Back to Details

codex-reviewer

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Codex Independent Code Reviewer

Codex独立代码审查工具

This skill enables Claude to leverage OpenAI's Codex CLI as an independent third-party reviewer for code, architectural decisions, and specifications. Codex runs as a separate AI agent with GPT-5-Codex, providing an unbiased second opinion to improve code quality and catch issues that might be missed in single-reviewer scenarios.
该技能让Claude能够借助OpenAI的Codex CLI,作为独立第三方审查工具对代码、架构决策及规范进行审查。Codex以搭载GPT-5-Codex的独立AI Agent运行,提供无偏见的第二意见,助力提升代码质量,发现单一审查场景下可能遗漏的问题。

When to Use This Skill

适用场景

Use this skill when:
  • User explicitly requests a "second opinion" or "independent review" on code
  • User asks to "review with Codex" or mentions using Codex for validation
  • Complex architectural decisions need validation from an independent perspective
  • Code review needs additional scrutiny for security, performance, or correctness
  • Pull requests require thorough review before merging
  • Specifications or design documents need technical validation
  • User asks "what would another AI think about this code?"
在以下场景中使用该技能:
  • 用户明确请求对代码进行「第二意见」或「独立审查」
  • 用户要求「用Codex审查」或提及使用Codex进行验证
  • 复杂架构决策需要从独立视角进行验证
  • 代码审查需要针对安全性、性能或正确性进行额外检查
  • 拉取请求在合并前需要全面审查
  • 规范或设计文档需要技术验证
  • 用户询问「另一个AI会如何看待这段代码?」

Prerequisites

前置条件

Before using this skill, verify:
  1. Codex CLI is installed on the system (
    which codex
    )
  2. User is authenticated (ChatGPT account or API key)
  3. The current directory is within a git repository or project structure
  4. For file-specific reviews, the target files exist in the working directory
使用该技能前,请确认:
  1. 系统已安装Codex CLI(可通过
    which codex
    验证)
  2. 用户已完成认证(ChatGPT账号或API密钥)
  3. 当前目录位于git仓库或项目结构内
  4. 若针对特定文件审查,目标文件已存在于工作目录中

Core Review Workflow

核心审查流程

Step 1: Prepare Review Context

步骤1:准备审查上下文

Identify what needs review:
  • Code files: Specific files or directories
  • Pull requests: Changes between branches
  • Architecture: Design documents or implementation patterns
  • Specifications: Requirements or technical specs
明确审查对象:
  • 代码文件:特定文件或目录
  • 拉取请求:分支间的变更内容
  • 架构:设计文档或实现模式
  • 规范:需求或技术规格

Step 2: Execute Codex Review

步骤2:执行Codex审查

Use 
codex exec
for non-interactive reviews. The command runs Codex in a separate, isolated session:
Basic syntax:
bash
codex exec [flags] "review prompt"
Key flags:
  • --model gpt-5-codex
    : Use the specialized coding model (recommended)
  • --sandbox read-only
    : Always use this for reviews - provides read-only access (required for review-only workflow)
  • -a/--ask-for-approval <mode>
    : Control when to ask for approval before actions (
    never
    , 
    on-request
    , 
    on-failure
    , 
    always
    )
    • For reviews, use 
      -a never
      or omit (defaults to appropriate mode based on sandbox)
  • --json
    : Output structured JSON events for parsing (useful with 
    jq
    or 
    --output-schema
    )
  • --output-schema <path>
    : Output structured summary as JSON matching provided schema
  • --full-auto
    : Convenience flag that expands to 
    --sandbox workspace-write -a on-failure
    - Do not use for review-only workflows
  • -o output.txt
    : Write final message to file
  • --profile <name>
    : Use saved configuration profile (useful for team defaults)
  • --cd <path>
    : Change to specified directory before running (useful for scoping repos)
  • --skip-git-repo-check
    : Skip git repository validation (useful for spec-only reviews)
Input methods:
For longer or reusable prompts, you can:
  • Use stdin: 
    codex exec --model gpt-5-codex --sandbox read-only - < review-prompt.txt
  • Use profiles: 
    codex exec --profile review "Review src/auth.py"
    (profiles can set model, sandbox, and other defaults)
使用
codex exec
进行非交互式审查。该命令会在独立会话中运行Codex:
基础语法:
bash
codex exec [flags] "review prompt"
关键参数:
  • --model gpt-5-codex
    :使用专业编码模型(推荐)
  • --sandbox read-only
    审查时务必使用该参数 - 提供只读访问权限(仅审查工作流必需)
  • -a/--ask-for-approval <mode>
    :控制执行前是否请求批准(可选值:
    never
    , 
    on-request
    , 
    on-failure
    , 
    always
    • 审查场景下,使用
      -a never
      或省略(会根据沙箱模式自动选择合适的默认值)
  • --json
    :输出结构化JSON事件以便解析(配合
    jq
    --output-schema
    使用更高效)
  • --output-schema <path>
    :按照指定Schema输出结构化审查摘要
  • --full-auto
    :便捷参数,等效于
    --sandbox workspace-write -a on-failure
    - 仅审查工作流禁止使用
  • -o output.txt
    :将最终审查结果写入文件
  • --profile <name>
    :使用已保存的配置文件(适合团队默认配置)
  • --cd <path>
    :执行前切换到指定目录(适合限定仓库范围)
  • --skip-git-repo-check
    :跳过git仓库验证(适合仅审查规范的场景)
输入方式:
针对较长或可复用的审查指令,可采用:
  • 使用标准输入
    codex exec --model gpt-5-codex --sandbox read-only - < review-prompt.txt
  • 使用配置文件
    codex exec --profile review "Review src/auth.py"
    (配置文件可预设模型、沙箱及其他默认参数)

Step 3: Analyze Codex Feedback

步骤3:分析Codex反馈

Parse Codex's response for:
  • Security vulnerabilities and bugs
  • Code quality issues
  • Performance concerns
  • Architectural problems
  • Best practice violations
  • Alternative approaches
解析Codex的响应内容,重点关注:
  • 安全漏洞与Bug
  • 代码质量问题
  • 性能隐患
  • 架构缺陷
  • 最佳实践违规
  • 替代实现方案

Step 4: Present Synthesis

步骤4:呈现综合结果

Provide the user with:
  1. Summary: High-level findings from Codex
  2. Key Issues: Critical problems identified
  3. Recommendations: Actionable suggestions from both reviewers
  4. Divergent Opinions: Where Claude and Codex differ (valuable insights)
  5. Consensus: Where both agree (high confidence findings)
向用户提供以下内容:
  1. 摘要:Codex审查的核心发现
  2. 关键问题:识别出的严重问题
  3. 建议:来自两位审查者的可操作建议
  4. 意见分歧:Claude与Codex观点不同的地方(具有参考价值的洞察)
  5. 共识:两者观点一致的部分(高可信度发现)

Common Review Patterns

常见审查模式

Pattern 1: Code File Review

模式1:单一代码文件审查

Review a specific implementation:
bash
codex exec --model gpt-5-codex --sandbox read-only "Review the file src/auth/login.py for security issues, bugs, and code quality. Look for authentication vulnerabilities, injection risks, and edge cases."
针对特定实现进行审查:
bash
codex exec --model gpt-5-codex --sandbox read-only "Review the file src/auth/login.py for security issues, bugs, and code quality. Look for authentication vulnerabilities, injection risks, and edge cases."

Pattern 2: Pull Request Review

模式2:拉取请求审查

Compare branches and review changes:
bash
codex exec --model gpt-5-codex --sandbox read-only "First run 'git diff main...HEAD' to see all changes in the current branch. Then review those changes focusing on: 1) Breaking changes, 2) Performance implications, 3) Test coverage, 4) Security concerns. Provide detailed feedback on each modified file with specific line references."
For multi-repo or complex PR reviews:
bash
codex exec --model gpt-5-codex --sandbox read-only --cd /path/to/repo "Run 'git status' and 'git diff main...HEAD' to understand the PR scope. Review all modified files for correctness, security issues, and adherence to project patterns."
对比分支差异并审查变更:
bash
codex exec --model gpt-5-codex --sandbox read-only "First run 'git diff main...HEAD' to see all changes in the current branch. Then review those changes focusing on: 1) Breaking changes, 2) Performance implications, 3) Test coverage, 4) Security concerns. Provide detailed feedback on each modified file with specific line references."
针对多仓库或复杂PR的审查:
bash
codex exec --model gpt-5-codex --sandbox read-only --cd /path/to/repo "Run 'git status' and 'git diff main...HEAD' to understand the PR scope. Review all modified files for correctness, security issues, and adherence to project patterns."

Pattern 3: Architecture Review

模式3:架构审查

Validate design decisions:
bash
codex exec --model gpt-5-codex --sandbox read-only "Review the architecture described in docs/ARCHITECTURE.md and the implementation in src/. Are there any inconsistencies? Does the implementation follow the intended design? Suggest improvements."
验证设计决策:
bash
codex exec --model gpt-5-codex --sandbox read-only "Review the architecture described in docs/ARCHITECTURE.md and the implementation in src/. Are there any inconsistencies? Does the implementation follow the intended design? Suggest improvements."

Pattern 4: Specification Validation

模式4:规范验证

Check if code matches spec:
bash
codex exec --model gpt-5-codex --sandbox read-only "Compare the specification in SPEC.md with the implementation in src/api/. Does the code correctly implement all specified requirements? Are there any deviations or missing features?"
Review spec quality with code context:
bash
codex exec --model gpt-5-codex --sandbox read-only --skip-git-repo-check "Review the specification in docs/FEATURE_SPEC.md. Then examine the existing codebase in src/ to understand current patterns, architecture, and constraints. Evaluate if the spec is: 1) Complete and clear, 2) Consistent with existing code patterns, 3) Technically feasible, 4) Missing any edge cases or requirements."
检查代码是否符合规范:
bash
codex exec --model gpt-5-codex --sandbox read-only "Compare the specification in SPEC.md with the implementation in src/api/. Does the code correctly implement all specified requirements? Are there any deviations or missing features?"
结合代码上下文审查规范质量:
bash
codex exec --model gpt-5-codex --sandbox read-only --skip-git-repo-check "Review the specification in docs/FEATURE_SPEC.md. Then examine the existing codebase in src/ to understand current patterns, architecture, and constraints. Evaluate if the spec is: 1) Complete and clear, 2) Consistent with existing code patterns, 3) Technically feasible, 4) Missing any edge cases or requirements."

Pattern 5: Focused Code Review

模式5:聚焦式审查

Target specific concerns:
bash
codex exec --model gpt-5-codex --sandbox read-only "Review src/database/ focusing only on: 1) SQL injection vulnerabilities, 2) Connection pooling issues, 3) Transaction handling bugs. Ignore style issues."
针对特定关注点进行审查:
bash
codex exec --model gpt-5-codex --sandbox read-only "Review src/database/ focusing only on: 1) SQL injection vulnerabilities, 2) Connection pooling issues, 3) Transaction handling bugs. Ignore style issues."

Pattern 6: Comparative Analysis

模式6:对比分析

Get architectural alternatives:
bash
codex exec --model gpt-5-codex --sandbox read-only "Review the current microservices architecture in the codebase. Suggest alternative approaches that might be more suitable. Consider: scalability, maintainability, and deployment complexity."
获取架构替代方案:
bash
codex exec --model gpt-5-codex --sandbox read-only "Review the current microservices architecture in the codebase. Suggest alternative approaches that might be more suitable. Consider: scalability, maintainability, and deployment complexity."

Best Practices

最佳实践

Prompting Codex Effectively

高效向Codex发送指令

  1. Be specific: Define exact scope and concerns
  2. Set context: Mention language, framework, or domain
  3. List priorities: What matters most (security, performance, etc.)
  4. Request format: Ask for structured output if needed
  5. Avoid ambiguity: Clear, actionable review requests
  1. 明确具体:定义精确的审查范围和关注点
  2. 设置上下文:提及开发语言、框架或业务领域
  3. 列出优先级:明确最关注的点(如安全性、性能等)
  4. 指定输出格式:如需结构化输出请明确要求
  5. 避免歧义:使用清晰、可执行的审查指令

Sandbox Safety

沙箱安全

  • Always use 
    --sandbox read-only
    for reviews     - This skill is for review feedback only, never implementation
  • Never use 
    --full-auto
    or 
    --sandbox workspace-write
    - Codex should only read and analyze, not modify files
  • The review workflow is: Codex provides feedback → Claude or user implements changes
  • 审查时务必使用
    --sandbox read-only
    :该技能仅用于获取审查反馈,绝不用于代码实现
  • 禁止使用
    --full-auto
    --sandbox workspace-write
    :Codex应仅进行读取和分析,不得修改文件
  • 审查工作流为:Codex提供反馈 → Claude或用户执行变更

Handling Disagreements

处理意见分歧

When Claude and Codex disagree:
  1. Present both perspectives clearly to the user
  2. Explain the reasoning behind each view
  3. Let the user make the final decision
  4. Note that disagreements often highlight edge cases or trade-offs
当Claude与Codex观点不同时:
  1. 向用户清晰呈现两种观点
  2. 解释每种观点的推理逻辑
  3. 由用户做出最终决策
  4. 注意:分歧往往能揭示边缘情况或权衡取舍

Review Scope Management

审查范围管理

  • For large codebases, review in focused segments
  • Use multiple Codex calls for different aspects (security, performance, etc.)
  • Combine Codex's specialized insights with Claude's contextual knowledge
  • 针对大型代码库,分模块进行聚焦式审查
  • 针对不同方面(如安全性、性能)发起多次Codex审查
  • 结合Codex的专业洞察与Claude的上下文知识

Advanced Usage

高级用法

JSON Output Mode

JSON输出模式

For programmatic processing:
bash
codex exec --model gpt-5-codex --sandbox read-only --json "Review auth.py for vulnerabilities" > review.jsonl
Parse JSONL output for structured data:
  • turn.started
    : Review begins
  • item.completed
    : Contains reasoning and findings
  • agent_message
    : Final review summary
  • turn.completed
    : Includes token usage
Post-process JSON output with jq:
bash
undefined
用于程序化处理:
bash
codex exec --model gpt-5-codex --sandbox read-only --json "Review auth.py for vulnerabilities" > review.jsonl
解析JSONL输出获取结构化数据:
  • turn.started
    :审查开始
  • item.completed
    :包含推理过程和发现
  • agent_message
    :最终审查摘要
  • turn.completed
    :包含Token使用情况
使用jq处理JSON输出:
bash
undefined

Extract only the final agent message

仅提取最终Agent消息

codex exec --model gpt-5-codex --sandbox read-only --json "Review src/api/" | jq 'select(.type=="agent_message")'
codex exec --model gpt-5-codex --sandbox read-only --json "Review src/api/" | jq 'select(.type=="agent_message")'

Get just the review text

仅提取审查文本内容

codex exec --model gpt-5-codex --sandbox read-only --json "Review src/api/" | jq -r 'select(.type=="agent_message") | .message.content[0].text'

**Use output schema for structured summaries:**

```bash
codex exec --model gpt-5-codex --sandbox read-only --json "Review src/api/" | jq -r 'select(.type=="agent_message") | .message.content[0].text'

**使用输出Schema生成结构化摘要:**

```bash

Create a schema file (review-schema.json)

创建Schema文件(review-schema.json)

cat > review-schema.json << 'EOF' { "security_issues": ["string"], "performance_concerns": ["string"], "bugs": ["string"], "recommendations": ["string"] } EOF
cat > review-schema.json << 'EOF' { "security_issues": ["string"], "performance_concerns": ["string"], "bugs": ["string"], "recommendations": ["string"] } EOF

Get structured output matching the schema

按照指定Schema输出结构化审查结果

codex exec --model gpt-5-codex --sandbox read-only --output-schema review-schema.json "Review auth.py and output findings in the specified format"
undefined
codex exec --model gpt-5-codex --sandbox read-only --output-schema review-schema.json "Review auth.py and output findings in the specified format"
undefined

Resuming Reviews

恢复审查会话

Continue a previous review session (model and sandbox are already set in the session):
bash
undefined
继续之前的审查会话(会话中已预设模型和沙箱参数):
bash
undefined

Resume the most recent session

恢复最近的会话

codex exec resume --last "Now focus on the error handling in the code you just reviewed"
codex exec resume --last "Now focus on the error handling in the code you just reviewed"

Resume a specific session by ID

通过会话ID恢复特定会话

codex exec resume 019a1b6a-1b29-7153-8f3e-40678da51ec8 "Please elaborate on the security issues you mentioned"

**Session management for multi-turn reviews:**

When performing complex reviews that require back-and-forth discussion, capture the session ID from the initial review output. The session ID appears in the header output:
session id: 019a1b6a-1b29-7153-8f3e-40678da51ec8

Save this ID to resume the same conversation later. This is especially important for:
- Reviews with follow-up questions
- Multi-stage reviews (first security, then performance, etc.)
- Collaborative reviews where different team members need to continue the discussion

**When to use resume vs. new session:**
- **Use resume**: Multi-turn discussions, follow-up questions, iterative reviews
- **Use new session**: One-off checks, independent reviews of different code sections
codex exec resume 019a1b6a-1b29-7153-8f3e-40678da51ec8 "Please elaborate on the security issues you mentioned"

**多轮审查的会话管理:**

当进行需要反复沟通的复杂审查时,请记录初始审查输出中的会话ID。会话ID会显示在输出头部:
session id: 019a1b6a-1b29-7153-8f3e-40678da51ec8

保存该ID以便后续恢复同一对话。这在以下场景中尤为重要:
- 带有跟进问题的审查
- 多阶段审查(先安全性,再性能等)
- 团队成员协作审查,需要继续之前的讨论

**恢复会话 vs 新建会话的适用场景:**
- **使用恢复会话**:多轮讨论、跟进问题、迭代式审查
- **使用新建会话**:一次性检查、不同代码模块的独立审查

Custom Model Configuration

自定义模型配置

Use different models or reasoning levels:
bash
codex exec --model gpt-5-codex --sandbox read-only --config reasoning_effort=high "Perform deep analysis of the cryptographic implementation"
使用不同模型或调整推理级别:
bash
codex exec --model gpt-5-codex --sandbox read-only --config reasoning_effort=high "Perform deep analysis of the cryptographic implementation"

Integration with Claude's Review

与Claude审查流程的整合

Claude should:
  1. First perform its own analysis of the code/architecture
  2. Then invoke Codex for independent review
  3. Compare findings and identify:
    • Agreements (high confidence issues)
    • Disagreements (need user judgment)
    • Unique insights from each reviewer
  4. Synthesize into a comprehensive review for the user
Claude应遵循以下流程:
  1. 首先自行对代码/架构进行分析
  2. 然后调用Codex进行独立审查
  3. 对比审查结果,识别:
    • 共识(高可信度问题)
    • 分歧(需用户判断)
    • 各自的独特洞察
  4. 整合为全面的审查报告提供给用户

Limitations

局限性

  • Codex reviews are non-interactive; plan questions in advance
  • Codex operates independently and doesn't see Claude's conversation history
  • Large files may need to be reviewed in segments
  • Codex cannot access external APIs or network resources by default
  • Review quality depends on prompt clarity and context provided
  • Codex审查为非交互式,需提前规划问题
  • Codex独立运行,无法查看Claude的对话历史
  • 大型文件可能需要分模块审查
  • 默认情况下,Codex无法访问外部API或网络资源
  • 审查质量取决于指令的清晰度和提供的上下文

Example Complete Workflow

完整工作流示例

bash
undefined
bash
undefined

1. Claude performs initial review

1. Claude执行初始审查

(Claude analyzes the code internally)

(Claude在内部分析代码)

2. Invoke Codex for second opinion with read-only sandbox

2. 调用Codex获取第二意见,使用只读沙箱

codex exec --model gpt-5-codex --sandbox read-only "Review src/payment/processor.py for:
  1. Race conditions in transaction processing
  2. Proper error handling and rollback
  3. Security issues with payment data
  4. Edge cases that could cause data loss Provide specific line numbers and severity ratings."
codex exec --model gpt-5-codex --sandbox read-only "Review src/payment/processor.py for:
  1. Race conditions in transaction processing
  2. Proper error handling and rollback
  3. Security issues with payment data
  4. Edge cases that could cause data loss Provide specific line numbers and severity ratings."

Note: Capture the session ID from output for potential follow-ups

注意:记录输出中的会话ID,以便后续跟进

3. If follow-up needed, resume the session

3. 如需跟进,恢复会话

codex exec resume --last "Can you suggest specific fixes for the race conditions you identified?"
codex exec resume --last "Can you suggest specific fixes for the race conditions you identified?"

4. Compare findings

4. 对比审查结果

(Claude compares its findings with Codex's output)

(Claude对比自身与Codex的输出)

5. Present synthesized review to user

5. 向用户呈现整合后的审查报告

(Claude creates unified report with both perspectives)

(Claude创建包含两种视角的统一报告)

undefined
undefined

Troubleshooting

故障排除

"codex: command not found"
  • Codex CLI is not installed. User needs to install it first.
"Authentication required"
  • Run 
    codex
    interactively first to authenticate
  • Or set 
    CODEX_API_KEY
    environment variable
"Permission denied" errors
  • Check file permissions in the working directory
  • Verify sandbox mode is appropriate for the task
Codex review seems shallow
  • Improve prompt specificity
  • Break large reviews into focused segments
  • Use 
    --config reasoning_effort=high
    for complex tasks
"codex: command not found"
  • Codex CLI未安装,用户需先完成安装
"Authentication required"
  • 先交互式运行
    codex
    完成认证
  • 或设置
    CODEX_API_KEY
    环境变量
"Permission denied"错误
  • 检查工作目录的文件权限
  • 验证沙箱模式是否适用于当前任务
Codex审查结果较浅显
  • 优化指令的具体性
  • 将大型审查拆分为多个聚焦式审查
  • 针对复杂任务使用
    --config reasoning_effort=high
    参数