AI-Powered Code Review with /review

It is Friday afternoon. Your team has six pull requests queued for review, your own PR has been waiting since Tuesday, and the code review backlog is becoming a deployment bottleneck. You could skim each PR in five minutes and approve with “LGTM.” Or you could let Codex review every PR thoroughly, flag real issues, and still have time to focus your human review on the architectural decisions that actually need a human.

What You’ll Walk Away With

• Three review surfaces: /review in the CLI, the App review pane, and @codex review on GitHub PRs
• Custom review guidelines via AGENTS.md that teach Codex what your team cares about
• Prompts for focused reviews (security, performance, API compatibility)
• An automation recipe for automatic review on every new pull request

The Workflow

Surface 1: /review in the CLI

The CLI’s /review command launches a dedicated reviewer that reads your diff and reports prioritized, actionable findings without touching your code. It is the fastest way to get a second opinion before you commit.

codex

Then run:

/review

Codex presents options:

• Review against a base branch — picks up the merge base and diffs your entire feature branch
• Review uncommitted changes — reviews staged, unstaged, and untracked files
• Review a commit — lets you pick a specific SHA
• Custom review instructions — accepts your own focus area

Tip

Copy-paste prompt for focused security review (CLI):

/review Focus on security issues: SQL injection, XSS vulnerabilities, missing authentication checks, exposed secrets in code or config, and unsafe use of user input. Flag only P0/P1 issues. Skip style nits.

The reviewer uses a dedicated model optimized for code review. Each review appears as its own turn in the transcript, so you can rerun reviews as you fix issues and compare the feedback.

Surface 2: Review Pane in the Codex App

The App’s review pane provides a visual diff with inline commenting — similar to a GitHub PR review but before you push. Every change Codex made (or you made) appears in the diff pane.

The review pane shows:

• Uncommitted changes (default) — everything modified since the last commit
• All branch changes — the complete diff against your base branch
• Last turn changes — just the most recent thing Codex did

To review with Codex’s help, run /review in the App thread. The review comments appear inline directly in the review pane, anchored to specific lines. You can then leave your own inline comments for Codex to address:

1. Open the review pane
2. Hover a line you want to comment on
3. Click the + button
4. Write your feedback (“This needs error handling for the null case”)
5. Go back to the thread and send: “Address the inline comments. Keep changes minimal.”

This creates a tight feedback loop: Codex makes changes, you review inline, Codex addresses your comments, you review again. It mirrors the PR review flow but happens locally before you push.

Surface 3: @codex review on GitHub

For pull requests already on GitHub, comment on the PR:

@codex review

Codex reacts with an eyes emoji, creates a cloud task, reads the full PR diff, and posts a standard GitHub code review with inline comments. It behaves exactly like a human reviewer — line-level comments, suggestions, and an overall assessment.

For focused reviews, add instructions:

Tip

Copy-paste prompt for GitHub PR review with focus:

@codex review for API backward compatibility. Check that no existing response shapes changed, no required fields were removed, and no endpoints were renamed. Flag anything that would break existing clients.

Customizing Reviews with AGENTS.md

Codex reads AGENTS.md files in your repository to understand your team’s review standards. Add a ## Review guidelines section:

## Review guidelines

- Flag any database query that does not use parameterized inputs
- Flag missing input validation on API endpoints
- Flag console.log statements (use our structured logger)
- Ensure all new API endpoints have OpenAPI annotations
- Verify that error responses do not leak internal stack traces
- Check that new routes include rate limiting middleware
- Treat typos in user-facing strings as P1

Codex applies these guidelines to every review — CLI, App, and GitHub. Place more specific guidelines in subdirectory AGENTS.md files for targeted review:

packages/billing/AGENTS.md

## Review guidelines

- All monetary calculations must use Decimal.js, not floating point
- Verify idempotency keys on all payment-related mutations
- Check that refund logic handles partial amounts correctly

Enabling Automatic Reviews

If you want Codex to review every PR without being asked, enable Automatic reviews in your Codex settings at chatgpt.com/codex/settings/code-review. Once enabled, Codex posts a review whenever a new PR is opened for review. No @codex review comment needed.

Caution

Automatic reviews run on every PR, including drafts and dependabot updates. Consider whether the volume of reviews is helpful for your team. Start with manual @codex review comments and switch to automatic once you are confident in your AGENTS.md review guidelines.

Review Quality Automation

Set up a daily automation in the Codex App to review recent changes on your main branch:

Tip

Copy-paste automation prompt for daily code review:

Review all commits merged to main in the last 24 hours. For each commit:

1. Check adherence to review guidelines in AGENTS.md
2. Flag any issues that should have been caught in PR review
3. Identify patterns of recurring issues (same mistake in multiple commits)

If you find P0 or P1 issues, report them with file paths, line numbers, and suggested fixes. If everything looks clean, report that no issues were found.

When This Breaks

Review feedback is too noisy. If Codex flags 40 issues on every PR and most are style nits, your team will start ignoring reviews. Fix this in AGENTS.md: “Flag only P0 (security/correctness) and P1 (significant quality) issues. Do not flag formatting, naming preferences, or optional improvements.”

@codex review does not respond. Verify that Code review is enabled for your repository in Codex settings. Also check that the Codex GitHub integration has access to the repository — org-level permissions may restrict which repos the integration can see.

Inline review comments reference wrong line numbers. If the diff changed between when Codex started the review and when it posted comments (for example, someone pushed new commits during the review), line references may be off. Re-request the review after the latest push.

Codex misses domain-specific issues. The generic reviewer does not know your business rules. This is what AGENTS.md review guidelines fix. If Codex keeps missing a specific category of issue, add an explicit guideline for it.

What’s Next

Documentation Generation with Codex Generate and maintain documentation alongside your code review workflow

PR Automation Workflow Automate the entire PR lifecycle from creation through review to merge