codex-review
# ClaudeWave Editor's Description The codex-review skill runs an independent code review using OpenAI's Codex CLI, providing a second opinion from a different model family on recent code changes, pull requests, commits, or entire applications. Use this when you need a fresh perspective on potential bugs, security issues, performance problems, or testing gaps before committing or shipping code, particularly when something feels off but you cannot pinpoint the problem.
git clone --depth 1 https://github.com/jezweb/claude-skills /tmp/codex-review && cp -r /tmp/codex-review/plugins/dev-tools/skills/codex-review ~/.claude/skills/codex-reviewSKILL.md
# Codex Review
Run an independent code review via the OpenAI Codex CLI (`codex review`). The value is a second opinion from a **different model family** than the one that wrote the code — Codex catches things Claude misses due to author bias.
Complements `brains-trust` (generic multi-model opinions). This skill is specialised: git-aware, uses a tuned review prompt, saves structured output.
## When to Use
- After a meaningful change, before committing or shipping
- Before opening a PR, to self-review with an independent reviewer
- When something feels off but you can't articulate what
- Periodic whole-app reviews for projects in active development
- When the user explicitly asks for an "independent" or "second opinion" review
**Do NOT use** for:
- Trivial changes (typos, one-line fixes)
- Research questions or architecture discussions — use `brains-trust` instead
- Auto-fixing issues — this is advisory only
## Preflight
1. Confirm Codex CLI is installed:
```bash
which codex
```
If missing: tell the user to install it (`brew install codex` on macOS, or see https://github.com/openai/codex) and stop. Do not continue.
2. Confirm auth: the first `codex review` call will fail clearly if not logged in. If that happens, instruct the user to run `codex login` and stop.
## Determine scope
Pick the scope flag based on what the user asked for:
| User intent | Flag |
|---|---|
| "codex review" / "review the app" / "full review" / default | no flag (reviews whole app at current HEAD) |
| "review my changes" / "review what I just did" / "review uncommitted" | `--uncommitted` |
| "review this branch vs main" / "review the PR" | `--base main` (or the branch they name) |
| "review commit abc123" | `--commit abc123` |
**Default is whole-app review.** A bare "codex review" with no qualifier means review the entire codebase at HEAD — not just uncommitted changes. Only use `--uncommitted` if the user specifically refers to their recent/uncommitted work.
If ambiguous, ask once. Don't guess on commits or branches.
## Run the review
The canonical review prompt lives in `prompt.md` next to this skill. Pipe it via stdin to avoid shell escaping:
```bash
mkdir -p .jez/reviews
TS=$(date +%Y-%m-%d-%H%M)
OUT=".jez/reviews/codex-${TS}.md"
SKILL_DIR="$(dirname "$0")" # or use the skill's absolute path
# Example: uncommitted changes
cat "${SKILL_DIR}/prompt.md" | codex review --uncommitted - 2>&1 | tee "$OUT"
```
Other scopes:
```bash
# Vs base branch
cat prompt.md | codex review --base main - 2>&1 | tee "$OUT"
# Specific commit
cat prompt.md | codex review --commit abc123 - 2>&1 | tee "$OUT"
# Current HEAD (no scope flag)
cat prompt.md | codex review - 2>&1 | tee "$OUT"
```
`codex review` can take several minutes on a large diff. Let it run.
## Summarise for the user
After Codex finishes:
1. Print the output path: `Report saved to .jez/reviews/codex-<timestamp>.md`
2. Read the saved report and extract the top findings (anything under **Critical** and **High**)
3. Show them inline in the chat, with file:line references intact
4. Offer to action specific findings: "Want me to fix the SQL injection in `auth.ts:42`?"
## Rules
- **Advisory only.** Never auto-apply Codex's suggestions. Read the findings, discuss with the user, fix with their approval.
- **Don't leak Claude's reasoning into the prompt.** The `prompt.md` file is deliberately neutral — Codex reviews the code, not Claude's narrative about the code. Independence is the whole point.
