use-cases/github-code-reviews.md +51 −0 added
1---
2name: Codex code review for GitHub pull requests
3tagline: Catch regressions and potential issues before human review.
4summary: Use Codex code review in GitHub to automatically surface regressions,
5 missing tests, and documentation issues directly on a pull request.
6coverImage: /codex/use-cases/gh-pr-use-case.png
7skills:
8 - token: $security-best-practices
9 url: https://github.com/openai/skills/tree/main/skills/.curated/security-best-practices
10 description: Focus the review on risky surfaces such as secrets, auth, and
11 dependency changes.
12bestFor:
13 - Teams that want another review signal before human merge approval
14 - Large codebases for projects in production
15starterPrompt:
16 title: Ask Codex to review a pull request
17 body: "@codex review for security regressions, missing tests, and risky behavior
18 changes."
19 suggestedModel: cloud
20relatedLinks:
21 - label: Codex code review in GitHub
22 url: /codex/integrations/github
23 - label: Custom instructions with AGENTS.md
24 url: /codex/guides/agents-md
25---
26
27## How to use
28
29Start by adding Codex code review to your GitHub organization or repository.
30See [Codex code review in GitHub](https://developers.openai.com/codex/integrations/github) for more details.
31
32You can set up Codex to automatically review every pull request, or you can request a review with `@codex review` in a pull request comment.
33
34If Codex flags a regression or potential issue, you can ask it to fix it by commenting on the pull request with a follow-up prompt like `@codex fix it`.
35
36This will start a new cloud task that will fix the issue and update the pull request.
37
38## Define review guidance
39
40To customize what Codex reviews, add or update a top-level `AGENTS.md` with a section like this:
41
42```md
43## Review guidelines
44
45- Flag typos and grammar issues as P0 issues.
46- Flag potential missing documentation as P1 issues.
47- Flag missing tests as P1 issues.
48 ...
49```
50
51Codex applies guidance from the closest `AGENTS.md` to each changed file. You can place more specific instructions deeper in the tree when particular packages need extra scrutiny.