Skip to content

Instantly share code, notes, and snippets.

@kevinansfield
Created March 23, 2026 15:54
Show Gist options
  • Select an option

  • Save kevinansfield/8390a8ddb1a35799a6a316906b98ae54 to your computer and use it in GitHub Desktop.

Select an option

Save kevinansfield/8390a8ddb1a35799a6a316906b98ae54 to your computer and use it in GitHub Desktop.
Codex CLI second opinion skill for Claude Code
name codex
description Get a second opinion from OpenAI Codex CLI. Three modes: review (code review with pass/fail gate), challenge (adversarial — try to break your code), and consult (ask anything with session continuity). Use when asked for "second opinion", "codex review", "codex challenge", "ask codex", or "consult codex".
allowed-tools
Bash
Read
Glob
Grep
AskUserQuestion

/codex — Second Opinion from Codex CLI

You are running the /codex skill. This wraps the OpenAI Codex CLI to get an independent second opinion from a different AI system. Present Codex output faithfully and in full.


Step 0: Verify codex is installed

which codex 2>/dev/null || echo "NOT_FOUND"

If NOT_FOUND: stop and tell the user: "Codex CLI not found. Install: npm install -g @openai/codex"


Step 1: Detect base branch

git remote -v 2>/dev/null

Use upstream remote if it exists, otherwise origin. Detect the default branch:

REMOTE=upstream; git remote | grep -q upstream || REMOTE=origin
BASE=$(git symbolic-ref refs/remotes/$REMOTE/HEAD 2>/dev/null | sed "s|refs/remotes/$REMOTE/||" || echo "main")

Step 2: Detect mode

Parse the user's input:

  1. /codex review or /codex review <instructions>Review mode (Step 3A)
  2. /codex challenge or /codex challenge <focus>Challenge mode (Step 3B)
  3. /codex resumeResume mode (Step 3D)
  4. /codex with no arguments → Auto-detect:
    • Check for a diff: git diff $REMOTE/$BASE --stat 2>/dev/null | tail -1
    • If diff exists, use AskUserQuestion:
      Codex detected changes against the base branch. What should it do?
      A) Review the diff (code review with pass/fail gate)
      B) Challenge the diff (adversarial — try to break it)
      C) Something else — I'll provide a prompt
      
    • If no diff, ask: "What would you like to ask Codex?"
  5. /codex <anything else>Consult mode (Step 3C), remaining text is the prompt

Step 3A: Review Mode

Code review against the current branch diff.

  1. Run the review (5-minute timeout):
codex review --base $BASE -c 'model_reasoning_effort="xhigh"' --skip-git-repo-check --enable web_search_cached 2>/dev/null

If the user provided custom instructions (e.g., /codex review focus on security), pass them as the prompt argument:

codex review "focus on security" --base $BASE -c 'model_reasoning_effort="xhigh"' --skip-git-repo-check --enable web_search_cached 2>/dev/null

Use timeout: 300000 on the Bash call.

  1. Present the full output verbatim:
CODEX REVIEW:
════════════════════════════════════════════════════════════
<full codex output — do not truncate or summarize>
════════════════════════════════════════════════════════════
  1. Cross-model comparison: If Claude's own /review was already run in this conversation, compare findings:
CROSS-MODEL ANALYSIS:
  Both found: [overlapping findings]
  Only Codex found: [unique to Codex]
  Only Claude found: [unique to Claude]

Step 3B: Challenge (Adversarial) Mode

Codex tries to break your code — edge cases, race conditions, security holes, failure modes.

  1. Build the prompt. Default (no focus): "Review the changes on this branch against the base. Run git diff $REMOTE/$BASE to see the diff. Find ways this code will fail in production. Think like an attacker and chaos engineer. Find edge cases, race conditions, security holes, resource leaks, failure modes, silent data corruption. Be adversarial. No compliments — just problems."

With focus (e.g., /codex challenge security): "Review the changes on this branch against the base. Run git diff $REMOTE/$BASE to see the diff. Focus on SECURITY. Find every way an attacker could exploit this code. Injection vectors, auth bypasses, privilege escalation, data exposure, timing attacks. Be adversarial."

  1. Run with JSONL parsing to capture reasoning traces (5-minute timeout):
codex exec "<prompt>" -s read-only -c 'model_reasoning_effort="xhigh"' --skip-git-repo-check --enable web_search_cached --json 2>/dev/null | python3 -c "
import sys, json
for line in sys.stdin:
    line = line.strip()
    if not line: continue
    try:
        obj = json.loads(line)
        t = obj.get('type','')
        if t == 'item.completed' and 'item' in obj:
            item = obj['item']
            itype = item.get('type','')
            text = item.get('text','')
            if itype == 'reasoning' and text:
                print(f'[codex thinking] {text}')
                print()
            elif itype == 'agent_message' and text:
                print(text)
            elif itype == 'command_execution':
                cmd = item.get('command','')
                if cmd: print(f'[codex ran] {cmd}')
        elif t == 'turn.completed':
            usage = obj.get('usage',{})
            tokens = usage.get('input_tokens',0) + usage.get('output_tokens',0)
            if tokens: print(f'\\ntokens used: {tokens}')
    except: pass
"
  1. Present the full output:
CODEX CHALLENGE:
════════════════════════════════════════════════════════════
<full output verbatim, including [codex thinking] traces>
════════════════════════════════════════════════════════════

Step 3C: Consult Mode

Ask Codex anything about the codebase with session continuity.

  1. Check for existing session:
cat .context/codex-session-id 2>/dev/null || echo "NO_SESSION"

If a session exists, ask:

You have an active Codex conversation. Continue it or start fresh?
A) Continue (Codex remembers prior context)
B) Start fresh
  1. Run codex exec with JSONL parsing (5-minute timeout):

New session:

codex exec "<prompt>" -s read-only -c 'model_reasoning_effort="xhigh"' --skip-git-repo-check --enable web_search_cached --json 2>/dev/null | python3 -c "
import sys, json
for line in sys.stdin:
    line = line.strip()
    if not line: continue
    try:
        obj = json.loads(line)
        t = obj.get('type','')
        if t == 'thread.started':
            tid = obj.get('thread_id','')
            if tid: print(f'SESSION_ID:{tid}')
        elif t == 'item.completed' and 'item' in obj:
            item = obj['item']
            itype = item.get('type','')
            text = item.get('text','')
            if itype == 'reasoning' and text:
                print(f'[codex thinking] {text}')
                print()
            elif itype == 'agent_message' and text:
                print(text)
            elif itype == 'command_execution':
                cmd = item.get('command','')
                if cmd: print(f'[codex ran] {cmd}')
        elif t == 'turn.completed':
            usage = obj.get('usage',{})
            tokens = usage.get('input_tokens',0) + usage.get('output_tokens',0)
            if tokens: print(f'\\ntokens used: {tokens}')
    except: pass
"

Resumed session:

echo "<prompt>" | codex exec --skip-git-repo-check resume --last 2>/dev/null
  1. Save session ID (from SESSION_ID: line in output) for follow-ups:
mkdir -p .context && echo "<session-id>" > .context/codex-session-id
  1. Present full output:
CODEX CONSULT:
════════════════════════════════════════════════════════════
<full output verbatim>
════════════════════════════════════════════════════════════
Session saved — run /codex again to continue this conversation.

Step 3D: Resume Mode

Resume the most recent Codex session.

echo "<user's prompt or 'continue'>" | codex exec --skip-git-repo-check resume --last 2>/dev/null

Do not pass model, reasoning, or sandbox flags when resuming — they are inherited.


Model & Reasoning

  • Model: Use whatever Codex's default is — no -m flag unless the user explicitly requests a specific model. This way Codex automatically uses the latest frontier model.
  • Reasoning effort: Always xhigh — maximum reasoning for reviews and analysis.
  • Web search: Always --enable web_search_cached so Codex can look up docs/APIs.
  • Sandbox: Default read-only. Only use workspace-write or danger-full-access if the user explicitly asks Codex to make edits or needs network access.

Critical Evaluation

Treat Codex as a colleague, not an authority. After presenting its output:

  • If you disagree with something Codex said, flag it clearly: "Note: I disagree with Codex on X because Y."
  • If unsure, research the disagreement via docs/web search before siding with either.
  • Codex has its own knowledge cutoff — it may not know about recent changes.
  • Optionally resume the session to discuss disagreements directly:
    echo "This is Claude (opus-4-6) following up. I disagree with [X] because [evidence]." | codex exec --skip-git-repo-check resume --last 2>/dev/null
  • Let the user make the final call on genuine ambiguities.

Error Handling

  • Auth error: Surface it: "Codex auth failed. Run codex login to authenticate."
  • Timeout (5 min): "Codex timed out. The diff may be too large — try a smaller scope."
  • Empty response: "Codex returned no output. Check that you're authenticated."
  • Resume failure: Delete .context/codex-session-id and start a fresh session.
  • Non-zero exit: Stop and report the error. Ask the user before retrying.

Rules

  • Present output verbatim. Never truncate or summarize Codex output.
  • Add commentary after, not instead of. Claude analysis comes after the full output.
  • 5-minute timeout on all Bash calls (timeout: 300000).
  • Always use --skip-git-repo-check on all codex commands.
  • Always append 2>/dev/null to suppress thinking tokens on stderr (unless user asks to see them).
  • Default to read-only. Only escalate sandbox when user explicitly requests edits.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment