TL;DR:找第二个 AI 来审你的工程,真正的功夫在守住它的独立。问它的方式只要夹带了你的结论,它就会附和你;要它有用,得在怎么问、怎么接、怎么比对上立规矩。最反直觉的一课:它审得越准,你越不能照单全收。

▶ 听摘要
AI 合成语音・作者本人声线克隆

我用 Claude 写一支 skill,让 codex 可以帮忙审查代码。工具写完后,我就拿它来审查它自己。结果两轮下来,codex 还抓了不少 bug,当场打脸。第二意见最有价值的时刻,就是它能戳破你对自己的确信。

为什么要找第二个 AI 来审查

codex 是我接在本机的另一个模型(OpenAI 的终端机 coding agent,跑 gpt-5.5),专门拿来审 Claude 写出来的东西:代码、数据跟设计。Claude 是帮我做事、写代码的那个模型,codex 是另一个血统的审查者。它跑在只读沙箱里,不改我的文件,也不会替我送出任何修改。它的定位很窄,就是一支探针。你拿它去戳一段自己写出来的东西,看它能独立戳出什么。你自己漏掉的,往往得换一个来源才照得到。

它的另一个好处,是它就在我的工作窗口里,不用我来回搬运内容。不管我是在 Claude Code 里直接从终端机呼叫 codex,还是在 Cowork 这种桌面窗口中,通过一座连到我 Mac 的桥接上同一个本机 codex,第二意见都可以在同一个工作窗口里叫出来。这对我是很实际的解脱:以前想找另一个模型看一眼,得把代码复制出去、粘贴到另一个工具,再把意见搬回来;现在则是 codex 直接进到我的工作流里。两个窗口接的还是同一个本机 codex、同一份设置,所以不管从哪边问,标准都一样。

Claude 与 codex 协作的工作流程:Claude 从 Code(终端机)或 Cowork(桌面桥接)叫出同一个本机 codex 做独立审查;提问不夹带结论、codex 只指出问题不改代码、原始输出落成记录文件,交叉比对分一致与分歧后由 Paul 拍板;codex 失效时降级为单一意见。

为什么需要它?因为同一个模型写的东西,自己回头看,容易看不到自己的盲点,甚至会顺着自己先前的判断点头。换一个来自不同训练、不同框架的模型,才戳得到第一个漏掉的地方。这也呼应 Anthropic 在一场谈长时间运作 AI agent 的工作坊里强调过的原则:模型没办法可靠地评断自己,所以最好给它一个会挑刺的对手,而不是让它自己替自己打分。这篇放在我谈人机协作的主题下,讲的就是这个对手要怎么接才有用。

换个模型来问不难。难的是接它的方式:怎么问、怎么接、怎么比对。

第二意见最大的风险:它会附和你

如果你问第二个模型的方式里,已经夹带了你自己的结论,它很可能顺着你说,给你一个假的安心。你问:「我已经检查过这段,应该没问题,你再看一下。」得到的往往只是一句昂贵的「对,你说得对」,这跟独立审查没什么关系。

所以第二意见要有价值,前提是它的独立性必须被保护住。而独立性是设计出来的,不会自己冒出来。我用一套四步协定守住它,每一步都对应一个具体的失败模式。关于多个模型怎么互为校准,我在多模型认知协作那篇谈得更细,这里聚焦在「怎么守独立」。

怎么让第二意见保持独立:四步协定

第一步,给它的问题不能夹带我的结论。问句保持中性,只给「要审什么、标准是什么」,不给「我觉得这里没问题」。我的包装器甚至会在侦测到问句里夹带结论时,跳出一个警告。这一步挡的是法庭上说的「引导证人」。

第二步,它的原始输出要留成记录文件。看完不能就丢,要能事后回头对账、能被别人覆核。看过就删,等于没有证据。

第三步,它只描述问题,不准动手修改代码。这是安全边界。一旦让审查者直接改,你就分不清哪些是你原本的意图、哪些是它擅自动的手。它的工作是指出问题,并标示严重等级;至于修不修、怎么修,则是另一边的决定。

