codex-code-review

Automate code review remediation loops with the codex CLI. Requests reviews from codex, classifies findings by severity (P0-P4), fixes critical issues (P0/P1) through iterative cycles, defers quality improvements to backlog, and escalates after 3 review cycles. Use when working with code that needs structured remediation: 'codex review' in a request triggers this workflow.

13 stars

Best use case

codex-code-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Automate code review remediation loops with the codex CLI. Requests reviews from codex, classifies findings by severity (P0-P4), fixes critical issues (P0/P1) through iterative cycles, defers quality improvements to backlog, and escalates after 3 review cycles. Use when working with code that needs structured remediation: 'codex review' in a request triggers this workflow.

Teams using codex-code-review should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/codex-code-review/SKILL.md --create-dirs "https://raw.githubusercontent.com/NickCrew/Claude-Cortex/main/skills/codex-code-review/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/codex-code-review/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How codex-code-review Compares

Feature / Agentcodex-code-reviewStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Automate code review remediation loops with the codex CLI. Requests reviews from codex, classifies findings by severity (P0-P4), fixes critical issues (P0/P1) through iterative cycles, defers quality improvements to backlog, and escalates after 3 review cycles. Use when working with code that needs structured remediation: 'codex review' in a request triggers this workflow.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Codex Code Review Loop

## Overview

This skill orchestrates the complete remediation workflow for code under review by the codex agent. It handles:

- **Requesting reviews** from codex using the `codex --full-auto c` CLI
- **Parsing review output** to identify P0 (security/correctness), P1 (reliability), P2-P4 (quality) findings
- **Remediating critical issues** through up to 3 review-fix-review cycles
- **Deferring quality improvements** to backlog with implementation plans and `origin:ai-review` labels
- **Monorepo handling** for selective file commits when working alongside other agents
- **Circuit breaker escalation** after 3 cycles if P0/P1 issues persist

## When to Use

Trigger this skill when code requires codex review. Common usage patterns:

- **"codex review this code"** — Initiate review loop on current changes
- **"run codex review on my changes"** — Same as above
- **"codex review --uncommitted"** — Review all uncommitted changes
- **"codex review --commit <SHA>"** — Review specific commit in monorepo
- **Questions about codex** (e.g., "how does codex work?") — Do not trigger this skill; answer directly

**Do not trigger on questions.** Only activate for direct review requests.

---

## The Review Loop: Step by Step

```
ENTRY: User requests codex review or skill is triggered by "codex review" in a message

┌──────────────────────────┐
│ 1. INVOKE CODEX REVIEW   │ ← Run: codex --full-auto c [--uncommitted|--commit <SHA>|--base <BRANCH>]
└──────┬───────────────────┘   Output goes to .agent/reviews/review-<timestamp>.md
       │
       ▼
┌──────────────────────────┐
│ 2. READ & PARSE REVIEW   │ ← Read markdown file, extract P0/P1/P2-P4 findings and verdict
└──────┬───────────────────┘
       │
       ├─────────────────────────────────────────┐
       │                                         │
       ▼                                         ▼
  ANY P0/P1?              NO         FILE P2-P4 ISSUES → Exit loop
       │                              (via backlog CLI)
       │ YES                         Create issue per finding with
       │                             - label: origin:ai-review
  ┌────────────────┐                - Implementation plan
  │ 3. REMEDIATE   │                - Priority (P2 or P3)
  │ P0/P1 FINDINGS │
  └────┬───────────┘
       │ (amend commit or new changes)
       │
       ▼
  ┌──────────────────────┐
  │ 4. LOOP CHECK        │
  │ Cycle count < 3?     │
  └────┬───────────────┬─┘
       │ YES           │ NO
       │               └─→ SUMMARIZE & ASK USER TO CONTINUE
       │                   (or exit if user declines)
       ▼
  Re-run codex review (step 1, same files/scope)
  Loop back to step 2
```

### Cycle Management

- **Cycle 1**: Initial review after implementation
- **Cycle 2**: After first remediation
- **Cycle 3**: After second remediation
- **After Cycle 3**: If P0/P1 remain, stop. Summarize findings and ask user if they want to continue (rare; usually indicates design-level issues)

