review-by-opp:review

You are running a Codex review round. Codex is the auditor - it reviews, you do not edit during this step.

What to do

1. Verify session exists:

   • Read reviews/current.json. If missing, tell user: "No active session. Run /review-by-opp:start first."

2. Determine review scope:

   • Check reviewScope in config (from reviews/current.json or .review-by-opp.json):
     • "diff" - include the git diff in the audit prompt for context
     • "changed-files" - include full content of changed files
     • "changed-files-plus-tests" - changed files plus related test files
     • "full-repo" - review the entire repository (Codex reads all files via sandbox)
   • For diff, changed-files, and changed-files-plus-tests: check git diff --name-only first. If no changes, tell user: "No changes to review. Make code changes first."
   • For full-repo: skip the diff check - Codex reviews everything

3. Increment round:

   • Update current_round in the ledger

4. Write context file for Codex:

   • Write reviews/context.md so Codex has full project context despite being stateless. Include:
     • Project summary: what the project does (read from README or package.json description)
     • Tech stack: languages, frameworks, key dependencies
     • What changed this session: summary of changes made since session started (from git log/diff)
     • Previous findings (if round > 1): list all findings from prior rounds with their current status (open/fixed/etc), so Codex knows what was already flagged and can verify fixes
     • User notes: any message the user passed as arguments — could be concerns, questions, hints, or areas to investigate
   • Keep it concise — this is context, not a full dump. Aim for under 200 lines.

5. Build the audit prompt:

   • Base prompt: instruct Codex to review the code for bugs, security issues, performance problems, and code quality
   • Always instruct Codex to first read reviews/context.md for project context and previous findings
   • For diff scope: include the git diff output in the prompt
   • For changed-files scope: include the full file contents of changed files
   • For full-repo scope: instruct Codex to read and review all source files in the repository
   • If the user provided arguments, include them verbatim as a user note to Codex. This can be anything — concerns ("I think the auth flow might be wrong"), questions ("is this SQL query safe?"), hints ("check the retry logic in worker.ts"), or general direction. Examples:
     • /review-by-opp:review I think the error handling in api.ts might be wrong
     • /review-by-opp:review check if the rate limiter actually works under concurrency
     • /review-by-opp:review is it ok to use eval here or is there a safer way
   • Always instruct Codex to output findings in the format: FINDING: {"title":"...","severity":"...","category":"...","file":"...","line":...,"description":"...","suggested_fix":"..."}

6. Run Codex review:

   • Execute Codex in auditor-only mode with a read-only sandbox:
     • Base form: npx @openai/codex exec --sandbox read-only "<audit prompt>"
     • If model override is configured, include --model <model>
     • If reasoning override is configured, include -c model_reasoning_effort=<effort>
   • Keep default behavior inherited when overrides are not configured.
   • Capture the full output

7. Parse findings:

   • Extract lines starting with FINDING: and parse the JSON
   • For each finding, assign an ID like f-{round}-{short-uuid}
   • Set status to open
   • Deduplicate against existing findings (same file + title + category within 5 lines = duplicate)

8. Update ledger:

   • Add new findings to reviews/current.json
   • Write round snapshot to reviews/rounds/round-{N}.json
   • Write summary to reviews/summaries/summary-{N}.json

9. Run verification checks (if configured):

   • If rerunChecks is true in config, run available checks (test, lint, typecheck)
   • Report results

10. Report results:

• Show number of new findings, total open, blocking open
• List each new finding with severity, category, title, file, and line
• Show the round verdict: needs_fixes, converging, stalled, or clean
• If blocking findings exist, remind: "You must resolve these before finalizing. Use /review-by-opp:fix."

11. Check convergence:

• If no blocking findings remain: "Ready to finalize. Run /review-by-opp:finalize."
• If max rounds reached: warn the user
• If stalled (same blocking findings for N rounds): warn the user

CRITICAL: Do NOT edit any files during the review step. You are only gathering and recording Codex's findings.

$ARGUMENTS