# Using Vercel Agent to review pull requests

**Author:** Ben Sabic

---

Vercel Agent Code Review automatically analyzes every pull request you open, flags issues a linter would miss, and suggests fixes you can apply in one click.

As your team ships more code, review becomes a bottleneck, and a reviewer without full context can miss security flaws, logic errors, and performance regressions before code is merged.

Code Review reads each pull request against your entire codebase, validates every suggested fix inside a secure sandbox, and surfaces only the changes that pass your real builds, tests, and linters. The result is faster merges with feedback you can trust, because every suggestion has already been tested.

## Overview

In this guide, you'll learn how to turn on Code Review for your repositories and configure which pull requests it reviews. You'll see how a review runs and how to apply its suggestions, how to request a review or a fix on demand by mentioning `@vercel`, and how to shape its feedback with your team's coding guidelines. You'll also learn how to troubleshoot reviews that don't appear and how to keep your spending under control.

## Prerequisites

Before you begin, make sure you have:

- A [Vercel account](https://vercel.com/signup)
  
- A repository connected to a Vercel project through [GitHub](https://vercel.com/docs/git/vercel-for-github)
  
- Permission to manage Vercel Agent for your team
  

## How Code Review works

Code Review works because Vercel Agent already understands your application. Vercel builds and deploys your code, so Code Review can analyze a pull request with full knowledge of how each change fits the rest of your codebase, rather than reading the diff in isolation.

It uses multi-step reasoning to identify security vulnerabilities, logic errors, and performance issues, including those that linters and type checks routinely miss.

Code Review also validates every fix before it reaches you. For each fix it proposes, Code Review generates a patch, runs the patch in a secure [Vercel Sandbox](https://vercel.com/docs/sandbox) against your real builds, tests, and linters, and shows you the suggestion only if it passes. Because every suggestion has already passed your checks, you can apply it with confidence.

Code Review runs automatically whenever you:

- Create a pull request
  
- Push a batch of commits to an open pull request
  
- Create a draft pull request if you've enabled draft reviews in your settings
  

Each time, it analyzes all the human-readable files in your repository, including:

- Source code files
  
- Test files
  
- Configuration files such as `package.json` and YAML files
  
- Documentation and README files
  
- Comments within your code
  

## Set up Code Review

To enable Code Review, open the [Agent](https://vercel.com/d?to=%2F%5Bteam%5D%2F~%2Fagent%2Ftasks) section of the dashboard, and:

1. Click **Enable Automatic Reviews** to turn on Vercel Agent.
   
2. Under **Code Review** in the modal, enable **Review PRs and build failures automatically**
   
3. Under **Repositories**, choose which repositories to review: all repositories (the default), public only, or private only.
   
4. Under **Review Draft PRs**, choose whether to skip draft pull requests or review them.
   
5. Under **PR Approval**, choose whether to auto-approve low-risk PRs or not.
   
6. Click **Save**.
   

Once saved, Code Review reviews pull requests in every repository connected to your Vercel projects.

## Review a pull request

Once Code Review is enabled, it automatically reviews each qualifying pull request, with no extra action required from you. When a review finishes, Code Review posts its findings on the pull request, along with ready-to-apply patches for the issues it found.

Because each patch has already passed your builds, tests, and linters in a sandbox, you can apply a specific change directly from the pull request with one click, then continue your normal merge process.

All of Code Review's changes go through GitHub on your behalf, so they require your explicit authorization. Writing a comment, opening or updating a pull request, and pushing a commit are all attributed to you, and any commit lists Vercel Agent as a co-author, so your team can see how the change was made.

## Request a review or fix with `@vercel`

You don't have to wait for an automatic review to put Code Review to work.

Mention `@vercel` in any pull request comment, and Vercel Agent reads your request and either proposes a fix for you to review and apply or answers your question in the same thread.

For example:

- `@vercel run a review` runs a full review of the current changes.
  
- `@vercel fix the type errors` implements and commits a fix.
  
- `@vercel why is this failing?` investigates the problem and explains what it finds.
  

## Tailor reviews to your codebase with guidelines

Code Review automatically detects and applies coding guidelines from your repository, so its feedback follows your project's conventions instead of generic defaults.

It looks for guideline files in priority order, from highest to lowest:

| File                                     | Tool                                                    |
| ---------------------------------------- | ------------------------------------------------------- |
| `AGENTS.md`                              | OpenAI Codex / [universal standard](https://agents.md/) |
| `CLAUDE.md`                              | Claude Code                                             |
| `.github/copilot-instructions.md`        | GitHub Copilot                                          |
| `.cursor/rules/*.mdc`                    | Cursor                                                  |
| `.cursorrules`                           | Cursor (legacy)                                         |
| `.windsurfrules`                         | Windsurf                                                |
| `.windsurf/rules/*.md`                   | Windsurf (directory)                                    |
| `.clinerules`                            | Cline                                                   |
| `.github/instructions/*.instructions.md` | GitHub Copilot workspace                                |
| `.roo/rules/*.md`                        | Roo Code                                                |
| `.aiassistant/rules/*.md`                | JetBrains AI Assistant                                  |
| `CONVENTIONS.md`                         | Aider                                                   |
| `.rules/*.md`                            | Generic rules                                           |
| `agent.md`                               | Generic agent file                                      |

When more than one guideline file exists in the same directory, Code Review uses the highest-priority one. A few rules govern how guidelines apply:

- **Hierarchical**: Guidelines apply from parent directories down, so a `CLAUDE.md` at your repository root applies to every file, while a `src/components/CLAUDE.md` adds context for that directory.
  
- **Scoped**: A guideline only affects files in its own directory subtree, so one in `src/` never affects files in `lib/`.
  
- **Nested references**: A guideline can pull in other files with `@import "file.md"` or relative markdown links.
  
- **Size limit**: The combined guidelines are capped at 50 KB.
  

Write guidelines to capture the conventions a linter can't enforce, such as your architecture patterns, design decisions, project-specific pitfalls, and testing requirements.

Keep in mind that Code Review treats guidelines as context rather than instructions. Its core job of finding bugs, security issues, and performance problems always takes precedence over any guideline that conflicts with it.

## Troubleshoot and manage reviews

If Code Review isn't reviewing a pull request, check the most common causes:

- The repository isn't connected to a Vercel project.
  
- The repository falls outside the **Repositories** scope you chose during setup.
  
- The pull request is a draft, but you haven't turned on **Review Draft PRs** (draft reviews are skipped by default).
  

You can review both settings in the [**Agent**](https://vercel.com/d?to=%2F%5Bteam%5D%2F~%2Fagent%2Ftasks) section, and you can start a review yourself at any time by commenting `@vercel run a review` on the pull request.

## Pricing

Code Review uses token-based pricing, the same model as [Chat](https://vercel.com/docs/agent/chat). For each review, you pay the underlying AI provider's cost as a pass-through, plus the Vercel Token Rate of $0.25 per 1 million billable tokens.

The cost of a review scales with how complex your changes are and how much code Code Review needs to analyze, so larger pull requests cost more than small ones.

You can track your spending in the [**Agent**](https://vercel.com/d?to=%2F%5Bteam%5D%2F~%2Fagent%2Ftasks) section of your dashboard sidebar, where the usage and cost columns show the cost of each review. Paid work begins only after any existing Vercel Agent credit is used and an authorized team member has enabled usage billing.

## Privacy

Code Review never trains on your source code if your team's [data preferences setting](https://vercel.com/d?to=%2F%5Bteam%5D%2F%7E%2Fsettings&title=Data+Preference+Settings) is off or if you're on an [Enterprise plan](https://vercel.com/docs/plans/enterprise).

## Resources and next steps

- See the [Managing Reviews documentation](https://vercel.com/docs/agent/pr-review/usage) to customize which repositories get reviewed and monitor your review metrics and spending.
  
- Learn how Vercel Agent validates fixes before you see them in [Vercel Sandbox](https://vercel.com/docs/sandbox).
  
- Explore everything Vercel Agent can do, including investigating anomalies and answering questions in chat, in the [Vercel Agent overview](https://vercel.com/docs/agent).
  
- See full cost details and credit management in [Vercel Agent pricing](https://vercel.com/docs/agent/pricing).

---

[View full KB sitemap](/kb/sitemap.md)
