codex-review

# Codex Review — Three-Tier Code Quality Defense

Unified orchestration layer: picks audit depth based on trigger phrases. bug-audit is invoked as an independent skill — never modified.

## Security & Privacy

- **Read-only by default**: This skill only reads your project files for analysis. It does NOT modify, delete, or upload your code anywhere.
- **Optional external model**: L1/L3 can use an external code-review API (OpenAI-compatible) for a second opinion. This is **opt-in** — if no API key is configured, the skill works fine with agent-only review.
- **Credentials via environment variables only**: API keys are loaded from `CODEX_REVIEW_API_KEY` env var. Never hardcoded, never logged, never stored.
- **Local-only artifacts**: Hotspot files are written to system temp directory and auto-cleaned. No network transmission of analysis results.
- **No data exfiltration**: Code snippets sent to the external API are limited to the files being reviewed. No telemetry, no analytics, no third-party data sharing beyond the configured review model.

## Prerequisites

- **External model API** (optional, for L1 Round 1 and L3): Any OpenAI-compatible endpoint.
  - Set env vars: `CODEX_REVIEW_API_BASE` (default: `https://api.openai.com/v1`), `CODEX_REVIEW_API_KEY`, `CODEX_REVIEW_MODEL` (default: `gpt-4o`)
  - Works without this — falls back to agent-only audit
- **bug-audit skill** (optional): Required for L2/L3. Without it, L2 uses a built-in fallback.
- **curl**: For API calls (standard on macOS/Linux)

## Trigger Mapping

| User says | Level | What it does | Est. time |
|-----------|-------|--------------|-----------|
| "review" / "quick scan" / "review下" / "检查下" | L1 | External model scan + agent deep pass | 5-10 min |
| "audit" / "deep audit" / "审计下" / "排查下" | L2 | Full bug-audit flow (or built-in fallback) | 30-60 min |
| "pre-deploy check" / "上线前检查" | L1→L2 | L1 scan → record hotspots → L2 audit → hotspot gap check | 40-70 min |
| "cross-validate" / "highest...

# 🔍 Codex Review — Three-Tier Code Quality Defense

> An OpenClaw Agent Skill that orchestrates multi-model code review with escalating depth levels.

[![ClawHub](https://img.shields.io/badge/ClawHub-codex--review-blue)](https://clawhub.com/skills/codex-review)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)

## The Problem

AI agents write code fast — but they also **patch bugs in the wrong direction** fast. Single-pass reviews miss cross-file logic issues, business exploits, and race conditions.

## The Solution

**Three levels of defense**, each deeper than the last:

| Level | Trigger | What Happens | Time |
|-------|---------|-------------|------|
| **L1** Quick Scan | "review this" | Dual-model scan (fast model + self-review) | 5-10 min |
| **L2** Deep Audit | "audit this" | Full bug-audit flow (6 phases) | 30-60 min |
| **L1→L2** Pre-Deploy | "pre-deploy check" | L1 → hotspot handoff → L2 → gap analysis | 40-70 min |
| **L3** Cross-Validate | "cross-validate" | Independent dual audit + compare + adversarial bypass testing | 60-90 min |

## Key Features

- 🎯 **Smart Escalation** — Say "review" for quick, "audit" for deep, "cross-validate" for maximum
- 🔀 **Dual-Model Cross-Check** — Two AI reviewers independently find bugs, then compare notes
- ⚔️ **Adversarial Testing** (L3) — One model tries to bypass the other's proposed fixes
- 📋 **Hotspot Handoff** — L1 findings automatically feed into L2 for targeted deep analysis
- 🔌 **Composable** — Works standalone (L1) or with `bug-audit` skill (L2/L3)

## Install

```bash
clawhub install codex-review
```

**Recommended companion:**
```bash
clawhub install bug-audit  # Required for L2/L3
```

## Real-World Results

Built from auditing **24+ Node.js projects** with **200+ real bugs found**:
- 🔴 Admin auth bypasses via localhost detection
- 🔴 Score submission without server validation
- 🔴 SQLite double-quote column name bugs
- 🔴 Race conditions in concurrent API requests
- 🟡 Tim...