Tutorial Overview
Series index: gstack Tutorial Series
/review finds bugs that pass CI but blow up in production. /codex adds an independent second opinion from OpenAI’s model.
What you will learn
- ✅
/reviewphilosophy and auto-fix mechanism - ✅ Review Readiness Dashboard
- ✅
/codexsecond opinion with three modes - ✅ Cross-model analysis when both run
- ✅ Finding race conditions with ASK vs AUTO-FIX
Why Staff Engineer Review?
CI is not enough
Tests pass. Lint passes. Type check passes. But:
flowchart LR
A[CI Passes] --> B[Deploy]
B --> C[Production Bug]
C --> D[User Impact]
style C fill:#ffcccc
style D fill:#ffcccc
/review catches what CI misses
flowchart TD
A[/review] --> B[Logic Analysis]
B --> C[Edge Cases]
C --> D[Race Conditions]
D --> E[Error Paths]
E --> F[Completeness Check]
F --> G[Fix or Flag]
style A fill:#e1f5ff
style G fill:#e8f5e9
What it finds:
- Race conditions between async operations
- Missing error handling in promise chains
- Incomplete refactoring (old code still present)
- State mutation bugs
- Unreachable code paths
- Logic errors in business rules
/review — Staff Engineer Analysis
How it works
- Read all changed files — Full context, not just diffs
- Analyze logic flow — Follow code paths, not syntax
- Check completeness — Is the implementation complete?
- Find bugs — Actual bugs, not style nitpicks
- Auto-fix obvious issues — Or flag for human decision
Usage
/review
Output:
Reviewing 5 changed files...
┌─────────────────────────────────────────────────────────────┐
│ REVIEW FINDINGS │
├─────────────────────────────────────────────────────────────┤
│ 🔴 HIGH: Race condition in src/auth/login.ts:42 │
│ - Promise chain not awaited, state can mutate │
│ - AUTO-FIX: Added await and reordered operations │
│ │
│ 🟡 MEDIUM: Incomplete refactor in src/api/users.ts:78 │
│ - Old getUserById() still called, new getUser() unused │
│ - ASK: Should I remove the deprecated function? │
│ │
│ 🟢 LOW: Unreachable code in src/utils/format.ts:15 │
│ - Early return skips validation block │
│ - AUTO-FIX: Removed unreachable block │
└─────────────────────────────────────────────────────────────┘
3 findings: 1 AUTO-FIXED, 1 ASK, 1 AUTO-FIXED
Review complete. 2 fixes applied.
AUTO-FIX vs ASK
| Category | Action | Example |
|---|---|---|
| Simple bug | AUTO-FIX | Missing await, unreachable code |
| Missing validation | AUTO-FIX | Add null check, type guard |
| Deprecated code | ASK | Remove old function? |
| Business logic | ASK | Should this throw or return null? |
| Architecture change | ASK | Refactor to new pattern? |
Review Readiness Dashboard
Shows what reviews have run:
┌────────────────────────────────────────────┐
│ REVIEW READINESS │
├────────────────────────────────────────────┤
│ ✅ /review: Passed (3 findings, all fixed) │
│ ⏳ /codex: Not run │
│ ⏳ /qa: Not run │
│ ⏳ /cso: Not run │
├────────────────────────────────────────────┤
│ Ready for /ship? NO │
│ Missing: /qa │
└────────────────────────────────────────────┘
/codex — Cross-Model Second Opinion
Why another model?
Different models have different blind spots:
flowchart TD
A[Code Change] --> B[/review Claude]
A --> C[/codex OpenAI]
B --> D[Claude findings]
C --> E[OpenAI findings]
D --> F[Cross-model synthesis]
E --> F
F --> G[Combined confidence]
style F fill:#e1f5ff
style G fill:#e8f5e9
Three modes
| Mode | Purpose | Output |
|---|---|---|
review |
Pass/fail gate | APPROVED or CHANGES_REQUIRED |
adversarial |
Challenge the code | Specific attack scenarios |
consultation |
Ask specific questions | Targeted analysis |
Usage
# Review mode (default)
/codex
# Adversarial challenge
/codex --mode adversarial
# Consultation with specific questions
/codex --mode consultation --questions "Is this auth flow secure?"
Review mode output:
Running Codex review on 5 files...
┌─────────────────────────────────────────────────────────────┐
│ CODEX REVIEW │
├─────────────────────────────────────────────────────────────┤
│ ✅ APPROVED │
│ │
│ Notes: │
│ - Auth flow is solid, no timing attacks │
│ - API error handling complete │
│ - One minor suggestion: Add rate limiting to login │
│ │
│ Confidence: 8/10 │
└─────────────────────────────────────────────────────────────┘
Adversarial mode output:
Running Codex adversarial challenge...
┌─────────────────────────────────────────────────────────────┐
│ ADVERSARIAL CHALLENGE │
├─────────────────────────────────────────────────────────────┤
│ 🎯 Attack 1: Race condition in concurrent login │
│ - Two requests with same email could create duplicate │
│ - Fix: Add mutex or database unique constraint │
│ │
│ 🎯 Attack 2: Token replay attack │
│ - Old tokens not invalidated on password change │
│ - Fix: Invalidate all sessions on password reset │
│ │
│ 🎯 Attack 3: Brute force via distributed IPs │
│ - No rate limiting per user, only per IP │
│ - Fix: Add user-level rate limit │
└─────────────────────────────────────────────────────────────┘
3 attack vectors found. Review security posture.
Cross-Model Analysis
When both run
If both /review and /codex have run, gstack synthesizes:
┌─────────────────────────────────────────────────────────────┐
│ CROSS-MODEL SYNTHESIS │
├─────────────────────────────────────────────────────────────┤
│ Claude (/review) found: │
│ - Race condition in login.ts:42 │
│ - Incomplete refactor in users.ts:78 │
│ │
│ OpenAI (/codex) found: │
│ - Token replay vulnerability │
│ - Missing rate limiting │
│ │
│ OVERLAP: │
│ - Both flagged login.ts race condition │
│ → HIGH CONFIDENCE: This is a real bug │
│ │
│ UNIQUE: │
│ - Claude: Incomplete refactor (internal quality) │
│ - Codex: Token replay (security) │
│ │
│ RECOMMENDATION: │
│ Fix all findings. Cross-model overlap indicates │
│ high-severity issues. │
└─────────────────────────────────────────────────────────────┘
Confidence scoring
| Scenario | Confidence | Action |
|---|---|---|
| Both found | 9/10 | Fix immediately |
| One found, other approved | 6/10 | Review manually |
| Both approved | 9/10 | Proceed to ship |
| Both found different issues | 7/10 | Fix both, re-review |
Example: Finding Race Conditions
Scenario
Code changes to async login flow:
// src/auth/login.ts
async function login(email: string) {
const user = await getUser(email);
setSession(user); // Not awaited!
return generateToken(user);
}
/review analysis
Analyzing login.ts...
┌─────────────────────────────────────────────────────────────┐
│ RACE CONDITION DETECTED │
├─────────────────────────────────────────────────────────────┤
│ Location: login.ts:24 │
│ │
│ Problem: │
│ setSession(user) is not awaited, but depends on │
│ getUser(email) completing. If generateToken() is │
│ called before session is set, auth state is inconsistent. │
│ │
│ Exploit: │
│ 1. User logs in │
│ 2. generateToken returns before setSession completes │
│ 3. First request fails auth check │
│ 4. Second request succeeds (race won differently) │
│ │
│ AUTO-FIX: │
│ await setSession(user); │
│ │
│ ✅ Fix applied │
└─────────────────────────────────────────────────────────────┘
ASK handling
When /review finds something it can’t auto-fix:
┌─────────────────────────────────────────────────────────────┐
│ ASK: BUSINESS LOGIC DECISION │
├─────────────────────────────────────────────────────────────┤
│ Location: users.ts:78 │
│ │
│ Old code: │
│ export async function getUserById(id: string) { │
│ return db.users.findUnique({ where: { id } }); │
│ } │
│ │
│ New code added: │
│ export async function getUser(id: string) { │
│ return db.users.findUnique({ where: { id } }); │
│ } │
│ │
│ Problem: │
│ Both functions exist. getUserById is called 12 times. │
│ getUser is never called. │
│ │
│ Should I: │
│ [A] Remove getUserById, replace calls with getUser │
│ [B] Keep both, mark getUserById as deprecated │
│ [C] Keep only getUserById, remove unused getUser │
│ │
│ Type your choice: │
└─────────────────────────────────────────────────────────────┘
You respond with A, and /review applies the refactor.
Review Workflow
Typical sequence
flowchart TD
A[Code Complete] --> B[/review]
B --> C{Findings?}
C -->|Yes| D[Fix/ASK]
D --> B
C -->|No| E[/codex]
E --> F{Approved?}
F -->|No| G[Address concerns]
G --> B
F -->|Yes| H[/qa]
H --> I[/ship]
style B fill:#fff3e0
style E fill:#e8f5e9
style I fill:#e1f5ff
Integration with /ship
/ship checks review readiness before proceeding:
/ship
Checking prerequisites...
❌ Review not complete
- /review: Passed
- /codex: NOT RUN (required for production code)
Run /codex before shipping, or use /ship --skip-review
Skill Quick Reference
| Command | Purpose | Mode |
|---|---|---|
/review |
Staff engineer analysis | Auto-fix + ASK |
/codex |
Cross-model second opinion | review/adversarial/consultation |
/codex --mode adversarial |
Attack scenarios | Challenge code |
/codex --mode consultation |
Specific questions | Targeted analysis |
Summary
Code review in gstack provides:
- Staff engineer depth — Logic analysis, not just style
- Auto-fix intelligence — Fix obvious bugs, ask on decisions
- Cross-model confidence — Two models, synthesized findings
- Review dashboard — Track what’s been reviewed
Key takeaways
- ✅ Run
/reviewafter code changes - ✅ Run
/codexfor production code - ✅ Fix AUTO-FIX items, decide on ASK items
- ✅ Check cross-model synthesis for overlapping findings
Series navigation:
- ← Previous: Tutorial 6B: Multi-Agent Browser
- → Next: Tutorial 8: QA & Security
- Back: Series Index