Skip to main content

What is Code Review?

Codex includes a specialized code review mode that analyzes your changes for bugs, security vulnerabilities, and maintainability issues. It provides structured feedback with priority levels, helping you catch problems before they reach production.
Code review in Codex is powered by a dedicated review agent with specialized instructions focused on finding actionable issues.

Starting a Review

Trigger a code review using the /review slash command:
Codex will:
  1. Analyze your current changes (staged and unstaged)
  2. Spawn a sub-agent with specialized review instructions
  3. Provide structured feedback with priority levels
  4. Output an overall correctness verdict
  5. Automatically exit review mode when complete

How It Works

1

Review mode activated

When you run /review, Codex enters a specialized review mode.
2

Sub-agent spawned

A dedicated review sub-agent is created with:
  • Specialized review prompt and guidelines
  • Auto-approval enabled (no interruptions)
  • Web search and collaborative tools disabled
  • Custom review model (if configured)
3

Code analysis

The review agent analyzes your changes, looking for:
  • Bugs and logic errors
  • Security vulnerabilities
  • Performance issues
  • Maintainability problems
  • Style violations (only if they obscure meaning)
4

Structured output

The agent provides findings with:
  • Priority level (P0-P3)
  • Clear title and description
  • Code location (file and line range)
  • Confidence score
  • Suggestion blocks (when applicable)
5

Overall verdict

An overall correctness assessment:
  • “Patch is correct” - No blocking issues found
  • “Patch is incorrect” - Blocking issues that must be addressed

Review Output Format

Finding Structure

Each finding includes:
  • Title: Short, imperative description (≤80 chars) with priority tag
  • Body: Explanation of why it’s a problem, with file/line/function references
  • Priority: P0 (critical) to P3 (nice-to-have)
  • Confidence Score: 0.0-1.0 indicating reviewer confidence
  • Code Location: Absolute file path and line range
  • Suggestion Block (optional): Concrete replacement code

Priority Levels

LevelDescriptionWhen to Use
P0Drop everything to fixBlocking release, operations, or major usage. Universal issues.
P1UrgentShould be addressed in the next cycle
P2NormalTo be fixed eventually
P3LowNice to have

Example Output


[P2] Missing error handling for async operation The fetchData call in src/api.ts:88 lacks error handling. If the request fails, the error will propagate unhandled, potentially crashing the application. Location: src/api.ts:88 Confidence: 0.85

Overall Correctness: Patch is incorrect The P1 security vulnerability must be addressed before merging. The P2 error handling issue should also be fixed to improve reliability.
If not set, reviews use the same model as your current session.

Custom Review Guidelines

Add project-specific review guidelines to your AGENTS.md:
The review agent will see these guidelines and apply them.

Use Cases

Pre-Commit Review

PR Review

CI Integration

Run code review in CI/CD pipelines:

Advanced Usage

Reviewing Specific Files

Review only specific files:

Focused Review

Ask for a focused review:

Re-reviewing After Fixes

Interpreting Results

Overall Correctness: “Patch is correct”

Meaning:
  • No blocking issues found
  • Existing code and tests won’t break
  • The patch is free of bugs and blocking problems
  • Non-blocking issues (style, formatting, nits) are ignored
You can proceed with confidence.

Overall Correctness: “Patch is incorrect”

Meaning:
  • At least one blocking issue (usually P0 or P1) was found
  • The issue will cause bugs, security problems, or breakage
  • You should address the findings before merging
Review the findings and fix blocking issues.

Confidence Scores

Each finding includes a confidence score (0.0-1.0):
  • 0.9-1.0: Very confident - almost certainly a real issue
  • 0.7-0.9: Confident - likely a real issue
  • 0.5-0.7: Moderate confidence - worth investigating
  • Less than 0.5: Low confidence - may be a false positive
Prioritize high-confidence findings.

Tips for Better Reviews

Stage related changes together for more coherent reviews:
Give the reviewer context about your changes:
For large changes, review in stages:
  1. Review the core logic first
  2. Then review the integration
  3. Finally review tests and documentation
Document your standards in AGENTS.md so the reviewer knows what to look for.
Configure a reasoning model for more thorough reviews:

Limitations

Code review is a helpful tool but not a replacement for human review, especially for:
  • Architecture decisions
  • API design
  • User experience considerations
  • Business logic correctness
  • Complex domain-specific requirements
Best used as:
  • A first pass to catch obvious issues
  • A sanity check before requesting human review
  • A teaching tool to learn about common mistakes

Next Steps

Slash Commands

Learn about other slash commands

Configuration

Configure review model and settings

Memory & Project Docs

Add project-specific review guidelines

CI/CD Integration

Integrate code review into your pipeline