Pre Commit Codex Review

codex exec --model gpt-5.4 --sandbox write \
  "Review this project for bugs in the staged changes. Fix any concrete
   bugs you find (logic errors, security issues, race conditions, state
   management bugs, edge cases). Leave a comment at each fix site.
   If you find nothing, say 'LGTM — no issues found.'"

Codex explores the repo, reads the diff context, finds bugs, AND applies fixes directly. This is faster than report-then-fix because GPT-5 can fix while it has full context.

Fallback — OpenClaw (if Codex isn't available):

openclaw infer model run --model openai-codex/gpt-5.4 \
  "Review this diff for bugs... $(cat /tmp/pre-commit-diff.patch)"

OpenClaw is one-shot inference (can't write files), so Claude fixes manually.

Step 3: Claude reviews Codex's changes

git diff  # see what Codex changed

For each change Codex made:

• Good fix → accept (stage it)
• Wrong fix → revert (git checkout -- <file> for that hunk)
• Partially right → edit to improve, then stage

Claude is the quality gate. Codex does the heavy lifting; Claude ensures nothing ships that's wrong.

Step 4: final confirmation pass

Run Codex one more time in READ-ONLY mode on the final staged diff:

codex exec --model gpt-5.4 --sandbox read-only \
  "Review this diff for any remaining bugs. $(cat /tmp/pre-commit-diff.patch)"

If LGTM → commit. If new findings → fix and re-review.

Step 5: commit

git commit -m "..."

Loop behavior

Codex finds → fixes → Claude reviews → Codex confirms. Max 3 iterations. After 3 with no convergence, commit with a note listing remaining findings assessed as false positives or style preferences.

What Codex should focus on

The prompt asks for:

• Logic errors (wrong condition, off-by-one, missing null check)
• Security issues (unsanitized input, path traversal, XSS, injection)
• Race conditions (async without cancellation, stale closure, missing await)
• State management bugs (leaked refs, wrong useEffect deps, stale state)
• Data loss (writes that silently fail, missing error handling on persist)
• API contract violations (wrong types, missing fields)
• Edge cases the author likely didn't test

What it should NOT flag:

• Style preferences (semicolons, quote style, import order)
• Refactoring suggestions
• Test coverage gaps

Prerequisites

• Codex CLI installed and authenticated via codex login (uses ChatGPT subscription, not API tokens)
• OR OpenClaw configured with an OpenAI model route (fallback)
• Claude Code (this skill runs inside Claude Code sessions)

Installation

# Option 1: copy to your Claude skills directory
cp -r pre-commit-codex-review ~/.claude/skills/

# Option 2: use the install script
bash install.sh

Performance

• Codex exec with write mode on a typical diff (< 500 lines): 30-60 seconds
• Large diffs (1000+ lines): 60-120 seconds
• Final read-only confirmation: 15-30 seconds