Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sigilix.ai/llms.txt

Use this file to discover all available pages before exploring further.

Sigilix runs four parallel specialists per review. Each has a focused prompt, a tuned model, and a defined surface of failure modes it covers.

Glyph · Architecture

What it catches:
  • Circular dependencies between modules
  • Layer-boundary violations (e.g., domain code importing from infrastructure)
  • Interface drift between code and its tests/types
  • Module cohesion issues
Model: deepseek-v4-pro deepseek-v4-pro is Sigilix’s logic-heavy workhorse. Its proof-style chain-of-thought reasoning is well-suited for Glyph’s architectural arguments — tracing imports across files, evaluating layered architecture rules, and judging cohesion. Sample finding: 
[Glyph] Boundary violation detected
domain/invoice.ts imports infra/stripe.ts
Rule: Domain may not depend on Infrastructure.
Suggested fix: Introduce `PaymentGateway` port in domain/.

Warden · Security

What it catches:
  • Unsanitized inputs (SQL injection, XSS, SSRF, formula injection)
  • Secret leakage in responses, logs, or version control
  • Authentication and authorization bypasses
  • Insecure regex patterns prone to ReDoS
  • OWASP Top-10 patterns
Model: deepseek-v4-flash with cross-provider fallback to qwen3-coder-next Warden uses a faster model than Glyph because security findings are higher-volume per PR and need turnaround. The cross-provider fallback ensures that if one provider is down, Warden still produces a verdict — security checks should never silently skip. Sample finding: 
[Warden] Critical: Potential SSRF
utils/fetcher.ts:71 — user-supplied URL passed to fetch()
without an allowlist. Validate against approvedHosts[].

Spark · Performance

What it catches:
  • N+1 query patterns in ORM-heavy code
  • Hidden quadratic loops (especially newly inlined ones)
  • Memory leaks (event listeners not removed, growing caches)
  • Unbounded recursion or iteration
  • Big-O regressions vs. the previous implementation
Model: minimax-m2.1 minimax-m2.1 is selected for Spark because of its strong systems-level reasoning. Performance findings often require understanding that a function is on a hot path or that a loop’s bound is data-dependent — both require systems intuition. Sample finding: 
[Spark] O(n²) render loop
components/Table.tsx:112 — sorting inside render()
Memoize with useMemo keyed by sortKey.

Weave · Semantics

What it catches:
  • Dead code reachable only by impossible conditions
  • Naming that doesn’t describe behavior (e.g., handleStuff when the function sends an email)
  • Logic errors that pass type-checking (off-by-one, inverted conditions, swapped arguments)
  • Missing test coverage on non-trivial branches added in the diff
  • Inconsistent error handling between two functions added in the same PR
Model: deepseek-v4-flash with cross-provider fallback to qwen3-coder-next Weave’s surface is broad and shallow — it needs speed and breadth more than depth. The shared model with Warden lets Sigilix amortize cost across two specialists. Sample finding: 
[Weave] Unreachable branch
checkout.ts:45 — early return bypasses tax calc
when total < 0. Remove or handle as error path.

Why these four (and not more or fewer)?

The split was chosen empirically:
  • Architecture, security, performance, semantics are the four most-cited categories in code review failure-mode taxonomies.
  • Adding a fifth specialist (e.g., a “documentation” specialist) didn’t materially improve catches — Weave already covers naming and stale comments.
  • Reducing to three specialists (e.g., merging architecture and semantics) left blind spots in cross-module reasoning.
The architecture supports adding specialists in the future. If a customer-driven category emerges (e.g., a domain-specific compliance specialist for financial code), it can plug into Core’s synthesis without changing the existing four.

Disabling specialists

If a specialist isn’t useful for your codebase — for example, you don’t need Spark on a marketing site — disable it via sigilix.yaml: 
specialists:
  glyph: true
  warden: true
  spark: false
  weave: true
See Configuration for the full schema. Note: Core (the synthesizer) is always on. It can’t be disabled — it’s how Sigilix produces a single coherent comment. If you want raw specialist output without synthesis, that’s not currently exposed.

Synthesizer

How Core deduplicates, calibrates, and posts the final review.

Confidence Scoring

How findings are ranked, suppressed, and escalated.