AgentSkillsCN

codex-audit

使用 Codex CLI 进行沙盒式审计、调试与自主原型开发

SKILL.md
--- frontmatter
name: codex-audit
description: Use Codex CLI for sandboxed auditing, debugging, and autonomous prototyping
allowed-tools: Bash, Read, Write, TodoWrite, Glob, Grep

Codex Audit Skill

LIBRARY-FIRST PROTOCOL (MANDATORY)

Before writing ANY code, you MUST check:

Step 1: Library Catalog

  • Location: .claude/library/catalog.json
  • If match >70%: REUSE or ADAPT

Step 2: Patterns Guide

  • Location: .claude/docs/inventories/LIBRARY-PATTERNS-GUIDE.md
  • If pattern exists: FOLLOW documented approach

Step 3: Existing Projects

  • Location: D:\Projects\*
  • If found: EXTRACT and adapt

Decision Matrix

MatchAction
Library >90%REUSE directly
Library 70-90%ADAPT minimally
Pattern existsFOLLOW pattern
In projectEXTRACT
No matchBUILD (add to library after)

Purpose

Route auditing and debugging tasks to Codex CLI when:

  • Autonomous iteration is needed (test-fix-retest loops)
  • Sandboxed execution required for safety
  • Rapid prototyping without approval overhead

Unique Capability

What Codex Does Better:

  • Fully autonomous execution (no approval needed mid-task)
  • Sandboxed isolation (no network, CWD only)
  • Iterative debugging loops
  • GPT-5-Codex optimized for agentic coding

When to Use

Perfect For:

  • Automated test fixing
  • Code auditing in isolation
  • Rapid prototyping of features
  • Refactoring with test verification
  • Build failure recovery
  • Security scanning in sandbox

Don't Use When:

  • Need network access (sandbox disables it)
  • Need to access files outside CWD
  • Production debugging (use Claude with oversight)
  • Complex multi-file coordination

Usage

Basic Audit

bash
/codex-audit "Find and fix all type errors" --context src/

Test Fixing

bash
/codex-audit "Fix failing tests" --context tests/ --max-iterations 10

Prototyping

bash
/codex-audit "Build REST API with CRUD endpoints" --context .

Command Pattern

bash
bash scripts/multi-model/codex-audit.sh "<task>" "<context>" "<task_id>" "<max_iterations>"

Safety Constraints

ConstraintValue
NetworkDISABLED
File AccessCWD only
IsolationmacOS Seatbelt / Docker
Max Iterations5 (configurable)

Memory Integration

Results stored to Memory-MCP:

  • Key: multi-model/codex/audit/{task_id}
  • Tags: WHO=codex-cli, WHY=audit

Output Format

json
{
  "raw_output": "Audit findings...",
  "metrics": {
    "files_analyzed": 15,
    "findings_count": 7,
    "fixes_applied": 5
  },
  "context_path": "src/",
  "sandbox_mode": true
}

Handoff to Claude

After Codex audit completes:

  1. Findings stored in Memory-MCP
  2. Claude agents review findings
  3. Apply or escalate based on severity
javascript
// Claude agent reads Codex audit
const audit = memory_retrieve("multi-model/codex/audit/{task_id}");
if (audit.metrics.findings_count > 0) {
  Task("Reviewer", `Review findings: ${audit.raw_output}`, "reviewer");
}

Integration with Audit Pipeline

bash
# Phase 1: Theater detection (Claude)
/theater-detection-audit

# Phase 2: Functionality audit (Codex)
/codex-audit "Verify all functions work" --context src/

# Phase 3: Style audit (Claude)
/style-audit