第四步,交叉比对自己做,分「一致」跟「分歧」两栏,不把它的话照抄。一致的部分采信;分歧的部分,我自己读代码后再拍板,并且记下为什么采信其中一方。

这四步合起来,让第二意见既独立、又留得下证据、又不越界、又不会被照单全收。每一条看起来都像小题大作,可是少掉任何一条,它就会从一个对手,慢慢退化成一面镜子。

审得越准,越不能照单全收

这是整套协作最反直觉的一点,也是那次拿这支工具去审它自己时学到的。

codex 第一轮抓出七个问题,我修完之后再请它独立重审,又抓出三个,合起来十个。里面有真正的高风险漏洞。比方说,它发现我的超时包装在子程序被系统强制中止时,会把失败误传成成功。这几条我照单修了,因为交叉比对之后,它的判断跟我自己重读的结论一致。

但即使审得这么准,最后也没有全采。第二轮有一条指出,我那个「半成功」的判断只挡得住完全空白的输出,却挡不住「有字,但没有实质审查内容」的情况。问题是,「有没有实质语意」这件事,机器很难可靠验证。我只修了能机械验证的部分,剩下需要人读过才能判断的,明确留给人。

采信哪些、保留哪些,落在握有完整脉络的那一方。codex 是一支准的探针,但它会错,我也会错。两个都会犯错的模型互为对照,两边都点到的问题八成跑不掉;只有一边提出的问题,才需要我自己读代码后再判断。把任何一个当成不会错的神谕,这套协作就垮了。

探针会坏时,让它大声说自己坏了

探针会坏。本机的 codex 可能没装,可能挂了,也可能跑太久不回应。协定对这件事的态度是快速失败,不重试。

codex 不存在、超时,或者退出了却没给出实质审查,一律直接降级:诚实标注这次只有单一意见,通知我,然后停手。它不会默默重试五次才告诉我出事,也不会把「跑了但没结果」假装成功。一个会坏的依赖,最重要的能力,就是在坏掉时大声说自己坏了。无声地拖着你空等,才是真正的坑。

连「完成」的定义都跟着这个原则走。一次审查算不算成功,看的是「最终消息有没有实质内容」,不是「程序有没有正常退出」。codex 的退出码是 0,不代表它真的给了你有用的东西。这跟开头那个假不变式其实是同一课:把「跑完了」当成「做完了」,正是最容易无声出错的地方。

脚手架是为了填洞,洞补了就拆

这套规则不是永久教条。它是为了填「现在这个模型的洞」搭的脚手架。

今天的模型会附和,会把半成功当成功,也会在被中止时谎报成功,所以我需要这些规则去接住它。哪天模型自己就够独立、够诚实,出错时也会老实认,对应的规则就该删掉,而不是留着当仪式。规则的寿命,应该绑在它要解决的问题上。问题没了,规则就该退场。每次我回去改这套协定,除了问「要加什么」,也会问一句「现在可以拿掉什么」。

一面会顶嘴的镜子

最值钱的第二意见,是它告诉你「你对自己的判断错了」的那一刻。

但听得进去,跟照单全收,是两种不同的能力。前者要你放下对自己的确信,后者要你放下对它的迷信;真正难的,是同时做到。

我接 codex 进来,要的从来不是一个会点头的声音。我要的是在自己又一次太相信自己的时候,有个血统不同的对手戳我一下。最后,再由我这个握有完整脉络的人,决定这一戳到底该不该信。

你可以试试看

如果你也用 Claude Code,这套机制其实可以直接搬到你自己的项目里,不需要经过我,也不需要任何 API key。下面附录的两个文件,我是刻意写成通用版的:不绑定我的项目结构,也不留下任何个人信息。你可以依照自己的工作流,改成适合自己的版本。

重点不是照抄我的配置,而是理解那套「四条独立性规则」的骨架。

先决条件只有一个:你的本机需要先装好并登录 codex CLI,使用你自己的 OpenAI 账号即可。codex 是 OpenAI 的终端工具,跟 Claude 属于不同系统;也正因为这个「不同血统」,它才适合拿来做第二意见。

这套设计里,codex 会跑在只读沙箱中,只读不改。脚本本身不含密钥,也不会联网。

操作只有三步:

  1. 把附录中的 SKILL.md 存到 ~/.claude/skills/codex-second-opinion/SKILL.md
  2. 把附录中的 codex-review.sh 存到同一个文件夹。
  3. 在 Claude Code 里说一句类似这样的话:「用 codex 独立审一下 src/auth.js 的 token 验证。」接着它就会执行这支包装器,让 codex 读取指定代码并提出发现,再把结果带回 Claude Code。最后仍然由你自己交叉比对、阅读代码,然后拍板决定。

最后提醒两件事,这也是这篇文章真正想说的重点。

第一,问法不要夹带你自己的结论。像是「我觉得没问题,你帮我确认」这种说法,很容易让模型顺着你的假设附和。你要的是独立审查,不是礼貌性背书。

第二,它审得越准,越要回头自己读 code。值得你停下来的,是它跟你判断分歧的地方,不是它替你盖的章。


附录:完整实现

两个文件,复制粘贴就能用。整支脚本很短、跑之前可以自己读过:它就是把上面那四条独立性规则做成默认行为,每次审查不靠记忆。

SKILL.md 让 Claude Code 听到「第二意见」就自动叫出来(点开复制)
---
name: codex-second-opinion
description: Get an INDEPENDENT second opinion on code, data, or a design by having codex (a different model) review it — without it just agreeing with you. Use when the user asks for a "second opinion", to "have codex review/check this", an "independent review", "cross-check", or to audit security-critical or complex code before trusting it. Trigger words include 第二意見, 獨立審查, 讓 codex 看一下, 交叉驗證, セカンドオピニオン, codex review, double-check this. Requires the codex CLI (logged in) installed locally. Do NOT use for applying fixes — this only surfaces problems; you decide what to do.
allowed-tools: Bash(bash:*)
---

# codex second opinion

Bring in codex (a different model from a different training regime) as an **independent**
reviewer of work — code, data, or design. The whole value is independence: a model reviewing
its own output misses its own blind spots. This skill protects that independence with four rules
so the second opinion does not degrade into agreement.

You run the bundled read-only wrapper `codex-review.sh`. codex runs in a read-only sandbox and
never edits files; it only reports problems. **You** do the final cross-check and decide.

## When to use
- The user asks for a "second opinion", "independent review", "cross-check", or to "have codex look at this".
- Before trusting security-critical code (auth / crypto / payments) or complex logic (race conditions, N+1, deadlocks).
- To sanity-check the credibility of data or an analysis.

## How to run

1. Figure out the target: a path in the project (`--target <path>`) or a snippet/pipeline output (`--stdin`).
2. Write the **review focus** as a neutral assertion or standard to check. Critical: do NOT put your
   own conclusion in it. "Review the token check for timing attacks and KV write races" — NOT
   "I already checked the auth, just confirm it's fine" (that taints codex's independence; the
   wrapper will warn you if you do).
3. Run the wrapper (default reasoning effort is medium; raise to high/xhigh only for security-critical
   or genuinely complex targets):

   ```bash
   # review a file
   bash ~/.claude/skills/codex-second-opinion/codex-review.sh \
     --target src/auth.js "Review token validation, timing attacks, and KV write races"

   # review a snippet / pipeline output via stdin
   cat data.json | bash ~/.claude/skills/codex-second-opinion/codex-review.sh \
     --stdin "Review this data's credibility and field completeness"

   # security-critical + a durable audit record under ./codex-audits/
   bash ~/.claude/skills/codex-second-opinion/codex-review.sh --effort high \
     --target src/payment.ts --audit payment "Review for double-charge and idempotency gaps"
   ```

4. If the wrapper exits non-zero (codex missing / timed out / blank output), do NOT retry or pretend.
   Tell the user this is a single opinion only, and stop.

5. On success, do the cross-check **yourself** (this is the part the wrapper deliberately does not do):
   read codex's findings, compare them against your own reading of the code, and split them into
   **agreed** and **disagreed**. For anything you disagree on, read the code and decide — do not just
   relay what codex said. Treat codex as a probe, not an oracle: a finding both of you reach is almost
   certainly real; a finding only one of you reached needs your own judgment.

## Notes
- No API keys involved — codex uses your own OpenAI/ChatGPT login via the local `codex` CLI.
- The only writes are a log under /tmp and, with `--audit`, a record under `./codex-audits/`.
- These rules are scaffolding for today's models. If a model becomes independent and honest enough
  on its own, drop the rule it was patching rather than keeping it as ritual.
- This is a template — adapt the trigger words, the reviewer model, the paths, and the rules to
  your own workflow. The idea is the four-rule independence protocol, not this exact wording.
codex-review.sh 审查包装器,约 220 行(点开复制)
#!/usr/bin/env bash
# codex-review.sh — a "second opinion" wrapper that has codex review code/data/design
#                   written by another model (e.g. Claude), as an INDEPENDENT reviewer.
#
# Why this exists: a model reviewing its own output tends to miss its own blind spots,
# and tends to nod along with its prior judgments. A model from a different training
# regime (codex / gpt-5.5) can catch what the first one missed — but only if you protect
# its independence. This script bakes four rules into the default behavior:
#   #1 Independence : the prompt forces codex to evaluate on its own, never assume a prior
#                     reviewer was right, never agree just to agree (see build_prompt).
#   #2 Fail fast    : codex missing / times out / exits non-zero / returns blank → it
#                     degrades to "single opinion", tells you, and STOPS. No silent retries.
#   #3 Protocol     : (a) the prompt carries none of YOUR conclusions  (b) raw output is
#                     logged  (c) codex only describes problems + severity, never edits code
#                     (d) you do the cross-check yourself — this script only does (a)(b)(c).
#   #4 Cost         : reasoning effort defaults to "medium"; raise with --effort only when
#                     a real security/complexity signal warrants it.
#
# SAFETY (read before you run):
#   • codex runs in a READ-ONLY sandbox (`-s read-only`): it can read the files you point it
#     at, but it cannot modify, delete, or write anything in your project.
#   • This script contains NO API keys. codex authenticates with YOUR OWN OpenAI/ChatGPT
#     login (whatever your local `codex` CLI is already configured with).
#   • The only files this script writes are a log under /tmp and, if you pass --audit, a
#     markdown record under ./codex-audits/ in your current directory. Nothing else.
#   • No network calls of its own, no eval, no curl|bash. Read the whole thing — it's short.
#
# PREREQUISITES:
#   • The `codex` CLI installed and logged in (https://developers.openai.com/codex/cli).
#   • bash + perl (perl only needed if you use --timeout; preinstalled on macOS/Linux).
#
# USAGE:
#   bash codex-review.sh [options] "<review focus>"
#   echo "<content to review>" | bash codex-review.sh --stdin "<review focus>"
#
# OPTIONS:
#   --target <path>   file/dir for codex to read (repeatable; read in the read-only sandbox)
#   --stdin           read the content to review from stdin (good for snippets / pipeline data)
#   --dir <path>      directory codex runs in (default: current directory)
#   --effort LEVEL    low|medium|high|xhigh  (default: medium)                       [rule #4]
#   --audit <slug>    also write a durable record to ./codex-audits/<slug>-<date>.md  [rule 3b]
#   --timeout <sec>   max seconds before giving up (default 0 = no limit; uses perl) [rule #2]
#   --model <id>      override codex model (default: whatever your codex config uses)
#   -h | --help
#
# EXIT CODES: 0 ok & non-empty / 2 usage error / 3 codex missing / 4 codex failed or empty
#             / 124 timeout. (3/4/124 = the "single opinion" degrade path.)
#
# License: MIT — free to use, modify, and adapt into your own version. No attribution required.
#
# This is a generic, self-contained template. It assumes nothing about your project layout,
# names no tools or services beyond the `codex` CLI, and stores no identity. Make it yours:
# change the rules, the prompt, the paths, the model — the four-rule structure is the idea,
# not the exact wording.
set -uo pipefail

WORKDIR="$(pwd)"
TS="$(date +%Y%m%d-%H%M%S)"
DATE="$(date +%Y-%m-%d)"

EFFORT="medium"
declare -a TARGETS=()
USE_STDIN=0
AUDIT_SLUG=""
TIMEOUT=0
MODEL=""
FOCUS=""

usage() { sed -n '2,57p' "$0"; exit "${1:-0}"; }
# Guards for value-taking options: (1) bail gracefully instead of a set -u unbound crash when
# the value is missing; (2) if the next token looks like another option (-?*), the value was
# probably forgotten — error out instead of silently misparsing.
req() {
  [ "$2" -ge 2 ] || { echo "ERROR: $1 needs a value" >&2; exit 2; }
  case "$3" in -?*) echo "ERROR: the value for $1 looks like another option ($3) — did you forget the value?" >&2; exit 2 ;; esac
}

