AI Coding Agents

Codex Inside Claude Code: The Official Plugin for Adversarial Reviews and Rescue

Direct Answer

OpenAI's official Codex plugin for Claude Code adds a useful quality-control pattern to an existing Claude workflow: let one coding agent build, then ask a different agent to inspect the diff without changing it. The value is not that two models automatically produce truth. The value is independent attention.

Claude Code can remain the planner and primary builder. Codex can review the current work, challenge a specific design decision, investigate a stuck bug, or take over a persistent session. The strongest workflow is still human-directed: define the acceptance criteria, run tests, ask Codex to challenge the risky parts, and accept only findings supported by code and reproducible evidence.

Video, walkthrough, and creator-test credit: Nate Herk | AI Automation. Follow Nate on X.

JQ AI SYSTEMS take: Use the plugin as an independent review lane, not an infinite model council. One builder, one bounded reviewer, one human decision, and one verification pass is a better default than letting two agents debate until the usage meter wins.

Source Note

The current repository README is the factual source for requirements, installation, commands, authentication, configuration, read-only behavior, background jobs, session transfer, and the review-gate warning. OpenAI's Codex documentation supports the app-server, local configuration, and usage-limit details. Anthropic's Claude Code documentation supports how external marketplaces and installed plugins work.

Nate's dashboard review, game build, model observations, and the two game bugs are creator tests from one video. His benchmark discussion compares a specific GPT-5.4 and Claude Opus 4.6 snapshot. Those results should not be treated as a permanent ranking, especially as the plugin can use whatever current Codex model and reasoning effort are selected by local configuration.

Resource Status Use it for
Codex Just 10x'd Claude Code Projects Nate Herk video Installation walkthrough, live adversarial review, game comparison, and review-to-fix loop.
Nate Herk on YouTube and X Creator credit Original commentary and follow-up AI automation tutorials.
openai/codex-plugin-cc Official repository Source code, requirements, installation, command reference, examples, license, and issue tracking.
Codex pricing and plan limits OpenAI official Current ChatGPT plan access, usage limits, and API-key billing guidance.
Codex app server OpenAI official The integration layer the plugin uses to run and manage local Codex work.
Codex configuration basics OpenAI official Model, reasoning effort, approvals, sandbox, project trust, and project-level overrides.
Codex CLI documentation OpenAI official Install, authenticate, operate, and resume the same local Codex runtime used by the plugin.
Claude Code plugin marketplace guide Anthropic official How to add a marketplace, install a plugin, choose scope, update it, and assess trust.
Claude Code plugins reference Anthropic official Plugin components, local cache behavior, commands, agents, hooks, and file boundaries.

What the Plugin Actually Does

This is not a new model and it does not merge Claude and Codex into one brain. It is a bridge from Claude Code to the Codex runtime already installed on the same machine. The plugin uses the same repository checkout, Codex authentication, and applicable config.toml settings.

Command Job Best moment to use it
/codex:review Normal read-only review of current work or a branch diff. Before a commit, pull request, release, or merge.
/codex:adversarial-review Steerable challenge to assumptions, tradeoffs, failure modes, and architecture. Auth, payments, state, data loss, concurrency, rollback, and risky design decisions.
/codex:rescue Delegates an investigation or implementation task to Codex. When Claude is stuck, a test is flaky, or an independent fix attempt is useful.
/codex:transfer Imports the current Claude Code session into a persistent Codex thread. When the job should continue directly in the Codex app or terminal.
/codex:status Shows running and recent background jobs for the repository. While a long review or rescue task continues in the background.
/codex:result Returns the stored output and, when available, the Codex session ID. When a background job finishes and its findings need review.
/codex:cancel Stops an active background job. When scope is wrong, cost is climbing, or enough evidence already exists.
/codex:setup Checks installation and authentication and manages the optional review gate. First run, troubleshooting, or deliberate gate configuration.

How to Install It

The current repository requires Node.js 18.18 or later plus a ChatGPT subscription, including Free, or an OpenAI API key. Run the following inside Claude Code:

/plugin marketplace add openai/codex-plugin-cc
/plugin install codex@openai-codex
/reload-plugins
/codex:setup

If Codex is not installed, the setup command can offer to install it when npm is available. The manual path is:

npm install -g @openai/codex
!codex login

A simple first background review is:

/codex:review --background
/codex:status
/codex:result

Install the plugin only from a source you trust and inspect the repository before enabling it in work code. Anthropic's plugin documentation notes that marketplace plugins are highly trusted components that can execute code with the user's privileges. For teams, choose installation scope deliberately rather than placing a personal experiment into project-wide settings by accident.

Review vs Adversarial Review

Normal review is for a conventional second look. It can inspect uncommitted changes or compare the branch against a base such as main. It is not steerable and does not accept custom focus text.

/codex:review
/codex:review --base main
/codex:review --background

Adversarial review is for a decision that deserves pressure. It accepts focus text and should be aimed at a named risk rather than the vague instruction to "find everything wrong."

/codex:adversarial-review --base main challenge the auth boundary,
session invalidation, rate limits, rollback path, and data-loss risks

/codex:adversarial-review --background look for race conditions and
question whether the retry and idempotency design is safe

Both review modes are read-only. That separation matters: a reviewer should first explain the evidence, affected code, severity, reproduction path, and smallest safe response. It should not silently rewrite the implementation it is judging.

What Nate's Test Found

Nate first ran an adversarial review against an internal dashboard built with Claude Opus. Codex returned a verdict, prioritized findings, recommendations, and next steps. That demonstrated the review surface, but the more useful evidence came from the game test.

He gave Claude Code and Codex the same one-shot dungeon-game brief. Claude finished faster. Codex ran longer and admitted that the game was playable before every part of the original specification was complete. Nate preferred Codex's initial presentation and polish, but one creator preference on one game is not a model ranking.

The important result appeared when Codex adversarially reviewed the Claude-built game. It found two high-priority logic problems:

  1. An unwinnable-run soft lock. A player could leave floor 10 before collecting the required amulet, reach floor 11, and lose the only path to victory.
  2. A save and rollback risk. The game's continue flow did not persist enough state-changing actions, creating a realistic data-loss problem after progress.

Codex proposed gating the floor-10 stairs and persisting state after meaningful actions or through a debounced autosave. Nate then handed those findings back to Claude. This is the plugin's best case: the second agent did not merely say the UI felt different. It traced state transitions and found failure paths the original builder had missed.

The Practical Two-Agent Loop

  1. Write the acceptance contract. Define user paths, invariants, tests, prohibited actions, and the exact meaning of done.
  2. Let one agent own implementation. Claude Code can plan, edit, run tests, and explain the resulting diff.
  3. Make the diff reviewable. Keep unrelated changes out, establish a base branch, and run the project's own checks first.
  4. Ask Codex one focused question. Use normal review for broad defects or adversarial review for a named risk.
  5. Triage findings. Require file references, impact, reproduction evidence, and a minimal fix. Reject style-only debate and unsupported claims.
  6. Implement accepted findings. Return them to Claude or delegate one bounded fix through /codex:rescue.
  7. Verify independently. Rerun tests, exercise the affected user path, inspect the final diff, and stop after one follow-up review unless a material issue remains.
Reusable review brief:

Review this diff against the acceptance criteria and repository conventions. Prioritize only defects that can change behavior, security, data integrity, reliability, accessibility, or maintainability. For each finding, include severity, affected file, evidence, reproduction path, and the smallest safe correction. Do not propose style-only rewrites. Stop after the five highest-confidence findings.

Rescue, Transfer, and Background Jobs

Review is only one part of the plugin. /codex:rescue can give Codex a bounded task such as investigating a failing test or applying one approved repair. It supports fresh and resumed work, background execution, explicit models, and reasoning effort.

/codex:rescue --background investigate why the integration test is flaky
/codex:rescue --fresh fix the failing test with the smallest safe patch
/codex:rescue --resume apply the top fix from the previous run

/codex:transfer serves a different purpose. It converts the current Claude Code conversation into a persistent Codex thread and returns a codex resume command. Use it when the context is already valuable but Codex should become the primary workspace. Do not use transfer simply to duplicate every conversation across two products.

The Automatic Review Gate

The setup command can enable a Stop-hook review gate:

/codex:setup --enable-review-gate
/codex:setup --disable-review-gate

When enabled, the plugin runs a targeted Codex review as Claude tries to stop. If Codex reports issues, the hook can block completion so Claude addresses them. The official repository warns that this can become a long-running Claude-and-Codex loop and drain usage limits quickly.

Treat the gate like a release control, not a default personality. Enable it for a monitored session, define what severity can block completion, set a maximum pass count, and keep a manual cancel path. For ordinary edits, a deliberate /codex:review --background is easier to understand and budget.

Why Benchmarks Are Not the Decision

Nate's video compares GPT-5.4 and Claude Opus 4.6 on a selection of coding benchmarks, then compares community reports about their tendencies. That was useful release-time context, not a durable verdict. The plugin can inherit a newer model and reasoning effort from the user's current Codex configuration, and Claude Code can also change models.

The harness matters too. A model with better repository search, a cleaner diff, stronger tests, or a more precise review brief may outperform the theoretically stronger model in the actual workflow. Review quality should be measured by accepted findings, escaped defects, false-positive rate, repair time, total usage, and whether the final user path works.

Cost and Security Boundaries

  • Usage is not free of limits. ChatGPT plan access still contributes to Codex limits; API-key use follows API billing.
  • Keep review read-only. Use review for evidence. Grant write access only to a separate, bounded repair task.
  • Do not copy the demo's bypass mode into production. Use a workspace sandbox, approval prompts, protected secrets, and the narrowest network access that lets the test run.
  • Protect credentials. A local reviewer sees the same checkout and machine environment. Keep secrets out of the repository and control which environment variables reach commands.
  • Cap review scope. Large multi-file changes can take time. Specify the base branch, highest-risk subsystem, finding limit, and background behavior.
  • Keep humans at the merge gate. A confident second model can still misunderstand product intent, generate false positives, or agree with the first model for the wrong reason.

A 30-Minute First Test

  1. Choose one small repository with tests and a recent multi-file change.
  2. Install the plugin, run /codex:setup, and confirm the expected account and project.
  3. Run the repository's normal test and lint commands before asking for review.
  4. Start /codex:review --background, then inspect the result instead of immediately implementing it.
  5. For the riskiest decision, run one adversarial review with a specific failure mode.
  6. Record accepted findings, false positives, elapsed time, and whether the final checks caught anything new.
  7. Stop. Do not enable the automatic review gate until manual reviews are consistently worth their cost.
CTA: Add Codex as a bounded second reviewer on one real change this week. Judge the plugin by defects caught and review time saved, not by how impressive it feels to have two frontier agents talking about the same code.

Bottom Line

The Codex plugin makes a workflow many builders were already improvising easier to operate. Claude Code can plan and build. Codex can independently review, challenge, rescue, or take over. The combination becomes valuable when responsibilities are clear and every finding still has to survive tests and human judgment.

Nate Herk's game demo shows the practical benefit: Codex found a soft lock and a persistence failure in code produced by Claude, then Claude could implement the accepted repairs. That is a stronger pattern than asking the original builder to praise its own work. Keep the loop short, the review read-only, the risk specific, and the human in charge of shipping.

Sources

Common questions

What is the official Codex plugin for Claude Code?
It is an OpenAI-maintained plugin that lets Claude Code call the local Codex runtime for normal reviews, steerable adversarial reviews, delegated rescue tasks, background jobs, and Claude-to-Codex session handoffs. It keeps the user inside the Claude Code workflow while adding Codex as a second agent.
Does the Codex plugin change code during a review?
No. The normal review and adversarial review commands are documented as read-only. They report findings but do not fix the code. The user can then ask Claude Code, Codex, or a human developer to evaluate and implement accepted findings.
Do I need a separate Codex account?
The plugin uses the local Codex CLI authentication already present on the machine. OpenAI says a ChatGPT subscription, including Free, or an OpenAI API key can be used. Usage still counts against the applicable Codex limits or API billing.
What is the difference between codex review and adversarial review?
Normal review checks the current work or a branch diff and does not accept custom focus text. Adversarial review is steerable and is designed to challenge implementation choices, hidden assumptions, failure modes, security risks, race conditions, rollback, and whether a simpler design would be safer.
Should I enable the automatic Codex review gate?
Only for monitored, high-value sessions. The official repository warns that the gate can create a long-running Claude and Codex loop and drain usage limits. Start with manual review commands, cap the number of passes, and enable the gate only after the team understands its cost and stopping behavior.
Is Claude Code plus Codex always better than using one agent?
No. A second model adds time, tokens, and another source of false positives. The pairing is most useful for risky diffs, unfamiliar code, security-sensitive changes, complicated state, release candidates, and decisions where an independent challenge is worth the review cost.
Share
X LinkedIn Reddit
Build Yours

Want a system
like this one?

Book a free 30-minute call. We map your situation, identify the highest-impact automation, and figure out if we are a fit.

Book Free 30-min Call