Before committing code changes on ANY project, run the staged diff through Codex CLI (or OpenClaw fallback) for automated bug-finding and fixing. Codex writes fixes, Claude reviews. Loop until clean. Mandatory for all code commits — skip only for docs-only / config-only changes.
Codex (GPT-5.4) consistently finds bugs that Claude misses — proven across two shadow audits on Producer Player (2026-04-16) where it caught 14 real bugs, 11 shipped immediately. This skill gates every commit behind a GPT-5 review so those bugs never reach production.
Every code commit on every project. Exceptions:
git add <files>
git diff --cached > /tmp/pre-commit-diff.patch
codex exec --model gpt-5.4 --sandbox write \
"Review this project for bugs in the staged changes. Fix any concrete
bugs you find (logic errors, security issues, race conditions, state
management bugs, edge cases). Leave a comment at each fix site.
If you find nothing, say 'LGTM — no issues found.'"
Codex explores the repo, reads the diff context, finds bugs, AND applies fixes directly. This is faster than report-then-fix because GPT-5 can fix while it has full context.
Fallback — OpenClaw (if Codex isn't available):
openclaw infer model run --model openai-codex/gpt-5.4 \
"Review this diff for bugs... $(cat /tmp/pre-commit-diff.patch)"
OpenClaw is one-shot inference (can't write files), so Claude fixes manually.
git diff # see what Codex changed
For each change Codex made:
git checkout -- <file> for that hunk)Claude is the quality gate. Codex does the heavy lifting; Claude ensures nothing ships that's wrong.
Run Codex one more time in READ-ONLY mode on the final staged diff:
codex exec --model gpt-5.4 --sandbox read-only \
"Review this diff for any remaining bugs. $(cat /tmp/pre-commit-diff.patch)"
If LGTM → commit. If new findings → fix and re-review.
git commit -m "..."
Codex finds → fixes → Claude reviews → Codex confirms. Max 3 iterations. After 3 with no convergence, commit with a note listing remaining findings assessed as false positives or style preferences.
The prompt asks for:
What it should NOT flag:
codex login (uses ChatGPT subscription, not API tokens)# Option 1: copy to your Claude skills directory
cp -r pre-commit-codex-review ~/.claude/skills/
# Option 2: use the install script
bash install.sh
exec with write mode on a typical diff (< 500 lines): 30-60 seconds