Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/prilive-com/go-tdd-pack

Continuous silent peer review between Claude Code and OpenAI Codex CLI for Go projects
https://github.com/prilive-com/go-tdd-pack

ai-assisted-development claude-code code-review codex-cli developer-tools go golang peer-review plugin tdd

Last synced: 2 days ago
JSON representation

Continuous silent peer review between Claude Code and OpenAI Codex CLI for Go projects

Awesome Lists containing this project

README 

          



# Prilive Go TDD Pack



**Continuous silent peer review between Claude Code and OpenAI Codex CLI for Go projects.**



[![License: Apache-2.0](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](LICENSE)

[![DCO](https://img.shields.io/badge/DCO-signed--off-brightgreen)](CONTRIBUTING.md)

[![Keep a Changelog](https://img.shields.io/badge/changelog-Keep%20a%20Changelog-orange)](CHANGELOG.md)



**[Quickstart](#quickstart) · [How it works](#how-it-works) · [Install](#install) · [Monorepos](docs/MONOREPO_ADOPTION_GUIDE.md) · [Security](SECURITY.md)**






---



## The problem



AI coding agents are fast, but prompt-only discipline breaks down. A model can decide that "this change is mechanical, no review needed" — and now the model is deciding whether its own safety process applies. That's not safe.



Prilive Go TDD Pack v2.0 changes the default:



> **Claude does not decide whether Codex review is needed. The runner does.**



The pack runs continuous, silent peer review on every meaningful Go code change. Claude implements; Codex reviews; findings are silently injected into Claude's next turn; Claude addresses them or pushes back. The user only sees finished code, or — when Claude and Codex can't converge — a single A/B/V escalation question.



---



## What's different about this pack



- **Codex runs with the same access as Claude** — full project read, full shell, full network, no sandbox, no copy. The "no project writes" rule lives in Codex's system prompt, verified by a smoke test, not by sandbox flags. Capability parity beats artificial restrictions for review quality.

- **Tool-grounded** — `go vet`, `gofmt`, `staticcheck`, `golangci-lint`, and `govulncheck` run on every cycle. Their output goes verbatim into Codex's prompt so reviews cite tool evidence, not hallucinations.

- **Monorepo-aware** — single-module repos, monorepos with multiple `go.mod` files at any depth, nested modules, polyglot repos, and Go files with no enclosing `go.mod` are all handled by a layout-agnostic affected-module algorithm. Discovery is driven by the diff, not by where the script is invoked from.

- **Multi-round resume** — round 1 uses strict JSON schema; rounds 2+ resume the same Codex session via `codex exec resume`, so the reviewer remembers its prior analysis. Default cap: 5 rounds before escalation.

- **Confidence-scored findings** — every finding includes a 1-5 confidence score so Claude can triage by certainty as well as severity. `[blocker/correctness c=4]` reads differently from `[blocker/correctness c=1]`.

- **Quality-first defaults** — `reasoning_effort = "xhigh"`, full repo tree access via tools, no diff truncation, no cheap-model fallback. Token economy is not a constraint; review depth is.

- **Free with a ChatGPT subscription** — Codex CLI uses your existing ChatGPT Plus/Pro/Team auth. No per-token billing if you're on a subscription.



---



## How it works



```

You ask Claude for a change


Claude implements (Edit/Write/MultiEdit)


PostToolUse hook fires the runner in background (returns in <50ms)


Runner waits 5s for edits to settle (coalesce)


Runner runs tool grounding per affected Go module:

  gofmt -l, go vet, staticcheck, golangci-lint, govulncheck


Codex round 1 — strict JSON via --output-schema


  ├── approve → cycle converged → done (silent)

  └── request_changes


        Findings injected into Claude's next turn as additionalContext


        Claude fixes silently OR writes a one-line rationale


        Stop hook captures Claude's full response


        Codex round 2 — resumes session, returns VERDICT: APPROVE | REQUEST_CHANGES


        Repeat up to max_rounds (default 5)


        If converged → done. If not → A/B/V escalation message to user.

```



The user sees: finished code, or one short escalation question.



The user does NOT see: ceremony markers, plan files, approval prompts, per-edit progress updates.



