AI code review for data teams, powered by Cortex Code

A GitHub Action that uses Cortex Code to review your pull requests. Works for any codebase -- particularly useful for data engineering projects (SQL, dbt, Snowpark, Streamlit, Python pipelines).

• Security-first: SQL execution is permanently blocked. This action reviews code, it does not access your data. See docs/security.md.
• Data-aware reviews: Cortex Code understands SQL patterns, dbt conventions, Snowpark idioms, and Streamlit apps out of the box.
• Reuses your setup: The same Cortex Code CLI you use locally powers CI reviews. No separate model configuration.

This action cannot execute SQL and cannot read sensitive files (~/.ssh, ~/.snowflake, .env, *.p8, credentials). These restrictions are enforced at runtime via the Cortex Code Agent SDK's canUseTool callback -- independent of prompts. No configuration can override them.

See docs/security.md for the full threat model and rationale.

name: Cortex Code Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: anthu/[email protected]
        with:
          snowflake_private_key: ${{ secrets.SNOWFLAKE_PRIVATE_KEY }}
          snowflake_account: ${{ secrets.SNOWFLAKE_ACCOUNT }}
          snowflake_user: ${{ secrets.SNOWFLAKE_USER }}
          snowflake_role: "CODE_REVIEWER"

Tip: Create a dedicated low-privilege Snowflake service user for CI. It only needs SNOWFLAKE.CORTEX_USER database role -- no data access required.

• PR code review with structured feedback (summary, issues, suggestions, verdict)
• @cortex mention interaction in PR comments
• Auto-fix commits (opt-in via permissions: read-write)
• Real-time progress tracking comment
• Configurable per-project review instructions

MIT © Anton Huck