| name | codex | |||||
|---|---|---|---|---|---|---|
| description | Get a second opinion from OpenAI Codex CLI. Three modes: review (code review with pass/fail gate), challenge (adversarial — try to break your code), and consult (ask anything with session continuity). Use when asked for "second opinion", "codex review", "codex challenge", "ask codex", or "consult codex". | |||||
| allowed-tools |
|
You are running the /codex skill. This wraps the OpenAI Codex CLI to get an independent
second opinion from a different AI system. Present Codex output faithfully and in full.
which codex 2>/dev/null || echo "NOT_FOUND"If NOT_FOUND: stop and tell the user:
"Codex CLI not found. Install: npm install -g @openai/codex"
git remote -v 2>/dev/nullUse upstream remote if it exists, otherwise origin. Detect the default branch:
REMOTE=upstream; git remote | grep -q upstream || REMOTE=origin
BASE=$(git symbolic-ref refs/remotes/$REMOTE/HEAD 2>/dev/null | sed "s|refs/remotes/$REMOTE/||" || echo "main")Parse the user's input:
/codex reviewor/codex review <instructions>→ Review mode (Step 3A)/codex challengeor/codex challenge <focus>→ Challenge mode (Step 3B)/codex resume→ Resume mode (Step 3D)/codexwith no arguments → Auto-detect:- Check for a diff:
git diff $REMOTE/$BASE --stat 2>/dev/null | tail -1 - If diff exists, use AskUserQuestion:
Codex detected changes against the base branch. What should it do? A) Review the diff (code review with pass/fail gate) B) Challenge the diff (adversarial — try to break it) C) Something else — I'll provide a prompt - If no diff, ask: "What would you like to ask Codex?"
- Check for a diff:
/codex <anything else>→ Consult mode (Step 3C), remaining text is the prompt
Code review against the current branch diff.
- Run the review (5-minute timeout):
codex review --base $BASE -c 'model_reasoning_effort="xhigh"' --skip-git-repo-check --enable web_search_cached 2>/dev/nullIf the user provided custom instructions (e.g., /codex review focus on security),
pass them as the prompt argument:
codex review "focus on security" --base $BASE -c 'model_reasoning_effort="xhigh"' --skip-git-repo-check --enable web_search_cached 2>/dev/nullUse timeout: 300000 on the Bash call.
- Present the full output verbatim:
CODEX REVIEW:
════════════════════════════════════════════════════════════
<full codex output — do not truncate or summarize>
════════════════════════════════════════════════════════════
- Cross-model comparison: If Claude's own
/reviewwas already run in this conversation, compare findings:
CROSS-MODEL ANALYSIS:
Both found: [overlapping findings]
Only Codex found: [unique to Codex]
Only Claude found: [unique to Claude]
Codex tries to break your code — edge cases, race conditions, security holes, failure modes.
- Build the prompt. Default (no focus):
"Review the changes on this branch against the base. Run
git diff $REMOTE/$BASEto see the diff. Find ways this code will fail in production. Think like an attacker and chaos engineer. Find edge cases, race conditions, security holes, resource leaks, failure modes, silent data corruption. Be adversarial. No compliments — just problems."
With focus (e.g., /codex challenge security):
"Review the changes on this branch against the base. Run git diff $REMOTE/$BASE to see the diff. Focus on SECURITY. Find every way an attacker could exploit this code. Injection vectors, auth bypasses, privilege escalation, data exposure, timing attacks. Be adversarial."
- Run with JSONL parsing to capture reasoning traces (5-minute timeout):
codex exec "<prompt>" -s read-only -c 'model_reasoning_effort="xhigh"' --skip-git-repo-check --enable web_search_cached --json 2>/dev/null | python3 -c "
import sys, json
for line in sys.stdin:
line = line.strip()
if not line: continue
try:
obj = json.loads(line)
t = obj.get('type','')
if t == 'item.completed' and 'item' in obj:
item = obj['item']
itype = item.get('type','')
text = item.get('text','')
if itype == 'reasoning' and text:
print(f'[codex thinking] {text}')
print()
elif itype == 'agent_message' and text:
print(text)
elif itype == 'command_execution':
cmd = item.get('command','')
if cmd: print(f'[codex ran] {cmd}')
elif t == 'turn.completed':
usage = obj.get('usage',{})
tokens = usage.get('input_tokens',0) + usage.get('output_tokens',0)
if tokens: print(f'\\ntokens used: {tokens}')
except: pass
"- Present the full output:
CODEX CHALLENGE:
════════════════════════════════════════════════════════════
<full output verbatim, including [codex thinking] traces>
════════════════════════════════════════════════════════════
Ask Codex anything about the codebase with session continuity.
