@just-every/plugin-auto-review
v0.1.11
Published
Codex Auto Code Review plugin using hooks.
Downloads
178
Readme
Auto Code Review Plugin for Codex
Part of the Just Every Codex plugin marketplace.
Auto Code Review gives Codex a peer programmer that reviews code as it is written. It runs a token-efficient review pass over the code the agent actually changed, catches meaningful regressions while the work is still fresh, and feeds clear findings back before the turn is allowed to finish.
Use it when you want AI coding sessions to feel more like pairing with a careful teammate. The main agent keeps building, while Auto Code Review checks the diff for genuine bugs, regressions, broken contracts, and unsafe behavior. It is intentionally not a style, architecture, or preference review.
Install
codex plugin marketplace add just-every/plugins
codex plugin marketplace upgrade just-every
codex plugin add auto-review@just-everyThen open /hooks in Codex, trust the Auto Code Review hooks, and make sure they are enabled.
Auto Code Review can run immediately after install. No custom agent or Codex restart is required.
Plugin installation and hook trust are separate in Codex. If the plugin is installed but nothing happens at Stop, check /hooks first.
How It Works
Auto Code Review captures a baseline at the start of a turn, then reviews the baseline-to-stop diff when the turn tries to finish. When Codex provides a transcript path, the review prompt includes bounded recent user and assistant messages so the reviewer can distinguish real regressions from changes the user explicitly requested.
Clean reviews finish silently. Real findings are returned as normal Stop feedback so the main agent can fix them immediately. After any review attempt, the final snapshot becomes the next baseline, so later Stops review only new changes.
hooks/hooks.jsondefinesUserPromptSubmitandStop.- Hook state is stored under
${PLUGIN_DATA}. - The review worker uses schema-constrained output,
gpt-5.6-terra, medium reasoning, and default service tier. - Findings must identify the broken contract, concrete failure mode, and why the issue is not merely a user-requested behavior or design choice.
- Review infrastructure failures write diagnostics to stderr and fail open.
Development
Run:
npm test
python3 "$HOME/.codex/skills/.system/plugin-creator/scripts/validate_plugin.py" .
npm pack --dry-runRelease
The release workflow is .github/workflows/release.yml.
On relevant pushes to main, it runs the test suite, bumps package.json and .codex-plugin/plugin.json, publishes @just-every/plugin-auto-review to npm, tags the release, and creates a GitHub Release.
Required GitHub secret:
NPM_TOKEN
Optional GitHub secret:
GH_PAT, if branch protection blocksGITHUB_TOKENfrom pushing release commits or tags
