@trendai-crem/claude-skills 1.3.0 → 1.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@trendai-crem/claude-skills",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "Claude Code skills installer for the trendai-crem team",
   "license": "UNLICENSED",
   "repository": {

package/skills/code-review/README.md

@@ -14,7 +14,7 @@ Multi-perspective code review for Trend Micro teams, powered by Claude Code.
 | Quality | Naming, style guide compliance, documentation |
 | Testing | Coverage, error handling, regression tests, requirements |
 
-Optional 6th reviewer: **Codex (gpt-5.4, fallback gpt-5.3-codex)** as cross-model baseline (auto-detected, not required). Retries 3 times on gpt-5.4 before falling back.
+Optional 6th reviewer: **Codex (gpt-5.4, fallback gpt-5.3-codex)** as cross-model baseline (auto-detected, not required). Supports the official Codex companion plugin (`codex-companion.mjs`) with fallback to raw CLI (`codex exec`). Retries 3 times on gpt-5.4 before falling back.
 
 ### Security Gate (Mandatory, Non-Bypassable)
 
@@ -139,7 +139,7 @@ The skill auto-triggers when Claude detects a code review request.
 [Step 3] Write review prompt with language packs
     |
     v
-[Step 3.5] Check Codex availability (optional)
+[Step 3.5] Detect Codex mode (companion → CLI → unavailable)
     |
     v
 [Step 4] Launch reviewers in parallel (ONE message)
@@ -149,7 +149,7 @@ The skill auto-triggers when Claude detects a code review request.
     +---> security-reviewer (Claude Agent, MANDATORY GATE)
     +---> quality-reviewer (Claude Agent)
     +---> testing-reviewer (Claude Agent)
-    +---> codex (gpt-5.4 x3 retry, fallback gpt-5.3-codex, if available)
+    +---> codex (companion plugin or CLI, gpt-5.4 x3 retry, fallback gpt-5.3-codex)
     |
     v
 [Step 5-7] Collect results, synthesize report
@@ -178,7 +178,7 @@ Installation is handled by the repo's root `install.sh`.
 ## FAQ
 
 **Q: Do I need Codex CLI installed?**
-A: No. The skill auto-detects Codex. Without it, 5 Claude reviewers provide full coverage. Codex adds an independent cross-model baseline.
+A: No. The skill auto-detects Codex in three modes: (1) official Codex companion plugin (`codex-companion.mjs` via `--prompt-file`), (2) raw Codex CLI (`codex exec`), (3) not available. Without Codex, 5 Claude reviewers provide full coverage. Codex adds an independent cross-model baseline.
 
 **Q: Does it work with repos using `main` instead of `develop`?**
 A: Yes. The skill shows commit counts for origin/develop, origin/main, and origin/master, then asks you to confirm the correct base branch.
@@ -201,6 +201,7 @@ A: The skill produces a report — it does not directly block git operations. Th
 
 | Version | Date | Changes |
 |---------|------|---------|
+| v1.3.0 | 2026-03-31 | Codex companion plugin support (`codex-companion.mjs` with `--prompt-file`), three-mode detection (companion → CLI → skip), raw CLI preserved as fallback |
 | v1.2.0 | 2026-03-23 | Session-isolated temp files, user-confirmed base branch, SOLID/design pattern evaluation, Codex gpt-5.4 retry x3 + gpt-5.3-codex fallback, 30min timeout |
 | v1.1.0 | 2026-03-21 | Base branch detection fix, `.c` extension support, security-reviewer gets language pack |
 | v1.0.0 | 2026-03-20 | Initial release: 5 lenses + Codex, SCD 10, OWASP Top 10, Red/Blue Team, language packs, JSON output |

package/skills/code-review/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: code-review
-version: "1.2.0"
+version: "1.3.0"
 description: "Multi-perspective code review with 5 standards-aligned reviewers + Codex baseline. Enforces Trend Micro RDSec policy, Secure Coding Dojo checkpoints, and company-wide review checklist. Use when the user asks for code review, review changes, review branch, or review PR."
 ---
 
@@ -120,14 +120,17 @@ Use the `Write` tool to create `${REVIEW_DIR}/review-prompt.txt` with the REVIEW
 
