Claude Review Plugin For Codex
Claude reviews your Codex diffs. Read-only, evidence-cited, and agentic.
Codex CLI sessions can ask Claude Opus 4.7 or long-context Sonnet 4.6 for a
high-scrutiny adversarial review of any diff. The reviewer gets read-only
workspace access through Read, Glob, Grep, Task sub-agents, a
domain-fenced WebFetch, and a narrow git wrapper. It does not get Edit,
Write, raw shell, or arbitrary git by default. Every elite-tier finding must
cite tool-call evidence, and malformed structured output fails closed.
60-Second Quickstart
git clone https://github.com/Kenmege/codex-plugin-cc.git
cd codex-plugin-cc
npm install -g .
codex-claude-review setup
Then run a review from any git workspace:
codex-claude-review review
codex-claude-review elite-review --base main
codex-claude-review security-review --add-dir ../shared-libs
Codex slash commands are available once the plugin marketplace is loaded:
/claude-review:review, /claude-review:elite-review,
/claude-review:deep-review, and /claude-review:security-review.
Requirements
- Node.js 18.18 or newer.
- Git on
PATH.
- Claude Code CLI authenticated locally for direct helper usage.
- Codex CLI with local plugin marketplace support for slash-command usage.
Five Review Lanes
| Lane | Purpose |
|---|
review | Quick agentic Claude review for everyday diffs. |
adversarial-review | Skeptical challenge pass for risky changes. |
elite-review | Exhaustive ship/no-ship review with systemic risks and blind spots. |
deep-review | Opus 4.7 max effort with parallel Task sub-agent investigation. |
security-review | OWASP/CWE-focused review with exploitability classification. |
Why Trust The Boundary?
- Read-only by default:
Edit, Write, NotebookEdit, raw shell, and raw git
are outside the safe-mode tool catalog.
- Prompt-injection resistant framing: diff, focus text, and workspace guidance
are wrapped as untrusted data before Claude sees them.
- Fenced external access:
WebFetch starts with a domain allowlist and expands
only through explicit --web-domain flags.
- Strict release controls: pinned GitHub Actions, Node 18/20/22 CI, package
content checks, tag/package version matching, and public GitHub Packages
publishing with provenance attestation.
- Runtime validation: structured review output is validated before rendering,
including persisted background-job results.
This repository started from openai/codex-plugin-cc and keeps that history,
but the runtime here is deliberately reversed:
- upstream plugin: Claude Code -> Codex review/runtime
- this plugin: Codex -> Claude review/runtime
Reviewer Composition
This repository dogfoods its own thesis: every pull request is designed for
review by four agents with distinct strengths.
| Reviewer | Trigger | Strength |
|---|
| GitHub Copilot | automatic on every PR | breadth, fast, high-recall on style and obvious bugs |
| Codex (OpenAI GPT-5.5) | @codex PR comment | senior-engineer reasoning, forensic depth on architecture and release safety |
| Devin (Cognition) | @devin PR comment | autonomous engineering; can implement fixes, not just review |
| Claude (Anthropic Opus 4.7) | @claude PR comment, plus automatic on PR open | adversarial code review, evidence-cited findings, schema-enforced output through this plugin |
Contributors should expect overlapping but complementary feedback.
Claude auto-review is skipped on untrusted fork PRs when GitHub withholds
repository Actions secrets; maintainers can still trigger a safe follow-up once
the PR is ready for deeper review.
Disagreements between reviewers are productive. The v0.2.x to v0.2.1
hardening of this plugin came from a Claude Opus plus Codex GPT-5.5
adversarial review pair where both returned independent NO_SHIP verdicts on
convergent control-plane issues.
Detailed Capabilities
Five review lanes, all agentic by default:
/claude-review:review — quick agentic Claude review (Opus 4.7 high effort)./claude-review:adversarial-review — agentic skeptical challenge pass./claude-review:elite-review — exhaustive single-agent ship/no-ship review
with evidence-cited findings, systemic risks, blind spots, and exploration
log./claude-review:deep-review — Opus 4.7 at max effort with parallel
sub-agent dispatch (up to four Task sub-investigations per turn)./claude-review:security-review — security-focused agentic pass with
OWASP/CWE mapping and exploitability classification.
Plus the operational surface:
