codex-claude-bridge
Uses OpenAI Codex to perform code and plan reviews, returning verdicts, findings, and session continuity across reviews.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@codex-claude-bridgeReview the changes I just made."
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Claude Review Bridge — Codex + Gemini
MCP server for automated code review. Claude Code writes the code; a second model reviews it and structured feedback comes back inline, no copy-pasting between tools. The reviewer is OpenAI Codex by default, or Google Gemini (via the Antigravity agy CLI).
Works with a subscription you already have — $0 marginal cost. Codex runs on your ChatGPT plan; Gemini runs on your Google AI Pro plan.
Out of usage on one provider? When both are set up, the bridge automatically fails over to the other so a review still comes back — see Provider failover.
Quick Start
Add the MCP server to Claude Code (same for every provider):
claude mcp add codex-bridge -- npx -y codex-claude-bridge@latestThen set up at least one reviewer. Codex is the default; set up both and the bridge fails over between them automatically.
Codex (default) — your ChatGPT subscription
Install the Codex CLI and sign in:
npm install -g @openai/codex
codex loginThe SDK reads OAuth tokens from ~/.codex/auth.json (created by codex login); when no OPENAI_API_KEY is set it uses your ChatGPT subscription automatically. To pay per token instead, export OPENAI_API_KEY=sk-....
Gemini — your Google AI Pro subscription
Install the Antigravity (agy) CLI, then run it once to sign in with your Google account (AI Pro):
agy # first run prompts a Google sign-inSelect Gemini with a .reviewbridge.json at your project root:
{ "provider": "gemini" }Restart Claude Code after setup. The review tools are now available.
Prerequisites
Node.js 18+ — nodejs.org
Claude Code — code.claude.com
Codex CLI (Codex path) —
npm install -g @openai/codex, thencodex loginAntigravity
agyCLI (Gemini path) — install it, then runagyto sign in (Google AI Pro)
Related MCP server: mcp-agent-review
What You Get
Once set up, Claude Code gains five new tools:
review_plan— Send an implementation plan for architectural review. Get a verdict (approve / revise / reject) with specific findings.review_code— Send a code diff for review. Get findings with file and line references.review_precommit— Quick sanity check before committing. Automatically captures your staged git changes.review_status— Check whether a review is still in progress, completed, or failed.review_history— Look up past reviews by session or count.
All tools return structured JSON that Claude Code can act on directly.
Usage (MCP)
In Claude Code, just describe what you want reviewed. Claude Code will pick the right tool:
Plan review:
"Review this implementation plan before I start coding." "Check my plan for security issues and scalability risks."
Code review:
"Review the changes I just made." (Claude Code runs
git diffand passes it) "Review this diff for bugs and security issues."
Pre-commit check:
"Run a pre-commit check on my staged changes." "Check if these changes are safe to commit."
Session continuity — pass the session_id from a plan review into a code review to maintain context across the full review lifecycle.
Standalone CLI
Run reviews directly from the terminal — no MCP setup required.
Pre-commit check (auto-captures staged changes):
npx codex-claude-bridge@latest review-precommitBlock commits on issues (CI-friendly, exits 2 on blockers):
npx codex-claude-bridge@latest review-precommit && git commitReview a plan:
npx codex-claude-bridge@latest review-plan --plan plan.mdReview a diff:
git diff main | npx codex-claude-bridge@latest review-code --diff -Add --json to any command for raw JSON output. Use --help to see all options.
Tools Reference
review_plan
Send an implementation plan for architectural/feasibility review.
Parameter | Type | Required | Description |
| string | yes | The implementation plan to review |
| string | no | Project context and constraints |
| string[] | no | Review focus areas (e.g. |
|
| no | Review depth |
| string | no | Continue from a previous review session |
| string | no | Override the model for this call (e.g. |
Returns: { verdict, summary, findings[], session_id }
review_code
Send a code diff for code review.
