Episode 3 of 11

Automated Code Review

Use Codex to automatically review your staged changes for security vulnerabilities, performance bottlenecks, and code style violations.

Why Automated Code Review?

Manual code reviews are essential but time-consuming. Codex can act as a first-pass reviewer that catches common issues before your teammates even look at the code. It checks for:

  • Security vulnerabilities — Hardcoded secrets, SQL injections, XSS risks
  • Performance issues — N+1 queries, memory leaks, suboptimal algorithms
  • Style violations — Inconsistencies with your team's coding standards
  • Bug patterns — Off-by-one errors, null pointer risks, race conditions

Step 1 — Stage Your Changes

First, stage the files you want reviewed using Git:

# Stage specific files
git add src/api/users.ts src/middleware/auth.ts

# Or stage all changes
git add .

Step 2 — Run the Review

Use the codex review command with the --staged flag to analyze only your staged changes:

codex review --staged

Codex will read through every staged file and produce a detailed analysis.

What Codex Analyzes

🔒 Security Analysis

The agent scans for hardcoded secrets, API keys, and common vulnerability patterns like SQL injection or cross-site scripting (XSS).

⚡ Performance Analysis

Identifies suboptimal patterns such as N+1 database queries, unnecessary re-renders in React components, memory leaks from unclosed connections, and inefficient loops.

🎨 Style Analysis

Ensures your code adheres to the rules defined in your AGENTS.md file (covered in Episode 6). This includes naming conventions, import ordering, and architectural patterns.

Reading the Review Report

Codex outputs a structured Markdown report with diffs showing exactly what to change:

## Security — 1 issue found

### ⚠️ Hardcoded API key in src/api/users.ts:14
- const API_KEY = "sk-abc123xyz";
+ const API_KEY = process.env.API_KEY;

## Performance — 2 issues found

### ⚠️ N+1 query in src/api/users.ts:42
Consider using a JOIN or batch query instead of
querying inside a loop.

Applying Suggestions Automatically

Instead of manually copying diffs, you can ask Codex to apply the fixes directly:

# Apply all suggested changes
codex review --staged --apply

# Apply only security fixes
codex review --staged --apply --category security

What's Next

In the next episode, we'll dive into the Codex CLI in depth — interactive chat, direct commands, and piping data into Codex for instant analysis.