TL;DR:找第二個 AI 來審你的工程,真正的功夫在守住它的獨立。問它的方式只要夾帶了你的結論,它就會附和你;要它有用,得在怎麼問、怎麼接、怎麼比對上立規矩。最反直覺的一課:它審得越準,你越不能照單全收。

▶ 聽摘要
AI 合成語音・作者本人聲線克隆

我用 Claude 寫一支 skill,讓 codex 可以幫忙審查程式碼。工具寫完後,我就拿它來審查它自己。結果兩輪下來,codex 還抓了不少 bug,當場打臉。第二意見最有價值的時刻,就是它能戳破你對自己的確信。

為什麼要找第二個 AI 來審查

codex 是我接在本機的另一個模型(OpenAI 的終端機 coding agent,跑 gpt-5.5),專門拿來審 Claude 寫出來的東西:程式碼、資料跟設計。Claude 是幫我做事、寫程式的那個模型,codex 是另一個血統的審查者。它跑在唯讀沙箱裡,不改我的檔案,也不會替我送出任何修改。它的定位很窄,就是一支探針。你拿它去戳一段自己寫出來的東西,看它能獨立戳出什麼。你自己漏掉的,往往得換一個來源才照得到。

它的另一個好處,是它就在我的工作視窗裡,不用我來回搬運內容。不管我是在 Claude Code 裡直接從終端機呼叫 codex,還是在 Cowork 這種桌面視窗中,透過一座連到我 Mac 的橋接上同一個本機 codex,第二意見都可以在同一個工作視窗裡叫出來。這對我是很實際的解脫:以前想找另一個模型看一眼,得把程式碼複製出去、貼到另一個工具,再把意見搬回來;現在則是 codex 直接進到我的工作流裡。兩個視窗接的還是同一個本機 codex、同一份設定,所以不管從哪邊問,標準都一樣。

Claude 與 codex 協作的工作流程:Claude 從 Code(終端機)或 Cowork(桌面橋接)叫出同一個本機 codex 做獨立審查;提問不夾帶結論、codex 只指出問題不改程式碼、原始輸出落成紀錄檔,交叉比對分一致與分歧後由 Paul 拍板;codex 失效時降級為單一意見。

為什麼需要它?因為同一個模型寫的東西,自己回頭看,容易看不到自己的盲點,甚至會順著自己先前的判斷點頭。換一個來自不同訓練、不同框架的模型,才戳得到第一個漏掉的地方。這也呼應 Anthropic 在一場談長時間運作 AI agent 的工作坊裡強調過的原則:模型沒辦法可靠地評斷自己,所以最好給它一個會挑刺的對手,而不是讓它自己替自己打分。這篇放在我談人機協作的主題下,講的就是這個對手要怎麼接才有用。

換個模型來問不難。難的是接它的方式:怎麼問、怎麼接、怎麼比對。

第二意見最大的風險:它會附和你

如果你問第二個模型的方式裡,已經夾帶了你自己的結論,它很可能順著你說,給你一個假的安心。你問:「我已經檢查過這段,應該沒問題,你再看一下。」得到的往往只是一句昂貴的「對,你說得對」,這跟獨立審查沒什麼關係。

所以第二意見要有價值,前提是它的獨立性必須被保護住。而獨立性是設計出來的,不會自己冒出來。我用一套四步協定守住它,每一步都對應一個具體的失敗模式。關於多個模型怎麼互為校準,我在多模型認知協作那篇談得更細,這裡聚焦在「怎麼守獨立」。

怎麼讓第二意見保持獨立:四步協定

第一步,給它的問題不能夾帶我的結論。問句保持中性,只給「要審什麼、標準是什麼」,不給「我覺得這裡沒問題」。我的包裝器甚至會在偵測到問句裡夾帶結論時,跳出一個警告。這一步擋的是法庭上說的「引導證人」。

第二步,它的原始輸出要留成紀錄檔。看完不能就丟,要能事後回頭對帳、能被別人覆核。看過就刪,等於沒有證據。

第三步,它只描述問題,不准動手修改程式碼。這是安全邊界。一旦讓審查者直接改,你就分不清哪些是你原本的意圖、哪些是它擅自動的手。它的工作是指出問題,並標示嚴重等級;至於修不修、怎麼修,則是另一邊的決定。

