Code Reviews with Codex

Codex can function as an automated code reviewer, either through the /review slash command in interactive sessions or through CI-integrated review pipelines. The interactive /review command analyzes the current diff and provides feedback on correctness, style, potential bugs, and missing edge cases. The CI pipeline approach uses codex review as a command-line tool that outputs structured JSON.

# Interactive review of current changes
/review

# CI pipeline review — compare against main branch, output JSON
codex review --base main --json

# Review a specific file
/review src/api/auth.ts

For team-wide adoption, the most impactful pattern is enabling automatic PR reviews in GitHub. When a PR is opened, Codex Cloud analyzes the changes and posts review comments directly on the PR. This provides instant feedback to the author and catches common issues before human reviewers spend time on them.

The code_review.md pattern lets you define review criteria specific to your project. This file sits alongside your AGENTS.md and tells Codex what to look for during reviews: security patterns, performance antipatterns, naming conventions, test coverage expectations, and domain-specific rules.

# Code Review Criteria

## Security
- No hardcoded secrets or API keys
- All user input is validated and sanitized
- SQL queries use parameterized statements

## Performance
- No N+1 queries in database access patterns
- Large lists use pagination
- Expensive computations are cached or memoized

## Conventions
- All new endpoints have corresponding tests
- Error responses follow our standard error format
- TypeScript strict mode — no `any` types without justification