Back

gstack Tutorial 7: Code Review (Staff Engineer + Cross-Model Second Opinion)

/review finds bugs that pass CI but blow up in production. Staff engineer-level analysis with auto-fix. /codex adds independent cross-model second opinion for critical code.

Tutorial Overview

Series index: gstack Tutorial Series

/review finds bugs that pass CI but blow up in production. /codex adds an independent second opinion from OpenAI’s model.

What you will learn

  • /review philosophy and auto-fix mechanism
  • ✅ Review Readiness Dashboard
  • /codex second opinion with three modes
  • ✅ Cross-model analysis when both run
  • ✅ Finding race conditions with ASK vs AUTO-FIX

Why Staff Engineer Review?

CI is not enough

Tests pass. Lint passes. Type check passes. But:

flowchart LR
    A[CI Passes] --> B[Deploy]
    B --> C[Production Bug]
    C --> D[User Impact]

    style C fill:#ffcccc
    style D fill:#ffcccc

/review catches what CI misses

flowchart TD
    A[/review] --> B[Logic Analysis]
    B --> C[Edge Cases]
    C --> D[Race Conditions]
    D --> E[Error Paths]
    E --> F[Completeness Check]
    F --> G[Fix or Flag]

    style A fill:#e1f5ff
    style G fill:#e8f5e9

What it finds:

  • Race conditions between async operations
  • Missing error handling in promise chains
  • Incomplete refactoring (old code still present)
  • State mutation bugs
  • Unreachable code paths
  • Logic errors in business rules

/review — Staff Engineer Analysis

How it works

  1. Read all changed files — Full context, not just diffs
  2. Analyze logic flow — Follow code paths, not syntax
  3. Check completeness — Is the implementation complete?
  4. Find bugs — Actual bugs, not style nitpicks
  5. Auto-fix obvious issues — Or flag for human decision

Usage

/review

Output:

Reviewing 5 changed files...

┌─────────────────────────────────────────────────────────────┐
│ REVIEW FINDINGS                                              │
├─────────────────────────────────────────────────────────────┤
│ 🔴 HIGH: Race condition in src/auth/login.ts:42             │
│    - Promise chain not awaited, state can mutate            │
│    - AUTO-FIX: Added await and reordered operations         │
│                                                              │
│ 🟡 MEDIUM: Incomplete refactor in src/api/users.ts:78       │
│    - Old getUserById() still called, new getUser() unused   │
│    - ASK: Should I remove the deprecated function?          │
│                                                              │
│ 🟢 LOW: Unreachable code in src/utils/format.ts:15          │
│    - Early return skips validation block                     │
│    - AUTO-FIX: Removed unreachable block                    │
└─────────────────────────────────────────────────────────────┘

3 findings: 1 AUTO-FIXED, 1 ASK, 1 AUTO-FIXED
Review complete. 2 fixes applied.

AUTO-FIX vs ASK

Category Action Example
Simple bug AUTO-FIX Missing await, unreachable code
Missing validation AUTO-FIX Add null check, type guard
Deprecated code ASK Remove old function?
Business logic ASK Should this throw or return null?
Architecture change ASK Refactor to new pattern?

Review Readiness Dashboard

Shows what reviews have run:

┌────────────────────────────────────────────┐
│ REVIEW READINESS                           │
├────────────────────────────────────────────┤
│ ✅ /review: Passed (3 findings, all fixed) │
│ ⏳ /codex: Not run                         │
│ ⏳ /qa: Not run                            │
│ ⏳ /cso: Not run                           │
├────────────────────────────────────────────┤
│ Ready for /ship? NO                        │
│ Missing: /qa                               │
└────────────────────────────────────────────┘

/codex — Cross-Model Second Opinion

Why another model?

Different models have different blind spots:

flowchart TD
    A[Code Change] --> B[/review Claude]
    A --> C[/codex OpenAI]
    B --> D[Claude findings]
    C --> E[OpenAI findings]
    D --> F[Cross-model synthesis]
    E --> F
    F --> G[Combined confidence]

    style F fill:#e1f5ff
    style G fill:#e8f5e9

Three modes

Mode Purpose Output
review Pass/fail gate APPROVED or CHANGES_REQUIRED
adversarial Challenge the code Specific attack scenarios
consultation Ask specific questions Targeted analysis

Usage

# Review mode (default)
/codex

# Adversarial challenge
/codex --mode adversarial

# Consultation with specific questions
/codex --mode consultation --questions "Is this auth flow secure?"

Review mode output:

Running Codex review on 5 files...

┌─────────────────────────────────────────────────────────────┐
│ CODEX REVIEW                                                 │
├─────────────────────────────────────────────────────────────┤
│ ✅ APPROVED                                                  │
│                                                              │
│ Notes:                                                       │
│ - Auth flow is solid, no timing attacks                      │
│ - API error handling complete                                │
│ - One minor suggestion: Add rate limiting to login           │
│                                                              │
│ Confidence: 8/10                                             │
└─────────────────────────────────────────────────────────────┘

Adversarial mode output:

Running Codex adversarial challenge...

┌─────────────────────────────────────────────────────────────┐
│ ADVERSARIAL CHALLENGE                                        │
├─────────────────────────────────────────────────────────────┤
│ 🎯 Attack 1: Race condition in concurrent login              │
│    - Two requests with same email could create duplicate     │
│    - Fix: Add mutex or database unique constraint            │
│                                                              │
│ 🎯 Attack 2: Token replay attack                             │
│    - Old tokens not invalidated on password change           │
│    - Fix: Invalidate all sessions on password reset          │
│                                                              │
│ 🎯 Attack 3: Brute force via distributed IPs                 │
│    - No rate limiting per user, only per IP                  │
│    - Fix: Add user-level rate limit                          │
└─────────────────────────────────────────────────────────────┘

3 attack vectors found. Review security posture.

Cross-Model Analysis

When both run

If both /review and /codex have run, gstack synthesizes:

┌─────────────────────────────────────────────────────────────┐
│ CROSS-MODEL SYNTHESIS                                        │
├─────────────────────────────────────────────────────────────┤
│ Claude (/review) found:                                      │
│   - Race condition in login.ts:42                            │
│   - Incomplete refactor in users.ts:78                       │
│                                                              │
│ OpenAI (/codex) found:                                       │
│   - Token replay vulnerability                               │
│   - Missing rate limiting                                    │
│                                                              │
│ OVERLAP:                                                     │
│   - Both flagged login.ts race condition                     │
│   → HIGH CONFIDENCE: This is a real bug                      │
│                                                              │
│ UNIQUE:                                                      │
│   - Claude: Incomplete refactor (internal quality)           │
│   - Codex: Token replay (security)                           │
│                                                              │
│ RECOMMENDATION:                                              │
│   Fix all findings. Cross-model overlap indicates            │
│   high-severity issues.                                      │
└─────────────────────────────────────────────────────────────┘

Confidence scoring

Scenario Confidence Action
Both found 9/10 Fix immediately
One found, other approved 6/10 Review manually
Both approved 9/10 Proceed to ship
Both found different issues 7/10 Fix both, re-review

Example: Finding Race Conditions

Scenario

Code changes to async login flow:

// src/auth/login.ts
async function login(email: string) {
  const user = await getUser(email);
  setSession(user);  // Not awaited!
  return generateToken(user);
}

/review analysis

Analyzing login.ts...

┌─────────────────────────────────────────────────────────────┐
│ RACE CONDITION DETECTED                                      │
├─────────────────────────────────────────────────────────────┤
│ Location: login.ts:24                                        │
│                                                              │
│ Problem:                                                     │
│   setSession(user) is not awaited, but depends on            │
│   getUser(email) completing. If generateToken() is           │
│   called before session is set, auth state is inconsistent.  │
│                                                              │
│ Exploit:                                                     │
│   1. User logs in                                            │
│   2. generateToken returns before setSession completes       │
│   3. First request fails auth check                          │
│   4. Second request succeeds (race won differently)          │
│                                                              │
│ AUTO-FIX:                                                    │
│   await setSession(user);                                    │
│                                                              │
│ ✅ Fix applied                                               │
└─────────────────────────────────────────────────────────────┘

ASK handling

When /review finds something it can’t auto-fix:

┌─────────────────────────────────────────────────────────────┐
│ ASK: BUSINESS LOGIC DECISION                                 │
├─────────────────────────────────────────────────────────────┤
│ Location: users.ts:78                                        │
│                                                              │
│ Old code:                                                    │
│   export async function getUserById(id: string) {            │
│     return db.users.findUnique({ where: { id } });           │
│   }                                                          │
│                                                              │
│ New code added:                                              │
│   export async function getUser(id: string) {                │
│     return db.users.findUnique({ where: { id } });           │
│   }                                                          │
│                                                              │
│ Problem:                                                     │
│   Both functions exist. getUserById is called 12 times.      │
│   getUser is never called.                                   │
│                                                              │
│ Should I:                                                    │
│   [A] Remove getUserById, replace calls with getUser         │
│   [B] Keep both, mark getUserById as deprecated              │
│   [C] Keep only getUserById, remove unused getUser           │
│                                                              │
│ Type your choice:                                            │
└─────────────────────────────────────────────────────────────┘

You respond with A, and /review applies the refactor.

Review Workflow

Typical sequence

flowchart TD
    A[Code Complete] --> B[/review]
    B --> C{Findings?}
    C -->|Yes| D[Fix/ASK]
    D --> B
    C -->|No| E[/codex]
    E --> F{Approved?}
    F -->|No| G[Address concerns]
    G --> B
    F -->|Yes| H[/qa]
    H --> I[/ship]

    style B fill:#fff3e0
    style E fill:#e8f5e9
    style I fill:#e1f5ff

Integration with /ship

/ship checks review readiness before proceeding:

/ship

Checking prerequisites...

❌ Review not complete
   - /review: Passed
   - /codex: NOT RUN (required for production code)

Run /codex before shipping, or use /ship --skip-review

Skill Quick Reference

Command Purpose Mode
/review Staff engineer analysis Auto-fix + ASK
/codex Cross-model second opinion review/adversarial/consultation
/codex --mode adversarial Attack scenarios Challenge code
/codex --mode consultation Specific questions Targeted analysis

Summary

Code review in gstack provides:

  1. Staff engineer depth — Logic analysis, not just style
  2. Auto-fix intelligence — Fix obvious bugs, ask on decisions
  3. Cross-model confidence — Two models, synthesized findings
  4. Review dashboard — Track what’s been reviewed

Key takeaways

  • ✅ Run /review after code changes
  • ✅ Run /codex for production code
  • ✅ Fix AUTO-FIX items, decide on ASK items
  • ✅ Check cross-model synthesis for overlapping findings

Series navigation: