Agentic PR Review Bot

GitHub App that assigns sub-tasks from an open PR to a Codex agent: write missing tests, fix lint errors, suggest refactors — then pushes results as commits.

Difficulty: 1-month | Stack: TypeScript, Node.js, Octokit, OpenAI Codex API, Docker, PostgreSQL, GitHub Apps

Who this is for

Engineering teams at Endava-style orgs restructuring around AI agents — bottleneck shifts from writing to reviewing, so automate the grunt-work review loop.

Build steps

1. Register GitHub App with pull_request, push, check_run webhook events; store installation tokens in PostgreSQL
2. On PR open/update, parse diff and PR description; use GPT-4o to decompose into discrete sub-tasks (add test for X, fix lint in Y, refactor Z)
3. Spawn one Codex agent per sub-task via OpenAI Responses API with repo file context injected; agents run async in parallel
4. Collect agent outputs; run in Docker sandbox to validate tests pass before committing — reject unsafe changes
5. Push passing changes as commits on PR branch with co-author trailer; post check_run summary with task list and token cost
6. Add slash-command interface: /agent fix-tests, /agent add-docs triggers on-demand sub-task dispatch from PR comments

Risks

• Sandbox escape risk: Codex agents executing arbitrary shell commands inside Docker needs seccomp/AppArmor profiles and network isolation — skipping this is a security hole
• Agent-generated commits can thrash with human commits if both push to same branch simultaneously — need optimistic lock on PR branch via GitHub refs API
• Cost can blow up fast on large PRs: a 2000-line diff spawning 8 parallel agents hits token limits and $$$ quickly — hard per-PR token cap is mandatory from day one