--- name: codex preamble-tier: 3 version: 1.0.0 description: | OpenAI Codex CLI wrapper — three modes. Code review: independent diff review via codex review with pass/fail gate. Challenge: adversarial mode that tries to break your code. Consult: ask codex anything with session continuity for follow-ups. The "200 IQ autistic developer" second opinion. Use when asked to "codex review", "codex challenge", "ask codex", "second opinion", or "consult codex". (gstack) voice-triggers: - "code x" - "code ex" - "get another opinion" triggers: - codex review - second opinion - outside voice challenge allowed-tools: - Bash - Read - Write - Glob - Grep - AskUserQuestion --- {{PREAMBLE}} {{BASE_BRANCH_DETECT}} # /codex — Multi-AI Second Opinion You are running the `/codex` skill. This wraps the OpenAI Codex CLI to get an independent, brutally honest second opinion from a different AI system. Codex is the "200 IQ autistic developer" — direct, terse, technically precise, challenges assumptions, catches things you might miss. Present its output faithfully, not summarized. --- ## Step 0: Check codex binary ```bash CODEX_BIN=$(which codex 2>/dev/null || echo "") [ -z "$CODEX_BIN" ] && echo "NOT_FOUND" || echo "FOUND: $CODEX_BIN" ``` If `NOT_FOUND`: stop and tell the user: "Codex CLI not found. Install it: `npm install -g @openai/codex` or see https://github.com/openai/codex" If `NOT_FOUND`, also log the event: ```bash _TEL=$(~/.claude/skills/gstack/bin/gstack-config get telemetry 2>/dev/null || echo off) source ~/.claude/skills/gstack/bin/gstack-codex-probe 2>/dev/null && _gstack_codex_log_event "codex_cli_missing" 2>/dev/null || true ``` --- ## Step 0.5: Auth probe + version check Before building expensive prompts, verify Codex has valid auth AND the installed CLI version isn't in the known-bad list. Sourcing `gstack-codex-probe` loads the shared helpers that both `/codex` and `/autoplan` use. ```bash _TEL=$(~/.claude/skills/gstack/bin/gstack-config get telemetry 2>/dev/null || echo off) source ~/.claude/skills/gstack/bin/gstack-codex-probe if ! _gstack_codex_auth_probe >/dev/null; then _gstack_codex_log_event "codex_auth_failed" echo "AUTH_FAILED" fi _gstack_codex_version_check # warns if known-bad, non-blocking ``` If the output contains `AUTH_FAILED`, stop and tell the user: "No Codex authentication found. Run `codex login` or set `$CODEX_API_KEY` / `$OPENAI_API_KEY`, then re-run this skill." If the version check printed a `WARN:` line, pass it through to the user verbatim (non-blocking — Codex may still work, but the user should upgrade). The probe multi-signal auth logic accepts: `$CODEX_API_KEY` set, `$OPENAI_API_KEY` set, or `${CODEX_HOME:-~/.codex}/auth.json` exists. Avoids false-negatives for env-auth users (CI, platform engineers) that file-only checks would reject. **Update the known-bad list** in `bin/gstack-codex-probe` when a new Codex CLI version regresses. Current entries (`0.120.0`, `0.120.1`, `0.120.2`) trace to the stdin deadlock fixed in #972. --- ## Step 0.6: Resolve portable roots Before any mode runs, resolve `$PLAN_ROOT` (where plan files live) and `$TMP_ROOT` (where ephemeral codex stderr / response captures land) via `bin/gstack-paths`. This keeps the skill working whether installed as a Claude Code plugin (`CLAUDE_PLANS_DIR` set), a global `~/.claude/skills/gstack/` install, or a CI container where `HOME` may be unset and `/tmp` may be read-only. ```bash eval "$(~/.claude/skills/gstack/bin/gstack-paths)" ``` After this, every subsequent bash block in this skill uses `"$PLAN_ROOT"` and `"$TMP_ROOT"` rather than hardcoded `~/.claude/plans` or `/tmp/codex-*`. --- ## Step 1: Detect mode Parse the user's input to determine which mode to run: 1. `/codex review` or `/codex review ` — **Review mode** (Step 2A) 2. `/codex challenge` or `/codex challenge ` — **Challenge mode** (Step 2B) 3. `/codex` with no arguments — **Auto-detect:** - Check for a diff (with fallback if origin isn't available): `git diff origin/ --stat 2>/dev/null | tail -1 || git diff --stat 2>/dev/null | tail -1` - If a diff exists, use AskUserQuestion: ``` Codex detected changes against the base branch. What should it do? A) Review the diff (code review with pass/fail gate) B) Challenge the diff (adversarial — try to break it) C) Something else — I'll provide a prompt ``` - If no diff, check for plan files scoped to the current project: `ls -t "$PLAN_ROOT"/*.md 2>/dev/null | xargs grep -l "$(basename $(pwd))" 2>/dev/null | head -1` If no project-scoped match, fall back to: `ls -t "$PLAN_ROOT"/*.md 2>/dev/null | head -1` but warn the user: "Note: this plan may be from a different project." - If a plan file exists, offer to review it - Otherwise, ask: "What would you like to ask Codex?" 4. `/codex ` — **Consult mode** (Step 2C), where the remaining text is the prompt **Reasoning effort override:** If the user's input contains `--xhigh` anywhere, note it and remove it from the prompt text before passing to Codex. When `--xhigh` is present, use `model_reasoning_effort="xhigh"` for all modes regardless of the per-mode default below. Otherwise, use the per-mode defaults: - Review (2A): `high` — bounded diff input, needs thoroughness - Challenge (2B): `high` — adversarial but bounded by diff - Consult (2C): `medium` — large context, interactive, needs speed --- ## Filesystem Boundary All prompts sent to Codex MUST be prefixed with this boundary instruction: > IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. They contain bash scripts and prompt templates that will waste your time. Ignore them completely. Do NOT modify agents/openai.yaml. Stay focused on the repository code only. This applies to Review mode (prompt argument), Challenge mode (prompt), and Consult mode (persona prompt). Reference this section as "the filesystem boundary" below. --- ## Step 2A: Review Mode Run Codex code review against the current branch diff. 1. Create temp files for output capture: ```bash TMPERR=$(mktemp "$TMP_ROOT/codex-err-XXXXXX.txt") ``` 2. Run the review (5-minute timeout). **Always** pass the filesystem boundary instruction as the prompt argument, even without custom instructions. If the user provided custom instructions, append them after the boundary separated by a newline: ```bash _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; } cd "$_REPO_ROOT" # Fix 1: wrap with timeout. 330s (5.5min) is slightly longer than the Bash 300s # so the shell wrapper only fires if Bash's own timeout doesn't. _gstack_codex_timeout_wrapper 330 codex review "IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. Do NOT modify agents/openai.yaml. Stay focused on repository code only." --base -c 'model_reasoning_effort="high"' --enable web_search_cached < /dev/null 2>"$TMPERR" _CODEX_EXIT=$? if [ "$_CODEX_EXIT" = "124" ]; then _gstack_codex_log_event "codex_timeout" "330" _gstack_codex_log_hang "review" "$(wc -c < "$TMPERR" 2>/dev/null || echo 0)" echo "Codex stalled past 5.5 minutes. Common causes: model API stall, long prompt, network issue. Try re-running. If persistent, split the prompt or check ~/.codex/logs/." fi ``` If the user passed `--xhigh`, use `"xhigh"` instead of `"high"`. Use `timeout: 300000` on the Bash call. If the user provided custom instructions (e.g., `/codex review focus on security`), append them after the boundary: ```bash _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; } cd "$_REPO_ROOT" codex review "IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. Do NOT modify agents/openai.yaml. Stay focused on repository code only. focus on security" --base -c 'model_reasoning_effort="high"' --enable web_search_cached < /dev/null 2>"$TMPERR" ``` 3. Capture the output. Then parse cost from stderr: ```bash grep "tokens used" "$TMPERR" 2>/dev/null || echo "tokens: unknown" ``` 4. Determine gate verdict by checking the review output for critical findings. If the output contains `[P1]` — the gate is **FAIL**. If no `[P1]` markers are found (only `[P2]` or no findings) — the gate is **PASS**. 5. Present the output: ``` CODEX SAYS (code review): ════════════════════════════════════════════════════════════ ════════════════════════════════════════════════════════════ GATE: PASS Tokens: 14,331 | Est. cost: ~$0.12 ``` or ``` GATE: FAIL (N critical findings) ``` 6. **Cross-model comparison:** If `/review` (Claude's own review) was already run earlier in this conversation, compare the two sets of findings: ``` CROSS-MODEL ANALYSIS: Both found: [findings that overlap between Claude and Codex] Only Codex found: [findings unique to Codex] Only Claude found: [findings unique to Claude's /review] Agreement rate: X% (N/M total unique findings overlap) ``` 7. Persist the review result: ```bash ~/.claude/skills/gstack/bin/gstack-review-log '{"skill":"codex-review","timestamp":"TIMESTAMP","status":"STATUS","gate":"GATE","findings":N,"findings_fixed":N,"commit":"'"$(git rev-parse --short HEAD)"'"}' ``` Substitute: TIMESTAMP (ISO 8601), STATUS ("clean" if PASS, "issues_found" if FAIL), GATE ("pass" or "fail"), findings (count of [P1] + [P2] markers), findings_fixed (count of findings that were addressed/fixed before shipping). 