Home / Guides / Command Code

Command Code review in GitHub Actions

Updated July 4, 2026 · applies to pgup-ai/jbot-review-action v0

Command Code might be the fastest of the CLI seats to wire up: the user_… access key you already have goes into one repo secret, one workflow file gets committed, and that's the install. From there, J-Bot Review — an MIT-licensed GitHub Action — has Command Code reviewing every PR on your runner, at no cost beyond your existing plan.

Six sibling setups

Codex (ChatGPT Plus/Pro), Cursor, Devin, Cline, Kilo, Grok Build, and Qoder plug in the same way: one provider value, one secret. The CLI subscription guide compares all eight side by side.

Setup in three steps

  1. Copy the access key. Your key looks like user_… — after a local login it also lives as the apiKey value inside ~/.commandcode/auth.json. Save the key value as the repository secret COMMANDCODE_ACCESS_KEY (Settings → Secrets and variables → Actions).
  2. Commit the workflow. Add the file below as .github/workflows/jbot-review.yml.
  3. Open a pull request. Command Code reviews the full base…head diff on your runner and posts review comments with a verdict; blocking findings are adversarially verified first, nits demoted.
.github/workflows/jbot-review.yml
name: J-Bot Code Review
on:
  pull_request: { types: [opened, reopened, ready_for_review, synchronize] }

concurrency:
  group: jbot-review-${{ github.event.pull_request.number }}
  cancel-in-progress: true

permissions:
  contents: read
  pull-requests: write
  issues: write        # PR reactions use the issues API
  checks: read

jobs:
  review:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v7
        with: { fetch-depth: 0 }
      - uses: pgup-ai/jbot-review-action@v0
        with:
          provider: commandcode
          commandcode-access-key: ${{ secrets.COMMANDCODE_ACCESS_KEY }}
          github-token: ${{ secrets.GITHUB_TOKEN }}

What shows up on the PR

Cost & privacy

FAQ

Can I use my Command Code subscription for automated code review?

Yes. J-Bot Review drives the Command Code CLI backend inside your own GitHub Actions, authenticated with your access key — so the seat you already pay for reviews every pull request. Models are managed by your Command Code account, and J-Bot itself adds no charge.

Where does the COMMANDCODE_ACCESS_KEY secret come from?

Your Command Code access key looks like user_… — after a local login it also lives as the apiKey value inside ~/.commandcode/auth.json. Copy the key value (not the whole file) into a repository secret named COMMANDCODE_ACCESS_KEY. Keep it in Actions secrets — repo variables aren't encrypted.

What does Command Code review cost per PR?

Nothing beyond the Command Code plan you already pay for, plus normal CI minutes. J-Bot Review is MIT-licensed and adds no per-seat or per-review charge. Reviews consume your plan's usage the same way your local Command Code sessions do.

Related