feat(codex): Codex CLI bridge for cross-model exec, review, and verification#58
Merged
Conversation
…, tests Runtime interop with the OpenAI Codex CLI as a second model. src/lib/codex.ts holds all logic: an L0/L1/L2 detection ladder (PATH → bounded `codex login status` → real `codex exec`), a sticky verdict cache with TTLs (entitlement re-checked daily, quota per ~5h window), error classification, and a preflight gate that fails open to Claude-only. Thin consumers: codex-verify.ts (SessionStart availability) and codex-run.ts (the /codex CLI: exec / review / ask). exec defaults to workspace-write and never danger-full-access without an explicit flag; review/ask are read-only. codex-verifier agent fans out cross-model review on a risky diff. 37 tests cover detection, reconciliation, error classification, sandbox allowlisting, and stderr redaction/capping.
Statusline badge reads the cached verdict (codex ✓ / auth? / ⏳; hidden when not installed or unknown — no clutter for teammates without Codex). SessionStart hook refreshes the verdict async with a 3s timeout. CLAUDE-FULL.md documents quota-aware routing (Opus for thinking, Sonnet for loop bodies, Codex for bulk/verify); MANUAL.md registers the skill. docs/codex-bridge.md is the full design, including a cross-reference to Codex's native config-import flow as the complementary config-interop direction.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this does
Adds a bridge to the OpenAI Codex CLI so a Claude Code session can use Codex as a second model — delegate bulk work to it, get an independent cross-model review of the current diff, or ask it a quick read-only question. It's opt-in and gated: if Codex isn't installed or logged in, everything no-ops and the session continues Claude-only, so teammates without Codex are unaffected.
The point is cross-model verification. Opus reviewing its own output shares its own blind spots; a different model family catches what self-review misses. The statusline shows whether the bridge is live at a glance.
Summary
src/lib/codex.ts— all bridge logic. Detection ladder: PATH check → boundedcodex login status(no model call) → a realcodex exec(the only way to observe entitlement/quota). Sticky verdict cache with TTLs (entitlement re-checked daily, quota per ~5h window), error classification, and a preflight gate that fails open.src/scripts/codex-run.ts— the/codexCLI:exec(workspace-write),reviewandask(read-only).execnever usesdanger-full-accesswithout an explicit flag.src/hooks/codex-verify.ts— SessionStart hook (async, 3s timeout) refreshing the availability verdict.skills/codex/SKILL.md+agents/codex-verifier.md— the skill and a Sonnet fan-out agent for parallel cross-model verification.src/hooks/statusline.ts— availability badge (codex ✓ / auth? / ⏳; hidden when not-installed/unknown).CLAUDE-FULL.md— quota-aware routing guidance (Opus = thinking, Sonnet = loop bodies, Codex = bulk/verify).MANUAL.md— skill registration.docs/codex-bridge.md— full design + a cross-reference to Codex's native config-import flow.Security
--terminates Codex arg parsing so a prompt starting with-can't be reparsed as a flag.danger-full-accessis never a default.Dogfood
Built the bridge, then ran
/codex reviewagainst its own diff. Codex flagged two real issues — an unboundedcodex login statusin preflight, and a docs/statusline badge-string mismatch — both fixed in this branch. The cross-model loop closed on its first real use.Test Plan
bun run typecheckcleanbun test— 576 pass / 0 fail (codex suite 37/37)bun run lint— codex files cleanbun run lint:skills— 35 skills, 0 errors (under the 40 cap)askround-trips,reviewreads the diff, verdict cache writtensetup.shto refresh the hooks fingerprint (new SessionStart hook) — see docs/codex-bridge.md "Setup Caveat"