Spaces:
Running
Using the judge panel β practical guide
How to actually drive the gateway: the panel, the templates, and how to budget realistically when you feed it a whole repo. All examples assume:
URL=https://<your-space>.hf.space # your deployed Space
TOK=<your CRITIQUE_TOKEN> # bearer token (see SECURITY.md to create/rotate)
Every route except /health needs -H "Authorization: Bearer $TOK". Frontier judges are
slow β prefer "async": true and poll /api/jobs/:id.
1. The panel β POST /api/panel
One input β fanned out to a diverse panel (different model families AND providers, so the opinions are uncorrelated) β merged. One judge being down never fails the request.
# async (recommended): submit, get a job_id, poll
JID=$(curl -sS -X POST "$URL/api/panel" -H "Authorization: Bearer $TOK" \
-H 'Content-Type: application/json' -d '{
"input": "Review this rollout plan: <paste>",
"role": "critiquer",
"effort": "high",
"privacy": "strict",
"async": true
}' | jq -r .job_id)
# poll every ~2s until meta.complete; show each judge as it lands
curl -sS "$URL/api/jobs/$JID" -H "Authorization: Bearer $TOK" | jq '.merged, .meta'
Roles (role): critiquer (default), verifier (PASS/FAIL vote), generator
(alternatives), transformer (rewrite), parser/planner (to JSON). Or pass "system"
for a fully custom prompt (overrides role).
Knobs that matter:
effort:low=1 judge/Β½ tokens Β·med=3 Β·high=5/1.5Γ Β·max=all/2Γ. Controls fan-out width, per-judge token budget, and timeout.privacy:strict(default β never routes to a training/logging host),fallback(safe first, unsafe only if needed),off. See PRIVACY.md.panel:["kimi-k2.6","glm-5.1",...]to override the default judges. Names come fromGET /api/roster(logical models) or physicalprovider/modelslots.reasoning: truedeep-thinks;research: trueadds a web ReAct loop (needs egress).merge:dedupe(consensus-tagged) Β·voteΒ·concatΒ·none.
Reading the result: lead with merged. In dedupe mode, bullets tagged
(flagged by N judges) are the strongest signal β independent judges agreeing. A partial
panel (some judges error/429) is by design, not a failure.
2. Whole-repo review β the files form
Instead of input, send the codebase and the panel reviews it in one pass. Each judge gets
the pack fitted to its own context window, and reports coverage (what it actually saw).
# build {path: content} for your source files, then:
curl -sS -X POST "$URL/api/panel" -H "Authorization: Bearer $TOK" \
-H 'Content-Type: application/json' -d @- <<JSON
{ "files": $(python3 -c "import json,glob;print(json.dumps({f:open(f).read() for f in glob.glob('**/*.py',recursive=True)}))"),
"system": "Principal-engineer review. [SEVERITY] path:symbol - issue - evidence - fix.",
"panel": ["kimi-k2.6","deepseek-v4-flash","glm-5.1"],
"effort": "high", "max_tokens": 16000, "privacy": "strict", "async": true }
JSON
repo_url(+repo_ref,repo_token,diff_mode) instead offilesmakes the server fetch a GitHub tarball itself.- Binaries/lockfiles/
node_modulesare skipped; the response includespack(files, total_tokens) and each judge'scoverage.
3. Budgeting realistically with full repo context
Token math the server uses, so you can size requests instead of guessing:
- Estimate: ~`chars / 3
tokens for code,chars / 4` for prose. A ~500KB source tree β 160β185k tokens. - Per-judge fit: a judge can hold
ctx β system_overhead(~2k) β max_tokens(output). Context windows in this roster: 262k (kimi, deepseek-v4-flash, qwen3.5, nemotron-120b, minimax), 131k (glm, nemotron-ultra, mistral, gemma, step), and small 8kβ24k (github/cloudflare llama β these get a reduced pack or are skipped). - Practical rules:
- A ~180k-token repo fits whole only on the 262k hosts. Put those in
panel(kimi-k2.6,deepseek-v4-flash,qwen3.5-397b) for full-coverage review. - Always set
max_tokensto the output you actually want (8kβ16k for a deep audit) β it's subtracted from the input budget. Don't leave it tiny "to be safe"; a thorough review needs room. Async + the long judge timeout make big generations free. - If a judge's window is too small, the
filesform auto-reduces its pack (drops generated/bulk files first, keeps tests+docs) and tells you incoverage.dropped. Trust judges with highfiles_included/files_total; treat low-coverage judges as partial. - For
/api/runtemplates (below), the orchestrator now routes each stage to a host big enough for its prompt, or fails fast with the budget math β so a whole-reporepo_auditlands on 262k hosts automatically.
- A ~180k-token repo fits whole only on the 262k hosts. Put those in
- Rule of thumb: repo β€ ~240k tokens β single-pass on 262k judges. Bigger β split by
subsystem and review in parts (or use
repo_audit, which maps then fans out per area).
4. Templates β POST /api/run
Multi-stage pipelines with an automatic judge loop. List them: GET /api/templates.
JID=$(curl -sS -X POST "$URL/api/run" -H "Authorization: Bearer $TOK" \
-H 'Content-Type: application/json' -d '{
"template": "design_doc",
"prompt": "Design a rate limiter for a public free API.",
"effort": "high", "async": true }' | jq -r .job_id)
curl -sS "$URL/api/jobs/$JID" -H "Authorization: Bearer $TOK" | jq '.result.body, .result.judge'
Built-ins:
repo_auditβ maps subsystems β parallel deep-review β cross-validates (suppresses confident-but-wrong concurrency claims) β severity-ranked audit. Pass the codebase asprompt(or a repopack blob). Routes to big-ctx hosts automatically.design_docβ requirements β 3 distinct architectures in parallel β trade-off β decision β doc with Risks & Open Questions.redteamβ threat surfaces β parallel concrete-trigger probes β ranked report + mitigations checklist.panel_debateβ distinct positions β argue β steelman+rebut β synthesis that preserves irreducible disagreement.
The run polls like any job; result.body is the final document, result.judge the verdict,
result.stages shows which host ran each stage. Custom pipelines: send a "schematic"
object instead of "template".
5. Quick reference
- See live capacity + the β₯2-frontier guarantee:
GET /api/roster,GET /health. - Per-profile cost/latency/throttle:
GET /api/metrics?profile=<id>. - Privacy modes + every off-switch:
PRIVACY.md. Auth/token setup:SECURITY.md. - The
/critiqueClaude Code skill wraps all of this β see.claude/skills/critique/.