feat: remove claude-self-obs plugin — hooks now managed by qyl.collector

.claude-plugin/marketplace.json

@@ -5,7 +5,7 @@
     "url": "https://github.com/ANcpLua"
   },
   "metadata": {
-    "description": "Claude Code plugin marketplace: 11 plugins, 26 commands, 5 skills, 19 agents. Multi-agent orchestration, cognitive amplification, OpenTelemetry docs, .NET build enforcement, design intelligence, and self-observability."
+    "description": "Claude Code plugin marketplace: 10 plugins, 25 commands, 5 skills, 19 agents. Multi-agent orchestration, cognitive amplification, OpenTelemetry docs, .NET build enforcement, and design intelligence."
   },
   "plugins": [
     {
@@ -62,12 +62,6 @@
       "version": "2.1.0",
       "source": "./plugins/qyl-instrumentation"
     },
-    {
-      "name": "claude-self-obs",
-      "description": "Self-observability for Claude Code: HTTP hooks POST every tool call and agent lifecycle event to qyl.collector. Query telemetry via qyl.mcp tools.",
-      "version": "3.0.0",
-      "source": "./plugins/claude-self-obs"
-    },
     {
       "name": "design-studio",
       "description": "Design intelligence studio: creative direction + data-driven recommendations. 50 styles, 97 palettes, 57 font pairings, 99 UX guidelines, 25 chart types, 13 stacks. BM25 search engine with design system generator.",

.github/codex/prompts/review.md

@@ -0,0 +1,58 @@
+# Codex pull request review
+
+Review only the changes introduced by the current pull request.
+
+## Available environment variables
+
+- `PR_NUMBER`
+- `PR_BASE_SHA`
+- `PR_HEAD_SHA`
+- `PR_AUTHOR`
+- `PR_HEAD_REF`
+
+## Repository context
+
+This repository is a Claude Code plugin marketplace.
+
+- Primary files: `SKILL.md`, `plugin.json`, Markdown docs, shell scripts, YAML workflows
+- User-facing changes should update `CHANGELOG.md`
+- `.cs` and `.csproj` files do not belong in this repo
+
+## Required review flow
+
+1. Run `git diff --name-status "$PR_BASE_SHA...$PR_HEAD_SHA"`
+2. Run `git diff --stat "$PR_BASE_SHA...$PR_HEAD_SHA"`
+3. Read `AGENTS.md`, `README.md`, and `CLAUDE.md` if you need repo conventions
+4. Read the changed files and any nearby context required to review them well
+5. Ignore unrelated pre-existing issues
+
+## Review rules
+
+- Ground every finding in the actual diff or repository rules
+- Do not speculate about undocumented Claude Code behavior or private Anthropic docs
+- Do not suggest changes based on unofficial or unverifiable platform guidance
+- Prefer concrete, actionable feedback over style nitpicks
+- Request changes only for blocking issues that would break automation, validation, or published guidance
+
+## Checklist
+
+- GitHub Actions workflow safety and correctness
+- Prompt quality, clarity, and task grounding
+- JSON, Markdown, and YAML validity
+- Shell command safety and quoting
+- `CHANGELOG.md` coverage for user-facing changes
+- No forbidden repo content
+
+## Output requirements
+
+Return JSON that matches the provided schema.
+
+- Set `event` to `APPROVE`, `REQUEST_CHANGES`, or `COMMENT`
+- Set `body` to concise Markdown with these sections:
+  - `## Codex Review`
+  - `**Verdict:** ...`
+  - `### Summary`
+  - `### Findings`
+  - `### Strengths`
+- If you found no issues, write `- None.` under `### Findings`
+- End with `*Autonomous review by Codex via GitHub Actions*`

.github/codex/schemas/review-output.schema.json

@@ -0,0 +1,24 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "event",
+    "body"
+  ],
+  "properties": {
+    "event": {
+      "type": "string",
+      "enum": [
+        "APPROVE",
+        "REQUEST_CHANGES",
+        "COMMENT"
+      ]
+    },
+    "body": {
+      "type": "string",
+      "minLength": 1,
+      "maxLength": 20000
+    }
+  }
+}

.github/workflows/auto-merge.yml

@@ -4,7 +4,7 @@
 # 1a. Dependabot PRs: Auto-approve + auto-merge for patch/minor
 # 1b. Renovate PRs: Auto-approve + auto-merge
 # 2.  AI Agent fix PRs (copilot/, claude/): Auto-merge when CI passes
-# 3.  CodeRabbit/Claude approved PRs: Auto-merge when CI passes
+# 3.  CodeRabbit/Claude/Codex approved PRs: Auto-merge when CI passes
 #
 # Requirements:
 # - Repo setting "Allow auto-merge" must be enabled
@@ -168,4 +168,25 @@ jobs:
           PR_NUMBER: ${{ github.event.pull_request.number }}
         run: |
           echo "Claude approved PR #$PR_NUMBER"
-          gh pr merge --auto --squash "$PR_URL"
+          gh pr merge --auto --squash "$PR_URL"
+
+  # Tier 3c: Auto-merge PRs approved by Codex
+  # SECURITY: Requires github-actions[bot] to prevent spoofing by humans
+  codex-approved-auto-merge:
+    name: Codex approved auto-merge
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'pull_request_review' &&
+      github.event.review.state == 'approved' &&
+      github.event.review.user.login == 'github-actions[bot]' &&
+      contains(github.event.review.body, '## Codex Review')
+
+    steps:
+      - name: Enable auto-merge for Codex approved PRs
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          echo "Codex approved PR #$PR_NUMBER"
+          gh pr merge --auto --squash "$PR_URL"

.github/workflows/claude-code-review.yml

@@ -178,6 +178,7 @@ jobs:
 
           **Alternative reviewers:**
           - CodeRabbit (Tier 3a auto-merge)
+          - Codex Code Review
           - Human codeowner (@ANcpLua)
           - Other AI reviewers (Gemini, Copilot)
 

.github/workflows/codex-code-review.yml

@@ -0,0 +1,195 @@
+name: Codex Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review]
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'PR number to review'
+        required: true
+        type: number
+
+jobs:
+  check-files:
+    name: Check Changed Files
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+    outputs:
+      skip_codex: ${{ steps.check.outputs.skip }}
+    steps:
+      - name: Check for Codex workflow-only changes
+        id: check
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }}
+        run: |
+          FILES=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json files -q '.files[].path')
+
+          if echo "$FILES" | grep -qvE '^(\.github/workflows/codex-code-review\.yml|\.github/codex/)'; then
+            echo "PR contains non-Codex-review files - Codex will review"
+            echo "skip=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "PR only modifies Codex review automation files - skipping self-review"
+            echo "skip=true" >> "$GITHUB_OUTPUT"
+          fi
+
+  codex-review:
+    name: Codex Review
+    needs: check-files
+    if: needs.check-files.outputs.skip_codex != 'true'
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    permissions:
+      contents: read
+      pull-requests: write
+    env:
+      HAS_OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY != '' }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          ref: refs/pull/${{ github.event.pull_request.number || inputs.pr_number }}/merge
+          fetch-depth: 0
+
+      - name: Load pull request metadata
+        id: pr
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }}
+        run: |
+          gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" \
+            --json number,baseRefName,baseRefOid,headRefName,headRefOid,author,isDraft \
+            > pr.json
+
+          {
+            echo "number=$(jq -r '.number' pr.json)"
+            echo "base_ref=$(jq -r '.baseRefName' pr.json)"
+            echo "base_sha=$(jq -r '.baseRefOid' pr.json)"
+            echo "head_ref=$(jq -r '.headRefName' pr.json)"
+            echo "head_sha=$(jq -r '.headRefOid' pr.json)"
+            echo "author=$(jq -r '.author.login' pr.json)"
+            echo "draft=$(jq -r '.isDraft' pr.json)"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Decide whether to run Codex
+        id: gate
+        env:
+          AUTHOR: ${{ steps.pr.outputs.author }}
+          IS_DRAFT: ${{ steps.pr.outputs.draft }}
+          HAS_OPENAI_API_KEY: ${{ env.HAS_OPENAI_API_KEY }}
+        run: |
+          if [ "$IS_DRAFT" = 'true' ]; then
+            {
+              echo 'run=false'
+              echo 'reason=Draft pull request'
+            } >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          case "$AUTHOR" in
+            dependabot[bot]|renovate[bot]|github-actions[bot])
+              {
+                echo 'run=false'
+                echo 'reason=Bot-authored pull request'
+              } >> "$GITHUB_OUTPUT"
+              exit 0
+              ;;
+          esac
+
+          if [ "$HAS_OPENAI_API_KEY" != 'true' ]; then
+            {
+              echo 'run=false'
+              echo 'reason=OPENAI_API_KEY is unavailable for this run'
+            } >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          {
+            echo 'run=true'
+            echo 'reason=Review enabled'
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Pre-fetch base and head refs
+        if: steps.gate.outputs.run == 'true'
+        run: |
+          git fetch --no-tags origin \
+            "${{ steps.pr.outputs.base_ref }}" \
+            "+refs/pull/${{ steps.pr.outputs.number }}/head"
+
+      - name: Run Codex Review
+        if: steps.gate.outputs.run == 'true'
+        id: run_codex
+        uses: openai/codex-action@v1
+        env:
+          PR_NUMBER: ${{ steps.pr.outputs.number }}
+          PR_BASE_SHA: ${{ steps.pr.outputs.base_sha }}
+          PR_HEAD_SHA: ${{ steps.pr.outputs.head_sha }}
+          PR_AUTHOR: ${{ steps.pr.outputs.author }}
+          PR_HEAD_REF: ${{ steps.pr.outputs.head_ref }}
+        with:
+          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
+          prompt-file: .github/codex/prompts/review.md
+          output-file: codex-review.json
+          output-schema-file: .github/codex/schemas/review-output.schema.json
+          codex-args: --full-auto
+          safety-strategy: drop-sudo
+          sandbox: read-only
+
+      - name: Post Codex review
+        if: steps.gate.outputs.run == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ steps.pr.outputs.number }}
+        run: |
+          jq -e '.event and .body' codex-review.json >/dev/null
+          jq -r '.body' codex-review.json > codex-review-body.md
+          REVIEW_EVENT=$(jq -r '.event' codex-review.json)
+
+          case "$REVIEW_EVENT" in
+            APPROVE) REVIEW_FLAG='--approve' ;;
+            REQUEST_CHANGES) REVIEW_FLAG='--request-changes' ;;
+            COMMENT) REVIEW_FLAG='--comment' ;;
+            *)
+              echo "::error::Unsupported review event: $REVIEW_EVENT"
+              exit 1
+              ;;
+          esac
+
+          gh pr review "$PR_NUMBER" \
+            --repo "${{ github.repository }}" \
+            "$REVIEW_FLAG" \
+            --body-file codex-review-body.md
+
+      - name: Log skipped Codex review
+        if: steps.gate.outputs.run != 'true'
+        run: |
+          echo "Skipping Codex review"
+          echo "Reason: ${{ steps.gate.outputs.reason }}"
+
+  skip-notification:
+    name: Skip Notification
+    needs: check-files
+    if: needs.check-files.outputs.skip_codex == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Post skip notification
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }}
+        run: |
+          gh pr comment "$PR_NUMBER" --repo "${{ github.repository }}" --body "## Codex Code Review - Skipped
+
+          This PR only modifies Codex review automation files. Codex cannot review changes to its own workflow or prompt files.
+
+          **Alternative reviewers:**
+          - Claude Code Review
+          - CodeRabbit
+          - Human codeowner (@ANcpLua)
+
+          ---
+          *This is expected behavior, not an error.*"

.gitignore

@@ -10,8 +10,6 @@
 # --- Node / TypeScript ---
 node_modules/
 dist/
-# Allow compiled MCP server dist (users shouldn't need to build)
-!plugins/claude-self-obs/server/dist/
 out/
 coverage/
 *.log

CHANGELOG.md

@@ -8,6 +8,7 @@ and the project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ### Added
 
+- **Codex PR review automation**: Added `.github/workflows/codex-code-review.yml`, `.github/codex/prompts/review.md`, and `.github/codex/schemas/review-output.schema.json`. Codex now reviews pull requests in a read-only sandbox, returns structured verdicts, publishes formal GitHub reviews, and skips PRs that only modify Codex review automation
 - **metacognitive-guard `InstructionsLoaded` hook**: Truth beacon now fires on both SessionStart AND InstructionsLoaded — ground truth re-injected when CLAUDE.md/rules are loaded, ensuring authoritative facts arrive after instructions context
 - **metacognitive-guard `agent_type` filtering**: Struggle detector and Ralph Loop now skip subagents via `agent_type` field in hook events — prevents wasted haiku calls and false positives from subagent responses
 - **`design-studio` plugin (1.0.0)**: Design intelligence studio merging creative direction with data-driven recommendations. Combines `frontend-design` (Anthropic plugin — bold aesthetic philosophy, anti-generic guidelines) with `ui-ux-pro-max` (local skill — BM25 search engine, 750+ CSV rows, design system generator). Single unified workflow: creative direction → `--design-system` CLI → domain/stack searches → implementation with aesthetic precision. 50 styles, 97 palettes, 57 font pairings, 99 UX guidelines, 25 chart types, 13 stacks. Pre-delivery checklist includes creative distinctiveness check. Python stdlib-only, no pip dependencies
@@ -28,6 +29,7 @@ and the project follows [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ### Removed
 
+- **`claude-self-obs` plugin removed from marketplace**: Hook lifecycle now managed by qyl.collector via attach/detach endpoints. qyl owns the hooks — users control observability via MCP tools (`qyl.observe_claude` / `qyl.stop_observing_claude`) or the dashboard Settings > Integrations toggle. No more error spam when collector is down
 - **`claude-self-obs` standalone server**: Deleted `server/` directory (TypeScript MCP server, node_modules, dist, package.json, tsconfig.json) and `.mcp.json` registration. ~300 lines TS + 58K npm dependencies eliminated. Query capabilities now provided by qyl.mcp (registered globally)
 - **`claude-self-obs` bash scripts**: Deleted `emit-span.sh` (83 lines), `emit-agent-start.sh` (60 lines), `emit-agent-stop.sh` (67 lines). Dependencies on `jq`, `python3`, `curl` eliminated
 

README.md

@@ -45,7 +45,16 @@ Add the marketplace, then install plugins individually:
 
 8 plugins, 23 commands, 4 skills, 14 agents, 21 scripts, 7 hook configs.
 
-Tri-AI review system: Claude, Copilot, CodeRabbit all review PRs independently.
+Quad-AI review system: Claude, Codex, Copilot, and CodeRabbit review PRs independently.
+
+## GitHub review automation
+
+Codex review lives in `.github/workflows/codex-code-review.yml`.
+
+- Set the `OPENAI_API_KEY` repository secret to enable the workflow
+- Codex runs in a `read-only` sandbox with `drop-sudo`
+- The workflow posts a formal PR review from structured Codex output
+- Self-review is blocked when a PR only changes Codex review automation files
 
 ```text
 plugins/