Codex CLI Git Workflow Guide (2026) — Auto Commit Messages, PR Descriptions, Code Review

Q: Can Codex CLI automatically generate git commit messages?

Yes. Run: git diff --staged | codex 'Generate a Conventional Commits message for this diff. Output only the message.' You can also wire this up as a git alias for one-command usage.

Q: Can Codex CLI help write PR descriptions?

Yes. Pipe your git log and diff to Codex and ask it to generate a structured PR title and body with Summary, Changes, and Testing sections. In GitHub Actions you can fully automate this on every push.

Q: How do I prevent Codex CLI from touching .git or node_modules?

Create a .codexignore file (same syntax as .gitignore) in your project root listing paths Codex should not read or modify. Also add disallow_commands in AGENTS.md to prevent dangerous git operations.

Codex CLI does far more than write code — it integrates deeply into your Git workflow: auto-generating well-formed commit messages, drafting PR descriptions, and running first-pass code reviews. This guide covers every practical scenario, with ready-to-use scripts and Git aliases.

1. Auto-Generate Commit Messages

Writing commit messages by hand is slow and prone to inconsistency. Codex CLI can analyze your staged diff and produce a properly formatted Conventional Commits message in seconds.

Basic Usage

# Stage your changes
git add -p

# Let Codex generate a commit message from the diff
git diff --staged | codex "Generate a Conventional Commits message for the diff above.
Format: <type>(<scope>): <description>
Types: feat/fix/refactor/test/docs/ci/chore
Output only the commit message itself, no explanation."

Git Alias for One-Command Usage

# Add to ~/.gitconfig
[alias]
  cm = "!git diff --staged | codex 'Generate a Conventional Commits message for this diff. Output only the commit message.' | git commit -F -"

# Usage
git add -p
git cm

Multi-Line Commit Message (feat + detailed body)

git diff --staged | codex "Generate a complete git commit message:
1. First line: <type>(<scope>): <short description> (max 72 chars)
2. Blank line
3. Body: bullet points describing the specific changes
4. If there is a breaking change, add BREAKING CHANGE: explanation
Output only the message, no prefix or wrapper."

Conventional Commits core types: feat (new feature), fix (bug fix), refactor (code restructuring, no behavior change), test (adding or updating tests), docs (documentation), ci (CI/CD config changes), chore (build tools, dependency updates)

2. Auto-Draft Pull Request Descriptions

Codex can analyze all commits on a branch relative to main and automatically generate a structured PR title and body.

Manual PR Description Generation

# Get the commit list relative to main
git log main..HEAD --oneline > /tmp/commits.txt

# Get the full diff
git diff main..HEAD > /tmp/diff.txt

# Generate the PR description
codex "Based on the following commits and code changes, generate a well-structured Pull Request description in Markdown:

Commits:
$(cat /tmp/commits.txt)

Requirements:
- Title: concise PR title (max 72 chars)
- ## Summary: 2-3 sentences describing what this PR does
- ## Changes: categorized list of specific changes (checkbox format - [ ])
- ## Testing: how to test these changes
- ## Notes: any important caveats (optional)"

GitHub CLI Integration (One-Command PR Creation)

# Install GitHub CLI if not already installed
brew install gh  # macOS

# Generate PR description and create the PR in one step
PR_BODY=$(git log main..HEAD --oneline | codex "Generate a GitHub PR description in Markdown with Summary, Changes, and Testing sections")
gh pr create --title "$(git log -1 --pretty=%s)" --body "$PR_BODY"

GitHub Actions Automation (Auto-Draft PR on Every Push)

# .github/workflows/auto-pr.yml
name: Auto Draft PR

on:
  push:
    branches-ignore: [main, master]

jobs:
  draft-pr:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Generate PR description
        env:
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
        run: |
          npm install -g @openai/codex
          COMMITS=$(git log origin/main..HEAD --oneline)
          DIFF=$(git diff origin/main..HEAD --stat)
          PR_BODY=$(echo "$COMMITS\n\n$DIFF" | codex exec "Generate a PR description with Summary, Changes (checkboxes), and Testing sections")
          echo "PR_BODY<<EOF" >> $GITHUB_ENV
          echo "$PR_BODY" >> $GITHUB_ENV
          echo "EOF" >> $GITHUB_ENV
      - name: Create draft PR
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh pr create --draft --title "$(git log -1 --pretty=%s)" --body "$PR_BODY" || true

3. AI-Assisted Code Review

Codex can perform an automated first-pass review of your changes before you commit or push, catching potential issues early.

Local Pre-Commit Review

# Review staged changes
git diff --staged | codex "Review the following code changes, focusing on:
1. Potential bugs or logic errors
2. Security issues (SQL injection, XSS, sensitive data exposure, etc.)
3. Performance problems (N+1 queries, unnecessary recomputation, etc.)
4. Code readability (variable naming, function length, comments)
5. Missing edge cases or error handling
Label each issue with severity (🔴 High / 🟡 Medium / 🟢 Low)"

Pre-Commit Hook for Automatic Review

# .git/hooks/pre-commit
#!/bin/bash
echo "Running Codex code review..."
REVIEW=$(git diff --staged | codex exec "Review for critical bugs and security issues. Output 'PASS' if no critical issues, or list specific problems with line references.")
if echo "$REVIEW" | grep -q "CRITICAL\|SECURITY"; then
  echo "❌ Codex found critical issues:"
  echo "$REVIEW"
  echo "Use 'git commit --no-verify' to bypass (not recommended)"
  exit 1
fi
echo "✅ Codex review passed"

