Vercel Agent Code Review automatically analyzes every pull request you open, flags issues a linter would miss, and suggests fixes you can apply in one click.
As your team ships more code, review becomes a bottleneck, and a reviewer without full context can miss security flaws, logic errors, and performance regressions before code is merged.
Code Review reads each pull request against your entire codebase, validates every suggested fix inside a secure sandbox, and surfaces only the changes that pass your real builds, tests, and linters. The result is faster merges with feedback you can trust, because every suggestion has already been tested.
In this guide, you'll learn how to turn on Code Review for your repositories and configure which pull requests it reviews. You'll see how a review runs and how to apply its suggestions, how to request a review or a fix on demand by mentioning @vercel, and how to shape its feedback with your team's coding guidelines. You'll also learn how to troubleshoot reviews that don't appear and how to keep your spending under control.
Before you begin, make sure you have:
- A Vercel account
- A repository connected to a Vercel project through GitHub
- Permission to manage Vercel Agent for your team
Code Review works because Vercel Agent already understands your application. Vercel builds and deploys your code, so Code Review can analyze a pull request with full knowledge of how each change fits the rest of your codebase, rather than reading the diff in isolation.
It uses multi-step reasoning to identify security vulnerabilities, logic errors, and performance issues, including those that linters and type checks routinely miss.
Code Review also validates every fix before it reaches you. For each fix it proposes, Code Review generates a patch, runs the patch in a secure Vercel Sandbox against your real builds, tests, and linters, and shows you the suggestion only if it passes. Because every suggestion has already passed your checks, you can apply it with confidence.
Code Review runs automatically whenever you:
- Create a pull request
- Push a batch of commits to an open pull request
- Create a draft pull request if you've enabled draft reviews in your settings
Each time, it analyzes all the human-readable files in your repository, including:
- Source code files
- Test files
- Configuration files such as
package.jsonand YAML files - Documentation and README files
- Comments within your code
To enable Code Review, open the Agent section of the dashboard, and:
- Click Enable Automatic Reviews to turn on Vercel Agent.
- Under Code Review in the modal, enable Review PRs and build failures automatically
- Under Repositories, choose which repositories to review: all repositories (the default), public only, or private only.
- Under Review Draft PRs, choose whether to skip draft pull requests or review them.
- Under PR Approval, choose whether to auto-approve low-risk PRs or not.
- Click Save.
Once saved, Code Review reviews pull requests in every repository connected to your Vercel projects.
Once Code Review is enabled, it automatically reviews each qualifying pull request, with no extra action required from you. When a review finishes, Code Review posts its findings on the pull request, along with ready-to-apply patches for the issues it found.
Because each patch has already passed your builds, tests, and linters in a sandbox, you can apply a specific change directly from the pull request with one click, then continue your normal merge process.
All of Code Review's changes go through GitHub on your behalf, so they require your explicit authorization. Writing a comment, opening or updating a pull request, and pushing a commit are all attributed to you, and any commit lists Vercel Agent as a co-author, so your team can see how the change was made.
You don't have to wait for an automatic review to put Code Review to work.
Mention @vercel in any pull request comment, and Vercel Agent reads your request and either proposes a fix for you to review and apply or answers your question in the same thread.
For example:
@vercel run a reviewruns a full review of the current changes.@vercel fix the type errorsimplements and commits a fix.@vercel why is this failing?investigates the problem and explains what it finds.
Code Review automatically detects and applies coding guidelines from your repository, so its feedback follows your project's conventions instead of generic defaults.
It looks for guideline files in priority order, from highest to lowest:
| File | Tool |
|---|---|
AGENTS.md | OpenAI Codex / universal standard |
CLAUDE.md | Claude Code |
.github/copilot-instructions.md | GitHub Copilot |
.cursor/rules/*.mdc | Cursor |
.cursorrules | Cursor (legacy) |
.windsurfrules | Windsurf |
.windsurf/rules/*.md | Windsurf (directory) |
.clinerules | Cline |
.github/instructions/*.instructions.md | GitHub Copilot workspace |
.roo/rules/*.md | Roo Code |
.aiassistant/rules/*.md | JetBrains AI Assistant |
CONVENTIONS.md | Aider |
.rules/*.md | Generic rules |
agent.md | Generic agent file |
When more than one guideline file exists in the same directory, Code Review uses the highest-priority one. A few rules govern how guidelines apply:
- Hierarchical: Guidelines apply from parent directories down, so a
CLAUDE.mdat your repository root applies to every file, while asrc/components/CLAUDE.mdadds context for that directory. - Scoped: A guideline only affects files in its own directory subtree, so one in
src/never affects files inlib/. - Nested references: A guideline can pull in other files with
@import "file.md"or relative markdown links. - Size limit: The combined guidelines are capped at 50 KB.
Write guidelines to capture the conventions a linter can't enforce, such as your architecture patterns, design decisions, project-specific pitfalls, and testing requirements.
Keep in mind that Code Review treats guidelines as context rather than instructions. Its core job of finding bugs, security issues, and performance problems always takes precedence over any guideline that conflicts with it.
If Code Review isn't reviewing a pull request, check the most common causes:
- The repository isn't connected to a Vercel project.
- The repository falls outside the Repositories scope you chose during setup.
- The pull request is a draft, but you haven't turned on Review Draft PRs (draft reviews are skipped by default).
You can review both settings in the Agent section, and you can start a review yourself at any time by commenting @vercel run a review on the pull request.
Code Review uses token-based pricing, the same model as Chat. For each review, you pay the underlying AI provider's cost as a pass-through, plus the Vercel Token Rate of $0.25 per 1 million billable tokens.
The cost of a review scales with how complex your changes are and how much code Code Review needs to analyze, so larger pull requests cost more than small ones.
You can track your spending in the Agent section of your dashboard sidebar, where the usage and cost columns show the cost of each review. Paid work begins only after any existing Vercel Agent credit is used and an authorized team member has enabled usage billing.
Code Review never trains on your source code if your team's data preferences setting is off or if you're on an Enterprise plan.
- See the Managing Reviews documentation to customize which repositories get reviewed and monitor your review metrics and spending.
- Learn how Vercel Agent validates fixes before you see them in Vercel Sandbox.
- Explore everything Vercel Agent can do, including investigating anomalies and answering questions in chat, in the Vercel Agent overview.
- See full cost details and credit management in Vercel Agent pricing.