>_

codex-review-workflow

Automated code review workflow using OpenAI Codex CLI. Implements iterative fix-and-review cycles until code passes validation or reaches iteration limit. Use when building features requiring automated code validation, security checks, or quality assurance through Codex CLI.

$ 설치

git clone https://github.com/daffy0208/ai-dev-standards /tmp/ai-dev-standards && cp -r /tmp/ai-dev-standards/skills/codex-review-workflow ~/.claude/skills/ai-dev-standards

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: codex-review-workflow version: 1.0.0 description: Automated code review workflow using OpenAI Codex CLI. Implements iterative fix-and-review cycles until code passes validation or reaches iteration limit. Use when building features requiring automated code validation, security checks, or quality assurance through Codex CLI. category: automation tags:

  • automation
  • code-review
  • quality
  • testing triggers:
  • 'review with codex'
  • 'run codex review'
  • 'automated code review'
  • 'validate with codex'
  • 'codex cli' prerequisites:
  • Codex CLI installed and available
  • Git repository (or --skip-git-repo-check flag) related_skills:
  • testing-strategist
  • security-engineer
  • quality-auditor
  • technical-writer related_mcps:
  • code-quality-scanner
  • security-scanner

Codex Review Workflow

Overview

Automated code review workflow using OpenAI Codex CLI. Implements iterative fix-and-review cycles to ensure code quality through automated validation.

Use when: Building features that require automated code review, iterative refinement cycles, or validation against specific quality standards using Codex CLI.

When to Use This Skill

Use this skill when:

  • User explicitly requests Codex CLI review (e.g., "Review this with Codex")
  • Implementing features that require automated code validation
  • Building code that must meet specific quality standards
  • Iterative review and refinement is needed
  • Validating security, bugs, and best practices automatically

Skip this skill when:

  • User only wants manual code review
  • Codex CLI is not available in the environment
  • Task is purely exploratory or research-based
  • Simple code that doesn't require formal review

Prerequisites

  • Codex CLI installed and available on PATH
  • Git repository (or use --skip-git-repo-check flag)
  • Verify installation: codex --version

Core Workflow

This skill follows a structured 6-step process:

1. Complete the Coding Task

Implement the user's requested feature using standard best practices. Ensure code is well-structured before submitting for review.

Track progress with TodoWrite:

  • Implement the requested feature/fix
  • Run initial Codex CLI review
  • Fix issues found in review (if any)
  • Run final Codex CLI review
  • Report final status

2. Run Initial Codex CLI Review

Git requirement: Codex CLI requires a git repository. If not in a git repo, run git init first, or use --skip-git-repo-check flag (not recommended for production).

Execute Codex CLI review using codex exec (NOT codex review):

# For a specific file
codex exec "Review the code in <file_name> for bugs, security issues, best practices, and potential improvements. Provide specific, actionable feedback with line numbers and examples."

# For multiple files
codex exec "Review the files auth.py, user.py, and session.py for bugs, security issues, best practices, and potential improvements. Provide specific feedback for each file."

# With working directory context
codex exec "Review the code in email_validator.py for bugs, security issues, best practices, and potential improvements. Provide specific feedback." -C /path/to/project

# With specific model
codex exec "Review <file_name>..." -m gpt-5-codex

# With custom configuration
codex exec "Review <file_name>..." -c model="o3"

Key points:

  • Be specific in prompts about what to review
  • Request line numbers and specific examples
  • Use appropriate timeout (120000ms = 2 minutes recommended)

3. Analyze Review Results

Codex CLI returns structured markdown output with variable formats. Look for:

Critical issue indicators (MUST FIX):

  • Sections: Bug, Security, Key Issues, Key Findings
  • Severity markers: "High:", "Medium:", "critical", "vulnerability"

Quality improvements (LOWER PRIORITY):

  • Sections: Maintainability, Usability, Best Practices, Suggestions
  • Severity markers: "Low:"

Confirmation indicators (success):

  • Sections: Resolved Checks, Review, Review Findings
  • Phrases: "No remaining findings", "All issues resolved", "All [N] issues look resolved"
  • Check marks (✅) or confirmation language

Decision criteria:

  • Complete: No Bug/Security/Key Issues sections AND only suggestions remain
  • Complete: Resolved Checks with all previous issues confirmed fixed
  • Complete: Phrases like "No remaining findings" or "All issues resolved"
  • Continue: Bug/Security/Key Issues sections present → Proceed to step 4

4. Fix Identified Issues

For each issue identified:

  1. Locate the problematic code
  2. Understand the issue
  3. Apply the fix using Edit tool
  4. Document what changed and why

Best practices:

  • Fix all issues in a single iteration before re-reviewing
  • Prioritize critical errors over warnings
  • Explain each fix clearly to the user
  • Preserve functionality while addressing issues

5. Run Follow-up Codex CLI Review

After applying fixes, run targeted review:

codex exec "Review the updated <file_name> code. Check if the previous issues have been fixed: 1) issue description, 2) issue description, etc. Report any remaining issues or confirm the code is now correct."

This helps Codex:

  • Focus on whether specific issues were resolved
  • Identify any new problems introduced
  • Provide clear pass/fail confirmation

Analyze results:

  • All issues fixed: Mark workflow complete, report success
  • Issues remain: Determine whether to iterate (check limits)

6. Handle Iteration Limits

Maximum iterations: 2 review cycles (initial + 1 re-review)

Why limit:

  • Prevents infinite loops
  • Some issues require human judgment
  • Complex problems need architectural changes

When max reached:

  1. Mark current task status in TodoWrite
  2. Summarize what was fixed and what remains
  3. Show final Codex CLI output to user
  4. Ask user whether to:
    • Continue with manual fixes
    • Adjust the approach
    • Accept current state

Examples

Example 1: Simple Fix Workflow

User: "Add a function to calculate fibonacci numbers and review it with Codex"

Claude:
1. Creates fibonacci function
2. Checks for git repo, runs git init if needed
3. Runs: codex exec "Review fibonacci.py for bugs, edge cases, and best practices."
4. Codex output:
   - **Bug** `fibonacci.py:5`: Missing input validation for negative numbers
   - **Maintainability** `fibonacci.py:10`: Consider adding type hints
5. Adds input validation and type hints
6. Runs: codex exec "Review updated fibonacci.py. Check if input validation added."
7. Codex output:
   **Resolved Checks**
   - `fibonacci.py:5` Input validation is now present
   - `fibonacci.py:10` Type hints added
8. Reports completion

Example 2: Multiple Iterations (Security)

User: "Implement user authentication and run through Codex review"

Claude:
1. Implements auth system across multiple files
2. Runs: codex exec "Review auth.py, user.py, session.py for security vulnerabilities."
3. Codex output:
   - **Security** `auth.py:23`: Password stored without hashing
   - **Security** `session.py:45`: Session tokens don't expire
   - **Bug** `user.py:67`: SQL injection vulnerability
   - **Security** `auth.py:89`: Missing CSRF protection
   - **Bug** `user.py:12`: No input validation
4. Fixes all 5 issues
5. Runs targeted review: "Check if these issues are fixed: password hashing, session expiration, SQL injection, CSRF, input validation."
6. Codex output:
   **Resolved Checks**
   - All 5 issues confirmed fixed
   **Findings**
   - Minor style suggestions
7. Reached iteration limit (2 reviews)
8. Reports: "All critical security issues fixed. Minor style suggestions remain."
9. Asks user about style fixes

Example 3: First-Pass Success

User: "Write a date formatter helper, review with Codex"

Claude:
1. Creates date formatting function with error handling
2. Runs: codex exec "Review utils/date_formatter.py for bugs, edge cases."
3. Codex output:
   No bugs or critical issues. Code properly handles:
   - None values with error messages
   - Invalid format strings
   - Timezone conversions
   **Suggestions**
   - Could add more detailed error messages
4. Reviews suggestion, decides optional for current use case
5. Marks task complete

Integration Notes

Codex CLI Commands

# Basic review
codex exec "Review <file_name> for bugs, security issues, best practices. Provide specific feedback with line numbers."

# With working directory
codex exec "Review <file_name>..." -C /path/to/project

# With specific model
codex exec "Review <file_name>..." -m gpt-5-codex

# Skip git check (not recommended)
codex exec "Review <file_name>..." --skip-git-repo-check

Git Repository Requirement

# Check if in git repo
git status

# Initialize if needed
git init

# Alternative: skip check
codex exec "..." --skip-git-repo-check

Error Handling

Codex CLI not found:

  • Check: which codex or codex --version
  • Inform user Codex CLI unavailable
  • Offer to complete task without automated review

Git repository error:

  • Error: "Not inside trusted directory and --skip-git-repo-check not specified"
  • Solution: Run git init
  • Alternative: Add --skip-git-repo-check

Codex CLI errors:

  • Common errors:
    • unexpected argument - Check syntax, use codex exec not codex review
    • Authentication errors - User may need codex login
  • Attempt once more with corrected parameters
  • If persistent, ask user for guidance

Ambiguous results:

  • If unsure about pass/fail, err on side of caution
  • Look for "Key Issues" vs "Suggestions" sections
  • Show output to user and ask for clarification

Long-running reviews:

  • Codex may take 30-120 seconds for complex reviews
  • Use appropriate timeout (120000ms recommended)

Best Practices

  1. Always use TodoWrite for workflow step tracking
  2. Show Codex output at each review stage
  3. Explain fixes clearly - avoid silent fixes
  4. Respect iteration limits - avoid infinite loops
  5. Preserve functionality - address issues without breaking features
  6. Ask when uncertain - consult user when feedback is ambiguous

Customization Options

  • Adjust iteration limits (default: 2 reviews)
  • Specify custom Codex CLI commands
  • Provide configuration file for Codex rules
  • Define files to include/exclude from review
  • Set severity thresholds (errors only vs warnings)

Related Skills

  • testing-strategist: For creating test suites to complement code review
  • security-engineer: For manual security reviews and threat modeling
  • quality-auditor: For comprehensive quality assessments
  • technical-writer: For documenting review findings and improvements

Tools & Dependencies

Required:

  • Codex CLI (OpenAI)
  • Git (for repository context)

Recommended:

  • TodoWrite tool (progress tracking)
  • Edit tool (applying fixes)

Tips for Success

  1. Write good initial code - Better starting point = fewer iterations
  2. Be specific in review prompts - "Check for SQL injection in login function" vs "Review this"
  3. Group related files - Review auth system as a whole, not file-by-file
  4. Fix all issues at once - More efficient than fixing one at a time
  5. Use targeted follow-up prompts - Ask about specific fixes, not general review
  6. Know when to stop - Some issues require human judgment or architectural changes

Skill Type: Automation Difficulty: Intermediate Estimated Time: Varies by task (review: 1-2min, fixes: 5-30min per iteration) Integration: Codex CLI, Git

Repository

daffy0208
daffy0208
Author
daffy0208/ai-dev-standards/skills/codex-review-workflow
2
Stars
5
Forks
Updated3d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

skill-writer
pytorch/pytorch
95.4k
docstring
pytorch/pytorch
95.4k
at-dispatch-v2
pytorch/pytorch
95.4k
add-uint-support
pytorch/pytorch
95.4k
skill-creator
openai/codex
54.7k