- Check for existing session:
cat .context/codex-session-id 2>/dev/null || echo "NO_SESSION"If a session exists, ask:
You have an active Codex conversation. Continue it or start fresh?
A) Continue (Codex remembers prior context)
B) Start fresh
- Run codex exec with JSONL parsing (5-minute timeout):
New session:
codex exec "<prompt>" -s read-only -c 'model_reasoning_effort="xhigh"' --skip-git-repo-check --enable web_search_cached --json 2>/dev/null | python3 -c "
import sys, json
for line in sys.stdin:
line = line.strip()
if not line: continue
try:
obj = json.loads(line)
t = obj.get('type','')
if t == 'thread.started':
tid = obj.get('thread_id','')
if tid: print(f'SESSION_ID:{tid}')
elif t == 'item.completed' and 'item' in obj:
item = obj['item']
itype = item.get('type','')
text = item.get('text','')
if itype == 'reasoning' and text:
print(f'[codex thinking] {text}')
print()
elif itype == 'agent_message' and text:
print(text)
elif itype == 'command_execution':
cmd = item.get('command','')
if cmd: print(f'[codex ran] {cmd}')
elif t == 'turn.completed':
usage = obj.get('usage',{})
tokens = usage.get('input_tokens',0) + usage.get('output_tokens',0)
if tokens: print(f'\\ntokens used: {tokens}')
except: pass
"Resumed session:
echo "<prompt>" | codex exec --skip-git-repo-check resume --last 2>/dev/null- Save session ID (from
SESSION_ID:line in output) for follow-ups:
mkdir -p .context && echo "<session-id>" > .context/codex-session-id- Present full output:
CODEX CONSULT:
════════════════════════════════════════════════════════════
<full output verbatim>
════════════════════════════════════════════════════════════
Session saved — run /codex again to continue this conversation.
Resume the most recent Codex session.
echo "<user's prompt or 'continue'>" | codex exec --skip-git-repo-check resume --last 2>/dev/nullDo not pass model, reasoning, or sandbox flags when resuming — they are inherited.
- Model: Use whatever Codex's default is — no
-mflag unless the user explicitly requests a specific model. This way Codex automatically uses the latest frontier model. - Reasoning effort: Always
xhigh— maximum reasoning for reviews and analysis. - Web search: Always
--enable web_search_cachedso Codex can look up docs/APIs. - Sandbox: Default
read-only. Only useworkspace-writeordanger-full-accessif the user explicitly asks Codex to make edits or needs network access.
Treat Codex as a colleague, not an authority. After presenting its output:
- If you disagree with something Codex said, flag it clearly: "Note: I disagree with Codex on X because Y."
- If unsure, research the disagreement via docs/web search before siding with either.
- Codex has its own knowledge cutoff — it may not know about recent changes.
- Optionally resume the session to discuss disagreements directly:
echo "This is Claude (opus-4-6) following up. I disagree with [X] because [evidence]." | codex exec --skip-git-repo-check resume --last 2>/dev/null
- Let the user make the final call on genuine ambiguities.
- Auth error: Surface it: "Codex auth failed. Run
codex loginto authenticate." - Timeout (5 min): "Codex timed out. The diff may be too large — try a smaller scope."
- Empty response: "Codex returned no output. Check that you're authenticated."
- Resume failure: Delete
.context/codex-session-idand start a fresh session. - Non-zero exit: Stop and report the error. Ask the user before retrying.
- Present output verbatim. Never truncate or summarize Codex output.
- Add commentary after, not instead of. Claude analysis comes after the full output.
- 5-minute timeout on all Bash calls (
timeout: 300000). - Always use
--skip-git-repo-checkon all codex commands. - Always append
2>/dev/nullto suppress thinking tokens on stderr (unless user asks to see them). - Default to read-only. Only escalate sandbox when user explicitly requests edits.