Parameter | Type | Required | Description |
| string | yes | Git diff to review |
| string | no | Intent of the changes |
| string | no | Continue from previous review (e.g. plan review session) |
| string[] | no | Review criteria (e.g. |
| string | no | Override the model for this call (e.g. |
Returns: { verdict, summary, findings[], session_id }
Findings include file and line references when available.
review_precommit
Quick pre-commit sanity check. Auto-captures staged git changes by default.
Parameter | Type | Required | Description |
| boolean | no | Auto-capture |
| string | no | Explicit diff instead of auto-capture |
| string | no | Continue from previous review |
| string[] | no | Custom pre-commit checks |
| string | no | Override the model for this call (e.g. |
Returns: { ready_to_commit, blockers[], warnings[], session_id }
review_status
Check status of a review session.
Parameter | Type | Required | Description |
| string | yes | Session ID to check |
Returns: { status, session_id, elapsed_seconds }
review_history
Query past reviews.
Parameter | Type | Required | Description |
| string | no | Query reviews for a specific session |
| number | no | Return last N reviews (default: 10) |
Returns: { reviews[] } with session_id, type, verdict, summary, timestamp per entry.
Configuration
Create .reviewbridge.json in your project root to customize review behavior:
{
"provider": "codex",
"fallback": true,
"model": "gpt-5.5",
"reasoning_effort": "medium",
"timeout_seconds": 300,
"max_chunk_tokens": 8000,
"review_standards": {
"plan_review": {
"focus": ["architecture", "feasibility"],
"depth": "thorough"
},
"code_review": {
"criteria": ["bugs", "security", "performance", "style"],
"require_tests": true
},
"precommit": {
"auto_diff": true,
"block_on": ["critical", "major"]
}
},
"project_context": "Your project description and constraints."
}All fields are optional. Missing fields use the defaults shown above. Large diffs are automatically split into chunks of approximately max_chunk_tokens tokens and reviewed sequentially.
provider—"codex"(default) or"gemini". Selects which backend reviews.mode—"failover"(default),"single","deliberate", or"deliberate-deep". Picks how the two providers combine; see Provider failover and Deliberation. When unset it's derived fromfallback.fallback—true(default) auto-fails-over to the other provider when the configured one is out of usage or unavailable. Setfalse(equivalently"mode": "single") for strict single-provider behavior.reasoning_effort— Codex only. Gemini's effort is baked into its model name (e.g."Gemini 3.5 Flash (High)"), so the field is ignored for Gemini.codex_path— absolute path to a codex binary for the Codex SDK to spawn (theCODEX_PATHenv var works too; the config field wins). Normally unnecessary: when unset, the SDK uses its own bundled binary, and if that binary can't run the bridge auto-discovers a working system codex from your PATH and the usual install locations (~/.local/bin,/opt/homebrew/bin,/usr/local/bin), retries, and logs the substitution on stderr. Set it explicitly to pin a specific binary — an explicit path disables auto-discovery entirely.
Where the config is discovered
When the MCP server or CLI starts, it looks for .reviewbridge.json in this order. The first match wins; nothing is merged.
RB_CONFIG_PATHenv var — if set, load exactly that file. Useful when the bridge is launched from a directory that isn't your project (e.g. an MCP host launches it from your home dir). Missing or unreadable file is a hard startup error so typos are surfaced immediately, not silently ignored.Walk-up from the working directory — looks for
.reviewbridge.jsonin the current directory, then each parent. The walk stops at the first.gitboundary so a project nested inside an unrelated git repo doesn't accidentally inherit a parent project's config.$HOME/.reviewbridge.json— a per-machine default. Drop one here to pin a model (e.g.{"model": "gpt-5.4"}) for every project on the box without having to touch each one.Built-in defaults — what you get if nothing is found anywhere.
A startup log line on stderr names the source ([codex-bridge] config source: project (/repo/.reviewbridge.json)) so you can confirm which file is in effect.
The CLI's --config <dir> flag is an explicit override: it looks only at <dir>/.reviewbridge.json and skips the cascade entirely (env vars and $HOME are not consulted in that mode).
Selected files must parse cleanly. Once a
.reviewbridge.jsonis found, malformed JSON or schema-invalid values abort startup. The walk-up does not silently skip past a broken file to the next candidate — that would hide your typo and leave you running on defaults.
Model selection
model takes a concrete id or "latest"; each provider resolves its own default when the field is unset.
Codex — default gpt-5.5. When the ChatGPT tier doesn't yet have a newly-announced flagship, pin gpt-5.4:
Model | Description |
| Flagship frontier model (default) — 400K context in Codex |
| Previous flagship. Use when |
Gemini — default resolves to the latest Flash via agy models. Effort is part of the model name:
Model | Description |
| Default — fast review line |
| Higher effort |
| Heavier reasoning line |
"latest" resolves to the newest Flash for Gemini, or the SDK-pinned flagship for Codex. These are the models we document and recommend; the model field, the model tool parameter, and the --model CLI flag accept any string and forward it as-is, so you can run others. For Gemini, an unrecognized model triggers a non-blocking stderr warning (agy may silently run a different one) — run agy models to see the live list.
Provider failover
When fallback is on (the default) and both providers are set up, a review that fails because the configured provider is out of usage or unavailable (rate-limited / usage cap, model not available on your tier, or not signed in) is automatically retried on the other provider. You'll see a one-line note on stderr:
[codex-bridge] codex unavailable (RATE_LIMITED); falling back to geminiThe result is tagged with the provider that actually served it ("provider": "gemini"). Notes:
Fresh reviews only. A resumed session lives in one provider's conversation store, so a
session_idreview is not failed over — start a fresh review on the other provider to continue.Data egress. Failover can send your diff to the other vendor (e.g. OpenAI → Google) when the primary is down. Set
"fallback": falseto disable this (also good for CI determinism).Failover never triggers on a bad diff or a malformed model response — only on genuine provider-unavailability.
Deliberation
"mode": "deliberate" sends review_plan and review_code to both providers independently, then returns where they agree vs diverge so the caller (Claude Code) can synthesize. Findings both providers flag are high-confidence; findings only one flags need a judgment call.
{ "provider": "codex", "mode": "deliberate" }The result keeps the usual shape (a merged verdict/findings, worst-verdict wins) plus an additive deliberation block:
{
"verdict": "reject",
"findings": [ /* deduped union of both providers */ ],
"deliberation": {
"providers": ["codex", "gemini"],
"verdicts": [ { "provider": "codex", "verdict": "request_changes" }, { "provider": "gemini", "verdict": "reject" } ],
"agreement": "conflict", // agree | mixed | conflict
"agreed": [ /* findings BOTH flagged — high confidence */ ],
"divergent": [ { "provider": "gemini", "finding": { /* only one flagged */ } } ]
}
}Notes:
Cost/egress: deliberation always runs both providers and sends the diff to both vendors — best for high-stakes reviews, not every precommit.
review_precommitstays failover under this mode.Degrades gracefully: if one provider is out of usage, you get the other's review with
deliberation.degradedset anddeliberation.agreement: "degraded"(it subsumes failover).Resumed sessions deliberate too: passing a
session_idresumes the review on the provider that owns that session while the other provider reviews fresh, then the two are combined — so plan→code lifecycles keep deliberating instead of silently dropping to one provider. The combined result keeps the resumed session's id.Per-call toggle:
review_plan/review_codeaccept adeliberateboolean (CLI:--deliberate/--no-deliberate) that overrides the configured mode for a single call —trueforces deliberation,falseforces single-provider failover. Requestingdeliberate: trueunder"mode": "single"returns an error (no second provider).review_modeon every result: every review result carries areview_modefield (single/failover/deliberate/deliberate-deep) naming the composition that actually ran, so the absence of adeliberationblock is never ambiguous.
Deliberate-deep (cross-review round)
"mode": "deliberate-deep" is deliberation plus one more step: after both providers review, each divergent finding (one only one provider flagged) is handed to the other provider to adjudicate — confirm it's a real issue, dispute it as a false positive, or mark it unsure. Because providers word findings differently and cite different line numbers, semantically-identical issues often land in divergent rather than agreed; the cross-review round tells you which of those one-sided findings the other provider actually stands behind.
{ "provider": "codex", "mode": "deliberate-deep" }Each divergent item gains an optional adjudication (the agreed findings and top-level shape are unchanged):
"divergent": [
{
"provider": "codex",
"finding": { "severity": "major", "category": "Null safety", "file": "src/auth.ts", "line": 5, "description": "…" },
"adjudication": { "by": "gemini", "verdict": "confirmed", "reason": "returns undefined for a header with no space" }
}
]Notes:
verdictisconfirmed(a real issue),disputed(a false positive here), orunsure(can't tell from the change).byis the provider that adjudicated — always the one that did not raise the finding.Top-level
verdictis not folded back: under deliberate-deep the result'sverdictstill reflects both providers' independent reviews (worst-of-both). The per-findingadjudications are advisory input for your synthesis — the bridge does not recompute the verdict from them (ISS-015). Arejectresting on findings the other providerdisputedstill reportsreject; it's up to you to weigh the adjudications.Cost: adds up to two more provider calls per review (one per side that has divergent findings). Skipped entirely when there's nothing divergent. The cross-review subject is sliced to just the files the divergent findings touch, so it stays small even on large diffs.
Best-effort: if a provider is out of usage or errors during the cross-review round, its side is simply left un-adjudicated and reported in
deliberation.cross_review_failures— the deliberation result still returns.
Storage
Set REVIEW_BRIDGE_DB to persist review history and session state:
export REVIEW_BRIDGE_DB=~/.review-bridge.dbDefaults to reviews.db in the current directory. Set to :memory: for ephemeral storage.
Troubleshooting
Error codes are provider-neutral. With fallback on (default), many of these auto-recover by retrying on the other provider — the messages below apply when there's no second provider set up or fallback is off.
Error | Fix |
| Run |
| Run |
| Install the Antigravity |
| Try a different model, switch |
| On macOS, XProtect can false-positively quarantine the SDK's bundled codex binary. The bridge auto-discovers a working system codex (PATH, |
| Wait and retry, or rely on failover to the other provider. |
| Check your internet connection. |
| The |
| Increase |
Architecture
┌─ @openai/codex-sdk ──► OpenAI Codex
Claude Code ──MCP/CLI──► bridge ──┤
│ └─ agy subprocess ─────► Google Gemini
SQLite DB
(review history)Both providers sit behind one ReviewBackend seam. Codex uses @openai/codex-sdk (which spawns codex exec internally; ChatGPT and API-key auth share the same path); Gemini wraps the agy --print --sandbox subprocess. A failover decorator wraps the two so an out-of-usage primary retries on the other.
src/
index.ts → Entry point (routes to MCP or CLI)
mcp.ts → MCP server startup
server.ts → Server setup, tool registration
cli/ → Standalone CLI (Commander.js)
tools/ → MCP tool handlers (5 tools)
backends/ → Provider backends behind one seam: codex, gemini (agy),
a shared orchestrator, and the failover decorator
codex/ → Prompts, Zod response schemas, shared types
config/ → .reviewbridge.json loader
storage/ → SQLite persistence (reviews, sessions)
utils/ → Git diff, chunking, error typesDevelopment
git clone https://github.com/AmirShayegh/codex-claude-bridge.git
cd codex-claude-bridge
npm install
npm test
npm run buildCommand | Description |
| Run tests (Vitest) |
| Bundle with tsup |
| Type checking |
| ESLint |
| Prettier |
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AmirShayegh/codex-claude-bridge'
If you have feedback or need assistance with the MCP directory API, please join our Discord server