v1.5.2 · plugin for Claude Code

Two models, one truth

Codex grills your implementation plans and audits your codebase for vulnerabilities. Claude validates every finding against the real code before touching anything. Two flows, one safety contract.

Install in 30 seconds Choose your flow
  • Read-only, SHA256-contained
  • One-step rollback
  • No memory shortcuts

Two models, one truth

Codex provides the second opinion. Claude reads the cited file before agreeing — every claim is CONFIRMED, REFUTED, or UNVERIFIABLE. No memory shortcuts.

Read-only by contract

The wrapper SHA256-hashes the working tree before and after every Codex call. Security audits also hash the audit plan file directly (it lives under gitignored .claude/). Any unexpected change halts the loop.

One-step rollback

Each iter builds a content snapshot of your working tree under a permanent git ref. If anything goes sideways, restore with a single documented command.

Choose your flow

Two flows, one plugin

Type /codexgrill:once or /codexgrill:loop and the router asks which flow you want. Or invoke the sub-skill directly if you already know.

Plan validation

Bring an implementation plan; Codex grills it for wrong assumptions, missing files, ordering risks, security gaps. Claude validates every finding against the real code, edits the plan, re-presents it via ExitPlanMode.

  • /codexgrill:plan-once — single pass
  • /codexgrill:plan-loop — iterate until clean
Plan validation docs

Security audit

Claude reads the codebase and dependency manifests, writes a structured security plan with CWE / CVE / GHSA references. Codex validates and extends. Claude finalizes. Fixes only after your explicit go-ahead.

  • /codexgrill:security-once — single pass
  • /codexgrill:security-loop — iterate until clean
Security audit docs
Setup

Install

Two CLI prerequisites, then three Claude Code commands. No project-level config.

Prerequisites

  • Codex CLI v0.130+ npm install -g @openai/codex, then codex login
  • Node.js 18+
  • git 2.23+ must run inside a working tree — git restore --source is used for rollback

Add the plugin

From inside Claude Code:

claude code 
# 1. point Claude at the marketplace
/plugin marketplace add codeseasy/codexgrill
# 2. install
/plugin install codexgrill@codexgrill
# 3. reload to register the commands
/reload-plugins

That's it. Six slash commands are now available. Start with the two routers: /codexgrill:once and /codexgrill:loop — they'll ask which flow you want.

Reference

Wrapper exit codes

Both wrappers (plan-review.mjs and security-audit.mjs) share the same exit-code conventions.

codemeaning
0Success — Codex's final message is on stdout.
1codex exec failed (turn.failed, non-zero exit, network, auth).
2Working tree or plan file changed — could be Codex or you. WORKING_TREE_CHANGED:<files> is on stderr.
3Codex CLI not installed or not on PATH.
4Not a git working tree (containment check requires git).
64Usage error — missing or invalid flag.

Ready to grill some plans?

Two CLI prereqs, six slash commands, two flows. Live in 30 seconds.

Install codexgrill Star on GitHub