Performs code reviews using OpenAI Codex CLI with GPT-5.2-Codex, detecting bugs, security flaws, and style issues. Supports Git diffs, PR comments, uncommitted changes, and CI/CD integration.
npx claudepluginhub joshuarweaver/cascade-code-languages-misc-2 --plugin alinaqi-claude-bootstrapThis skill uses the workspace's default tool permissions.
Use OpenAI's Codex CLI for specialized code review with GPT-5.2-Codex - trained specifically for detecting bugs, security flaws, and code quality issues.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.
Use OpenAI's Codex CLI for specialized code review with GPT-5.2-Codex - trained specifically for detecting bugs, security flaws, and code quality issues.
Sources: Codex CLI | GitHub | Code Review Cookbook
| Feature | Benefit |
|---|---|
| GPT-5.2-Codex | Specialized training for code review |
| 88% detection rate | Bugs, security flaws, style issues (LiveCodeBench) |
| Structured output | JSON schema for consistent findings |
| GitHub native | @codex review in PR comments |
| Headless mode | CI/CD automation without TUI |
# Check Node.js version (requires 22+)
node --version
# Install Node.js 22 if needed
# macOS
brew install node@22
# Or via nvm
nvm install 22
nvm use 22
# Via npm (recommended)
npm install -g @openai/codex
# Via Homebrew (macOS)
brew install --cask codex
# Verify installation
codex --version
Option 1: ChatGPT Subscription (Plus, Pro, Team, Edu, Enterprise)
codex
# Follow prompts to sign in with ChatGPT account
Option 2: OpenAI API Key
# Set environment variable
export OPENAI_API_KEY=sk-proj-...
# Or add to shell profile
echo 'export OPENAI_API_KEY=sk-proj-...' >> ~/.zshrc
# Run Codex
codex
# Bash
codex completion bash >> ~/.bashrc
# Zsh
codex completion zsh >> ~/.zshrc
# Fish
codex completion fish > ~/.config/fish/completions/codex.fish
# Start Codex
codex
# In the TUI, type:
/review
| Preset | Use Case |
|---|---|
| Review against base branch | Before opening PR - diffs against upstream |
| Review uncommitted changes | Before committing - staged + unstaged + untracked |
| Review a commit | Analyze specific SHA from history |
| Custom instructions | e.g., "Focus on security vulnerabilities" |
$ codex
> /review
Select review type:
❯ Review against a base branch
Review uncommitted changes
Review a commit
Custom review instructions
Select base branch: main
Reviewing changes...
┌─────────────────────────────────────────────────────────────┐
│ CODE REVIEW FINDINGS │
├─────────────────────────────────────────────────────────────┤
│ 🔴 CRITICAL: SQL Injection vulnerability │
│ File: src/api/users.ts:45 │
│ Issue: User input directly interpolated in query │
│ Fix: Use parameterized queries │
├─────────────────────────────────────────────────────────────┤
│ 🟠 HIGH: Missing authentication check │
│ File: src/api/admin.ts:23 │
│ Issue: Admin endpoint accessible without auth │
│ Fix: Add requireAuth middleware │
├─────────────────────────────────────────────────────────────┤
│ 🟡 MEDIUM: Inefficient database query │
│ File: src/services/orders.ts:89 │
│ Issue: N+1 query pattern in loop │
│ Fix: Use batch query or JOIN │
└─────────────────────────────────────────────────────────────┘
# Simple review
codex exec "review the code for bugs and security issues"
# Review with JSON output
codex exec --json "review uncommitted changes" > review.json
# Save final message to file
codex exec --output-last-message review.txt "review the diff against main"
# Full auto mode (use only in isolated runners!)
codex exec \
--full-auto \
--json \
--output-last-message findings.txt \
--sandbox read-only \
-m gpt-5.2-codex \
"Review this code for bugs, security issues, and performance problems"
# Define output schema
cat > review-schema.json << 'EOF'
{
"type": "object",
"properties": {
"findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"severity": { "enum": ["critical", "high", "medium", "low"] },
"title": { "type": "string" },
"file": { "type": "string" },
"line": { "type": "integer" },
"description": { "type": "string" },
"suggestion": { "type": "string" }
},
"required": ["severity", "title", "file", "description"]
}
},
"summary": { "type": "string" },
"approved": { "type": "boolean" }
},
"required": ["findings", "summary", "approved"]
}
EOF
# Run with schema validation
codex exec \
--output-schema review-schema.json \
--output-last-message review.json \
"Review the staged changes and output findings"
In any pull request, add a comment:
@codex review
Codex will respond with a standard GitHub code review.
# .github/workflows/codex-review.yml
name: Codex Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Codex Review
uses: openai/codex-action@main
with:
openai_api_key: ${{ secrets.OPENAI_API_KEY }}
model: gpt-5.2-codex
safety_strategy: drop-sudo
# .github/workflows/codex-review.yml
name: Codex Code Review
on:
pull_request:
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: '22'
- name: Install Codex CLI
run: npm install -g @openai/codex
- name: Run Review
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
run: |
# Get diff
git diff origin/${{ github.base_ref }}...HEAD > diff.txt
# Run Codex review
codex exec \
--full-auto \
--sandbox read-only \
--output-last-message review.md \
"Review this git diff for bugs, security issues, and code quality: $(cat diff.txt)"
- name: Post Review Comment
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const review = fs.readFileSync('review.md', 'utf8');
github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `## 🤖 Codex Code Review\n\n${review}`
});
# .gitlab-ci.yml
codex-review:
image: node:22
stage: review
script:
- npm install -g @openai/codex
- |
codex exec \
--full-auto \
--sandbox read-only \
--output-last-message review.md \
"Review the merge request changes for bugs and security issues"
- cat review.md
artifacts:
paths:
- review.md
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
pipeline {
agent any
environment {
OPENAI_API_KEY = credentials('openai-api-key')
}
stages {
stage('Install Codex') {
steps {
sh 'npm install -g @openai/codex'
}
}
stage('Code Review') {
steps {
sh '''
codex exec \
--full-auto \
--sandbox read-only \
--output-last-message review.md \
"Review the code changes for bugs and security issues"
'''
}
}
stage('Publish Results') {
steps {
archiveArtifacts artifacts: 'review.md'
script {
def review = readFile('review.md')
echo "Code Review Results:\n${review}"
}
}
}
}
}
# ~/.codex/config.toml
[model]
default = "gpt-5.2-codex" # Best for code review
[sandbox]
default = "read-only" # Safe for reviews
[review]
# Custom review instructions applied to all reviews
instructions = """
Focus on:
1. Security vulnerabilities (OWASP Top 10)
2. Performance issues (N+1 queries, memory leaks)
3. Error handling gaps
4. Type safety issues
"""
# .codex/config.toml (in project root)
[review]
instructions = """
This is a Python FastAPI project. Focus on:
- Async/await correctness
- Pydantic model validation
- SQL injection via SQLAlchemy
- Authentication/authorization gaps
"""
# Interactive
codex # Start TUI
/review # Open review presets
# Headless
codex exec "prompt" # Non-interactive execution
codex exec --json "prompt" # JSON output
codex exec --full-auto "prompt" # No approval prompts
# Key Flags
--output-last-message FILE # Save response to file
--output-schema FILE # Validate against JSON schema
--sandbox read-only # Restrict file access
-m gpt-5.2-codex # Use best review model
--json # Machine-readable output
# Resume
codex exec resume SESSION_ID # Continue previous session
| Aspect | Claude (Built-in) | Codex CLI |
|---|---|---|
| Setup | None (already in Claude Code) | Install CLI + auth |
| Model | Claude | GPT-5.2-Codex (specialized) |
| Context | Full conversation context | Fresh context per review |
| Integration | Native | GitHub, GitLab, Jenkins |
| Output | Markdown | JSON schema support |
| Best for | Quick reviews, in-flow | CI/CD, critical PRs |
# Always use these flags in CI/CD:
--sandbox read-only # Prevent file modifications
--safety-strategy drop-sudo # Revoke elevated permissions
# GitHub Actions - use secrets
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
# Never hardcode keys
# Never echo keys in logs
For public repos, use drop-sudo safety strategy to prevent Codex from reading its own API key during execution.
| Issue | Solution |
|---|---|
codex: command not found | Run npm install -g @openai/codex |
Node.js version error | Upgrade to Node.js 22+ |
Authentication failed | Re-run codex and sign in again |
API key invalid | Check OPENAI_API_KEY env var |
Timeout in CI | Add --timeout 300 flag |
Rate limited | Reduce frequency or upgrade plan |
--dangerously-bypass-approvals-and-sandbox casually - Only in isolated CI runners--sandbox read-only