第四步,交叉比對自己做,分「一致」跟「分歧」兩欄,不把它的話照抄。一致的部分採信;分歧的部分,我自己讀程式碼後再拍板,並且記下為什麼採信其中一方。

這四步合起來,讓第二意見既獨立、又留得下證據、又不越界、又不會被照單全收。每一條看起來都像小題大作,可是少掉任何一條,它就會從一個對手,慢慢退化成一面鏡子。

審得越準,越不能照單全收

這是整套協作最反直覺的一點,也是那次拿這支工具去審它自己時學到的。

codex 第一輪抓出七個問題,我修完之後再請它獨立重審,又抓出三個,合起來十個。裡面有真正的高風險漏洞。比方說,它發現我的逾時包裝在子程序被系統強制中止時,會把失敗誤傳成成功。這幾條我照單修了,因為交叉比對之後,它的判斷跟我自己重讀的結論一致。

但即使審得這麼準,最後也沒有全採。第二輪有一條指出,我那個「半成功」的判斷只擋得住完全空白的輸出,卻擋不住「有字,但沒有實質審查內容」的情況。問題是,「有沒有實質語意」這件事,機器很難可靠驗證。我只修了能機械驗證的部分,剩下需要人讀過才能判斷的,明確留給人。

採信哪些、保留哪些,落在握有完整脈絡的那一方。codex 是一支準的探針,但它會錯,我也會錯。兩個都會犯錯的模型互為對照,兩邊都點到的問題八成跑不掉;只有一邊提出的問題,才需要我自己讀程式碼後再判斷。把任何一個當成不會錯的神諭,這套協作就垮了。

探針會壞時,讓它大聲說自己壞了

探針會壞。本機的 codex 可能沒裝,可能掛了,也可能跑太久不回應。協定對這件事的態度是快速失敗,不重試。

codex 不存在、逾時,或者退出了卻沒給出實質審查,一律直接降級:誠實標註這次只有單一意見,通知我,然後停手。它不會默默重試五次才告訴我出事,也不會把「跑了但沒結果」假裝成功。一個會壞的依賴,最重要的能力,就是在壞掉時大聲說自己壞了。無聲地拖著你空等,才是真正的坑。

連「完成」的定義都跟著這個原則走。一次審查算不算成功,看的是「最終訊息有沒有實質內容」,不是「程式有沒有正常退出」。codex 的退出碼是 0,不代表它真的給了你有用的東西。這跟開頭那個假不變式其實是同一課:把「跑完了」當成「做完了」,正是最容易無聲出錯的地方。

鷹架是為了填洞,洞補了就拆

這套規則不是永久教條。它是為了填「現在這個模型的洞」搭的鷹架。

今天的模型會附和,會把半成功當成功,也會在被中止時謊報成功,所以我需要這些規則去接住它。哪天模型自己就夠獨立、夠誠實,出錯時也會老實認,對應的規則就該刪掉,而不是留著當儀式。規則的壽命,應該綁在它要解決的問題上。問題沒了,規則就該退場。每次我回去改這套協定,除了問「要加什麼」,也會問一句「現在可以拿掉什麼」。

一面會頂嘴的鏡子

最值錢的第二意見,是它告訴你「你對自己的判斷錯了」的那一刻。

但聽得進去,跟照單全收,是兩種不同的能力。前者要你放下對自己的確信,後者要你放下對它的迷信;真正難的,是同時做到。

我接 codex 進來,要的從來不是一個會點頭的聲音。我要的是在自己又一次太相信自己的時候,有個血統不同的對手戳我一下。最後,再由我這個握有完整脈絡的人,決定這一戳到底該不該信。

你可以試看看

如果你也用 Claude Code,這套機制其實可以直接搬到你自己的專案裡,不需要經過我,也不需要任何 API key。下面附錄的兩個檔案,我是刻意寫成通用版的:不綁定我的專案結構,也不留下任何個人資訊。你可以依照自己的工作流,改成適合自己的版本。

重點不是照抄我的設定,而是理解那套「四條獨立性規則」的骨架。

先決條件只有一個:你的本機需要先裝好並登入 codex CLI,使用你自己的 OpenAI 帳號即可。codex 是 OpenAI 的終端機工具,跟 Claude 屬於不同系統;也正因為這個「不同血統」,它才適合拿來做第二意見。

這套設計裡,codex 會跑在唯讀沙箱中,只讀不改。腳本本身不含金鑰,也不會連網。

操作只有三步:

  1. 把附錄中的 SKILL.md 存到 ~/.claude/skills/codex-second-opinion/SKILL.md
  2. 把附錄中的 codex-review.sh 存到同一個資料夾。
  3. 在 Claude Code 裡說一句類似這樣的話:「用 codex 獨立審一下 src/auth.js 的 token 驗證。」接著它就會執行這支包裝器,讓 codex 讀取指定程式碼並提出發現,再把結果帶回 Claude Code。最後仍然由你自己交叉比對、閱讀程式碼,然後拍板決定。

最後提醒兩件事,這也是這篇文章真正想說的重點。

第一,問法不要夾帶你自己的結論。像是「我覺得沒問題,你幫我確認」這種說法,很容易讓模型順著你的假設附和。你要的是獨立審查,不是禮貌性背書。

第二,它審得越準,越要回頭自己讀 code。值得你停下來的,是它跟你判斷分歧的地方,不是它替你蓋的章。


附錄:完整實作

兩個檔案,複製貼上就能用。整支腳本很短、跑之前可以自己讀過:它就是把上面那四條獨立性規則做成預設行為,每次審查不靠記憶。

SKILL.md 讓 Claude Code 聽到「第二意見」就自動叫出來(點開複製)
---
name: codex-second-opinion
description: Get an INDEPENDENT second opinion on code, data, or a design by having codex (a different model) review it — without it just agreeing with you. Use when the user asks for a "second opinion", to "have codex review/check this", an "independent review", "cross-check", or to audit security-critical or complex code before trusting it. Trigger words include 第二意見, 獨立審查, 讓 codex 看一下, 交叉驗證, セカンドオピニオン, codex review, double-check this. Requires the codex CLI (logged in) installed locally. Do NOT use for applying fixes — this only surfaces problems; you decide what to do.
allowed-tools: Bash(bash:*)
---

# codex second opinion

Bring in codex (a different model from a different training regime) as an **independent**
reviewer of work — code, data, or design. The whole value is independence: a model reviewing
its own output misses its own blind spots. This skill protects that independence with four rules
so the second opinion does not degrade into agreement.

You run the bundled read-only wrapper `codex-review.sh`. codex runs in a read-only sandbox and
never edits files; it only reports problems. **You** do the final cross-check and decide.

## When to use
- The user asks for a "second opinion", "independent review", "cross-check", or to "have codex look at this".
- Before trusting security-critical code (auth / crypto / payments) or complex logic (race conditions, N+1, deadlocks).
- To sanity-check the credibility of data or an analysis.

## How to run

1. Figure out the target: a path in the project (`--target <path>`) or a snippet/pipeline output (`--stdin`).
2. Write the **review focus** as a neutral assertion or standard to check. Critical: do NOT put your
   own conclusion in it. "Review the token check for timing attacks and KV write races" — NOT
   "I already checked the auth, just confirm it's fine" (that taints codex's independence; the
   wrapper will warn you if you do).
3. Run the wrapper (default reasoning effort is medium; raise to high/xhigh only for security-critical
   or genuinely complex targets):

   ```bash
   # review a file
   bash ~/.claude/skills/codex-second-opinion/codex-review.sh \
     --target src/auth.js "Review token validation, timing attacks, and KV write races"

   # review a snippet / pipeline output via stdin
   cat data.json | bash ~/.claude/skills/codex-second-opinion/codex-review.sh \
     --stdin "Review this data's credibility and field completeness"

   # security-critical + a durable audit record under ./codex-audits/
   bash ~/.claude/skills/codex-second-opinion/codex-review.sh --effort high \
     --target src/payment.ts --audit payment "Review for double-charge and idempotency gaps"
   ```

4. If the wrapper exits non-zero (codex missing / timed out / blank output), do NOT retry or pretend.
   Tell the user this is a single opinion only, and stop.

5. On success, do the cross-check **yourself** (this is the part the wrapper deliberately does not do):
   read codex's findings, compare them against your own reading of the code, and split them into
   **agreed** and **disagreed**. For anything you disagree on, read the code and decide — do not just
   relay what codex said. Treat codex as a probe, not an oracle: a finding both of you reach is almost
   certainly real; a finding only one of you reached needs your own judgment.

## Notes
- No API keys involved — codex uses your own OpenAI/ChatGPT login via the local `codex` CLI.
- The only writes are a log under /tmp and, with `--audit`, a record under `./codex-audits/`.
- These rules are scaffolding for today's models. If a model becomes independent and honest enough
  on its own, drop the rule it was patching rather than keeping it as ritual.
- This is a template — adapt the trigger words, the reviewer model, the paths, and the rules to
  your own workflow. The idea is the four-rule independence protocol, not this exact wording.
codex-review.sh 審查包裝器,約 220 行(點開複製)
#!/usr/bin/env bash
# codex-review.sh — a "second opinion" wrapper that has codex review code/data/design
#                   written by another model (e.g. Claude), as an INDEPENDENT reviewer.
#
# Why this exists: a model reviewing its own output tends to miss its own blind spots,
# and tends to nod along with its prior judgments. A model from a different training
# regime (codex / gpt-5.5) can catch what the first one missed — but only if you protect
# its independence. This script bakes four rules into the default behavior:
#   #1 Independence : the prompt forces codex to evaluate on its own, never assume a prior
#                     reviewer was right, never agree just to agree (see build_prompt).
#   #2 Fail fast    : codex missing / times out / exits non-zero / returns blank → it
#                     degrades to "single opinion", tells you, and STOPS. No silent retries.
#   #3 Protocol     : (a) the prompt carries none of YOUR conclusions  (b) raw output is
#                     logged  (c) codex only describes problems + severity, never edits code
#                     (d) you do the cross-check yourself — this script only does (a)(b)(c).
#   #4 Cost         : reasoning effort defaults to "medium"; raise with --effort only when
#                     a real security/complexity signal warrants it.
#
# SAFETY (read before you run):
#   • codex runs in a READ-ONLY sandbox (`-s read-only`): it can read the files you point it
#     at, but it cannot modify, delete, or write anything in your project.
#   • This script contains NO API keys. codex authenticates with YOUR OWN OpenAI/ChatGPT
#     login (whatever your local `codex` CLI is already configured with).
#   • The only files this script writes are a log under /tmp and, if you pass --audit, a
#     markdown record under ./codex-audits/ in your current directory. Nothing else.
#   • No network calls of its own, no eval, no curl|bash. Read the whole thing — it's short.
#
# PREREQUISITES:
#   • The `codex` CLI installed and logged in (https://developers.openai.com/codex/cli).
#   • bash + perl (perl only needed if you use --timeout; preinstalled on macOS/Linux).
#
# USAGE:
#   bash codex-review.sh [options] "<review focus>"
#   echo "<content to review>" | bash codex-review.sh --stdin "<review focus>"
#
# OPTIONS:
#   --target <path>   file/dir for codex to read (repeatable; read in the read-only sandbox)
#   --stdin           read the content to review from stdin (good for snippets / pipeline data)
#   --dir <path>      directory codex runs in (default: current directory)
#   --effort LEVEL    low|medium|high|xhigh  (default: medium)                       [rule #4]
#   --audit <slug>    also write a durable record to ./codex-audits/<slug>-<date>.md  [rule 3b]
#   --timeout <sec>   max seconds before giving up (default 0 = no limit; uses perl) [rule #2]
#   --model <id>      override codex model (default: whatever your codex config uses)
#   -h | --help
#
# EXIT CODES: 0 ok & non-empty / 2 usage error / 3 codex missing / 4 codex failed or empty
#             / 124 timeout. (3/4/124 = the "single opinion" degrade path.)
#
# License: MIT — free to use, modify, and adapt into your own version. No attribution required.
#
# This is a generic, self-contained template. It assumes nothing about your project layout,
# names no tools or services beyond the `codex` CLI, and stores no identity. Make it yours:
# change the rules, the prompt, the paths, the model — the four-rule structure is the idea,
# not the exact wording.
set -uo pipefail

WORKDIR="$(pwd)"
TS="$(date +%Y%m%d-%H%M%S)"
DATE="$(date +%Y-%m-%d)"

EFFORT="medium"
declare -a TARGETS=()
USE_STDIN=0
AUDIT_SLUG=""
TIMEOUT=0
MODEL=""
FOCUS=""

usage() { sed -n '2,57p' "$0"; exit "${1:-0}"; }
# Guards for value-taking options: (1) bail gracefully instead of a set -u unbound crash when
# the value is missing; (2) if the next token looks like another option (-?*), the value was
# probably forgotten — error out instead of silently misparsing.
req() {
  [ "$2" -ge 2 ] || { echo "ERROR: $1 needs a value" >&2; exit 2; }
  case "$3" in -?*) echo "ERROR: the value for $1 looks like another option ($3) — did you forget the value?" >&2; exit 2 ;; esac
}

while [ $# -gt 0 ]; do
  case "$1" in
    --target)   req "$1" "$#" "${2:-}"; TARGETS+=("$2"); shift 2 ;;
    --stdin)    USE_STDIN=1; shift ;;
    --dir)      req "$1" "$#" "${2:-}"; WORKDIR="$2"; shift 2 ;;
    --effort)   req "$1" "$#" "${2:-}"; EFFORT="$2"; shift 2 ;;
    --audit)    req "$1" "$#" "${2:-}"; AUDIT_SLUG="$2"; shift 2 ;;
    --timeout)  req "$1" "$#" "${2:-}"; TIMEOUT="$2"; shift 2 ;;
    --model)    req "$1" "$#" "${2:-}"; MODEL="$2"; shift 2 ;;
    -h|--help)  usage 0 ;;
    --) shift
        if [ $# -gt 1 ]; then echo "ERROR: multiple positional args after -- ; wrap the focus in one quoted string" >&2; exit 2; fi
        [ $# -ge 1 ] && FOCUS="$1"; break ;;
    -*) echo "Unknown option: $1" >&2; usage 2 ;;
    *)  if [ -n "$FOCUS" ]; then echo "ERROR: multiple review-focus positional args; wrap the focus in one quoted string" >&2; exit 2; fi
        FOCUS="$1"; shift ;;
  esac
done

# --- validation ---
case "$EFFORT" in low|medium|high|xhigh) ;; *) echo "ERROR: --effort must be low|medium|high|xhigh (got: $EFFORT)" >&2; exit 2 ;; esac
case "$TIMEOUT" in ''|*[!0-9]*) echo "ERROR: --timeout must be a non-negative integer of seconds (got: $TIMEOUT)" >&2; exit 2 ;; esac
if [ -z "$FOCUS" ]; then echo "ERROR: missing <review focus> (the last positional argument)" >&2; usage 2; fi
if [ "${#TARGETS[@]}" -eq 0 ] && [ "$USE_STDIN" -eq 0 ]; then
  echo "ERROR: need at least one --target <path> or --stdin" >&2; usage 2
fi

# rule #2: codex missing = fail fast to the single-opinion path. No retry, no pretending.
if ! command -v codex >/dev/null 2>&1; then
  echo "DEGRADE: no 'codex' CLI found on this machine (not installed / broken). Honestly note this is a single opinion and stop. Install: https://developers.openai.com/codex/cli" >&2
  exit 3
fi

STDIN_CONTENT=""
if [ "$USE_STDIN" -eq 1 ]; then STDIN_CONTENT="$(cat)"; fi

# rule #3(a) soft guard: warn if the focus carries YOUR conclusion (which would taint codex's
# independence). Warn only, never block. Matches common English/Chinese "already checked" phrasings.
if printf '%s' "$FOCUS" | grep -qiE 'i already|already (checked|verified|confirmed|reviewed)|no (bug|issue|problem)|looks (fine|good|correct)|should be (fine|ok|correct)|我已|已檢查|已確認|沒問題|應該沒'; then
  echo "WARNING (rule a): your review focus looks like it carries your own conclusion (e.g. \"already checked / no issues\")." >&2
  echo "    codex should judge independently — restate it as a neutral \"what to review / what the bar is\", don't feed it your verdict." >&2
fi

# --- build the prompt (rules a + c: independent framing + describe-only, no code edits) ---
build_prompt() {
  local stdin_block=""
  if [ "$USE_STDIN" -eq 1 ]; then
    stdin_block=$'\n## Inlined target content\n```\n'"$STDIN_CONTENT"$'\n```\n'
  fi
  local target_lines=""
  if [ "${#TARGETS[@]}" -gt 0 ]; then
    target_lines="## Review targets (read these yourself in the read-only sandbox)"$'\n'
    local t
    for t in "${TARGETS[@]}"; do target_lines+="- $t"$'\n'; done
  fi
  cat <<EOF
You are an independent second-opinion reviewer (codex / gpt-5.5). Evaluate the target entirely on your own: do not assume any other reviewer (human or AI) has already checked anything. Your judgment must come only from what you read yourself.

$target_lines$stdin_block
## Review focus (the original request)
$FOCUS

## Output rules (follow strictly)
1. Only describe "problem + severity (high/medium/low)". Do not rewrite code, do not apply fixes, do not output diffs.
2. One finding per item: problem / location (file:line) / severity / why it is a problem / your confidence.
3. Where you judge there is no problem, say "no finding" — do not invent issues to pad the list.
4. Do not rely on or agree with any external conclusion; be faithful only to the facts you read yourself.
EOF
}

PROMPT="$(build_prompt)"

# --- assemble the codex command ---
LOG="/tmp/codex-review-${TS}.log"
LASTMSG="/tmp/codex-review-${TS}.last.md"
declare -a CMD=(codex exec --skip-git-repo-check -s read-only -C "$WORKDIR"
                -c "model_reasoning_effort=\"$EFFORT\"" -o "$LASTMSG")
[ -n "$MODEL" ] && CMD+=(-m "$MODEL")
CMD+=("$PROMPT")

# perl alarm wrapper (macOS has no `timeout` binary). Exit codes are faithfully propagated:
# timeout=124, signal-killed=128+sig (so a killed child is NOT misreported as success),
# exec failure=1, else the child's exit code. TIMEOUT=0 → prefix is empty, run directly.
declare -a TPREFIX=()
if [ "$TIMEOUT" -gt 0 ]; then
  TPREFIX=(perl -e 'my $t=shift; my $rc; eval { local $SIG{ALRM}=sub{die "TIMEOUT\n"}; alarm $t; $rc=system(@ARGV); alarm 0; }; if($@ eq "TIMEOUT\n"){exit 124} if($rc==-1){exit 1} if($rc & 127){exit(128+($rc & 127))} exit($rc>>8);' "$TIMEOUT")
fi
runit() { if [ "${#TPREFIX[@]}" -gt 0 ]; then "${TPREFIX[@]}" "$@"; else "$@"; fi; }

echo "codex-review: effort=$EFFORT  targets=[${TARGETS[*]:-stdin}]  dir=$WORKDIR  log=$LOG"

# --- run (rule b: raw output goes to the log) ---
runit "${CMD[@]}" 2>&1 | tee "$LOG"
rc="${PIPESTATUS[0]}"

# rule #2: "done" = exit 0 AND a non-empty final message. A half-success must not be silently
# reported as success.
if [ "$rc" -eq 124 ]; then
  echo "DEGRADE: codex timed out after ${TIMEOUT}s. No retry. Note it's a single opinion and tell the human. log=$LOG" >&2
  exit 124
fi
if [ "$rc" -ne 0 ]; then
  echo "DEGRADE: codex exited non-zero (rc=$rc, incl. signal-killed). No retry. Single opinion only. log=$LOG" >&2
  exit 4
fi
# The trustworthiness invariant is "the final message (-o) has non-whitespace content", NOT
# "the log is non-empty" (the log always contains the codex banner). Blank/missing = no real
# review happened = treat as failure.
if ! grep -q '[^[:space:]]' "$LASTMSG" 2>/dev/null; then
  echo "DEGRADE: codex exited 0 but the final message is blank/missing (half-success, no trustworthy review). Treating as failure. log=$LOG" >&2
  exit 4
fi

# --- rule 3(b) durable: --audit writes a record (ensure dir first, verify non-empty before claiming success) ---
if [ -n "$AUDIT_SLUG" ]; then
  AUDIT_DIR="$WORKDIR/codex-audits"
  AUDIT="$AUDIT_DIR/${AUDIT_SLUG}-${DATE}.md"
  mkdir -p "$AUDIT_DIR"
  if {
    echo "---"
    echo "source: codex-review.sh"
    echo "date: $DATE"
    echo "effort: $EFFORT"
    echo "targets: ${TARGETS[*]:-(stdin)}"
    echo "raw_log: $LOG"
    echo "---"
    echo ""
    echo "# codex second-opinion raw output — ${AUDIT_SLUG}"
    echo ""
    echo "**Review focus**: $FOCUS"
    echo ""
    echo '```'
    cat "$LASTMSG"
    echo '```'
  } >"$AUDIT" && [ -s "$AUDIT" ]; then
    echo "audit record: $AUDIT"
  else
    echo "WARNING: failed to write audit record: $AUDIT" >&2
  fi
fi

# --- rule (d) reminder: YOU do the cross-check, splitting "agreed" vs "disagreed" ---
echo ""
echo "OK: codex finished (rc=0). raw log: $LOG"
echo "    final message: $LASTMSG"
echo "Next (rule d, you do this): independently cross-check codex's findings against your own"
echo "    judgment. Split them into \"agreed\" and \"disagreed\", each with a reason. For"
echo "    disagreements, read the code yourself and decide — don't just relay what codex said."

這篇講的是方法,下面三篇是它的骨架: