Back to Details

codex-review-workflow

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Codex Review Workflow

Codex代码审查工作流

Overview

概述

Automated code review workflow using OpenAI Codex CLI. Implements iterative fix-and-review cycles to ensure code quality through automated validation.
Use when: Building features that require automated code review, iterative refinement cycles, or validation against specific quality standards using Codex CLI.
使用OpenAI Codex CLI的自动化代码审查工作流。通过迭代式修复与审查循环来确保代码质量的自动化验证。
适用场景: 构建需要自动化代码审查、迭代优化循环,或通过Codex CLI验证特定质量标准的功能时。

When to Use This Skill

何时使用该技能

Use this skill when:
  • User explicitly requests Codex CLI review (e.g., "Review this with Codex")
  • Implementing features that require automated code validation
  • Building code that must meet specific quality standards
  • Iterative review and refinement is needed
  • Validating security, bugs, and best practices automatically
Skip this skill when:
  • User only wants manual code review
  • Codex CLI is not available in the environment
  • Task is purely exploratory or research-based
  • Simple code that doesn't require formal review
建议使用该技能的场景:
  • 用户明确要求使用Codex CLI进行审查(例如:“用Codex审查这段代码”)
  • 构建需要自动化代码验证的功能
  • 开发必须符合特定质量标准的代码
  • 需要进行迭代审查与优化
  • 自动验证安全问题、漏洞及最佳实践
建议跳过该技能的场景:
  • 用户仅需要人工代码审查
  • 环境中无法使用Codex CLI
  • 任务仅为探索性或研究性工作
  • 简单代码无需正式审查

Prerequisites

前置条件

  • Codex CLI installed and available on PATH
  • Git repository (or use 
    --skip-git-repo-check
    flag)
  • Verify installation: 
    codex --version
  • Codex CLI已安装并可在PATH中访问
  • Git仓库(或使用
    --skip-git-repo-check
    参数)
  • 验证安装:
    codex --version

Core Workflow

核心工作流

This skill follows a structured 6-step process:
该技能遵循结构化的6步流程:

1. Complete the Coding Task

1. 完成编码任务

Implement the user's requested feature using standard best practices. Ensure code is well-structured before submitting for review.
Track progress with TodoWrite:
  • Implement the requested feature/fix
  • Run initial Codex CLI review
  • Fix issues found in review (if any)
  • Run final Codex CLI review
  • Report final status
使用标准最佳实践实现用户要求的功能。在提交审查前确保代码结构清晰。
使用TodoWrite跟踪进度:
  • 实现所需功能/修复
  • 运行初始Codex CLI审查
  • 修复审查中发现的问题(如有)
  • 运行最终Codex CLI审查
  • 报告最终状态

2. Run Initial Codex CLI Review

2. 运行初始Codex CLI审查

Git requirement: Codex CLI requires a git repository. If not in a git repo, run 
git init
first, or use 
--skip-git-repo-check
flag (not recommended for production).
Execute Codex CLI review using 
codex exec
(NOT 
codex review
):
bash
undefined
Git要求: Codex CLI需要Git仓库。若不在Git仓库中,先运行
git init
,或使用
--skip-git-repo-check
参数(生产环境不推荐)。
使用
codex exec
执行Codex CLI审查(不要使用
codex review
):
bash
undefined

For a specific file

针对单个文件

codex exec "Review the code in <file_name> for bugs, security issues, best practices, and potential improvements. Provide specific, actionable feedback with line numbers and examples."
codex exec "Review the code in <file_name> for bugs, security issues, best practices, and potential improvements. Provide specific, actionable feedback with line numbers and examples."

For multiple files

针对多个文件

codex exec "Review the files auth.py, user.py, and session.py for bugs, security issues, best practices, and potential improvements. Provide specific feedback for each file."
codex exec "Review the files auth.py, user.py, and session.py for bugs, security issues, best practices, and potential improvements. Provide specific feedback for each file."