Make the hook executable: chmod +x .git/hooks/pre-commit

PR Code Review via GitHub Actions

# .github/workflows/ai-review.yml
name: AI Code Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: AI Review
        env:
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          npm install -g @openai/codex
          DIFF=$(git diff origin/main..HEAD)
          REVIEW=$(echo "$DIFF" | codex exec "Review this PR diff for bugs, security issues, and code quality. Format as GitHub Markdown with specific file:line references.")
          gh pr comment ${{ github.event.pull_request.number }} --body "## 🤖 Automated Code Review\n\n$REVIEW"

4. Branch Management & Merge Assistance

Generate Branch Naming Suggestions

codex "I need to fix the issue where users are not redirected after token expiry on login.
Suggest a proper git branch name (format: <type>/<short-description>, all lowercase, hyphenated)"
# Example output: fix/auth-token-expiry-redirect

Analyze Merge Conflicts

# When you hit a merge conflict
cat conflicted-file.ts | codex "This file has a git merge conflict (marked with <<<<<<< / ======= / >>>>>>>).
Analyze the changes in both versions, explain the intent of each, and provide a merge recommendation.
If it is safe to merge automatically, output the merged code directly."

Rebase Assistance

# Analyze commits before an interactive rebase
git log main..HEAD --oneline | codex "Analyze these commits and recommend how to tidy them up (which to squash, reword, or keep). Provide the exact operation sequence needed for git rebase -i."

5. .codexignore — Protecting Sensitive Git Files

Create a .codexignore file in your project root to tell Codex which files and directories it should never read or modify. The syntax is identical to .gitignore.

# Create .codexignore in the project root
cat > .codexignore << 'EOF'
# Git internals (should never be modified by Codex)
.git/

# Sensitive configuration
.env
.env.local
.env.production
secrets/
credentials/

# Large binary files
*.jpg *.png *.gif *.ico *.woff *.woff2
dist/
build/
node_modules/
EOF

Note: .codexignore uses the same syntax as .gitignore. Codex will not read or modify matched files, but it also cannot use them for context. Strike the right balance: protect sensitive files without excluding so much source code that Codex loses useful context.

6. AGENTS.md Git Configuration

Use AGENTS.md in your project root to define explicit rules for Codex when working with Git operations. Codex respects these constraints automatically.

# AGENTS.md — Git Operation Constraints

## Allowed Operations
- Read all source code files
- Modify files under src/, tests/, docs/
- Create new files (excluding the .git/ directory)

## Prohibited Operations
- Must not delete the .git/ directory
- Must not modify .gitignore (unless explicitly instructed)
- Must not run git push --force
- Must not modify git config

## Git Commit Standards
Follow the Conventional Commits specification when generating commit messages.
All commit messages must be written in English.

7. Complete Git Workflow Automation Script

This script combines code review, commit message generation, and committing into a single command — ideal for everyday development use.

#!/bin/bash
# codex-git-workflow.sh — Full AI-assisted Git workflow

set -e

# 1. Check for staged files
if ! git diff --cached --quiet; then
  echo "No staged changes. Use 'git add' first."
  exit 1
fi

# 2. AI code review
echo "🔍 Running AI code review..."
REVIEW=$(git diff --staged | codex exec "Review for bugs and security issues. Output PASS or list critical issues.")
if echo "$REVIEW" | grep -qi "CRITICAL\|SECURITY"; then
  echo "❌ Issues found:"
  echo "$REVIEW"
  read -p "Continue anyway? (y/N) " yn
  [[ "$yn" != "y" ]] && exit 1
fi

# 3. Generate commit message
echo "📝 Generating commit message..."
COMMIT_MSG=$(git diff --staged | codex exec "Generate a Conventional Commits message. Output only the message.")
echo "Suggested: $COMMIT_MSG"
read -p "Use this message? (Y/n) " yn
if [[ "$yn" == "n" ]]; then
  read -p "Enter commit message: " COMMIT_MSG
fi

# 4. Commit
git commit -m "$COMMIT_MSG"
echo "✅ Committed: $COMMIT_MSG"

Make the script executable: chmod +x codex-git-workflow.sh

8. FAQ

Can Codex CLI automatically generate git commit messages?

Yes. Run the following command to get a properly formatted commit message:

git diff --staged | codex "Generate a Conventional Commits message for this diff. Output only the message."

You can also wire this up as a git alias for one-command usage — see the "Git Alias" section above. Codex analyzes the diff content, automatically determines the correct commit type (feat/fix/refactor, etc.), and generates an accurate description.

Can Codex CLI help write PR descriptions?

Yes. Pipe your git log and git diff output to Codex and ask it to generate a structured PR title and body with Summary, Changes, and Testing sections. In GitHub Actions you can fully automate this on every push to a feature branch, dramatically reducing repetitive work.

Can Codex CLI do code review?

Yes, for automated first-pass review. Codex analyzes the diff and identifies potential bugs, security vulnerabilities (SQL injection, XSS, etc.), performance problems (N+1 queries), and code style issues, providing specific actionable suggestions. It cannot replace human review, but it reliably catches obvious problems before they reach your teammates.

How do I prevent Codex CLI from touching .git or node_modules?

Two approaches work together:

Create a .codexignore file in your project root (same syntax as .gitignore) listing paths Codex should not read or modify — for example .git/, node_modules/, .env.
Add explicit prohibition rules to AGENTS.md, such as "Must not delete the .git/ directory" and "Must not run git push --force". Codex respects these constraints throughout the session.