https://github.com/khovan123/codex-pr-review-bot

A bring-your-own-key GitHub Action that reviews pull requests with OpenAI and posts concise Codex-style findings, tests, and residual risk comments using the repository owner’s API key.
https://github.com/khovan123/codex-pr-review-bot

code-review continues-integration github-actions github-bot typescript

Last synced: 16 days ago
JSON representation

A bring-your-own-key GitHub Action that reviews pull requests with OpenAI and posts concise Codex-style findings, tests, and residual risk comments using the repository owner’s API key.

• Host: GitHub
• URL: https://github.com/khovan123/codex-pr-review-bot
• Owner: khovan123
• License: mit
• Created: 2026-05-22T06:42:56.000Z (27 days ago)
• Default Branch: master
• Last Pushed: 2026-05-22T07:28:39.000Z (27 days ago)
• Last Synced: 2026-05-22T15:30:17.986Z (27 days ago)
• Topics: code-review, continues-integration, github-actions, github-bot, typescript
• Language: TypeScript
• Homepage:
• Size: 10.7 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Codex PR Review Bot

BYOK GitHub Action that posts Codex-style pull request reviews. Each GitHub user or organization supplies their own `OPENAI_API_KEY`; this action does not use the publisher's key.

## Usage

Add a repository or organization secret named `OPENAI_API_KEY`.

Create `.github/workflows/codex-review.yml` in the repository that wants reviews:

```yaml

name: Codex PR Review

on:

  pull_request:

    types: [opened, synchronize, reopened, ready_for_review]

permissions:

  contents: read

  pull-requests: write

jobs:

  review:

    if: ${{ !github.event.pull_request.draft }}

    runs-on: ubuntu-latest

    steps:

      - uses: khovan123/codex-pr-review-bot@v1

        with:

          openai_api_key: ${{ secrets.OPENAI_API_KEY }}

          github_token: ${{ github.token }}

```

## Inputs

| Input | Required | Default | Description |

| --- | --- | --- | --- |

| `openai_api_key` | Yes |  | User-owned OpenAI API key, usually `${{ secrets.OPENAI_API_KEY }}`. |

| `github_token` | Yes |  | Token used to read PR files and post the review, usually `${{ github.token }}`. |

| `model` | No | `gpt-5` | OpenAI model used for the review. |

| `max_files` | No | `40` | Maximum changed files sent to the model. |

| `max_patch_chars` | No | `60000` | Maximum patch characters sent to the model. |

## Security Model

- The action requires the repository user to provide `OPENAI_API_KEY`.

- The publisher does not receive or store user keys.

- Pull request patch text is sent to OpenAI from the user's GitHub Actions run.

- Use GitHub organization secrets if many repositories should share the same key.

## Publishing

1. Create a public GitHub repository, for example `khovan123/codex-pr-review-bot`.

2. Push this project to the repository.

3. Create a release tag such as `v1`.

4. Users can then reference the action with `uses: khovan123/codex-pr-review-bot@v1`.

The action is public once the GitHub repository is public. GitHub Marketplace listing is optional and can be added from the repository's Actions publishing settings.