---



## Requirements



**Required:**

- [Claude Code](https://docs.claude.com/en/docs/claude-code) 2.1.89 or newer

- [OpenAI Codex CLI](https://github.com/openai/codex) — install and authenticate with `codex login`

- Go 1.22 or newer

- Git 2.25 or newer

- `bash` 4+, `jq` 1.6+



**Recommended Go tooling** (the pack degrades gracefully if missing, showing `NOT INSTALLED` in Codex's prompt):

- `staticcheck` — `go install honnef.co/go/tools/cmd/staticcheck@latest`

- `golangci-lint` — see [install guide](https://golangci-lint.run/welcome/install/)

- `govulncheck` — `go install golang.org/x/vuln/cmd/govulncheck@latest`



The pack resolves tools from `PATH` and `$(go env GOPATH)/bin`.



---



## Install



> **Pick exactly ONE install path: project-copy OR plugin. Never both.** Claude

> Code stacks hook registrations across every source (project settings + plugin

> manifests), and dedup is by literal command string — so installing both ways

> runs every review twice. See

> [Claude Code hooks docs](https://code.claude.com/docs/en/hooks) and the

> warning in [`docs/ADOPTION_GUIDE.md`](docs/ADOPTION_GUIDE.md#step-3--install-the-pack).



### Clone into an existing Go project



```bash

git clone https://github.com/prilive-com/go-tdd-pack.git /tmp/go-tdd-pack



cp -R /tmp/go-tdd-pack/hooks .

cp -R /tmp/go-tdd-pack/runner .

cp -R /tmp/go-tdd-pack/prompts .

cp -R /tmp/go-tdd-pack/schemas .

cp -R /tmp/go-tdd-pack/test .

cp /tmp/go-tdd-pack/tdd-pack.toml .

cp /tmp/go-tdd-pack/CLAUDE.md .

cp /tmp/go-tdd-pack/AGENTS.md .



# Merge the hook entries from /tmp/go-tdd-pack/.claude/settings.json into

# your project's .claude/settings.json (do NOT blind-overwrite — see

# docs/V2_ROLLOUT_GUIDE.md §2 for the merge procedure).



chmod +x hooks/*.sh runner/*.sh test/smoke-*.sh



# Verify

bash test/smoke-v2-phase2.sh        # 25 unit checks, no Codex calls

bash test/smoke-tool-grounding.sh   # 12 fixture checks

```



That's it. On your next Claude Code session, Codex will start reviewing changes automatically.



Full step-by-step install: [`docs/ADOPTION_GUIDE.md`](docs/ADOPTION_GUIDE.md).

Rollout guide for AI assistants doing the install: [`docs/V2_ROLLOUT_GUIDE.md`](docs/V2_ROLLOUT_GUIDE.md).



---



## Quickstart



Open any Go project where the pack is installed and ask Claude to make a change:



```

Add a Retry function to internal/http/client.go with exponential backoff.

```



Claude writes the code. About 5 seconds after Claude's edits settle, Codex begins reviewing in the background. You won't see this happen — it's silent by design.



If everything converges silently, you'll see finished code. If Claude and Codex disagree across all rounds, you'll see one short message:



```

[REVIEW ESCALATION — cycle ]



Claude and Codex did not converge after 5 rounds.

The disagreement is about: 



Claude's final view:  

Codex's final view:   



Choose how to proceed:

  [A] ship Claude's version — tell me 'go with Claude'

  [B] apply Codex's recommendations — tell me 'go with Codex'

  [V] view full transcripts

```



That's the entire user-facing surface. Everything else is internal.



To see the most recent review at any time, ask Claude "show me the latest review" — it reads `.tdd/reviews/state.json` and the latest cycle directory.



---



## Repository layouts supported



| Layout | Status |

|---|---|

| Single-module Go repo (`go.mod` at root) | ✓ Fully supported |

| Monorepo with multiple `go.mod` files at any depth | ✓ Fully supported (per-module sections) |

| Nested modules (child `go.mod` inside parent module) | ✓ Walked nearest-first |

| Polyglot monorepo (Go + non-Go) | ✓ Only Go-affected modules are tooled |

| Repo with no Go code | ✓ Pack emits "no Go modules touched" status |

| `vendor/`, `testdata/`, `node_modules/` | ✓ Excluded from analysis |

| Empty `go.mod` (Grab-style exclude marker) | ✓ Honored |



Detailed monorepo guide: [`docs/MONOREPO_ADOPTION_GUIDE.md`](docs/MONOREPO_ADOPTION_GUIDE.md).



