perf: supervisor auth caching and auto model tier routing

[marcusquinn]

Summary

• Cache check_gh_auth() results for 5 minutes to eliminate redundant GitHub API calls (~288/day saved)
• Auto-classify task complexity to route simple tasks to sonnet (~5x cheaper than opus)
• Wire classifier into resolve_task_model as step 3 in the resolution chain

Changes

1. Cached check_gh_auth() (lines 239-278)

Before: Every call to check_gh_auth() hit gh api user or gh auth status. Called 1-5 times per pulse, pulses every 2-5 minutes = ~288-720 API calls/day.

After: Result cached to $SUPERVISOR_DIR/.gh-auth-cache with 5-minute TTL. Subsequent calls within the window return instantly from cache. Cache invalidates on failure so token refreshes are picked up.

2. classify_task_complexity() (new function)

Pattern-matches task descriptions against known simple/complex indicators:

Classification	Patterns	Model
Simple	update docs, fix typo, rename, wire up command, add reference, update index	sonnet
Complex	architecture, security audit, migration, novel, from scratch, multi-provider	opus
Default	anything not matched	opus (safe default)

Tested against real task descriptions from backlog-09:

• "Update AGENTS.md progressive disclosure table" → sonnet
• "Wire up /compare-models slash command" → sonnet
• "Add fallback chain configuration with per-agent overrides" → opus
• "Success pattern tracking with model routing integration" → opus

3. Wired into resolve_task_model() (step 3)

Resolution priority is now:

1. Task's explicit model (if set and non-default)
2. Subagent frontmatter model: field
3. NEW: Auto-classification from task description
4. Default coding tier (opus)

Cost Impact

Based on backlog-09 (20 tasks):

• ~5 tasks would have been routed to sonnet (docs updates, slash commands, index updates)
• Sonnet is ~5x cheaper per token than opus
• Estimated 20-25% cost reduction per batch for mixed-complexity workloads

Testing

• bash -n: syntax OK
• ShellCheck: no new violations
• Classification function tested against 14 real task descriptions — all classified correctly
• Safe default: unknown tasks stay on opus (no risk of under-provisioning)

Summary by CodeRabbit

Release Notes

• New Features

  • Intelligent task complexity analysis that automatically routes tasks to the most appropriate AI model tier for optimal cost-efficiency or capability.
  • GitHub authentication caching to reduce redundant API calls during scheduled processes.

• Improvements

  • Enhanced authentication fallback logic for more reliable credential handling.

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the supervisor script by optimizing resource usage and cost efficiency. It introduces caching for GitHub authentication to minimize API calls and implements an intelligent system to classify task complexity, routing tasks to appropriate AI models based on their nature. This dynamic model selection aims to reduce operational costs by leveraging cheaper models for simpler tasks, without compromising performance for complex ones.

Highlights

• GitHub Authentication Caching: Implemented a 5-minute time-to-live (TTL) cache for GitHub authentication checks, significantly reducing redundant GitHub API calls from check_gh_auth().
• Automated Task Complexity Classification: Introduced a new function, classify_task_complexity(), which analyzes task descriptions using pattern matching to determine if a task is 'simple' (e.g., documentation updates) or 'complex' (e.g., architectural changes).
• Intelligent Model Routing: Integrated the task complexity classifier into resolve_task_model(), allowing simple tasks to be automatically routed to more cost-effective models like 'sonnet', while complex tasks default to 'opus'.

Changelog

• .agents/scripts/supervisor-helper.sh
  • Modified check_gh_auth() to cache authentication results in $SUPERVISOR_DIR/.gh-auth-cache for 5 minutes, reducing GitHub API calls.
  • Added classify_task_complexity() function to categorize tasks as 'sonnet' (simple) or 'opus' (complex) based on keywords in their descriptions.
  • Updated resolve_task_model() to incorporate task complexity classification as the third step in model resolution, prioritizing explicit task models and subagent frontmatter, then auto-classification, and finally falling back to the default coding tier.

Activity

• No specific activity (comments, reviews, etc.) has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Walkthrough

A new task complexity classifier was introduced to intelligently route tasks between model tiers based on description patterns. Concurrently, GitHub authentication caching was enhanced to reduce API calls during cron operations. The classifier integrates into the model resolution flow as a prior step before fallback logic.

Changes

Cohort / File(s)

Summary

Task Complexity Classifier & Model Routing .agents/scripts/supervisor-helper.sh

Added classify_task_complexity() function to categorize task descriptions into "sonnet" (simple) or "opus" (complex) tiers. Integrated classifier into resolve_task_model() to enable auto-routing to appropriate model tier. Enhanced GitHub auth caching with 5-minute TTL in .gh-auth-cache, reducing redundant API calls in cron contexts. Updated fallback logic to record auth successes and failures in cache.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• fix: supervisor integration testing fixes (t128.7) #384: Adds resolve_model() and check_model_health() to supervisor-helper.sh for model selection and health validation, complementing the new auto-classification routing added here.
• fix: supervisor self-healing -- macOS timeout, PR detection, model names, stale PID cleanup #429: Modifies model selection logic with changes to resolve_model(), SUPERVISOR_MODEL override handling, and tier evaluation—directly overlaps with the model resolution flow enhancements in this PR.

Poem

🚀 Complexity reads the task with care,
Routes it through the skies so fair,
Sonnet light or Opus deep,
Cache keeps auth, no calls to reap,
Smarter models, swifter flight! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically captures the two main changes: auth caching for performance and auto model tier routing based on task complexity.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch perf/supervisor-efficiency

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 59 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Mon Feb 9 18:18:17 UTC 2026: Code review monitoring started
Mon Feb 9 18:18:18 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 59

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 59
• VULNERABILITIES: 0

Generated on: Mon Feb 9 18:18:20 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Code Review

This pull request introduces two significant performance and cost-saving improvements: caching GitHub authentication status to reduce API calls, and a new task complexity classifier to route simpler tasks to cheaper AI models. The implementation is solid and the new features are well-documented. My review focuses on ensuring adherence to the repository's shell scripting style guide. I've identified a few areas where error handling and variable declarations can be aligned with the established conventions to improve script robustness and maintainability.

[gemini-code-assist]

The use of 2>/dev/null for blanket error suppression on these lines violates the repository style guide (line 50), which states that 2>/dev/null is only acceptable when redirecting to log files. While caching is a non-critical operation, suppressing errors from mkdir or echo can hide underlying issues like file permissions, making debugging more difficult. The || true guard is sufficient to prevent the script from exiting due to set -e. This feedback also applies to lines 271-272 and 275.

Suggested change

	mkdir -p "$(dirname "$cache_file")" 2>/dev/null || true
	echo "ok" > "$cache_file" 2>/dev/null || true
	mkdir -p "$(dirname "$cache_file")" || true
	echo "ok" > "$cache_file" || true

References

1. The style guide prohibits blanket error suppression with 2>/dev/null unless output is being redirected to a log file. Errors should be visible unless explicitly handled. ^(link)

[gemini-code-assist]

This variable declaration violates the repository style guide (line 11), which requires declaring and assigning local variables on separate lines. This practice ensures that the exit code of the assignment is not masked, which is important for scripts running under set -e.

Suggested change

	local description="$1"
	local description
	description="$1"

References

1. The style guide mandates that local variable declaration and assignment should be separate statements to preserve the exit code of the assignment command. ^(link)

[gemini-code-assist]

The use of 2>/dev/null here for blanket error suppression violates the repository style guide (line 50). The guide states that 2>/dev/null is only acceptable when redirecting to log files. Suppressing the error from the db command can hide underlying database issues, making debugging more difficult. The || echo "" guard is sufficient to handle command failure gracefully without exiting the script.

Suggested change

	task_desc=$(db "$SUPERVISOR_DB" "SELECT description FROM tasks WHERE id = '$(sql_escape "$task_id")';" 2>/dev/null || echo "")
	task_desc=$(db "$SUPERVISOR_DB" "SELECT description FROM tasks WHERE id = '$(sql_escape "$task_id")';" || echo "")

References

1. The style guide prohibits blanket error suppression with 2>/dev/null unless output is being redirected to a log file. Errors from database commands should be visible to aid debugging. ^(link)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.agents/scripts/supervisor-helper.sh (1)

2889-2957: Prefer complex-pattern override to avoid under-tiering.

Right now simple patterns short‑circuit before complex ones, so mixed descriptions (e.g., “update docs for migration”) can route to Sonnet even when a complex keyword is present. I’d recommend checking complex patterns first to keep the safe default.