---

## Decision Tree: Handling Findings

### When review shows P0/P1 findings (verdict: REQUEST CHANGES)

1. Read the codex review markdown file
2. Extract each P0 and P1 finding with:
   - Finding ID and title
   - File location
   - Suggested fix
3. Fix ONLY the cited findings in the code
4. Do NOT refactor, do NOT introduce new functionality
5. If a fix requires significant design changes, note this and let codex re-evaluate on next cycle
6. Amend your commit OR create a new one (user's choice via git config; by default amend to keep one commit at end)
7. Increment cycle counter and re-run codex review

### When review shows P2-P4 findings (verdict: APPROVE or PASS WITH ISSUES)

1. For each P2/P3 finding, decide:
   - **Fix now**: You have discretion; implement the improvement in the same cycle
   - **Defer**: Create a backlog issue with:
     - Type label: `remediation`
     - Severity label: `P2` or `P3`
     - Custom label: `origin:ai-review`
     - Implementation plan based on codex's suggested approach
     - Acceptance criteria from the review

2. Examples:
   ```
   # P2 finding deferred to backlog
   backlog task create "Code clarity: add docstring to validateInput()" \
     -d "Review finding: missing documentation on public function" \
     -l remediation -p 2 \
     --ac "Add docstring explaining parameter types and return value" \
     --plan "Add JSDoc comment above function definition per project style"
   ```

### When review shows no findings (verdict: APPROVE)

Exit the loop. Code is clean. Proceed to test review (if applicable) or commit for merge.

---

## Monorepo Handling

In a monorepo with multiple agents, be selective about what you commit and what scope you review.

### Scenario 1: Only Your Changes

If the working directory has ONLY your changes:
```bash
codex --full-auto c --uncommitted
```
Commit your changes once review loop completes.

### Scenario 2: Mixed Changes (You + Other Agents)

If there are untracked or uncommitted changes from other agents:
1. Commit ONLY your files first:
   ```bash
   git add <your-files-only>
   git commit -m "Your commit message"
   ```
2. Note the commit SHA
3. Run review on your commit:
   ```bash
   codex --full-auto c --commit <SHA>
   ```
4. Remediate by amending your commit:
   ```bash
   git add <fixed-files>
   git commit --amend --no-edit
   ```
   (Preserve the original message; the amend adds the fixes)
5. Loop back to review as normal

**Result:** One clean commit with your changes and fixes. Other agents' work remains separate.

---

## File Locations

- **Review output:** `.agent/reviews/review-<timestamp>.md` (relative to project root)
- **One review file per cycle** — new file created on each `codex --full-auto c` invocation
- **Always read the latest file** — check the timestamp to ensure you're reading the current cycle's review

---

## Bundled References

**See `references/codex-cli-reference.md`** for:
- Complete codex CLI syntax and invocation patterns
- How to select `--uncommitted` vs. `--commit` vs. `--base`
- When to use each mode

**See `references/review-format.md`** for:
- Structure of the review markdown output
- How to parse P0/P1/P2/P3 sections
- How to identify the verdict (APPROVE / REQUEST CHANGES / BLOCKED)
- Example review output

**See `references/backlog-integration.md`** for:
- How to create backlog issues from deferred findings
- Label and priority conventions
- Implementation plan templates
- Examples of issues filed from reviews

**See `scripts/parse_codex_review.sh`** for:
- Helper script to extract findings from review markdown
- Counts P0/P1/P2/P3 per cycle
- Quick verdict extraction

---

## Key Rules

1. **All P0/P1 must be fixed** before exiting the loop. No exceptions.
2. **P2-P4 can be deferred** to backlog or fixed at your discretion.
3. **File one issue per finding** — do not batch unrelated P2/P3s into one issue.
4. **Deferred issues must include a plan** — codex identified the problem; you provide the structured approach.
5. **Amend commits** (not new commits) during remediation so you end with one clean commit.
6. **Max 3 review cycles** — after cycle 3, if P0/P1 remain, summarize and ask user to continue.
7. **In monorepos, commit selectively** — review and fix only the files you touched.

---

## Escalation: When Circuit Breaker Triggers

After 3 review cycles, if P0/P1 findings persist:

1. Stop remediating. Do not attempt a 4th cycle.
2. Produce a structured summary including:
   - What was attempted in each cycle
   - What P0/P1 findings remain
   - Why they persist (agent assessment — design issue? conflicting requirements? ambiguity in spec?)
   - Recommended human action
3. Present this summary to the user and ask how to proceed.

Escalation usually indicates the original task spec needs clarification or the code requires architectural changes beyond remediation scope.

