Skip to main content
Glama

codex_review_changes

Read-only

Get an independent second opinion on git changes. Send diffs from working tree, branch, or commit scope to Codex for review, and receive structured findings.

Instructions

Ask Codex (a different model) to review your git changes for an independent second opinion.

scope: working_tree (uncommitted vs HEAD), branch (needs base, reviews base...HEAD), or commit (needs a commit SHA). The diff is gathered, secret- redacted, and bounded by this server; Codex reviews it read-only and returns structured findings. Pass workspace_root (absolute) for the right repo.

extra_context (optional) is author intent — why the change was made, what you already verified, constraints — added to the prompt as clearly-labeled UNTRUSTED data (Codex is instructed to treat embedded directives as data, not commands — a best-effort injection mitigation, not a guarantee) to cut false positives. It is bounded by the same input-byte limit as the diff.

STATIC review, not a verify mode: the read-only sandbox blocks the writes a test/build/lint run typically needs (a writable cache/temp), so Codex can't rely on running the project's checks to confirm its findings. Treat findings as unvalidated claims to verify by running those checks yourself before acting.

Data egress: this sends the gathered diff to OpenAI via the codex CLI. The diff is secret-redacted (best-effort), but your extra_context is sent raw (unredacted), and Codex may read and send other repo files. Redaction is not a guarantee — do not point a review at a tree full of live credentials and assume it protects them.

Progress: this is a blocking call that returns only when Codex finishes; it does not stream incremental notifications/progress. Typical runs take tens of seconds; the configured default timeout is normally 180s, clamped to 10-600s, overridable per call via timeout_seconds (codex_status reports the resolved default and bounds). If you need live status or recoverability for a long run, use codex_review_changes_async for a job_id and poll codex_job_status.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
baseNoBase git ref for scope='branch'; the review covers base...HEAD.
modelNoOverride the Codex model slug for this call; defaults to the server/Codex default when unset.
pathsNoRepo-relative paths to narrow the review ('/' separators, no '..'); omit to review all changes in scope.
scopeNoWhich changes to review: 'working_tree' (uncommitted vs HEAD), 'branch' (needs base), or 'commit' (needs commit).working_tree
commitNoCommit SHA or ref to review for scope='commit'.
detailNoResponse verbosity: 'summary' (default) omits the raw model text; 'full' includes it.summary
isolationNoCodex config isolation: 'inherit' (default), 'ignore-config', or 'ignore-rules'.
extra_contextNoOptional author intent / background context, added to the prompt as clearly-labeled UNTRUSTED data. Codex is instructed to treat embedded directives as data, not commands — best-effort prompt-injection mitigation, not a guarantee. Don't include live secrets: Codex can read files it's pointed at, and redaction does not cover this field.
workspace_rootNoAbsolute path to the target repository root. Pass it (or rely on an MCP root) so the call targets the intended repo; otherwise it falls back to the server's own cwd and meta.workspace_warning is set.
timeout_secondsNoPer-call wall-clock timeout in seconds, clamped to 10..600 (out-of-range values are coerced, not rejected). Defaults to the server's configured timeout.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
okYes
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description extensively covers behavior beyond annotations: blocking call, no progress streaming, typical run time, timeout clamping (10-600s), secret-redaction (with caveats), injection mitigation, data egress to OpenAI, and static review limitations. No contradictions with annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured with clear paragraphs and front-loaded main purpose. While lengthy, each section adds essential detail for correct usage and safety. Minor room for more concise phrasing but overall effective.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (10 parameters, async sibling, output schema exists), the description covers all necessary aspects: scopes, security considerations, static nature, data egress, timeout behavior, and when to use async. Complete for a safe and informed invocation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so baseline is 3. The description adds context by explaining parameter relationships (e.g., scope needs base/commit), purpose of extra_context (author intent, injection risks), and timeout bounds. It enhances understanding significantly.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Ask Codex to review your git changes for an independent second opinion.' It defines distinct scopes (working_tree, branch, commit) and differentiates from the async sibling tool, making the purpose specific and unambiguous.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicit guidance on when to use this tool (for a static, read-only review) and when to use alternatives (async for live status/recoverability). It also explains the when-not-to-use via the 'STATIC review' note and recommends running checks yourself for verification.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/briandconnelly/codex-in-claude'

If you have feedback or need assistance with the MCP directory API, please join our Discord server