while [ $# -gt 0 ]; do
  case "$1" in
    --target)   req "$1" "$#" "${2:-}"; TARGETS+=("$2"); shift 2 ;;
    --stdin)    USE_STDIN=1; shift ;;
    --dir)      req "$1" "$#" "${2:-}"; WORKDIR="$2"; shift 2 ;;
    --effort)   req "$1" "$#" "${2:-}"; EFFORT="$2"; shift 2 ;;
    --audit)    req "$1" "$#" "${2:-}"; AUDIT_SLUG="$2"; shift 2 ;;
    --timeout)  req "$1" "$#" "${2:-}"; TIMEOUT="$2"; shift 2 ;;
    --model)    req "$1" "$#" "${2:-}"; MODEL="$2"; shift 2 ;;
    -h|--help)  usage 0 ;;
    --) shift
        if [ $# -gt 1 ]; then echo "ERROR: multiple positional args after -- ; wrap the focus in one quoted string" >&2; exit 2; fi
        [ $# -ge 1 ] && FOCUS="$1"; break ;;
    -*) echo "Unknown option: $1" >&2; usage 2 ;;
    *)  if [ -n "$FOCUS" ]; then echo "ERROR: multiple review-focus positional args; wrap the focus in one quoted string" >&2; exit 2; fi
        FOCUS="$1"; shift ;;
  esac
done

# --- validation ---
case "$EFFORT" in low|medium|high|xhigh) ;; *) echo "ERROR: --effort must be low|medium|high|xhigh (got: $EFFORT)" >&2; exit 2 ;; esac
case "$TIMEOUT" in ''|*[!0-9]*) echo "ERROR: --timeout must be a non-negative integer of seconds (got: $TIMEOUT)" >&2; exit 2 ;; esac
if [ -z "$FOCUS" ]; then echo "ERROR: missing <review focus> (the last positional argument)" >&2; usage 2; fi
if [ "${#TARGETS[@]}" -eq 0 ] && [ "$USE_STDIN" -eq 0 ]; then
  echo "ERROR: need at least one --target <path> or --stdin" >&2; usage 2
fi

# rule #2: codex missing = fail fast to the single-opinion path. No retry, no pretending.
if ! command -v codex >/dev/null 2>&1; then
  echo "DEGRADE: no 'codex' CLI found on this machine (not installed / broken). Honestly note this is a single opinion and stop. Install: https://developers.openai.com/codex/cli" >&2
  exit 3
fi

STDIN_CONTENT=""
if [ "$USE_STDIN" -eq 1 ]; then STDIN_CONTENT="$(cat)"; fi

# rule #3(a) soft guard: warn if the focus carries YOUR conclusion (which would taint codex's
# independence). Warn only, never block. Matches common English/Chinese "already checked" phrasings.
if printf '%s' "$FOCUS" | grep -qiE 'i already|already (checked|verified|confirmed|reviewed)|no (bug|issue|problem)|looks (fine|good|correct)|should be (fine|ok|correct)|我已|已檢查|已確認|沒問題|應該沒'; then
  echo "WARNING (rule a): your review focus looks like it carries your own conclusion (e.g. \"already checked / no issues\")." >&2
  echo "    codex should judge independently — restate it as a neutral \"what to review / what the bar is\", don't feed it your verdict." >&2
fi

# --- build the prompt (rules a + c: independent framing + describe-only, no code edits) ---
build_prompt() {
  local stdin_block=""
  if [ "$USE_STDIN" -eq 1 ]; then
    stdin_block=$'\n## Inlined target content\n```\n'"$STDIN_CONTENT"$'\n```\n'
  fi
  local target_lines=""
  if [ "${#TARGETS[@]}" -gt 0 ]; then
    target_lines="## Review targets (read these yourself in the read-only sandbox)"$'\n'
    local t
    for t in "${TARGETS[@]}"; do target_lines+="- $t"$'\n'; done
  fi
  cat <<EOF
You are an independent second-opinion reviewer (codex / gpt-5.5). Evaluate the target entirely on your own: do not assume any other reviewer (human or AI) has already checked anything. Your judgment must come only from what you read yourself.

$target_lines$stdin_block
## Review focus (the original request)
$FOCUS

## Output rules (follow strictly)
1. Only describe "problem + severity (high/medium/low)". Do not rewrite code, do not apply fixes, do not output diffs.
2. One finding per item: problem / location (file:line) / severity / why it is a problem / your confidence.
3. Where you judge there is no problem, say "no finding" — do not invent issues to pad the list.
4. Do not rely on or agree with any external conclusion; be faithful only to the facts you read yourself.
EOF
}

PROMPT="$(build_prompt)"

# --- assemble the codex command ---
LOG="/tmp/codex-review-${TS}.log"
LASTMSG="/tmp/codex-review-${TS}.last.md"
declare -a CMD=(codex exec --skip-git-repo-check -s read-only -C "$WORKDIR"
                -c "model_reasoning_effort=\"$EFFORT\"" -o "$LASTMSG")
[ -n "$MODEL" ] && CMD+=(-m "$MODEL")
CMD+=("$PROMPT")

# perl alarm wrapper (macOS has no `timeout` binary). Exit codes are faithfully propagated:
# timeout=124, signal-killed=128+sig (so a killed child is NOT misreported as success),
# exec failure=1, else the child's exit code. TIMEOUT=0 → prefix is empty, run directly.
declare -a TPREFIX=()
if [ "$TIMEOUT" -gt 0 ]; then
  TPREFIX=(perl -e 'my $t=shift; my $rc; eval { local $SIG{ALRM}=sub{die "TIMEOUT\n"}; alarm $t; $rc=system(@ARGV); alarm 0; }; if($@ eq "TIMEOUT\n"){exit 124} if($rc==-1){exit 1} if($rc & 127){exit(128+($rc & 127))} exit($rc>>8);' "$TIMEOUT")
fi
runit() { if [ "${#TPREFIX[@]}" -gt 0 ]; then "${TPREFIX[@]}" "$@"; else "$@"; fi; }

echo "codex-review: effort=$EFFORT  targets=[${TARGETS[*]:-stdin}]  dir=$WORKDIR  log=$LOG"

# --- run (rule b: raw output goes to the log) ---
runit "${CMD[@]}" 2>&1 | tee "$LOG"
rc="${PIPESTATUS[0]}"

# rule #2: "done" = exit 0 AND a non-empty final message. A half-success must not be silently
# reported as success.
if [ "$rc" -eq 124 ]; then
  echo "DEGRADE: codex timed out after ${TIMEOUT}s. No retry. Note it's a single opinion and tell the human. log=$LOG" >&2
  exit 124
fi
if [ "$rc" -ne 0 ]; then
  echo "DEGRADE: codex exited non-zero (rc=$rc, incl. signal-killed). No retry. Single opinion only. log=$LOG" >&2
  exit 4
fi
# The trustworthiness invariant is "the final message (-o) has non-whitespace content", NOT
# "the log is non-empty" (the log always contains the codex banner). Blank/missing = no real
# review happened = treat as failure.
if ! grep -q '[^[:space:]]' "$LASTMSG" 2>/dev/null; then
  echo "DEGRADE: codex exited 0 but the final message is blank/missing (half-success, no trustworthy review). Treating as failure. log=$LOG" >&2
  exit 4
fi

# --- rule 3(b) durable: --audit writes a record (ensure dir first, verify non-empty before claiming success) ---
if [ -n "$AUDIT_SLUG" ]; then
  AUDIT_DIR="$WORKDIR/codex-audits"
  AUDIT="$AUDIT_DIR/${AUDIT_SLUG}-${DATE}.md"
  mkdir -p "$AUDIT_DIR"
  if {
    echo "---"
    echo "source: codex-review.sh"
    echo "date: $DATE"
    echo "effort: $EFFORT"
    echo "targets: ${TARGETS[*]:-(stdin)}"
    echo "raw_log: $LOG"
    echo "---"
    echo ""
    echo "# codex second-opinion raw output — ${AUDIT_SLUG}"
    echo ""
    echo "**Review focus**: $FOCUS"
    echo ""
    echo '```'
    cat "$LASTMSG"
    echo '```'
  } >"$AUDIT" && [ -s "$AUDIT" ]; then
    echo "audit record: $AUDIT"
  else
    echo "WARNING: failed to write audit record: $AUDIT" >&2
  fi
fi

# --- rule (d) reminder: YOU do the cross-check, splitting "agreed" vs "disagreed" ---
echo ""
echo "OK: codex finished (rc=0). raw log: $LOG"
echo "    final message: $LASTMSG"
echo "Next (rule d, you do this): independently cross-check codex's findings against your own"
echo "    judgment. Split them into \"agreed\" and \"disagreed\", each with a reason. For"
echo "    disagreements, read the code yourself and decide — don't just relay what codex said."

这篇讲的是方法,下面三篇是它的骨架: