Context
v1.34.2.0 (#1478, fixing #1428) shipped a dual-path approach for /codex review on Codex CLI ≥0.130.0:
- Bare path:
codex review --base <branch> (no prompt) when the user didn't pass custom instructions.
- Custom path:
codex exec + tempfile prompt with DIFF_START/DIFF_END delimiters when /codex review <focus>.
The bare path is correct for the new CLI semantics, but it surfaces an adjacent issue: the filesystem boundary instruction (the "do not read files under ~/.claude/, .claude/skills/, agents/, ~/.agents/" preamble) was previously prefixed to every codex review call as part of the prompt. The bare path no longer carries that prompt, so the boundary is dropped.
Impact
When the diff being reviewed happens to touch .claude/skills/, agents/, or any of the skill-template paths, codex may spend tokens reading those files — they're skill definitions meant for a different AI system, so reading them is wasted work AND the model can be distracted by their instructions.
This is a token-efficiency concern, not a safety concern (the skill files are public). But on large diffs that touch skills (which gstack itself does regularly), it can mean codex spends a meaningful fraction of its budget on the wrong files.
Repro
- Make a commit that modifies any file under
.claude/skills/ or agents/.
- Run
/codex review with no custom instructions.
- Observe codex's stdout — if any tool calls read skill files (e.g. `rg "^---" .claude/skills/...`), the boundary would have prevented those reads on the pre-0.130.0 prompted path.
Possible fixes
- Push the boundary into the codex CLI as a
system_prompt arg if/when 0.130.0+ exposes one (the bare path's note already mentions checking for this).
- Land a
~/.codex/AGENTS.md opt-in for users who want a persistent boundary across all codex review calls.
- Detect skill-file paths in the diff and bail out of the bare path into the exec path with a temp-prompt that carries the boundary.
References
Context
v1.34.2.0 (#1478, fixing #1428) shipped a dual-path approach for
/codex reviewon Codex CLI ≥0.130.0:codex review --base <branch>(no prompt) when the user didn't pass custom instructions.codex exec+ tempfile prompt with DIFF_START/DIFF_END delimiters when/codex review <focus>.The bare path is correct for the new CLI semantics, but it surfaces an adjacent issue: the filesystem boundary instruction (the "do not read files under ~/.claude/, .claude/skills/, agents/, ~/.agents/" preamble) was previously prefixed to every
codex reviewcall as part of the prompt. The bare path no longer carries that prompt, so the boundary is dropped.Impact
When the diff being reviewed happens to touch
.claude/skills/,agents/, or any of the skill-template paths, codex may spend tokens reading those files — they're skill definitions meant for a different AI system, so reading them is wasted work AND the model can be distracted by their instructions.This is a token-efficiency concern, not a safety concern (the skill files are public). But on large diffs that touch skills (which gstack itself does regularly), it can mean codex spends a meaningful fraction of its budget on the wrong files.
Repro
.claude/skills/oragents/./codex reviewwith no custom instructions.Possible fixes
system_promptarg if/when 0.130.0+ exposes one (the bare path's note already mentions checking for this).~/.codex/AGENTS.mdopt-in for users who want a persistent boundary across allcodex reviewcalls.References