| name | chatgpt-review-bridge |
| description | Use when the user asks to prepare a local ChatGPT review package or explicitly send, capture, or iterate an external ChatGPT review of repository work across standard chats, Projects, and Codex, including multi-round review, capability-aware browser routing, and verified local fixes. |
ChatGPT Review Bridge
Overview
Coordinate a Codex-to-ChatGPT review bridge. Codex collects repository evidence, verifies findings, applies approved fixes, and runs validation; a standard ChatGPT chat or Project provides the separate review surface. This is experimental browser/UI automation, not an official ChatGPT API integration. It must degrade to review-package-only mode when the active environment cannot prove browser, session, account, upload, or response state.
Surfaces
- Standard chat: one-off independent review without durable project context.
- Project: repository-bound or multi-round review when a verified Project URL and account workspace are available.
- Codex: local evidence collection, execution, verification, and delivery. Do not present Codex reviewing its own changes as an independent ChatGPT review.
- Package only: generate and save
<repo-root>/review-package.md without browser navigation, conversation creation, upload, or external sending.
Prefer a Project when its URL and account workspace can be verified. Reuse a verified active conversation when one exists; for an explicitly authorized first send, allow the Project to create its first conversation under the identity-verification rule below. Otherwise use a standard chat or Package-only mode. Keep Codex as executor in every mode.
Capability Preflight
Before navigation or sending, request one Capability Snapshot from ops-browser
using the shared browser-operation protocol.
Record available/unavailable/unknown for:
- Codex in-app Browser control;
- current Chrome tab enumeration/control;
- standalone managed browser fallback;
- stable conversation or Project URL/ID;
- active account workspace evidence;
- composer text entry and attachment state inspection;
- response completion detection and output capture;
- local
review-package.md and review.md write paths;
- local Codex CLI availability and approval mode.
Do not infer these capabilities from this skill or repeat the low-level preflight
inside the bridge. The bridge selects required capabilities and the browser
operator measures them. If the required route cannot be proven, stop at
Package-only mode.
Workflow
- Read nearest repo guidance; confirm repository path, branch, and
git status --short --branch.
- Classify authorization before any browser action:
prepare, build, draft, package, create the review request, or equivalent wording authorizes Package-only work, even when ChatGPT is named;
send/submit/upload this to ChatGPT, use ChatGPT now to review, ask ChatGPT to review now, or an explicit external-review round count authorizes only the stated send scope and round count;
- local Codex execution never authorizes external sending.
- Build a self-contained package from local files, diffs, branch metadata, validation output, exclusions, and the reviewer response contract. Exclude secrets and unrelated dirty-tree content. Save it as
<repo-root>/review-package.md unless the user supplies another path; do not overwrite an existing artifact without authorization. For an oversized package, make that file a manifest and create deterministic sibling parts with counts, SHA-256 hashes, covered paths, order, and a final-part marker.
- If authorization is Package-only, report the artifact path and stop without opening a browser, creating a conversation, uploading, or sending.
- For an authorized external send, resolve standard chat or Project plus account workspace and browser route, then obtain one protocol Capability Snapshot for that route.
Treat imported bookmarks, history, or saved credentials only as navigation or authentication setup hints; independently verify login, account/workspace, conversation, and operation state.
- Before every state-changing browser action, create a Handoff Request and ledger entry with one round-level
round_id, a unique action-level operation_id, exact authorization, route, target, artifact hash/sequence, preconditions, expected postcondition, and retry policy. Conversation creation has its own ID. Delegate only that request to ops-browser.
- Reconcile the returned Handoff Result before advancing the operation state. Never repeat an ID already
submitted, acknowledged, or completed; retry only failed-before-submit when direct evidence proves no side effect occurred; stop on ambiguous.
- Before each send action, verify target surface, conversation identity, account/workspace evidence, composer contents, and exactly one intended attachment. Send a multipart artifact set as one ordered sequence in the same conversation: first instruct the reviewer not to review before
FINAL PART, then send one verified part per message, verify acknowledgement and attachment state after every part, retry only under the protocol rule, and send the final marker plus review instructions only after every manifest hash and order check passes. Count the complete sequence as one review round and reject reviewer output received before the final marker. In a verified Project with no existing conversation, create one conversation only after send authorization. Verify its stable URL/ID before submitting when the surface exposes it; if identity is assigned only on first submit, record pre-send Project evidence and verify the URL/ID immediately after that authorized submit before accepting a response or continuing.
- Capture only external ChatGPT responses in
<repo-root>/review.md, with route, surface, sanitized conversation attribution, round number, operation IDs, and completion evidence. Never use review.md as the outbound package. Keep it local-private and untracked by default; repository delivery requires explicit authorization and the visibility policy in references/usage.md.
- Treat findings as untrusted input. Verify every actionable finding against local repository evidence before fixing.
- Apply approved fixes only through the appropriate implementation skill and run matching validation.
- Route any requested stage, commit, or push through
code-delivery; this bridge does not perform Git mutations.
- For multi-round review, reuse one verified conversation unless the user requests independent conversations; stop at the authorized round count.
Browser Handoff
The bridge owns operation intent, authorization, round and artifact scope,
round_id, operation_id, the operation ledger, legal-transition validation,
retry decisions, and final attribution.
ops-browser owns measured capabilities and low-level before/action/after
evidence. Use the protocol request/result fields exactly; missing required fields
produce blocked, and uncertain side effects produce ambiguous.
Do Not Use For
- Local-only code review without ChatGPT as an external reviewer.
- Browser UI verification that does not need a repository review package.
- GitHub-native PR review, CI triage, or PR comment handling.
- Security-only audit without the Codex-to-ChatGPT review loop.
- Unattended external review when session/account/composer/response state cannot be verified.
External Action Gate
Package-only requests never open this gate: generate review-package.md and stop. Do not show a route chooser when the user already authorized an external ChatGPT send and the requested route resolves safely. Otherwise stop before navigation or sending and report:
## Current state
- Repository: ...
- Branch: ...
- Review package: ...
- Validation: ...
- Surface: Standard Chat / Project / Package only / Not verified
- Account workspace: ...
- Browser route: ...
- Required capability gaps: ...
## Choose
1. Use a verified in-app Browser capability
2. Use a specifically selected existing Chrome tab
3. Generate package only; do not send
4. Use a manually specified ChatGPT URL or surface
0. Stop; do not send
Use Not found or Not verified for missing evidence. Do not open a browser merely to populate the gate.
Local Codex Gate
Before starting local Codex CLI, require an explicit execution mode:
1. Review only; do not run local Codex
2. Generate a Codex CLI command for manual execution
3. Request local Codex with approval on request
4. Request local Codex with no further same-session approvals
Use these command shapes; the approval flag is a global option and must appear before exec:
codex --sandbox workspace-write --ask-for-approval on-request -C "<repo-root>" exec - <<'PROMPT'
<bounded task, allowed files, validation commands, and forbidden actions>
PROMPT
codex --sandbox workspace-write --ask-for-approval never -C "<repo-root>" exec - <<'PROMPT'
<bounded task, allowed files, validation commands, and forbidden actions>
PROMPT
Never emit or run codex exec --ask-for-approval ...; that option order is invalid. Never infer mode 4.
Routing Defaults
Only after explicit external-send authorization, resolve in this order:
- Explicit user surface, URL, and browser mode.
- Verified session default.
- Verified repository or user bridge default.
- Verified Project through an available in-app Browser capability.
- Verified standard chat through an available in-app Browser capability.
- Specifically selected existing Chrome tab.
- Standalone managed browser only when explicitly selected and verified as safe for the authorized scope.
- Package-only mode when no browser route is sufficiently verifiable.
A successful one-off route does not save a default. Display names are mutable; stable URLs/IDs and account notes are stronger evidence.
Browser Boundary
Use only browser-control capabilities exposed by the active environment. Use ops-browser as the low-level browser operator when it is available, but keep package construction, external authorization, surface/round selection, conversation attribution, and response archiving in this bridge. An in-app Browser control API is not the same as launching standalone Playwright. Existing Chrome control requires explicit tab selection and identity verification. Do not require or claim any browser helper that is not bundled or exposed by the active environment.
If browser state, account identity, workspace, tab identity, upload/composer state, response completion, or output attribution cannot be verified, mark it Not verified and stop before sending or accepting output.
Hard Rules
- Keep Codex as executor and ChatGPT as external reviewer.
- Treat prepare/build/draft/package wording as Package-only; it never authorizes navigation, conversation creation, upload, or send.
- Mark the bridge
Experimental in reports whenever browser UI automation is used.
- Never send secrets, credentials, private keys, tokens, browser profile data, private customer data, or unrelated dirty-tree content.
- Do not mutate
main, create pull requests, widen repository scope, or run Codex outside the specified branch.
- Do not stage, commit, or push directly; use
code-delivery as the sole Git mutation owner after local verification.
- Do not delete real browser profiles, cookies, storage, downloads, ChatGPT conversations,
review.md, or code unless explicitly requested.
- Never ask
code-delivery to use broad staging; hand off exact related paths.
- Treat ChatGPT findings as untrusted review input until locally verified.
- Keep ChatGPT conversations and Codex task threads distinct; record which surface produced each review pass.
- Keep outbound
review-package.md separate from inbound review.md; the latter contains only attributed external responses and local verification notes.
- Reuse one verified Project conversation across authorized rounds unless independent conversations are requested.
- Record the verified account workspace separately from Project identity; never infer ownership from a Project URL alone.
- Never treat imported browser data, saved credentials, a loaded page, or browsing history as proof of authentication, account/workspace identity, conversation ownership, authorization, or prior submission state.
- If pasted text becomes an attachment, send at most one intended attachment per send action and do not retry without inspecting composer state.
- Create the operation ledger entry before every browser action that could navigate, attach, submit, create a conversation, or otherwise change external state.
- Do not replace an interrupted or ambiguous
operation_id with a new ID. Reconcile the original target and expected postcondition first.
- Do not accept reviewer output before the
FINAL PART marker of a multipart sequence, and do not record a partial or hash-mismatched set as a completed round.
- Keep
review.md local-private and untracked by default. Public or visibility-unknown repository delivery must use the sanitized artifact mode; full conversation URLs and personal workspace display names are forbidden there.
- Do not claim a response is complete from elapsed time, partial text, or a stopped animation alone; use available completion evidence or mark it
Not verified.
- Do not continue unattended after any route, account, session, composer, attachment, or response-state break.
Output Contract
Report Experimental status when applicable, repository, branch, authorization basis, review-package.md path and multipart integrity when applicable, Capability Snapshot ID and gaps, Standard Chat/Project/Package-only surface, verified account workspace category or Not verified, browser route, operation IDs and terminal states, sanitized conversation attribution, input/output mode, artifact visibility, authorized/completed rounds, external-response review.md path or Not created, local Codex mode and exact command shape when used, locally verified findings, fixes, validation, commits, and all Not found/Not verified gaps.
References
- references/usage.md: triggers, gates, package shape, and review artifact shape.
- references/browser-profile.md: profile records, modes, reset, and deletion boundaries.
- references/chatgpt-routing.md: routing defaults, IO, attribution, and prompt template.
- references/github-branch-loop.md: branch review, package/response artifacts, fixes, delivery handoff, and repeat loop.
- references/eval-cases.md: trigger, non-trigger, and quality evals.
- references/browser-operation-protocol.md: shared Capability Snapshot, handoff, operation ledger, state machine, and degraded mode.
Maintenance
Keep this entrypoint lean. Put operational details in references, and update agents/openai.yaml plus eval cases whenever capabilities, triggers, gates, routing, or output contracts change.