- **Save to `.jez/reviews/`**, never `.claude/` (protected directory).
- **One report per run.** Don't overwrite — the timestamp makes each run unique so the user can compare.
- **Report what Codex actually found.** Don't soften, editorialise, or skip findings you disagree with. If you think Codex is wrong about something, say so as your own opinion after showing what Codex said.
## Verification
The skill is working if:
- Preflight correctly detects a missing `codex` binary
- The right scope flag is chosen based on user intent
- The report file appears in `.jez/reviews/` with a sensible timestamp
- The file contains severity-prioritised findings with file:line refs
- Claude surfaces the top findings without auto-fixing themHit the Cloudflare REST API directly for operations that wrangler and MCP can't handle well. Bulk DNS, custom hostnames, email routing, cache purge, WAF rules, redirect rules, zone settings, Worker routes, D1 cross-database queries, R2 bulk operations, KV bulk read/write, Vectorize queries, Queues, and fleet-wide resource audits. Produces curl commands or scripts. Triggers: 'cloudflare api', 'bulk dns', 'custom hostname', 'email routing', 'cache purge', 'waf rule', 'd1 query', 'r2 bucket', 'kv bulk', 'vectorize query', 'audit resources', 'fleet operation'.
Scaffold and deploy Cloudflare Workers with Hono routing, Vite plugin, and Static Assets. Describe project, scaffold structure, configure bindings, deploy. Use whenever the user wants to create a Worker project, set up Hono on Cloudflare, configure D1 / R2 / KV / Queues bindings, or troubleshoot Worker export syntax, API route conflicts, HMR issues, or deployment failures.
Generate Drizzle ORM schemas for Cloudflare D1 databases with correct D1-specific patterns. Produces schema files, migration commands, type exports, and DATABASE_SCHEMA.md documentation. Handles D1 quirks: foreign keys always enforced, no native BOOLEAN/DATETIME types, 100 bound parameter limit, JSON stored as TEXT. Use when creating a new database, adding tables, or scaffolding a D1 data layer.
Cloudflare D1 migration workflow: generate with Drizzle, inspect SQL for gotchas, apply to local and remote, fix stuck migrations, handle partial failures. Use when running migrations, fixing migration errors, or setting up D1 schemas.
Generate database seed scripts with realistic sample data. Reads Drizzle schemas or SQL migrations, respects foreign key ordering, produces idempotent TypeScript or SQL seed files. Handles D1 batch limits, unique constraints, and domain-appropriate data. Use when populating dev/demo/test databases. Triggers: 'seed database', 'seed data', 'sample data', 'populate database', 'db seed', 'test data', 'demo data', 'generate fixtures'.
Scaffold Hono API routes for Cloudflare Workers. Produces route files, middleware, typed bindings, Zod validation, error handling, and API_ENDPOINTS.md documentation. Use after a project is set up with cloudflare-worker-builder or vite-flare-starter, when you need to add API routes, create endpoints, or generate API documentation.
Build a full-stack TanStack Start app on Cloudflare Workers from scratch — SSR, file-based routing, server functions, D1+Drizzle, better-auth, Tailwind v4+shadcn/ui. Use whenever the user mentions TanStack Start, asks to scaffold a full-stack Cloudflare app with SSR, wants an SSR dashboard, or asks for a React 19 + Cloudflare Workers app with file-based routing and server functions — even if they don't name TanStack Start specifically. No template repo — Claude generates every file fresh per project.
Scaffold a full-stack Cloudflare app from the vite-flare-starter template — React 19 + Hono + D1+Drizzle + better-auth + Tailwind v4+shadcn/ui + TanStack Query + R2 + Workers AI. Run setup.sh to clone, configure, and deploy. Use whenever the user wants a batteries-included Cloudflare full-stack app, vite-flare-starter scaffold, or a React + Cloudflare app with auth + database + Workers AI ready to go.