Codexa
Free forever · Open source

AI code review,
on every pull request.

Codexa catches bugs, security issues, and bad patterns before merge — without slowing your CI. Free, open-source, and yours to keep.

Reviews in <30s·Self-hostable
github.com/your-org/repo · #142
Codexa
🤖 Codexa AI Review

Solid JWT setup overall. Two things worth fixing before merge — a missing env-var guard and an overly long token expiry.

error
auth/jwt.py:24

App crashes silently if SECRET_KEY isn't set. Fail fast at startup instead.

warn
auth/jwt.py:31

30-day access tokens are risky. Use short-lived access + refresh tokens.

info
api/login.py:12

Email lookup is case-sensitive — normalize on insert and on lookup.

Everything you need.
Nothing you don't pay for.

Real bug detection

Logic errors, off-by-one, race conditions, missing null checks — not surface-level lint.

Security-aware

Catches injection, leaked secrets, weak crypto, and unsafe deserialization patterns.

Sub-30s reviews

Codexa lands findings in seconds, not minutes. Your CI doesn't wait, and neither do you.

Inline PR comments

Findings posted as a single review comment with file, line, severity, and a suggested fix.

Always-on reliability

Codexa runs on multiple AI providers with automatic failover. If one is throttled, the next steps in seamlessly.

Bring your own key

Plug in your own AI provider key — your code never touches our servers.

GitHub Actions native

Runs as a GitHub App or as a step in your existing workflow. Zero infra to manage.

Self-hostable

FastAPI backend ships in one Docker image. Deploy free on Render, Fly, or Railway.

See Codexa in action.

From the PR comment to the dashboard — every surface where Codexa shows up.

github.com/your-org/repo/pull/12
PR Comment screenshot

A single, well-formatted comment on every PR — summary, severity-tagged findings, file:line refs, and concrete fix suggestions.

Four steps. Zero config.

Step 01

Open a pull request

Codexa listens for new and updated PRs in any repo where the GitHub App is installed.

Step 02

Webhook fires

FastAPI verifies the signature and queues the diff for review — no polling, no delays.

Step 03

Codexa reviews the diff

Smart AI routing picks the fastest available model for your review — with automatic failover so you never wait on rate limits.

Step 04

Comment posted

Findings, severity, and concrete fixes land on the PR within seconds. Reviewers stay focused.

Ship better PRs tonight.

Two minutes to install. Free forever. No credit card.