♻️ Suggested ordering (complex wins)

-    # Patterns that indicate simple/docs/config tasks → sonnet
-    local simple_patterns=(
-        "update.*readme"
-        "update.*docs"
-        "update.*documentation"
-        "add.*comment"
-        "add.*reference"
-        "update.*reference"
-        "rename"
-        "fix.*typo"
-        "update.*version"
-        "bump.*version"
-        "update.*changelog"
-        "add.*to.*index"
-        "update.*index"
-        "wire.*up.*command"
-        "add.*slash.*command"
-        "update.*agents\.md"
-        "progressive.*disclosure"
-        "cross-reference"
-    )
-
-    for pattern in "${simple_patterns[@]}"; do
-        if [[ "$desc_lower" =~ $pattern ]]; then
-            echo "sonnet"
-            return 0
-        fi
-    done
-
-    # Patterns that indicate complex tasks → opus
-    local complex_patterns=(
-        "architect"
-        "design.*system"
-        "security.*audit"
-        "refactor.*major"
-        "migration"
-        "novel"
-        "from.*scratch"
-        "implement.*new.*system"
-        "multi.*provider"
-        "cross.*model"
-        "quality.*gate"
-        "fallback.*chain"
-    )
-
-    for pattern in "${complex_patterns[@]}"; do
-        if [[ "$desc_lower" =~ $pattern ]]; then
-            echo "opus"
-            return 0
-        fi
-    done
+    # Patterns that indicate complex tasks → opus
+    local complex_patterns=(
+        "architect"
+        "design.*system"
+        "security.*audit"
+        "refactor.*major"
+        "migration"
+        "novel"
+        "from.*scratch"
+        "implement.*new.*system"
+        "multi.*provider"
+        "cross.*model"
+        "quality.*gate"
+        "fallback.*chain"
+    )
+
+    for pattern in "${complex_patterns[@]}"; do
+        if [[ "$desc_lower" =~ $pattern ]]; then
+            echo "opus"
+            return 0
+        fi
+    done
+
+    # Patterns that indicate simple/docs/config tasks → sonnet
+    local simple_patterns=(
+        "update.*readme"
+        "update.*docs"
+        "update.*documentation"
+        "add.*comment"
+        "add.*reference"
+        "update.*reference"
+        "rename"
+        "fix.*typo"
+        "update.*version"
+        "bump.*version"
+        "update.*changelog"
+        "add.*to.*index"
+        "update.*index"
+        "wire.*up.*command"
+        "add.*slash.*command"
+        "update.*agents\.md"
+        "progressive.*disclosure"
+        "cross-reference"
+    )
+
+    for pattern in "${simple_patterns[@]}"; do
+        if [[ "$desc_lower" =~ $pattern ]]; then
+            echo "sonnet"
+            return 0
+        fi
+    done

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# First, let's see if the file exists and check its size
fd -p "supervisor-helper.sh" .agents/scripts/

Repository: marcusquinn/aidevops

Length of output: 100

---

🏁 Script executed:

# Run ShellCheck on the supervisor-helper.sh file
shellcheck .agents/scripts/supervisor-helper.sh 2>&1 || true

Repository: marcusquinn/aidevops

Length of output: 2027

---

🏁 Script executed:

# Let's examine the specific lines mentioned in the review (240-275)
sed -n '240,275p' .agents/scripts/supervisor-helper.sh

Repository: marcusquinn/aidevops

Length of output: 1595

---

🏁 Script executed:

# Check the other segments mentioned in the scratchpad (2889-2957 and 2962-3027)
wc -l .agents/scripts/supervisor-helper.sh
sed -n '2889,2957p' .agents/scripts/supervisor-helper.sh
sed -n '2962,3027p' .agents/scripts/supervisor-helper.sh

Repository: marcusquinn/aidevops

Length of output: 5017

---

ShellCheck violations found; zero-violation requirement not met.

The auth-check caching logic (lines 240-275) is solid and follows guidelines well. However, ShellCheck reports violations across the file that prevent zero-compliance:

• SC2034 (line 8372, 9631): Unused variables duration_info, c_magenta, c_bg_black — remove or export
• SC2015 (line 9984): A && B || C pattern is not true if-then-else — refactor to proper conditional
• SC2016 (line 5151): Single quotes with variable expansion — use double quotes
• SC2329 (line 7609): Function process_verify_queue is never invoked — remove or add usage
• SC1091 (line 161): Source file not followed — run shellcheck with -x flag or verify sourcing

Per coding guidelines: "Run ShellCheck with zero violations on all scripts in .agents/scripts/" — this file must resolve all violations before merge.