--- name: audit description: Send recent code changes to OpenAI Codex for independent review. Catches bugs, logic errors, and silent issues that Claude might miss. argument-hint: "[optional: file path, 'staged', 'last-commit', or 'v28 v29']" --- # Codex Audit Get an independent code review from OpenAI Codex on recent changes. ## Steps 1. **Determine what to review.** Based on `$ARGUMENTS`: - No argument: review all uncommitted changes (`git diff HEAD`) - `staged`: review only staged changes (`git diff --cached`) - `last-commit`: review the last commit (`git show HEAD`) - A file path: review uncommitted changes to that specific file (`git diff HEAD -- `) - Two version numbers (e.g., `v28 v29`): diff those do-file versions (`diff -u` between the two files) 2. **Get the diff.** Run the appropriate git/diff command. Save to `/tmp/codex_audit_diff.txt`. If the diff is empty, tell the user there are no changes to review and stop. 3. **Send to Codex for review.** Point Codex at the saved diff file: ```bash env -u OPENAI_API_KEY codex exec --skip-git-repo-check -C /tmp \ "Review the code diff in /tmp/codex_audit_diff.txt. Look for: - Bugs, logic errors, or silent data issues - Wrong variable references or typos - Sample restrictions that may silently drop/include wrong observations - Off-by-one errors or boundary issues - Inconsistencies between what the code does and what comments say - Any change that could produce wrong results without an obvious error Be specific: cite line numbers and explain WHY something is a problem. If you find no real issues, say so briefly — do not invent problems." \ --full-auto -o /tmp/codex_audit_result.txt ``` Set timeout to 180000ms (3 minutes) for this command. 4. **Read and present the results.** Read the Codex output and present the findings to the user. For each finding: - State what the issue is - Reference the specific file and line - Explain the potential impact - Note your own assessment: do you agree with Codex's concern, or is it a false positive? 5. **Clean up.** Remove the temp files (`/tmp/codex_audit_diff.txt`, `/tmp/codex_audit_result.txt`). ## Important - The Codex review is a SECOND OPINION — it operates with limited context and may flag intentional design choices as bugs - Always validate Codex's findings against the actual codebase before recommending changes - If Codex flags something that is actually correct, explain why it's a false positive - `env -u OPENAI_API_KEY` is required so Codex uses its own auth (not the Azure env var)