Review and verification agents that work especially well as read-heavy Codex subagents. Includes 16 Codex-native subagents from VoltAgent/awesome-codex-subagents.
Agents(16)
accessibility-tester—Use when a task needs an accessibility audit of UI changes, interaction flows, or component behavior.
gpt-5.4
ad-security-reviewer—Use when a task needs Active Directory security review across identity boundaries, delegation, GPO exposure, or directory hardening.gpt-5.4
architect-reviewer—Use when a task needs architectural review for coupling, system boundaries, long-term maintainability, or design coherence.gpt-5.4
browser-debugger—Use when a task needs browser-based reproduction, UI evidence gathering, or client-side debugging through a browser MCP server.gpt-5.4
chaos-engineer—Use when a task needs resilience analysis for dependency failure, degraded modes, recovery behavior, or controlled fault-injection planning.gpt-5.4
code-reviewer—Use when a task needs a broader code-health review covering maintainability, design clarity, and risky implementation choices in addition to correctness.gpt-5.4
compliance-auditor—Use when a task needs compliance-oriented review of controls, auditability, policy alignment, or evidence gaps in a regulated workflow.gpt-5.4
debugger—Use when a task needs deep bug isolation across code paths, stack traces, runtime behavior, or failing tests.gpt-5.4
error-detective—Use when a task needs log, exception, or stack-trace analysis to identify the most probable failure source quickly.gpt-5.3-codex-spark
penetration-tester—Use when a task needs adversarial review of an application path for exploitability, abuse cases, or practical attack surface analysis.gpt-5.4
performance-engineer—Use when a task needs performance investigation for slow requests, hot paths, rendering regressions, or scalability bottlenecks.gpt-5.4
powershell-security-hardening—Use when a task needs PowerShell-focused hardening across script safety, admin automation, execution controls, or Windows security posture.gpt-5.4
qa-expert—Use when a task needs test strategy, acceptance coverage planning, or risk-based QA guidance for a feature or release.gpt-5.4
reviewer—Use when a task needs PR-style review focused on correctness, security, behavior regressions, and missing tests.gpt-5.4
security-auditor—Use when a task needs focused security review of code, auth flows, secrets handling, input validation, or infrastructure configuration.gpt-5.4
test-automator—Use when a task needs implementation of automated tests, test harness improvements, or targeted regression coverage.gpt-5.3-codex-spark
README.md
written by Forgecat
04. Quality & Security
Review and verification agents that work especially well as read-heavy Codex subagents.
accessibility-tester — Use when a task needs an accessibility audit of UI changes, interaction flows, or component behavior. gpt-5.4Quality & Security
ad-security-reviewer — Use when a task needs Active Directory security review across identity boundaries, delegation, GPO exposure, or directory hardening. gpt-5.4Quality & Security
architect-reviewer — Use when a task needs architectural review for coupling, system boundaries, long-term maintainability, or design coherence. gpt-5.4Quality & Security
browser-debugger — Use when a task needs browser-based reproduction, UI evidence gathering, or client-side debugging through a browser MCP server. gpt-5.4Quality & Security
chaos-engineer — Use when a task needs resilience analysis for dependency failure, degraded modes, recovery behavior, or controlled fault-injection planning. gpt-5.4Quality & Security
code-reviewer — Use when a task needs a broader code-health review covering maintainability, design clarity, and risky implementation choices in addition to correctness. gpt-5.4Quality & Security
compliance-auditor — Use when a task needs compliance-oriented review of controls, auditability, policy alignment, or evidence gaps in a regulated workflow. gpt-5.4Quality & Security
debugger — Use when a task needs deep bug isolation across code paths, stack traces, runtime behavior, or failing tests. gpt-5.4Quality & Security
error-detective — Use when a task needs log, exception, or stack-trace analysis to identify the most probable failure source quickly. gpt-5.3-codex-sparkQuality & Security
penetration-tester — Use when a task needs adversarial review of an application path for exploitability, abuse cases, or practical attack surface analysis. gpt-5.4Quality & Security
performance-engineer — Use when a task needs performance investigation for slow requests, hot paths, rendering regressions, or scalability bottlenecks. gpt-5.4Quality & Security
powershell-security-hardening — Use when a task needs PowerShell-focused hardening across script safety, admin automation, execution controls, or Windows security posture. gpt-5.4Quality & Security
qa-expert — Use when a task needs test strategy, acceptance coverage planning, or risk-based QA guidance for a feature or release. gpt-5.4Quality & Security
reviewer — Use when a task needs PR-style review focused on correctness, security, behavior regressions, and missing tests. gpt-5.4Quality & Security
security-auditor — Use when a task needs focused security review of code, auth flows, secrets handling, input validation, or infrastructure configuration. gpt-5.4Quality & Security
test-automator — Use when a task needs implementation of automated tests, test harness improvements, or targeted regression coverage. gpt-5.3-codex-sparkQuality & Security
ForgeCat