With working directory context

指定工作目录上下文

codex exec "Review the code in email_validator.py for bugs, security issues, best practices, and potential improvements. Provide specific feedback." -C /path/to/project
codex exec "Review the code in email_validator.py for bugs, security issues, best practices, and potential improvements. Provide specific feedback." -C /path/to/project

With specific model

指定模型

codex exec "Review <file_name>..." -m gpt-5-codex
codex exec "Review <file_name>..." -m gpt-5-codex

With custom configuration

使用自定义配置

codex exec "Review <file_name>..." -c model="o3"

**Key points:**

- Be specific in prompts about what to review
- Request line numbers and specific examples
- Use appropriate timeout (120000ms = 2 minutes recommended)
codex exec "Review <file_name>..." -c model="o3"

**关键点:**

- 在提示中明确审查内容
- 要求提供行号和具体示例
- 使用合适的超时时间(推荐120000ms = 2分钟)

3. Analyze Review Results

3. 分析审查结果

Codex CLI returns structured markdown output with variable formats. Look for:
Critical issue indicators (MUST FIX):
  • Sections: Bug, Security, Key Issues, Key Findings
  • Severity markers: "High:", "Medium:", "critical", "vulnerability"
Quality improvements (LOWER PRIORITY):
  • Sections: Maintainability, Usability, Best Practices, Suggestions
  • Severity markers: "Low:"
Confirmation indicators (success):
  • Sections: Resolved Checks, Review, Review Findings
  • Phrases: "No remaining findings", "All issues resolved", "All [N] issues look resolved"
  • Check marks (✅) or confirmation language
Decision criteria:
  • Complete: No Bug/Security/Key Issues sections AND only suggestions remain
  • Complete: Resolved Checks with all previous issues confirmed fixed
  • Complete: Phrases like "No remaining findings" or "All issues resolved"
  • Continue: Bug/Security/Key Issues sections present → Proceed to step 4
Codex CLI返回结构化的Markdown输出,格式可能不同。重点关注:
严重问题标识(必须修复):
  • 章节:BugSecurityKey IssuesKey Findings
  • 严重程度标记:"High:"、"Medium:"、"critical"、"vulnerability"
质量优化建议(优先级较低):
  • 章节:MaintainabilityUsabilityBest PracticesSuggestions
  • 严重程度标记:"Low:"
通过标识(成功):
  • 章节:Resolved ChecksReviewReview Findings
  • 表述:"No remaining findings"、"All issues resolved"、"All [N] issues look resolved"
  • 勾选标记(✅)或确认类表述
判定标准:
  • 完成: 无Bug/Security/Key Issues章节,仅剩余建议
  • 完成: Resolved Checks章节确认所有先前问题已修复
  • 完成: 出现“No remaining findings”或“All issues resolved”等表述
  • 继续: 存在Bug/Security/Key Issues章节 → 进入步骤4

4. Fix Identified Issues

4. 修复发现的问题

For each issue identified:
  1. Locate the problematic code
  2. Understand the issue
  3. Apply the fix using Edit tool
  4. Document what changed and why
Best practices:
  • Fix all issues in a single iteration before re-reviewing
  • Prioritize critical errors over warnings
  • Explain each fix clearly to the user
  • Preserve functionality while addressing issues
针对每个发现的问题:
  1. 定位问题代码
  2. 理解问题本质
  3. 使用编辑工具应用修复
  4. 记录修改内容及原因
最佳实践:
  • 在重新审查前一次性修复所有问题
  • 优先修复严重错误而非警告
  • 向用户清晰解释每个修复内容
  • 在解决问题的同时保留原有功能

5. Run Follow-up Codex CLI Review

5. 运行后续Codex CLI审查

After applying fixes, run targeted review:
bash
codex exec "Review the updated <file_name> code. Check if the previous issues have been fixed: 1) issue description, 2) issue description, etc. Report any remaining issues or confirm the code is now correct."
This helps Codex:
  • Focus on whether specific issues were resolved
  • Identify any new problems introduced
  • Provide clear pass/fail confirmation
Analyze results:
  • All issues fixed: Mark workflow complete, report success
  • Issues remain: Determine whether to iterate (check limits)
应用修复后,运行针对性审查:
bash
codex exec "Review the updated <file_name> code. Check if the previous issues have been fixed: 1) issue description, 2) issue description, etc. Report any remaining issues or confirm the code is now correct."
这有助于Codex:
  • 聚焦于特定问题是否已解决
  • 识别修复过程中引入的新问题
  • 提供明确的通过/未通过确认
分析结果:
  • 所有问题已修复: 标记工作流完成,报告成功
  • 仍有问题: 判断是否继续迭代(检查次数限制)

6. Handle Iteration Limits

6. 处理迭代上限

Maximum iterations: 2 review cycles (initial + 1 re-review)
Why limit:
  • Prevents infinite loops
  • Some issues require human judgment
  • Complex problems need architectural changes
When max reached:
  1. Mark current task status in TodoWrite
  2. Summarize what was fixed and what remains
  3. Show final Codex CLI output to user
  4. Ask user whether to:
    • Continue with manual fixes
    • Adjust the approach
    • Accept current state
最大迭代次数: 2次审查循环(初始审查 + 1次重新审查)
限制原因:
  • 防止无限循环
  • 部分问题需要人工判断
  • 复杂问题需要架构调整
达到上限时的处理:
  1. 在TodoWrite中标记当前任务状态
  2. 总结已修复内容及剩余问题
  3. 向用户展示最终Codex CLI输出
  4. 询问用户选择:
    • 继续进行人工修复
    • 调整实现方案
    • 接受当前状态

Examples

示例

Example 1: Simple Fix Workflow

示例1:简单修复工作流

User: "Add a function to calculate fibonacci numbers and review it with Codex"

Claude:
1. Creates fibonacci function
2. Checks for git repo, runs git init if needed
3. Runs: codex exec "Review fibonacci.py for bugs, edge cases, and best practices."
4. Codex output:
   - **Bug** `fibonacci.py:5`: Missing input validation for negative numbers
   - **Maintainability** `fibonacci.py:10`: Consider adding type hints
5. Adds input validation and type hints
6. Runs: codex exec "Review updated fibonacci.py. Check if input validation added."
7. Codex output:
   **Resolved Checks**
   - `fibonacci.py:5` Input validation is now present
   - `fibonacci.py:10` Type hints added
8. Reports completion
用户: "添加一个计算斐波那契数列的函数并用Codex审查"

Claude:
1. 创建斐波那契函数
2. 检查是否在Git仓库中,必要时运行git init
3. 执行:codex exec "Review fibonacci.py for bugs, edge cases, and best practices."
4. Codex输出:
   - **Bug** `fibonacci.py:5`: 缺少对负数的输入验证
   - **Maintainability** `fibonacci.py:10`: 建议添加类型提示
5. 添加输入验证和类型提示
6. 执行:codex exec "Review updated fibonacci.py. Check if input validation added."
7. Codex输出:
   **Resolved Checks**
   - `fibonacci.py:5` 已添加输入验证
   - `fibonacci.py:10` 已添加类型提示
8. 报告任务完成

Example 2: Multiple Iterations (Security)

示例2:多轮迭代(安全相关)

User: "Implement user authentication and run through Codex review"

Claude:
1. Implements auth system across multiple files
2. Runs: codex exec "Review auth.py, user.py, session.py for security vulnerabilities."
3. Codex output:
   - **Security** `auth.py:23`: Password stored without hashing
   - **Security** `session.py:45`: Session tokens don't expire
   - **Bug** `user.py:67`: SQL injection vulnerability
   - **Security** `auth.py:89`: Missing CSRF protection
   - **Bug** `user.py:12`: No input validation
4. Fixes all 5 issues
5. Runs targeted review: "Check if these issues are fixed: password hashing, session expiration, SQL injection, CSRF, input validation."
6. Codex output:
   **Resolved Checks**
   - All 5 issues confirmed fixed
   **Findings**
   - Minor style suggestions
7. Reached iteration limit (2 reviews)
8. Reports: "All critical security issues fixed. Minor style suggestions remain."
9. Asks user about style fixes
用户: "实现用户认证系统并通过Codex审查"

Claude:
1. 在多个文件中实现认证系统
2. 执行:codex exec "Review auth.py, user.py, session.py for security vulnerabilities."
3. Codex输出:
   - **Security** `auth.py:23`: 密码未加密存储
   - **Security** `session.py:45`: Session令牌未设置过期时间
   - **Bug** `user.py:67`: SQL注入漏洞
   - **Security** `auth.py:89`: 缺少CSRF防护
   - **Bug** `user.py:12`: 无输入验证
4. 修复全部5个问题
5. 运行针对性审查:"Check if these issues are fixed: password hashing, session expiration, SQL injection, CSRF, input validation."
6. Codex输出:
   **Resolved Checks**
   - 确认全部5个问题已修复
   **Findings**
   - 轻微的代码风格建议
7. 达到迭代上限(2次审查)
8. 报告:"所有严重安全问题已修复,仅剩余轻微风格建议。"
9. 询问用户是否需要处理风格问题

Example 3: First-Pass Success

示例3:首次审查通过

User: "Write a date formatter helper, review with Codex"

Claude:
1. Creates date formatting function with error handling
2. Runs: codex exec "Review utils/date_formatter.py for bugs, edge cases."
3. Codex output:
   No bugs or critical issues. Code properly handles:
   - None values with error messages
   - Invalid format strings
   - Timezone conversions
   **Suggestions**
   - Could add more detailed error messages
4. Reviews suggestion, decides optional for current use case
5. Marks task complete
用户: "编写一个日期格式化工具并用Codex审查"

Claude:
1. 创建带有错误处理的日期格式化函数
2. 执行:codex exec "Review utils/date_formatter.py for bugs, edge cases."
3. Codex输出:
   未发现漏洞或严重问题,代码已正确处理:
   - 空值情况及错误提示
   - 无效格式字符串
   - 时区转换
   **Suggestions**
   - 可添加更详细的错误提示
4. 评估建议后,认为当前场景下为可选优化
5. 标记任务完成

Integration Notes

集成说明

Codex CLI Commands

Codex CLI命令

bash
undefined
bash
undefined

Basic review

基础审查

codex exec "Review <file_name> for bugs, security issues, best practices. Provide specific feedback with line numbers."
codex exec "Review <file_name> for bugs, security issues, best practices. Provide specific feedback with line numbers."

With working directory

指定工作目录

codex exec "Review <file_name>..." -C /path/to/project
codex exec "Review <file_name>..." -C /path/to/project

With specific model

指定模型

codex exec "Review <file_name>..." -m gpt-5-codex
codex exec "Review <file_name>..." -m gpt-5-codex

Skip git check (not recommended)

跳过Git检查(不推荐)

codex exec "Review <file_name>..." --skip-git-repo-check
undefined
codex exec "Review <file_name>..." --skip-git-repo-check
undefined

Git Repository Requirement

Git仓库要求

bash
undefined
bash
undefined

Check if in git repo

检查是否在Git仓库中

git status
git status

Initialize if needed

必要时初始化

git init
git init

Alternative: skip check

替代方案:跳过检查

codex exec "..." --skip-git-repo-check
undefined
codex exec "..." --skip-git-repo-check
undefined

Error Handling

错误处理

Codex CLI not found:
  • Check: 
    which codex
    or 
    codex --version
  • Inform user Codex CLI unavailable
  • Offer to complete task without automated review
Git repository error:
  • Error: "Not inside trusted directory and --skip-git-repo-check not specified"
  • Solution: Run 
    git init
  • Alternative: Add 
    --skip-git-repo-check
Codex CLI errors:
  • Common errors: 
    • unexpected argument
      - Check syntax, use 
      codex exec
      not 
      codex review
    • Authentication errors - User may need 
      codex login
  • Attempt once more with corrected parameters
  • If persistent, ask user for guidance
Ambiguous results:
  • If unsure about pass/fail, err on side of caution
  • Look for "Key Issues" vs "Suggestions" sections
  • Show output to user and ask for clarification
Long-running reviews:
  • Codex may take 30-120 seconds for complex reviews
  • Use appropriate timeout (120000ms recommended)
未找到Codex CLI:
  • 检查:
    which codex
    codex --version
  • 告知用户Codex CLI不可用
  • 提供无自动化审查的任务完成方案
Git仓库错误:
  • 错误信息:"Not inside trusted directory and --skip-git-repo-check not specified"
  • 解决方案:运行
    git init
  • 替代方案:添加
    --skip-git-repo-check
    参数
Codex CLI错误:
  • 常见错误: 
    • unexpected argument
      - 检查语法,使用
      codex exec
      而非
      codex review
    • 认证错误 - 用户可能需要执行
      codex login
  • 使用修正后的参数重试一次
  • 若问题持续,向用户寻求指导
结果不明确:
  • 若无法确定是否通过,谨慎处理
  • 区分“Key Issues”与“Suggestions”章节
  • 向用户展示输出并请求澄清
审查耗时较长:
  • 对于复杂审查,Codex可能需要30-120秒
  • 使用合适的超时时间(推荐120000ms)

Best Practices

最佳实践

  1. Always use TodoWrite for workflow step tracking
  2. Show Codex output at each review stage
  3. Explain fixes clearly - avoid silent fixes
  4. Respect iteration limits - avoid infinite loops
  5. Preserve functionality - address issues without breaking features
  6. Ask when uncertain - consult user when feedback is ambiguous
  1. 始终使用TodoWrite 跟踪工作流步骤
  2. 展示Codex输出 在每个审查阶段
  3. 清晰解释修复内容 - 避免静默修复
  4. 遵守迭代上限 - 避免无限循环
  5. 保留原有功能 - 解决问题的同时不破坏功能
  6. 不确定时询问用户 - 反馈不明确时咨询用户

Customization Options

自定义选项

  • Adjust iteration limits (default: 2 reviews)
  • Specify custom Codex CLI commands
  • Provide configuration file for Codex rules
  • Define files to include/exclude from review
  • Set severity thresholds (errors only vs warnings)
  • 调整迭代上限(默认:2次审查)
  • 指定自定义Codex CLI命令
  • 提供Codex规则配置文件
  • 定义审查包含/排除的文件
  • 设置严重程度阈值(仅错误 vs 包含警告)

Related Skills

相关技能

  • testing-strategist: For creating test suites to complement code review
  • security-engineer: For manual security reviews and threat modeling
  • quality-auditor: For comprehensive quality assessments
  • technical-writer: For documenting review findings and improvements
  • testing-strategist: 用于创建补充代码审查的测试套件
  • security-engineer: 用于人工安全审查与威胁建模
  • quality-auditor: 用于全面质量评估
  • technical-writer: 用于记录审查结果与优化建议

Tools & Dependencies

工具与依赖

Required:
  • Codex CLI (OpenAI)
  • Git (for repository context)
Recommended:
  • TodoWrite tool (progress tracking)
  • Edit tool (applying fixes)
必需:
  • Codex CLI (OpenAI)
  • Git(用于仓库上下文)
推荐:
  • TodoWrite工具(进度跟踪)
  • 编辑工具(应用修复)

Tips for Success

成功技巧

  1. Write good initial code - Better starting point = fewer iterations
  2. Be specific in review prompts - "Check for SQL injection in login function" vs "Review this"
  3. Group related files - Review auth system as a whole, not file-by-file
  4. Fix all issues at once - More efficient than fixing one at a time
  5. Use targeted follow-up prompts - Ask about specific fixes, not general review
  6. Know when to stop - Some issues require human judgment or architectural changes
Skill Type: Automation Difficulty: Intermediate Estimated Time: Varies by task (review: 1-2min, fixes: 5-30min per iteration) Integration: Codex CLI, Git
  1. 编写高质量初始代码 - 更好的起点 = 更少的迭代次数
  2. 审查提示要具体 - “检查登录函数中的SQL注入风险” vs “审查这段代码”
  3. 相关文件分组审查 - 整体审查认证系统,而非逐个文件审查
  4. 一次性修复所有问题 - 比逐个修复更高效
  5. 使用针对性后续提示 - 询问特定问题是否已解决,而非泛泛审查
  6. 知道何时停止 - 部分问题需要人工判断或架构调整
技能类型: 自动化 难度: 中级 预计耗时: 因任务而异(审查:1-2分钟,修复:每次迭代5-30分钟) 集成工具: Codex CLI、Git