revert(autoreview): drop nested codex config changes

Galin Iliev · Galin Iliev · commit d05faf833372 · 2026-05-19T05:43:28.000Z
diff --git a/.agents/skills/autoreview/SKILL.md b/.agents/skills/autoreview/SKILL.md
@@ -121,32 +121,12 @@ The helper:
 - writes only to stdout unless `--output` or `AUTOREVIEW_OUTPUT` is set
 - supports `--dry-run`, `--parallel-tests`, and commit refs
 - runs nested review with `--dangerously-bypass-approvals-and-sandbox --sandbox danger-full-access` by default
-- uses Codex's normal shell environment filtering by default, including when `--codex-config` or `AUTOREVIEW_CODEX_CONFIG` is supplied; use `--shell-env-inherit all|default` or `AUTOREVIEW_SHELL_ENV_INHERIT=all|default` to force either policy
-- supports repeated `--codex-config KEY=VALUE` and newline-delimited `AUTOREVIEW_CODEX_CONFIG` / legacy `CODEX_REVIEW_CODEX_CONFIG` for local Codex provider overrides that were originally supplied as CLI `-c` flags; explicit `--codex-config` entries are passed after env entries so command-line overrides win
 - injects maintainer-only OpenClaw validation policy into native Codex review when `OPENCLAW_TESTBOX=1` or `AUTOREVIEW_OPENCLAW_MAINTAINER_VALIDATION=1`, so local memory-heavy Node/Vitest checks are avoided in favor of Crabbox/Testbox proof
 - branch mode may fail on Codex CLI versions that reject `--base` plus the helper's stdin prompt; on that exact parser error, rerun plain `codex review --base <ref>` instead of falling back to a non-Codex reviewer
 - keeps accepting `--full-access`; use `--no-yolo` or `AUTOREVIEW_YOLO=0` to opt out
 - still accepts legacy `CODEX_REVIEW_*` env vars when the matching `AUTOREVIEW_*` var is unset
 - prints `autoreview clean: no accepted/actionable findings reported` when the selected review command exits 0
 
-Local gateway/Copilot-style Codex launchers may need both exported env vars and
-the matching nested Codex config, because parent CLI `-c` flags are not process
-environment variables. Use explicit env inheritance only for trusted local
-launchers that require those exported variables:
-
-```bash
-export OPENAI_API_KEY="sk-dummy-00000000000000000000000000000000000000000000"
-export AUTOREVIEW_SHELL_ENV_INHERIT=all
-export AUTOREVIEW_CODEX_CONFIG='openai_base_url="http://localhost:8080/v1"
-model_provider="copilot"
-model_providers.copilot.name="Copilot"
-model_providers.copilot.base_url="http://localhost:8080/v1"
-model_providers.copilot.env_key="OPENAI_API_KEY"
-model_providers.copilot.supports_websockets=false
-model="gpt-5.5"'
-.agents/skills/autoreview/scripts/autoreview
-```
-
 ## Final Report
 
 Include:
diff --git a/.agents/skills/autoreview/scripts/autoreview b/.agents/skills/autoreview/scripts/autoreview
@@ -20,9 +20,6 @@ Options:
   --opencode-bin PATH        OpenCode binary. Default: opencode.
   --droid-bin PATH           Droid binary. Default: droid.
   --copilot-bin PATH         GitHub Copilot binary. Default: copilot.
-  --codex-config KEY=VALUE   Pass a Codex -c config override to nested codex review. Repeatable.
-  --shell-env-inherit auto|all|default
-                              Environment inheritance policy for commands run by nested Codex. Default: auto.
   --full-access              Keep yolo/full-access mode enabled. Default.
   --no-yolo                  Run nested Codex review with normal sandbox/approval prompts.
   --output FILE              Also save output to file.
@@ -32,14 +29,6 @@ Options:
   -h, --help                 Show help.
 
 Environment:
-  Nested Codex review keeps Codex's default shell environment filtering unless
-                              AUTOREVIEW_SHELL_ENV_INHERIT=all or --shell-env-inherit all is set.
-  AUTOREVIEW_SHELL_ENV_INHERIT
-                              Set to all or default to force the nested Codex shell env policy.
-  CODEX_REVIEW_SHELL_ENV_INHERIT
-                              Legacy alias when AUTOREVIEW_SHELL_ENV_INHERIT is unset.
-  AUTOREVIEW_CODEX_CONFIG    Newline-delimited Codex -c config overrides.
-  CODEX_REVIEW_CODEX_CONFIG  Legacy alias when AUTOREVIEW_CODEX_CONFIG is unset.
   OPENCLAW_TESTBOX=1 or AUTOREVIEW_OPENCLAW_MAINTAINER_VALIDATION=1
                               Enable maintainer-only OpenClaw Crabbox/Testbox validation policy.
 
@@ -63,9 +52,6 @@ opencode_bin=${OPENCODE_BIN:-opencode}
 droid_bin=${DROID_BIN:-droid}
 copilot_bin=${COPILOT_BIN:-copilot}
 codex_args=()
-codex_config_overrides=()
-codex_cli_config_overrides=()
-shell_env_inherit=${AUTOREVIEW_SHELL_ENV_INHERIT:-${CODEX_REVIEW_SHELL_ENV_INHERIT:-auto}}
 yolo=${AUTOREVIEW_YOLO:-${CODEX_REVIEW_YOLO:-1}}
 output=${AUTOREVIEW_OUTPUT:-${CODEX_REVIEW_OUTPUT:-}}
 parallel_tests=
@@ -122,14 +108,6 @@ while [[ $# -gt 0 ]]; do
       copilot_bin=${2:-}
       shift 2
       ;;
-    --codex-config)
-      codex_cli_config_overrides+=("${2:-}")
-      shift 2
-      ;;
-    --shell-env-inherit)
-      shell_env_inherit=${2:-}
-      shift 2
-      ;;
     --full-access)
       yolo=1
       shift
@@ -166,37 +144,6 @@ case "$yolo" in
   *) codex_args+=(--dangerously-bypass-approvals-and-sandbox --sandbox danger-full-access) ;;
 esac
 
-codex_config_env=${AUTOREVIEW_CODEX_CONFIG:-${CODEX_REVIEW_CODEX_CONFIG:-}}
-if [[ -n "$codex_config_env" ]]; then
-  while IFS= read -r codex_config_line; do
-    [[ -n "$codex_config_line" ]] || continue
-    codex_config_overrides+=("$codex_config_line")
-  done <<< "$codex_config_env"
-fi
-
-case "$shell_env_inherit" in
-  auto)
-    shell_env_inherit=default
-    ;;
-  all|default) ;;
-  *)
-    echo "invalid --shell-env-inherit: $shell_env_inherit" >&2
-    exit 2
-    ;;
-esac
-if [[ "$shell_env_inherit" == all ]]; then
-  # Deliberate for local Codex launchers that rely on inherited provider,
-  # proxy, or gateway variables; use default to restore Codex filtering.
-  codex_args=(-c shell_environment_policy.inherit=all "${codex_args[@]}")
-fi
-
-for codex_config_override in "${codex_config_overrides[@]}"; do
-  codex_args+=(-c "$codex_config_override")
-done
-for codex_config_override in "${codex_cli_config_overrides[@]}"; do
-  codex_args+=(-c "$codex_config_override")
-done
-
 case "$mode" in
   auto|local|branch|commit) ;;
   *)
@@ -311,25 +258,6 @@ EOF
   fi
 fi
 
-print_review_command() {
-  local redact_next=false
-  local arg
-
-  printf 'review:'
-  for arg in "${review_cmd[@]}"; do
-    if [[ "$redact_next" == true ]]; then
-      printf ' %q' '<codex-config-redacted>'
-      redact_next=false
-      continue
-    fi
-    printf ' %q' "$arg"
-    if [[ "$arg" == "-c" || "$arg" == "--config" ]]; then
-      redact_next=true
-    fi
-  done
-  printf '\n'
-}
-
 printf 'autoreview target: %s\n' "$review_kind"
 printf 'branch: %s\n' "${current_branch:-detached}"
 if [[ -n "$pr_url" ]]; then
@@ -347,7 +275,9 @@ case "$reviewer" in
     ;;
 esac
 if [[ "$reviewer" == auto || "$reviewer" == codex ]]; then
-  print_review_command
+  printf 'review:'
+  printf ' %q' "${review_cmd[@]}"
+  printf '\n'
   if [[ "$codex_review_stdin_prompt" == true || "$codex_review_prompt_file" == true ]]; then
     printf 'review policy: OpenClaw maintainer Crabbox/Testbox-aware validation prompt injected\n'
   fi
