `ce-code-review`'s standard reviewers obviously caught
+- Hypothetical concerns not grounded in the actual diff
+
+## Prompt template
+
+Splice in the values marked `<<...>>` before sending. Keep the schema instruction verbatim — the orchestrator parses the response.
+
+```
+You are an adversarial code reviewer providing a second-model perspective on a diff that is also being reviewed by another agent. Your job is to surface real, specific defects that another reviewer is likely to miss — not to restate obvious issues.
+
+**Do not modify any files.** This is an analysis-only review. Return findings as JSON; another agent applies fixes.
+
+Plan: <<plan-path>>
+Repo root: <<repo-root>>
+Diff base (resolved SHA): <<base-sha>>
+Diff snapshot (frozen at: <<diff-path>>):
+<<git-diff-output>>
+
+All `line` numbers in your findings must reference the post-diff (HEAD-side) line numbers as they appear in the diff snapshot above. The orchestrator may not re-resolve them.
+
+Review the diff and return ONLY a JSON array (no prose, no markdown fences) matching this schema. Each finding is one object:
+
+{
+  "severity": "critical" | "high" | "medium" | "low",
+  "file": "<repo-relative path>",
+  "line": <integer line number in the new file, or 0 if file-level>,
+  "title": "<short imperative title, ~80 chars>",
+  "body": "<2-6 sentence explanation of the defect, why it matters, and the failure mode>",
+  "autofixable": true | false,
+  "suggested_fix": "<concrete diff or replacement text when autofixable=true; empty string otherwise>",
+  "confidence": "high" | "medium" | "low",
+  "requires_human_judgment": true | false
+}
+
+Rules for the schema:
+- Set autofixable=true only when the suggested_fix is a clear textual change that does not require choosing between viable alternatives.
+- Set confidence=low when you suspect a defect but cannot verify it from the diff alone.
+- Set requires_human_judgment=true when the issue depends on product, security, or architectural intent that only the human user can adjudicate (even if you also propose a fix).
+- Return [] (empty array) when nothing meaningful surfaces. Do not pad.
+- Do not wrap the JSON in markdown fences or commentary. The orchestrator parses the raw response.
+```
+
+## Failure modes the orchestrator handles
+
+The orchestrator (`lfg-beta/SKILL.md` step 3) is responsible for:
+
+- Parsing the response. Unparseable output → single residual entry, pipeline continues.
+- Capability check. Codex MCP unavailable → skip lane silently.
+- Timeout/error. Codex errors → single residual entry, pipeline continues.
+- Lane ordering. Codex runs first (analysis-only against a frozen diff snapshot); `ce-code-review` runs after. Findings whose target file was touched by `ce-code-review`'s autofix are marked `stale_anchor: true` and not autofix-applied — they flow into the residual list.
+- Autofix gating. Findings are autofix-applied only when `autofixable: true` AND `requires_human_judgment: false` AND `confidence: high`. Findings that pass `autofixable` but are gated out by judgment or low confidence become residuals tagged `autofix_class: gated_auto`.
+- Residual routing. Findings tagged `source: codex-adversarial` flow into the standard residual handoff (step 5).
+
+Do not duplicate any of the above logic in this prompt — keep the prompt focused on the analytical task.