---

## Integration with Other Skills

- **backlog-md**: File deferred P2/P3 findings using `backlog task create` with `origin:ai-review` label
- **git-ops**: Commit handling, amending, and selective staging in monorepos
- **requesting-code-review**: Use after codex review loop completes if human code review is also required

---

## Quick Reference: The Full Workflow

```
1. User: "codex review"
        │
        ▼
2. Invoke: codex --full-auto c --uncommitted
        │
        ▼
3. Read: .agent/reviews/review-<timestamp>.md
        │
        ├─────────────────────────────────────────┐
        ▼                                         ▼
   P0/P1 FOUND?              NO         FILE P2-P4 ISSUES
   ├─ YES: Fix + Loop ────────────────► backlog task create ... --plan "..."
   └─ NO: File P2-P4 → Exit            (each finding = one issue)
        │
        ├─ Cycle 1 → Fix → Review
        ├─ Cycle 2 → Fix → Review
        ├─ Cycle 3 → Fix → Review
        │
        └─ If P0/P1 remain → Summarize + Ask User
                │
                └─► Continue? (rare) / Stop & Escalate
```

Related Skills

ux-review

13
from NickCrew/Claude-Cortex

Multi-perspective UX review combining usability heuristics, WCAG accessibility checks, and interaction design analysis. Use when reviewing UI components before release, evaluating user flows for usability issues, conducting design critiques, or auditing accessibility compliance.

test-review

13
from NickCrew/Claude-Cortex

Review test quality and audit test coverage for any module. This skill should be used when reviewing existing tests, auditing test gaps, writing new tests, or when asked to assess test health. It pipelines testing standards into the audit workflow to produce a prioritized gap report. The output is a report, not code — do not write test implementations until the report is reviewed.

requesting-code-review

13
from NickCrew/Claude-Cortex

Use when completing tasks, implementing major features, or before merging to verify work meets requirements - dispatches superpowers:code-reviewer subagent to review implementation against plan or requirements before proceeding

receiving-code-review

13
from NickCrew/Claude-Cortex

Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable - requires technical rigor and verification, not performative agreement or blind implementation

multi-specialist-review

13
from NickCrew/Claude-Cortex

User-triggered multi-agent code review. Spawns 3-5 parallel specialist sub-agents that read actual source files, runs mechanical citation verification, and synthesizes a single review artifact. Use for PR-level changes, multi-commit ranges, or security-sensitive work where single-turn review is insufficient.

html-seo-review

13
from NickCrew/Claude-Cortex

Audit static HTML files for on-page SEO, content quality, easy-win performance signals, and crawlability. This skill should be used when the user asks to review, audit, or check the SEO of one or more static HTML files — e.g., "review the HTML for SEO issues", "audit this landing page", "check SEO on these pages before I publish". Static HTML only — does not cover Jekyll/Hugo/Astro/Next.js source, off-page factors, or live-rendered Core Web Vitals.

doc-architecture-review

13
from NickCrew/Claude-Cortex

Evaluate documentation information architecture: navigation paths, discoverability, progressive disclosure, cross-linking, and mental model alignment. This skill should be used when restructuring docs, adding new sections, or when users report difficulty finding information.

ai-tells-review

13
from NickCrew/Claude-Cortex

User-invoked structural review for subtle AI tells in prose artifacts — rhythm patterns, rhetorical reflexes, hedging cadence, performative emphasis, and the structural shapes that mark text as machine-generated even after surface tells are cleaned up. Produces a findings report citing each tell by line with a fix-direction, then offers a rewrite pass. Use on artifacts that matter: public READMEs, shipped documentation, blog posts, anything where prose-as-artifact is the deliverable. Layers on top of ai-tells-scan, which handles the mechanical surface pass; this skill handles the judgment-based structural pass that a regex can't catch. Trigger on "review for AI tells," "does this read AI," "strip the AI smell," "make this less AI," or any similar request whose deliverable is structural prose surgery.

writing-skills

13
from NickCrew/Claude-Cortex

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization

workflow-security-audit

13
from NickCrew/Claude-Cortex

Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.

workflow-performance

13
from NickCrew/Claude-Cortex

Systematic performance analysis and optimization. Use when things are slow, need optimization, or preparing for scale.

workflow-feature

13
from NickCrew/Claude-Cortex

Complete feature development workflow from design to deployment. Use when implementing new features or functionality.