**Not yet supported** (no plans unless real demand surfaces): Bazel/Buck2/Pants build system orchestration, `go.work` workspace mode toggles, submodule recursion. Native per-module tooling works fine inside Bazel-managed Go repos as long as `go.mod` exists.



---



## Configuration



The pack reads `tdd-pack.toml` from the repo root. Defaults are tuned for quality:



```toml

[review]

max_rounds = 5

coalesce_ms = 5000



[codex]

model = ""                  # empty = use Codex CLI's current default

reasoning_effort = "xhigh"  # max reasoning supported by ChatGPT Plus/Pro/Team

web_search = "live"         # enables Codex web search during review



[severity]

min_surface = "nit"         # Claude sees every finding; can filter on its end

```



Full config reference: [`docs/INTEGRATION_GUIDE.md`](docs/INTEGRATION_GUIDE.md).



**Emergency disable** for the current shell:



```bash

export PRILIVE_REVIEW_DISABLE=1

```



---



## Documentation



| Topic | File |

|---|---|

| Install into a new or existing project | [`docs/ADOPTION_GUIDE.md`](docs/ADOPTION_GUIDE.md) |

| How AI developers should work with the pack | [`docs/AI_DEVELOPER_GUIDE.md`](docs/AI_DEVELOPER_GUIDE.md) |

| Hook setup, config reference, state machine | [`docs/INTEGRATION_GUIDE.md`](docs/INTEGRATION_GUIDE.md) |

| Go monorepo specifics | [`docs/MONOREPO_ADOPTION_GUIDE.md`](docs/MONOREPO_ADOPTION_GUIDE.md) |

| Rollout / install instructions for AI assistants | [`docs/V2_ROLLOUT_GUIDE.md`](docs/V2_ROLLOUT_GUIDE.md) |

| v2.0 architecture spec (still load-bearing for v2.x) | [`docs/V2_IMPLEMENTATION_SPEC.md`](docs/V2_IMPLEMENTATION_SPEC.md) |

| **v2.1 → v2.2 upgrade guide** | [`docs/UPDATE_NOTES_v2.1-to-v2.2.md`](docs/UPDATE_NOTES_v2.1-to-v2.2.md) |

| v2.0 → v2.1 upgrade guide | [`docs/UPDATE_NOTES_v2.0-to-v2.1.md`](docs/UPDATE_NOTES_v2.0-to-v2.1.md) |

| v2.1.0 postmortem (the schema-strict + model-pin lesson) | [`docs/POSTMORTEM-v2.1.0.md`](docs/POSTMORTEM-v2.1.0.md) |

| v2.2 design (the opt-in ops-triage rail) | [`docs/PROPOSAL-ops-risk-triage.md`](docs/PROPOSAL-ops-risk-triage.md) |

| Release history | [`CHANGELOG.md`](CHANGELOG.md) |

| Claude operating rules | [`CLAUDE.md`](CLAUDE.md) |

| Codex operating rules | [`AGENTS.md`](AGENTS.md) |

| Security policy | [`SECURITY.md`](SECURITY.md) |

| Contribution policy | [`CONTRIBUTING.md`](CONTRIBUTING.md) |

| GitHub repo setup scripts (for the maintainer) | [`scripts/github-setup/RUNBOOK.md`](scripts/github-setup/RUNBOOK.md) |



---



## Safety and trust



- **Codex never edits your project files.** The rule is in Codex's system prompt at `prompts/codex-system.md` and verified empirically by smoke tests. Run them any time you upgrade Codex CLI.

- **No sandboxing of Codex.** Codex runs with the same machine access Claude has — your full project, your shell, your network. This is intentional: capability parity beats artificial restrictions for review quality. The "no project writes" rule holds because it's a clear, narrow instruction Codex respects — not because of OS-level enforcement.

- **Emergency switch.** `PRILIVE_REVIEW_DISABLE=1` disables the entire pack for the current shell.

- **No telemetry.** The pack doesn't phone home. Codex invocations go directly from your machine to OpenAI's Codex CLI (which uses your auth, your subscription).



---



## What the gate does NOT cover



The pre-write gate (`[pre_review] enabled = true` in `tdd-pack.toml`, or the per-shell `PRILIVE_PRE_REVIEW_EXPERIMENTAL=1` env override) reviews every `Write`, `Edit`, `MultiEdit`, and `NotebookEdit` action **Claude Code is about to take** through its tool API. That covers file changes — it does not cover everything.



### Scope: code review by default; opt-in runtime safety in v2.2



The default code-review path reviews **file edits only** — `Write`, `Edit`, `MultiEdit`, `NotebookEdit`. v2.1 removed the v2.0-era Bash matcher from the default path because sending every `pwd` / `ls` / `git status` through Codex was wasteful for ChatGPT-subscription users (~6s per call) and an architectural mismatch with code review.



**v2.2 added an opt-in Ops Risk Triage rail** for adopters who *also* want runtime-command safety inside the same pack. It is **default-off** (`[ops_triage] enabled = false` in `tdd-pack.toml`); code-review-only adopters see zero behavior change from v2.1.1. When enabled, the rail does NOT route every command through Codex — it uses a three-layer gate (deterministic parser → fast Haiku classifier → Codex deep ops-preflight on escalation only) to keep the hot path fast. See [`docs/PROPOSAL-ops-risk-triage.md`](docs/PROPOSAL-ops-risk-triage.md) and [`docs/UPDATE_NOTES_v2.1-to-v2.2.md`](docs/UPDATE_NOTES_v2.1-to-v2.2.md) for the opt-in flow.



If you don't want any runtime-command safety from this pack at all — that's the default, and your adoption story is unchanged. If you do — copy the three `.example` configs, flip `enabled = true`, and run for a week in `mode = "observe"` before turning the gate on. Claude Code's own permission system still covers obviously dangerous cases (`rm -rf /`, `sudo`, etc.) at the prompt layer regardless.



### Out-of-band changes



The gate is a Claude Code hook. It cannot see anything that bypasses Claude's tool API:



- Cron jobs running on the host.

- Commands typed by a human in a different terminal.

- Other agents running on the same machine.

- File changes from `git pull`, IDE auto-save, formatter hooks fired by your editor.



These are not bugs. They are the architectural ceiling of any client-side hook approach.



### What would close it



If you need full coverage of file changes across all sources (not just Claude's tool API), the real option is **OS-level audit / sandbox** — seccomp, eBPF, `auditd`, or a container with a syscall-gated runtime. That's host-level work, not pack-level. Treat the gate as defense in depth — one strong line that covers what Claude itself does — not the only line.



---



## Security



Found a security issue? Please **do not** open a public issue.



- **Preferred:** [Open a private security advisory](https://github.com/prilive-com/go-tdd-pack/security/advisories/new) via GitHub's Private Vulnerability Reporting.

- **Fallback:** Email the address in [`SECURITY.md`](SECURITY.md).



Security-sensitive issue categories include: hook bypass, runner convergence bypass, Codex review artifact tampering, secret leakage through review context, and Codex writing to the real repository (no-write-rule violation).



---



## Contributing



Contributions welcome.



1. Sign off your commits — the project uses [Developer Certificate of Origin](https://developercertificate.org/) via the [cncf/dco2 GitHub App](https://github.com/apps/dco).

2. Read [`CONTRIBUTING.md`](CONTRIBUTING.md) before opening a PR.

3. High-risk changes (hooks, runner state machine, Codex prompts, tool grounding, audit artifacts, config schema, settings.json) require discussion in an issue first.



```bash

git commit -s -m "Your change description"

```



---



## Project status



- **Current public line:** v2.3.x (v2.3.2 released 2026-06-10).

- **License:** Apache-2.0

- **Maintainer:** Prilive ([github.com/prilive-com](https://github.com/prilive-com))

- **Primary audience:** Go teams using Claude Code and Codex CLI

- **Production usage:** validated on one real Go monorepo since 2026-05-18; v2.1.0 + v2.2.0 verified via the postmortem A1/A2 live-smoke gate against post-merge clean `main` ([`docs/RELEASE_GUIDE.md`](docs/RELEASE_GUIDE.md) Phase 3a).

- **Legacy support:** v1.x ceremony architecture is no longer maintained; v2.0.x / v2.1.0 / v2.2.x are superseded. New adoption should use v2.3.x.



---



## License



Apache License 2.0 — see [`LICENSE`](LICENSE).



Copyright 2026 Prilive.



---



## Acknowledgements



This pack builds on:



- **Anthropic** — Claude Code platform and plugin ecosystem

- **OpenAI** — Codex CLI

- **`honnef.co/go/tools`** (`staticcheck`) — Go static analyzer

- **`golangci-lint`** — comprehensive linter aggregator

- **`golang.org/x/vuln/cmd/govulncheck`** — Go vulnerability scanner