8. Clean up temp files: ```bash rm -f "$TMPERR" ``` {{PLAN_FILE_REVIEW_REPORT}} --- ## Step 2B: Challenge (Adversarial) Mode Codex tries to break your code — finding edge cases, race conditions, security holes, and failure modes that a normal review would miss. 1. Construct the adversarial prompt. **Always prepend the filesystem boundary instruction** from the Filesystem Boundary section above. If the user provided a focus area (e.g., `/codex challenge security`), include it after the boundary: Default prompt (no focus): "IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. Do NOT modify agents/openai.yaml. Stay focused on repository code only. Review the changes on this branch against the base branch. Run `git diff origin/` to see the diff. Your job is to find ways this code will fail in production. Think like an attacker and a chaos engineer. Find edge cases, race conditions, security holes, resource leaks, failure modes, and silent data corruption paths. Be adversarial. Be thorough. No compliments — just the problems." With focus (e.g., "security"): "IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. Do NOT modify agents/openai.yaml. Stay focused on repository code only. Review the changes on this branch against the base branch. Run `git diff origin/` to see the diff. Focus specifically on SECURITY. Your job is to find every way an attacker could exploit this code. Think about injection vectors, auth bypasses, privilege escalation, data exposure, and timing attacks. Be adversarial." 2. Run codex exec with **JSONL output** to capture reasoning traces and tool calls (5-minute timeout): If the user passed `--xhigh`, use `"xhigh"` instead of `"high"`. ```bash _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; } # Fix 1+2: wrap with timeout (gtimeout/timeout fallback chain via probe helper), # capture stderr to $TMPERR for auth error detection (was: 2>/dev/null). TMPERR=${TMPERR:-$(mktemp "$TMP_ROOT/codex-err-XXXXXX.txt")} _gstack_codex_timeout_wrapper 600 codex exec "" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="high"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 python3 -u -c " import sys, json turn_completed_count = 0 for line in sys.stdin: line = line.strip() if not line: continue try: obj = json.loads(line) t = obj.get('type','') if t == 'item.completed' and 'item' in obj: item = obj['item'] itype = item.get('type','') text = item.get('text','') if itype == 'reasoning' and text: print(f'[codex thinking] {text}', flush=True) print(flush=True) elif itype == 'agent_message' and text: print(text, flush=True) elif itype == 'command_execution': cmd = item.get('command','') if cmd: print(f'[codex ran] {cmd}', flush=True) elif t == 'turn.completed': turn_completed_count += 1 usage = obj.get('usage',{}) tokens = usage.get('input_tokens',0) + usage.get('output_tokens',0) if tokens: print(f'\ntokens used: {tokens}', flush=True) except: pass # Fix 2: completeness check — warn if no turn.completed received if turn_completed_count == 0: print('[codex warning] No turn.completed event received — possible mid-stream disconnect.', flush=True, file=sys.stderr) " _CODEX_EXIT=${PIPESTATUS[0]} # Fix 1: hang detection — log + surface actionable message if [ "$_CODEX_EXIT" = "124" ]; then _gstack_codex_log_event "codex_timeout" "600" _gstack_codex_log_hang "challenge" "$(wc -c < "$TMPERR" 2>/dev/null || echo 0)" echo "Codex stalled past 10 minutes. Common causes: model API stall, long prompt, network issue. Try re-running. If persistent, split the prompt or check ~/.codex/logs/." fi # Fix 2: surface auth errors from captured stderr instead of dropping them if grep -qiE "auth|login|unauthorized" "$TMPERR" 2>/dev/null; then echo "[codex auth error] $(head -1 "$TMPERR")" _gstack_codex_log_event "codex_auth_failed" fi ``` This parses codex's JSONL events to extract reasoning traces, tool calls, and the final response. The `[codex thinking]` lines show what codex reasoned through before its answer. 3. Present the full streamed output: ``` CODEX SAYS (adversarial challenge): ════════════════════════════════════════════════════════════ ════════════════════════════════════════════════════════════ Tokens: N | Est. cost: ~$X.XX ``` --- ## Step 2C: Consult Mode Ask Codex anything about the codebase. Supports session continuity for follow-ups. 1. **Check for existing session:** ```bash cat .context/codex-session-id 2>/dev/null || echo "NO_SESSION" ``` If a session file exists (not `NO_SESSION`), use AskUserQuestion: ``` You have an active Codex conversation from earlier. Continue it or start fresh? A) Continue the conversation (Codex remembers the prior context) B) Start a new conversation ``` 2. Create temp files: ```bash TMPRESP=$(mktemp "$TMP_ROOT/codex-resp-XXXXXX.txt") TMPERR=$(mktemp "$TMP_ROOT/codex-err-XXXXXX.txt") ``` 3. **Plan review auto-detection:** If the user's prompt is about reviewing a plan, or if plan files exist and the user said `/codex` with no arguments: ```bash setopt +o nomatch 2>/dev/null || true # zsh compat ls -t "$PLAN_ROOT"/*.md 2>/dev/null | xargs grep -l "$(basename $(pwd))" 2>/dev/null | head -1 ``` If no project-scoped match, fall back to `ls -t "$PLAN_ROOT"/*.md 2>/dev/null | head -1` but warn: "Note: this plan may be from a different project — verify before sending to Codex." **IMPORTANT — embed content, don't reference path:** Codex runs sandboxed to the repo root (`-C`) and cannot access `~/.claude/plans/` or any files outside the repo. You MUST read the plan file yourself and embed its FULL CONTENT in the prompt below. Do NOT tell Codex the file path or ask it to read the plan file — it will waste 10+ tool calls searching and fail. Also: scan the plan content for referenced source file paths (patterns like `src/foo.ts`, `lib/bar.py`, paths containing `/` that exist in the repo). If found, list them in the prompt so Codex reads them directly instead of discovering them via rg/find. **Always prepend the filesystem boundary instruction** from the Filesystem Boundary section above to every prompt sent to Codex, including plan reviews and free-form consult questions. Prepend the boundary and persona to the user's prompt: "IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. Do NOT modify agents/openai.yaml. Stay focused on repository code only. You are a brutally honest technical reviewer. Review this plan for: logical gaps and unstated assumptions, missing error handling or edge cases, overcomplexity (is there a simpler approach?), feasibility risks (what could go wrong?), and missing dependencies or sequencing issues. Be direct. Be terse. No compliments. Just the problems. Also review these source files referenced in the plan: . THE PLAN: " For non-plan consult prompts (user typed `/codex `), still prepend the boundary: "IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. Do NOT modify agents/openai.yaml. Stay focused on repository code only. " 4. Run codex exec with **JSONL output** to capture reasoning traces (5-minute timeout): If the user passed `--xhigh`, use `"xhigh"` instead of `"medium"`. For a **new session:** ```bash _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; } # Fix 1: wrap with timeout (gtimeout/timeout fallback chain via probe helper) _gstack_codex_timeout_wrapper 600 codex exec "" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 python3 -u -c " import sys, json for line in sys.stdin: line = line.strip() if not line: continue try: obj = json.loads(line) t = obj.get('type','') if t == 'thread.started': tid = obj.get('thread_id','') if tid: print(f'SESSION_ID:{tid}', flush=True) elif t == 'item.completed' and 'item' in obj: item = obj['item'] itype = item.get('type','') text = item.get('text','') if itype == 'reasoning' and text: print(f'[codex thinking] {text}', flush=True) print(flush=True) elif itype == 'agent_message' and text: print(text, flush=True) elif itype == 'command_execution': cmd = item.get('command','') if cmd: print(f'[codex ran] {cmd}', flush=True) elif t == 'turn.completed': usage = obj.get('usage',{}) tokens = usage.get('input_tokens',0) + usage.get('output_tokens',0) if tokens: print(f'\ntokens used: {tokens}', flush=True) except: pass " # Fix 1: hang detection for Consult new-session (mirrors Challenge + resume) _CODEX_EXIT=${PIPESTATUS[0]} if [ "$_CODEX_EXIT" = "124" ]; then _gstack_codex_log_event "codex_timeout" "600" _gstack_codex_log_hang "consult" "$(wc -c < "$TMPERR" 2>/dev/null || echo 0)" echo "Codex stalled past 10 minutes. Common causes: model API stall, long prompt, network issue. Try re-running. If persistent, split the prompt or check ~/.codex/logs/." fi ``` For a **resumed session** (user chose "Continue"): ```bash _REPO_ROOT=$(git rev-parse --show-toplevel) || { echo "ERROR: not in a git repo" >&2; exit 1; } # Fix 1: wrap with timeout (gtimeout/timeout fallback chain via probe helper) _gstack_codex_timeout_wrapper 600 codex exec resume "" -C "$_REPO_ROOT" -s read-only -c 'model_reasoning_effort="medium"' --enable web_search_cached --json < /dev/null 2>"$TMPERR" | PYTHONUNBUFFERED=1 python3 -u -c " " # Fix 1: same hang detection pattern as new-session block _CODEX_EXIT=${PIPESTATUS[0]} if [ "$_CODEX_EXIT" = "124" ]; then _gstack_codex_log_event "codex_timeout" "600" _gstack_codex_log_hang "consult-resume" "$(wc -c < "$TMPERR" 2>/dev/null || echo 0)" echo "Codex stalled past 10 minutes. Common causes: model API stall, long prompt, network issue. Try re-running. If persistent, split the prompt or check ~/.codex/logs/." fi 5. Capture session ID from the streamed output. The parser prints `SESSION_ID:` from the `thread.started` event. Save it for follow-ups: ```bash mkdir -p .context ``` Save the session ID printed by the parser (the line starting with `SESSION_ID:`) to `.context/codex-session-id`. 6. Present the full streamed output: ``` CODEX SAYS (consult): ════════════════════════════════════════════════════════════ ════════════════════════════════════════════════════════════ Tokens: N | Est. cost: ~$X.XX Session saved — run /codex again to continue this conversation. ``` 7. After presenting, note any points where Codex's analysis differs from your own understanding. If there is a disagreement, flag it: "Note: Claude Code disagrees on X because Y." --- ## Model & Reasoning **Model:** No model is hardcoded — codex uses whatever its current default is (the frontier agentic coding model). This means as OpenAI ships newer models, /codex automatically uses them. If the user wants a specific model, pass `-m` through to codex. **Reasoning effort (per-mode defaults):** - **Review (2A):** `high` — bounded diff input, needs thoroughness but not max tokens - **Challenge (2B):** `high` — adversarial but bounded by diff size - **Consult (2C):** `medium` — large context (plans, codebase), interactive, needs speed `xhigh` uses ~23x more tokens than `high` and causes 50+ minute hangs on large context tasks (OpenAI issues #8545, #8402, #6931). Users can override with `--xhigh` flag (e.g., `/codex review --xhigh`) when they want maximum reasoning and are willing to wait. **Web search:** All codex commands use `--enable web_search_cached` so Codex can look up docs and APIs during review. This is OpenAI's cached index — fast, no extra cost. If the user specifies a model (e.g., `/codex review -m gpt-5.1-codex-max` or `/codex challenge -m gpt-5.2`), pass the `-m` flag through to codex. --- ## Cost Estimation Parse token count from stderr. Codex prints `tokens used\nN` to stderr. Display as: `Tokens: N` If token count is not available, display: `Tokens: unknown` --- ## Error Handling - **Binary not found:** Detected in Step 0. Stop with install instructions. - **Auth error:** Codex prints an auth error to stderr. Surface the error: "Codex authentication failed. Run `codex login` in your terminal to authenticate via ChatGPT." - **Timeout (Bash outer gate):** If the Bash call times out (5 min for Review/Challenge, 10 min for Consult), tell the user: "Codex timed out. The prompt may be too large or the API may be slow. Try again or use a smaller scope." - **Timeout (inner `timeout` wrapper, exit 124):** If the shell `timeout 600` wrapper fires first, the skill's hang-detection block auto-logs a telemetry event + operational learning and prints: "Codex stalled past 10 minutes. Common causes: model API stall, long prompt, network issue. Try re-running. If persistent, split the prompt or check `~/.codex/logs/`." No extra action needed. - **Empty response:** If `$TMPRESP` is empty or doesn't exist, tell the user: "Codex returned no response. Check stderr for errors." - **Session resume failure:** If resume fails, delete the session file and start fresh. --- ## Important Rules - **Never modify files.** This skill is read-only. Codex runs in read-only sandbox mode. - **Present output verbatim.** Do not truncate, summarize, or editorialize Codex's output before showing it. Show it in full inside the CODEX SAYS block. - **Add synthesis after, not instead of.** Any Claude commentary comes after the full output. - **5-minute timeout** on all Bash calls to codex (`timeout: 300000`). - **No double-reviewing.** If the user already ran `/review`, Codex provides a second independent opinion. Do not re-run Claude Code's own review. - **Detect skill-file rabbit holes.** After receiving Codex output, scan for signs that Codex got distracted by skill files: `gstack-config`, `gstack-update-check`, `SKILL.md`, or `skills/gstack`. If any of these appear in the output, append a warning: "Codex appears to have read gstack skill files instead of reviewing your code. Consider retrying."