Skip to content
ReviewRouterReviews run in customer CI
Getting started

Install once, keep review execution in your CI.

The fastest safe path is explicit: install the App on selected repositories, choose one repo in the dashboard, merge the setup PR, then connect provider credentials directly into GitHub Actions secrets.

Open dashboardSecurity modelSupportPrivacy
Trust boundary

Secrets never route through the SaaS.

Provider credentials are written from the user's machine to GitHub Actions secrets with gh. For organization usage, prefer selected repositories so only approved repos can access Codex OAuth or Claude Code OAuth.

1

Install the GitHub App

Install ReviewRouter on selected repositories only. The App is used for repository sync, workflow setup PRs, metadata health, and audit.

2

Choose one repo in the dashboard

Search synced repositories in the dashboard, create the setup PR for one repo, then merge it. The small workflow caller runs review inside GitHub Actions and avoids pull_request_target for default review execution.

3

Connect provider credentials from your machine

After the setup PR is merged, open the repository in the dashboard and use Enable review. The command writes Codex OAuth, Claude Code OAuth, OpenAI, or OpenRouter credentials directly to GitHub Actions secrets.

4

Open a pull request

The workflow fetches metadata-only runtime config through OIDC when available, falls back to static workflow config when needed, and posts review results from customer CI.

Codex subscription

Repository secret

Use this when only one repository needs the reviewer. Developers with ordinary repository access cannot read GitHub Actions secret values back through the UI or API.

curl -fsSL https://reviewrouter.site/install/codex | REVIEW_ROUTER_CONFIRM_WRITE=1 REVIEW_ROUTER_REPO=owner/repo bash
Codex subscription

Organization selected repos

Use this when several repos should share the same Codex OAuth secret without granting it to every repository in the organization.

curl -fsSL https://reviewrouter.site/install/codex | REVIEW_ROUTER_CONFIRM_WRITE=1 REVIEW_ROUTER_SECRET_SCOPE=org REVIEW_ROUTER_ORG=acme REVIEW_ROUTER_ORG_SECRET_REPOS=repo-a,repo-b bash
Claude Code subscription

Claude Code OAuth

Run claude setup-token on a trusted machine, then store only the printed token as a GitHub Actions secret. Do not store ANTHROPIC_API_KEY for subscription OAuth.

gh secret set CLAUDE_CODE_OAUTH_TOKEN --repo owner/repo --app actions
API key mode

OpenAI API

If a team does not want Codex subscription OAuth, store an API key directly in GitHub Actions secrets and select API-key auth in the repository config.

gh secret set OPENAI_API_KEY --repo owner/repo --app actions
Router mode

OpenRouter

OpenRouter follows the same custody rule: the key belongs in GitHub Actions secrets, not in ReviewRouter SaaS.

gh secret set OPENROUTER_API_KEY --repo owner/repo --app actions