Codex Review — Three-Tier Code Quality Defense

Unified orchestration layer: picks audit depth based on trigger phrases. bug-audit is invoked as an independent skill — never modified.

Security & Privacy

• Read-only by default: This skill only reads your project files for analysis. It does NOT modify, delete, or upload your code anywhere.
• Optional external model: L1/L3 can use an external code-review API (OpenAI-compatible) for a second opinion. This is opt-in — if no API key is configured, the skill works fine with agent-only review.
• Credentials via environment variables only: API keys are loaded from CODEX_REVIEW_API_KEY env var. Never hardcoded, never logged, never stored.
• Local-only artifacts: Hotspot files are written to system temp directory and auto-cleaned. No network transmission of analysis results.
• No data exfiltration: Code snippets sent to the external API are limited to the files being reviewed. No telemetry, no analytics, no third-party data sharing beyond the configured review model.

Prerequisites

• External model API (optional, for L1 Round 1 and L3): Any OpenAI-compatible endpoint.
  • Set env vars: CODEX_REVIEW_API_BASE (default: https://api.openai.com/v1), CODEX_REVIEW_API_KEY, CODEX_REVIEW_MODEL (default: gpt-4o)
  • Works without this — falls back to agent-only audit
• bug-audit skill (optional): Required for L2/L3. Without it, L2 uses a built-in fallback.
• curl: For API calls (standard on macOS/Linux)