claude-codex-review

Dual-AI automated code review: Codex finds issues, Claude fixes them — loop until clean.

中文

---

How It Works

┌───────────────────────────────────────────┐
│  1. Claude collects code to review        │
│  2. Codex reviews → structured JSON       │
│  3. Claude evaluates each issue           │
│     ├─ Disagree? → Debate with Codex      │
│     │   (max 2 rounds, then user decides) │
│  4. Any P0/P1 issues remaining?           │
│     ├─ YES → Claude fixes → tests → ↑    │
│     └─ NO  → Generate report → commit     │
│  Max 5 review rounds (safety limit)       │
└───────────────────────────────────────────┘

Two AI models working together:

• OpenAI Codex — reviews code, finds bugs, security issues, race conditions
• Claude (Anthropic) — fixes every issue, runs tests, iterates until Codex passes
• Debate mechanism — When Claude disagrees with Codex's findings, it can challenge with technical evidence. Codex re-evaluates and may withdraw, downgrade, or insist. Unresolved disputes go to the user.

Issues are classified by priority:

• P0 — Critical: bugs, data loss, security vulnerabilities
• P1 — Important: race conditions, resource leaks, missing error handling
• P2 — Minor: code style, naming, edge cases

The loop stops when Codex finds zero P0/P1 issues (P2-only = PASS).

Requirements

• Claude Code (CLI)
• OpenAI Codex CLI (npm install -g @openai/codex)
• Python 3.8+

Install

git clone https://github.com/agent-0x/claude-codex-review.git
cd claude-codex-review
./install.sh

This copies the skill to ~/.claude/skills/auto-codex-review/. Claude Code detects it automatically.

MCP Mode (optional, faster)

Add --mcp to also register Codex as an MCP server in Claude Code:

./install.sh --mcp

This runs codex mcp-server as a persistent stdio process, so reviews skip subprocess startup overhead. The skill auto-detects MCP availability and falls back to CLI if not configured.

You can also configure it manually in ~/.claude/settings.json:

{
  "mcpServers": {
    "codex": {
      "command": "codex",
      "args": ["mcp-server"],
      "type": "stdio"
    }
  }
}

Usage

In any Claude Code session, just say:

codex review

or

auto review this project

or use the slash command:

/auto-codex-review

Claude will:

1. Collect your source files (respecting .gitignore, excluding secrets)
2. Send code to Codex for review
3. Fix all issues found
4. Re-submit to Codex
5. Repeat until clean
6. Generate a review summary in docs/reviews/
7. Commit all fixes

Example Output

Auto Codex Review — my-project

Round 1/5: Calling Codex...
  Found 5 issues (P0: 1, P1: 3, P2: 1)
  Fixing all issues...
  Tests: 27/27 passed

Round 2/5: Calling Codex...
  Found 2 issues (P0: 0, P1: 1, P2: 1)
  Fixing all issues...
  Tests: 27/27 passed

Round 3/5: Calling Codex...
  Found 0 issues
  Verdict: PASS

Summary:
  Rounds: 3
  Total issues fixed: 7 (P0: 1, P1: 4, P2: 2)
  Files modified: 4
  Review doc: docs/reviews/2026-03-05-my-project.md

Safety

• Secrets, .env files, API keys, and credentials are never sent to Codex
• Tests are run after every fix round — broken tests block the loop
• Staleness detection stops infinite loops (max 5 rounds, oscillation detection)
• Debate mechanism prevents unnecessary fixes — Claude can challenge false positives with evidence
• The script recomputes the verdict from issues — it does not trust the model's self-reported verdict

Uninstall

./uninstall.sh

License

MIT