Claude Codex automates code review and enforcement. It orchestrates multiple AI agents for sequential reviews, with Codex as the final gatekeeper. It benefits development teams by ensuring code quality and security. It integrates with GitHub and other version control systems.
git clone https://github.com/Z-M-Huang/claude-codex.gitClaude Codex is a Claude Code plugin that automates code review through sequential multi-AI orchestration. Instead of relying on a single AI reviewer, it routes code through three independent reviewers—Claude Sonnet for obvious bugs and style issues, Claude Opus for architectural and subtle bugs, and Codex for a final independent perspective. The plugin includes specialized agents for requirements gathering, planning, implementation, and code review, each checking for OWASP Top 10 vulnerabilities, error handling, and code quality. It supports both feature development pipelines and bug-fix workflows with dual root-cause analysis, ensuring code doesn't proceed until all reviewers approve.
1. **Configure the Pipeline**: Set up your `.claude-codex.yml` file in the project root with rules for tools (e.g., ESLint, Snyk), ignored files, and coding standards. Example: ```yaml tools: eslint: true snyk: true prettier: true ignore: - "*.min.js" - "*.lock" standards: - "eslint-config-airbnb" - "OWASP Top 10" ``` 2. **Trigger the Automation**: Use the GitHub Action or CLI command to start the pipeline. For GitHub: ```yaml - name: Run Claude Codex Review uses: claude-codex/action@v1 with: pr_number: ${{ github.event.pull_request.number }} repo_url: ${{ github.repository }} ``` 3. **Review the Report**: The AI will post a consolidated review as a PR comment. Use the `claude-codex dashboard` CLI tool to inspect detailed logs if needed. 4. **Iterate**: Address the feedback in new commits. The pipeline will re-run automatically on push. Use `claude-codex rerun --pr 42` to manually trigger a re-review. 5. **Customize Rules**: Adjust the `.claude-codex.yml` file to match your project’s needs (e.g., add custom linting rules or security checks). **Tips:** - Use `claude-codex init` to scaffold the configuration file for your project. - For large PRs, split reviews into smaller chunks by reviewing files in batches. - Enable `fail_fast: true` in the config to block merges until critical issues are resolved.
Enforce professional multi-reviewer code quality standards in AI-assisted development
Catch security vulnerabilities and architectural issues before production
Automate bug diagnosis with parallel root-cause analysis from two AI models
Review generated code changes across multiple perspectives simultaneously
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/Z-M-Huang/claude-codexCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Act as a Claude Codex automation pipeline for [PROJECT_NAME]. Review the pull request [PR_NUMBER] in [REPO_URL] using the following steps: 1) Run static analysis with [TOOL_NAME] (e.g., SonarQube, ESLint), 2) Check for security vulnerabilities with [TOOL_NAME] (e.g., Snyk, Bandit), 3) Validate code style with [TOOL_NAME] (e.g., Prettier, Black), 4) Perform a semantic review with Codex to ensure logic correctness and consistency with [CODING_STANDARDS]. Provide a consolidated report with actionable feedback for the developer. Ignore files matching [IGNORE_PATTERN] (e.g., '*.min.js', '*.lock').
## Claude Codex Automation Report for PR #42 in `acme-web-app` **Static Analysis (ESLint):** - ✅ Passed: No critical issues found. 2 minor warnings in `utils/dateHelpers.js` (unused variables). - 📝 Suggested Fix: Remove `unusedParam` in `formatDate()` to resolve warnings. **Security Scan (Snyk):** - ⚠️ High: `[email protected]` has a prototype pollution vulnerability (CVE-2021-23337). - 🔧 Action: Upgrade to `[email protected]` or patch with `npm audit fix`. - 📝 Note: This affects `src/components/Dashboard.jsx` (indirect dependency). **Code Style (Prettier):** - ✅ Passed: All files formatted correctly. No style violations detected. **Semantic Review (Codex):** - ✅ Passed: Logic and architecture align with React best practices. - 🔍 Observations: - `useFetchData()` hook in `src/hooks/useFetchData.js` could benefit from a `retry` mechanism for failed requests. - `apiClient.js` lacks TypeScript type definitions for `ErrorResponse` interface. - 📝 Suggested Improvements: Add retry logic and TypeScript types for better maintainability. **Final Verdict:** ✅ **Approved with Comments** – Address the high-severity security issue and minor warnings before merging. The semantic review identified optional improvements for long-term maintainability. **Next Steps:** 1. Developer: Resolve security vulnerability and re-run Snyk scan. 2. Reviewer: Verify fixes and approve if no new issues are introduced. 3. Maintainer: Consider adding TypeScript types in a follow-up PR. **Files Ignored:** `dist/*`, `*.lock` (as per pipeline configuration). --- *Report generated by Claude Codex Automation Pipeline v1.2.0*
Agents that listen, think and act for you.
AI assistant built for thoughtful, nuanced conversation
Ensure cloud-native security with comprehensive container scanning and runtime protection.
Ensure cloud security with continuous monitoring and vulnerability management.
Security patch notifications for servers
AI-powered security engineer for vulnerability management
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan