Connect Codex to GitHub for automated PR reviews, @codex mentions, issue triage, and cloud task management directly from your repositories.

GitHub Integration

Codex integrates deeply with GitHub. You can trigger code reviews on pull requests, start cloud tasks from PR comments, and automate issue triage — all by mentioning @codex.

Setup#

Go to Codex settings or the Codex app settings
Connect your GitHub account
Select the repositories you want Codex to access
Enable Code review for repositories where you want automatic PR reviews

Info

Codex needs repository access to read code and create PRs. You can grant access to specific repositories rather than your entire GitHub account.

## Automated PR Reviews

Once enabled, Codex automatically reviews pull requests when they move from draft to ready for review.

What Codex Reviews#

Logical errors and edge cases
Security vulnerabilities (injection, XSS, auth issues)
Race conditions and concurrency bugs
Missing test coverage
Style and convention violations (per your AGENTS.md)

Priority Levels#

On GitHub, Codex only flags high-priority issues:

| Priority | Description | Action | |----------|-------------|--------| | P0 | Critical bugs, security vulnerabilities | Must fix before merge | | P1 | Important logic errors, missing edge cases | Should fix before merge |

Tip

Want Codex to catch lower-priority issues like typos? Add this to your AGENTS.md: "In review, treat documentation typos as P1 issues."

## @codex Mentions

Code Review#

Comment on any PR:

@codex review

Codex reacts with a look emoji to acknowledge it started, then posts a standard GitHub code review when done.

Focused Review#

@codex review for security vulnerabilities
@codex review for performance issues
@codex review for accessibility regressions

Cloud Tasks from PRs#

Any @codex mention that is not "review" starts a cloud task using the PR as context:

@codex fix the type error on line 42
@codex add tests for the new auth middleware
@codex refactor this to use the repository pattern

Codex creates a cloud task, works on it in a sandboxed environment, and pushes the changes back to the PR.

AGENTS.md for Review Guidelines#

Codex searches your repository for AGENTS.md files and follows review guidelines found in them:

# AGENTS.md

## Review Guidelines
- Always check for SQL injection in database queries
- Verify that all API endpoints have proper authentication
- Ensure new components have corresponding unit tests
- Flag any hardcoded credentials or API keys as P0

Codex applies the guidance from the closest AGENTS.md to each changed file. You can place more specific instructions deeper in the directory tree:

repo/
  AGENTS.md                    # General review rules
  services/
    payments/
      AGENTS.md                # Payment-specific rules (PCI compliance, etc.)
    auth/
      AGENTS.md                # Auth-specific rules (token validation, etc.)

Skills and Automations#

Skills#

With Skills, Codex contributes beyond just writing code:

Code understanding — Explain complex logic, generate documentation
Prototyping — Turn designs into working code
Documentation — Auto-generate and update docs

Automations#

Codex can work unprompted on routine tasks:

Issue triage — Automatically categorize and label new issues
Alert monitoring — Respond to CI/CD alerts
Dependency updates — Create PRs for outdated dependencies

Cloud Task Workflow#

Create task — Via @codex mention, the web UI, or CLI
Codex works — In a sandboxed cloud environment with your repo
Review results — Codex presents diffs and optionally creates a PR
Apply or iterate — Accept changes, request modifications, or start a new task

Info

Cloud task containers are cached, reducing median completion time by 90%. Codex automatically sets up its environment by scanning for setup scripts.

## Next Steps

Code Review — In-depth review capabilities
Non-Interactive Mode — CI/CD automation
AGENTS.md Guide — Configure project instructions