Claude Code Plugins

Community-maintained marketplace

Feedback

codex-review-workflow

@daffy0208/ai-dev-standards
1
0

Automated code review workflow using OpenAI Codex CLI. Implements iterative fix-and-review cycles until code passes validation or reaches iteration limit. Use when building features requiring automated code validation, security checks, or quality assurance through Codex CLI.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name codex-review-workflow
version 1.0.0
description Automated code review workflow using OpenAI Codex CLI. Implements iterative fix-and-review cycles until code passes validation or reaches iteration limit. Use when building features requiring automated code validation, security checks, or quality assurance through Codex CLI.
category automation
tags automation, code-review, quality, testing
triggers review with codex, run codex review, automated code review, validate with codex, codex cli
prerequisites Codex CLI installed and available, Git repository (or --skip-git-repo-check flag)
related_skills testing-strategist, security-engineer, quality-auditor, technical-writer
related_mcps code-quality-scanner, security-scanner

Codex Review Workflow

Overview

Automated code review workflow using OpenAI Codex CLI. Implements iterative fix-and-review cycles to ensure code quality through automated validation.

Use when: Building features that require automated code review, iterative refinement cycles, or validation against specific quality standards using Codex CLI.

When to Use This Skill

Use this skill when:

  • User explicitly requests Codex CLI review (e.g., "Review this with Codex")
  • Implementing features that require automated code validation
  • Building code that must meet specific quality standards
  • Iterative review and refinement is needed
  • Validating security, bugs, and best practices automatically

Skip this skill when:

  • User only wants manual code review
  • Codex CLI is not available in the environment
  • Task is purely exploratory or research-based
  • Simple code that doesn't require formal review

Prerequisites

  • Codex CLI installed and available on PATH
  • Git repository (or use --skip-git-repo-check flag)
  • Verify installation: codex --version

Core Workflow

This skill follows a structured 6-step process:

1. Complete the Coding Task

Implement the user's requested feature using standard best practices. Ensure code is well-structured before submitting for review.

Track progress with TodoWrite:

  • Implement the requested feature/fix
  • Run initial Codex CLI review
  • Fix issues found in review (if any)
  • Run final Codex CLI review
  • Report final status

2. Run Initial Codex CLI Review

Git requirement: Codex CLI requires a git repository. If not in a git repo, run git init first, or use --skip-git-repo-check flag (not recommended for production).

Execute Codex CLI review using codex exec (NOT codex review):

# For a specific file
codex exec "Review the code in <file_name> for bugs, security issues, best practices, and potential improvements. Provide specific, actionable feedback with line numbers and examples."

# For multiple files
codex exec "Review the files auth.py, user.py, and session.py for bugs, security issues, best practices, and potential improvements. Provide specific feedback for each file."

# With working directory context
codex exec "Review the code in email_validator.py for bugs, security issues, best practices, and potential improvements. Provide specific feedback." -C /path/to/project

# With specific model
codex exec "Review <file_name>..." -m gpt-5-codex

# With custom configuration
codex exec "Review <file_name>..." -c model="o3"

Key points:

  • Be specific in prompts about what to review
  • Request line numbers and specific examples
  • Use appropriate timeout (120000ms = 2 minutes recommended)

3. Analyze Review Results

Codex CLI returns structured markdown output with variable formats. Look for:

Critical issue indicators (MUST FIX):

  • Sections: Bug, Security, Key Issues, Key Findings
  • Severity markers: "High:", "Medium:", "critical", "vulnerability"

Quality improvements (LOWER PRIORITY):

  • Sections: Maintainability, Usability, Best Practices, Suggestions
  • Severity markers: "Low:"

Confirmation indicators (success):

  • Sections: Resolved Checks, Review, Review Findings
  • Phrases: "No remaining findings", "All issues resolved", "All [N] issues look resolved"
  • Check marks (✅) or confirmation language

Decision criteria:

  • Complete: No Bug/Security/Key Issues sections AND only suggestions remain
  • Complete: Resolved Checks with all previous issues confirmed fixed
  • Complete: Phrases like "No remaining findings" or "All issues resolved"
  • Continue: Bug/Security/Key Issues sections present → Proceed to step 4

4. Fix Identified Issues

For each issue identified:

  1. Locate the problematic code
  2. Understand the issue
  3. Apply the fix using Edit tool
  4. Document what changed and why

Best practices:

  • Fix all issues in a single iteration before re-reviewing
  • Prioritize critical errors over warnings
  • Explain each fix clearly to the user
  • Preserve functionality while addressing issues

5. Run Follow-up Codex CLI Review

After applying fixes, run targeted review:

codex exec "Review the updated <file_name> code. Check if the previous issues have been fixed: 1) issue description, 2) issue description, etc. Report any remaining issues or confirm the code is now correct."

This helps Codex:

  • Focus on whether specific issues were resolved
  • Identify any new problems introduced
  • Provide clear pass/fail confirmation

Analyze results:

  • All issues fixed: Mark workflow complete, report success
  • Issues remain: Determine whether to iterate (check limits)

6. Handle Iteration Limits

Maximum iterations: 2 review cycles (initial + 1 re-review)

Why limit:

  • Prevents infinite loops
  • Some issues require human judgment
  • Complex problems need architectural changes

When max reached:

  1. Mark current task status in TodoWrite
  2. Summarize what was fixed and what remains
  3. Show final Codex CLI output to user
  4. Ask user whether to:
    • Continue with manual fixes
    • Adjust the approach
    • Accept current state

Examples

Example 1: Simple Fix Workflow

User: "Add a function to calculate fibonacci numbers and review it with Codex"

Claude:
1. Creates fibonacci function
2. Checks for git repo, runs git init if needed
3. Runs: codex exec "Review fibonacci.py for bugs, edge cases, and best practices."
4. Codex output:
   - **Bug** `fibonacci.py:5`: Missing input validation for negative numbers
   - **Maintainability** `fibonacci.py:10`: Consider adding type hints
5. Adds input validation and type hints
6. Runs: codex exec "Review updated fibonacci.py. Check if input validation added."
7. Codex output:
   **Resolved Checks**
   - `fibonacci.py:5` Input validation is now present
   - `fibonacci.py:10` Type hints added
8. Reports completion

Example 2: Multiple Iterations (Security)

User: "Implement user authentication and run through Codex review"

Claude:
1. Implements auth system across multiple files
2. Runs: codex exec "Review auth.py, user.py, session.py for security vulnerabilities."
3. Codex output:
   - **Security** `auth.py:23`: Password stored without hashing
   - **Security** `session.py:45`: Session tokens don't expire
   - **Bug** `user.py:67`: SQL injection vulnerability
   - **Security** `auth.py:89`: Missing CSRF protection
   - **Bug** `user.py:12`: No input validation
4. Fixes all 5 issues
5. Runs targeted review: "Check if these issues are fixed: password hashing, session expiration, SQL injection, CSRF, input validation."
6. Codex output:
   **Resolved Checks**
   - All 5 issues confirmed fixed
   **Findings**
   - Minor style suggestions
7. Reached iteration limit (2 reviews)
8. Reports: "All critical security issues fixed. Minor style suggestions remain."
9. Asks user about style fixes

Example 3: First-Pass Success

User: "Write a date formatter helper, review with Codex"

Claude:
1. Creates date formatting function with error handling
2. Runs: codex exec "Review utils/date_formatter.py for bugs, edge cases."
3. Codex output:
   No bugs or critical issues. Code properly handles:
   - None values with error messages
   - Invalid format strings
   - Timezone conversions
   **Suggestions**
   - Could add more detailed error messages
4. Reviews suggestion, decides optional for current use case
5. Marks task complete

Integration Notes

Codex CLI Commands

# Basic review
codex exec "Review <file_name> for bugs, security issues, best practices. Provide specific feedback with line numbers."

# With working directory
codex exec "Review <file_name>..." -C /path/to/project

# With specific model
codex exec "Review <file_name>..." -m gpt-5-codex

# Skip git check (not recommended)
codex exec "Review <file_name>..." --skip-git-repo-check

Git Repository Requirement

# Check if in git repo
git status

# Initialize if needed
git init

# Alternative: skip check
codex exec "..." --skip-git-repo-check

Error Handling

Codex CLI not found:

  • Check: which codex or codex --version
  • Inform user Codex CLI unavailable
  • Offer to complete task without automated review

Git repository error:

  • Error: "Not inside trusted directory and --skip-git-repo-check not specified"
  • Solution: Run git init
  • Alternative: Add --skip-git-repo-check

Codex CLI errors:

  • Common errors:
    • unexpected argument - Check syntax, use codex exec not codex review
    • Authentication errors - User may need codex login
  • Attempt once more with corrected parameters
  • If persistent, ask user for guidance

Ambiguous results:

  • If unsure about pass/fail, err on side of caution
  • Look for "Key Issues" vs "Suggestions" sections
  • Show output to user and ask for clarification

Long-running reviews:

  • Codex may take 30-120 seconds for complex reviews
  • Use appropriate timeout (120000ms recommended)

Best Practices

  1. Always use TodoWrite for workflow step tracking
  2. Show Codex output at each review stage
  3. Explain fixes clearly - avoid silent fixes
  4. Respect iteration limits - avoid infinite loops
  5. Preserve functionality - address issues without breaking features
  6. Ask when uncertain - consult user when feedback is ambiguous

Customization Options

  • Adjust iteration limits (default: 2 reviews)
  • Specify custom Codex CLI commands
  • Provide configuration file for Codex rules
  • Define files to include/exclude from review
  • Set severity thresholds (errors only vs warnings)

Related Skills

  • testing-strategist: For creating test suites to complement code review
  • security-engineer: For manual security reviews and threat modeling
  • quality-auditor: For comprehensive quality assessments
  • technical-writer: For documenting review findings and improvements

Tools & Dependencies

Required:

  • Codex CLI (OpenAI)
  • Git (for repository context)

Recommended:

  • TodoWrite tool (progress tracking)
  • Edit tool (applying fixes)

Tips for Success

  1. Write good initial code - Better starting point = fewer iterations
  2. Be specific in review prompts - "Check for SQL injection in login function" vs "Review this"
  3. Group related files - Review auth system as a whole, not file-by-file
  4. Fix all issues at once - More efficient than fixing one at a time
  5. Use targeted follow-up prompts - Ask about specific fixes, not general review
  6. Know when to stop - Some issues require human judgment or architectural changes

Skill Type: Automation Difficulty: Intermediate Estimated Time: Varies by task (review: 1-2min, fixes: 5-30min per iteration) Integration: Codex CLI, Git