 ## Step 3.5: Detect Codex Availability
 
-Before launching reviews, check if Codex CLI is installed:
+Before launching reviews, detect Codex integration mode. The official Codex companion plugin is preferred over the raw CLI:
 
 ```
-Bash("command -v codex >/dev/null 2>&1 && echo 'CODEX_AVAILABLE' || echo 'CODEX_UNAVAILABLE'")
+Bash("COMPANION=$(find \"$HOME/.claude/plugins/marketplaces\" -name \"codex-companion.mjs\" -path \"*/openai-codex/*\" 2>/dev/null | head -1); if [ -n \"$COMPANION\" ] && [ -f \"$COMPANION\" ]; then echo \"CODEX_MODE=companion\"; echo \"COMPANION_PATH=$COMPANION\"; elif command -v codex >/dev/null 2>&1; then echo \"CODEX_MODE=cli\"; else echo \"CODEX_MODE=unavailable\"; fi")
 ```
 
-- If `CODEX_AVAILABLE` → include Codex as the 6th reviewer (cross-model baseline)
-- If `CODEX_UNAVAILABLE` → proceed with 5 Claude reviewers only. Note in report: "Codex baseline: SKIPPED (CLI not installed)"
+Save `CODEX_MODE` and (if applicable) `COMPANION_PATH` for use in Step 4b.
+
+- If `CODEX_MODE=companion` → official Codex plugin detected. Use `node "$COMPANION_PATH" task --prompt-file` for execution. Include Codex as the 6th reviewer.
+- If `CODEX_MODE=cli` → legacy Codex CLI available. Use `codex exec` for execution (backward-compatible). Include Codex as the 6th reviewer.
+- If `CODEX_MODE=unavailable` → no Codex integration. Proceed with 5 Claude reviewers only. Note in report: "Codex baseline: SKIPPED (not installed)"
 
 **This is NOT a blocker.** The 5 Claude lens reviewers provide full coverage. Codex adds independent cross-model validation but is optional.
 
@@ -140,7 +143,20 @@ Execute ALL of the following in a SINGLE message (5 reviewers if no Codex, 6 if
 TeamCreate(team_name="code-review")
 ```
 
-### 4b. Launch Codex (ONLY if CODEX_AVAILABLE)
+### 4b. Launch Codex (ONLY if CODEX_MODE is "companion" or "cli")
+
+Select the appropriate invocation based on `CODEX_MODE` from Step 3.5. Skip this step entirely if `CODEX_MODE=unavailable`.
+
+**If CODEX_MODE is "companion" (official plugin):**
+```
+Bash(
+  command='COMPANION="${COMPANION_PATH}"; REVIEW_DIR_VAL="${REVIEW_DIR}"; MODEL="gpt-5.4"; FALLBACK="gpt-5.3-codex"; MAX_RETRY=3; for i in $(seq 1 $MAX_RETRY); do echo "Attempt $i/$MAX_RETRY with $MODEL via companion"; node "$COMPANION" task --prompt-file "${REVIEW_DIR_VAL}/review-prompt.txt" --model $MODEL 2>"${REVIEW_DIR_VAL}/codex-stderr.txt" && exit 0; echo "Failed (attempt $i)"; sleep 2; done; echo "gpt-5.4 failed after $MAX_RETRY attempts. Falling back to $FALLBACK..."; node "$COMPANION" task --prompt-file "${REVIEW_DIR_VAL}/review-prompt.txt" --model $FALLBACK 2>"${REVIEW_DIR_VAL}/codex-stderr.txt"',
+  run_in_background=true,
+  timeout=1800000
+)
+```
+
+**If CODEX_MODE is "cli" (legacy fallback):**
 ```
 Bash(
   command='REVIEW_DIR_VAL="${REVIEW_DIR}"; MODEL="gpt-5.4"; FALLBACK="gpt-5.3-codex"; MAX_RETRY=3; for i in $(seq 1 $MAX_RETRY); do echo "Attempt $i/$MAX_RETRY with $MODEL"; cat ${REVIEW_DIR_VAL}/review-prompt.txt | codex exec -m $MODEL -s read-only --skip-git-repo-check - 2>${REVIEW_DIR_VAL}/codex-stderr.txt && exit 0; echo "Failed (attempt $i)"; sleep 2; done; echo "gpt-5.4 failed after $MAX_RETRY attempts. Falling back to $FALLBACK..."; cat ${REVIEW_DIR_VAL}/review-prompt.txt | codex exec -m $FALLBACK -s read-only --skip-git-repo-check - 2>${REVIEW_DIR_VAL}/codex-stderr.txt',
@@ -149,10 +165,15 @@ Bash(
 )
 ```
 
-**Codex retry strategy:**
+**Codex retry strategy (same for both modes):**
 - Default model: `gpt-5.4` (retry up to 3 times on failure)
 - Fallback: `gpt-5.3-codex` (if all 3 retries fail)
-- Skip this step entirely if Codex CLI is unavailable. Do NOT error or warn the user to install it.
+- Skip this step entirely if `CODEX_MODE=unavailable`. Do NOT error or warn the user to install it.
+
+**Companion mode advantages:**
+- `--prompt-file` reads the review prompt directly from disk (no stdin piping)
+- The companion validates authentication via `ensureCodexReady()` before executing
+- No `--skip-git-repo-check` or `-s read-only` flags needed (companion defaults to read-only sandbox without `--write`)
 
 ### 4c. Spawn Architecture Reviewer
 ```
@@ -754,7 +775,7 @@ TypeScript-specific checks:
 | security-reviewer | Security (GATE) | Claude | [OK/FAILED/TIMEOUT] | N crit, N major, N minor |
 | quality-reviewer | Style + Documentation | Claude | [OK/FAILED/TIMEOUT] | N crit, N major, N minor |
 | testing-reviewer | Testing + Requirements | Claude | [OK/FAILED/TIMEOUT] | N crit, N major, N minor |
-| codex | External Baseline | gpt-5.4 (fallback: gpt-5.3-codex) | [OK/FAILED/TIMEOUT] | N crit, N major, N minor |
+| codex | External Baseline | gpt-5.4 via companion/CLI (fallback: gpt-5.3-codex) | [OK/FAILED/TIMEOUT] | N crit, N major, N minor |
 
 ### Dimension Scores
 
@@ -800,7 +821,7 @@ TypeScript-specific checks:
 #### Testing Reviewer
 (same format)
 
-#### Codex (gpt-5.4 / gpt-5.3-codex fallback)
+#### Codex (gpt-5.4 via companion/CLI, fallback: gpt-5.3-codex)
 (same format)
 
 ---
@@ -859,7 +880,7 @@ Note: These three verdicts are evaluated in order: FAIL first, then PASS, then P
 
 ## Rules
 
-1. **Codex default model is `gpt-5.4`, retry 3 times on failure, then fallback to `gpt-5.3-codex`. If Codex CLI is not installed, skip gracefully — do NOT ask the user to install it.**
+1. **Codex uses the official companion plugin when available (`codex-companion.mjs` with `--prompt-file`), falling back to raw CLI (`codex exec`) if the plugin is not installed. Default model is `gpt-5.4`, retry 3 times on failure, then fallback to `gpt-5.3-codex`. If neither companion nor CLI is available, skip gracefully — do NOT ask the user to install it.**
 2. **Claude teammates use Agent Teams. No `claude -p`. No `unset CLAUDECODE`.**
 3. **Every issue must have exact file:line, code snippet, and policy reference. No vague descriptions.**
 4. **Do NOT recommend replacing dependencies unless a concrete bug is demonstrated.**

package/skills/code-review/TEST_PLAN.md

@@ -269,6 +269,28 @@ for issue in data["issues"]:
 - **Expected**: Remaining reviewers complete, report marks failed reviewer, averages adjust
 - **Validates**: Graceful partial failure
 
+### 2.8 Codex Integration Modes
+
+#### TC-CDX-01: Companion plugin detected and used
+- **Setup**: Ensure `~/.claude/plugins/marketplaces/openai-codex/` contains `codex-companion.mjs`
+- **Expected**: `CODEX_MODE=companion`, `COMPANION_PATH` resolved, Codex invoked via `node "$COMPANION" task --prompt-file`
+- **Validates**: Official companion plugin detection and execution path
+
+#### TC-CDX-02: Companion not found, CLI fallback
+- **Setup**: Remove or rename companion plugin directory, ensure `codex` CLI is in PATH
+- **Expected**: `CODEX_MODE=cli`, Codex invoked via `cat ... | codex exec -m ... -s read-only --skip-git-repo-check -`
+- **Validates**: Backward-compatible CLI fallback when plugin is not installed
+
+#### TC-CDX-03: Neither companion nor CLI available
+- **Setup**: Remove companion plugin AND ensure `codex` not in PATH
+- **Expected**: `CODEX_MODE=unavailable`, report notes "Codex baseline: SKIPPED (not installed)", 5 Claude reviewers only
+- **Validates**: Graceful skip without error or user prompt
+
+#### TC-CDX-04: Companion auth failure
+- **Setup**: Companion plugin exists but Codex is not authenticated (`codex login` not run)
+- **Expected**: Companion's `ensureCodexReady()` throws, retry loop catches failure, Codex marked as FAILED in report
+- **Validates**: Auth failure handling in companion mode
+
 ---
 
 ## 3. Test Fixtures