Skip to main content

Changelog

User-facing changes only, summarised. One entry per day.
June 18, 2026
Scenario groups become easier to use, PR review gets deeper checks, and UI test artifacts improve.

Scenario groups, PR review, and run artifacts

  • Groups default to parallel. New scenario groups now start in parallel mode, which matches the common folder-style use case for independent scenarios.
  • “Scenarios” language replaces “members.” Group management now talks about scenarios, including Manage scenarios, scenario counts, and Add to group.
  • Record UI-only groups. UI-only scenario groups can be run with video recording, giving every UI scenario in the group a replay artifact.
  • Screenshot lightbox. Test run details can open step screenshots in a larger lightbox for easier debugging.
  • PR review sibling checks. PR review now compares similar guards, branches, filters, metrics, and return shapes inside a diff to catch missing-predicate and contract bugs.
  • Zero-finding escalation. On non-trivial diffs where the first high-precision PR review finds nothing, Qodex can take one deeper pass before accepting a clean result.
See Test groups and folders, Per-step artifacts, and Inline findings.
June 17, 2026
Scenario groups and folders land with sequential and parallel execution modes.

Test groups and folders

  • Scenario groups as runnable folders. Teams can organize related scenarios into groups and run the group as one unit from the web app, schedules, webhooks, CI, or the full suite.
  • Sequential and parallel modes. Sequential groups run scenarios in order and can share captured values. Parallel groups run independent scenarios at the same time.
  • Add to group. Selected scenarios can be added to a group from the scenario list, with validation for sequential and parallel membership rules.
  • Scenario groups view. The groups tab shows group ids such as TG-001, scenario counts, parallel badges, searchable groups, and scenarios inside each group.
  • Drag to reorder. Scenarios inside a group can be reordered directly in the group tree or detail view.
  • Grouped results. Test run details show grouped scenarios under their group container, including a parallel indicator when relevant.
See Test groups and folders and Run the full suite.
June 16, 2026
UI auth profiles support browser-session import and authoring-time reuse.

UI auth profiles

  • UI auth profiles. Browser sessions can now be saved as UI auth profiles and injected into UI scenario replay, so scenarios can start already authenticated.
  • Session import for hard logins. For captcha, OTP, SSO, or other logins the agent cannot automate, users can import a browser session and bind it to an auth profile.
  • Authoring with a bound profile. UI scenario authoring can start from a saved profile’s session instead of forcing the agent through login steps every time.
See Auth profiles and Intent-driven UI scenarios.
June 15, 2026
Pull request reviews can be retried from the Pull Requests page.

Pull request review retry

  • Retry failed PR reviews. The Pull Requests page now exposes a retry path for failed reviews.
See PR review troubleshooting.
June 11, 2026
Onboarding and GitHub PR-review setup become more guided.

Onboarding and PR-review setup

  • Attach-first onboarding. The onboarding flow now guides users toward attaching a Codex account earlier.
  • Simpler setup steps. The wizard drops the API/web/both question and uses a clearer step sequence.
  • Auto-review after GitHub connect. GitHub PR-review onboarding can trigger a review on connect so new users see value immediately.
  • Auto-named Codex accounts. Attached Codex accounts can be named after the person adding them.
See Connect a repo and Account workspaces and projects.
June 10, 2026
Plans, entitlements, pull request tables, and Codex account health get product surfaces.

Plans, PR tables, and Codex account health

  • Plan entitlements. Qodex now computes plan entitlements, cap overrides, module quotas, and upgrade requests from a central model.
  • Admin entitlements panel. Admins can inspect entitlements, read-only modules, and upgrade request state.
  • Pull Requests table parity. The Pull Requests table now matches the Scenarios table structure and filtering model.
  • OAuth expiry emails. Users receive email alerts when a Codex account’s OAuth authorization expires.
See Plans and pricing, Usage and cost caps, and Pull requests.
June 9, 2026
PR review gets richer signals, smarter commands, and more configurable review policy.

Smarter PR reviews and slash commands

  • More review lenses. The PR reviewer now uses a larger curated lens catalog for common bug patterns, including auth, CORS, JWT, SQL string concatenation, path traversal, unsafe redirects, missing cleanup in React effects, stale closures, and accessibility issues. Fresh learned patterns now outrank stale ones.
  • Static-analysis findings are cleaner. Semgrep and gitleaks candidates are deduplicated before the finding cap, and static-analysis hits inside test fixtures, mocks, and snapshots are dropped before they reach the agent.
  • Conversation memory for PRs. Qodex now reads existing PR discussion so it can avoid repeating points the team has already handled.
  • PR description quality grading. The review checklist now includes a lightweight signal for whether the PR description gives enough context.
  • Per-rule disable support. .qodex.yaml can now disable specific review rules with disabled_rules, so teams can turn off checks that do not fit a repo.
  • @qodex retry and @qodex fix. @qodex retry works as an alias for @qodex review, and @qodex fix can generate a one-shot LLM suggestion from an inline finding.
See Slash commands, .qodex.yaml reference, and Inline findings.
June 8, 2026
PR review gets admin traces, manual re-runs, incremental carry-over, and static-analysis-backed review candidates.

PR review quality and operations pass

  • Admin PR review visibility. Admins can now inspect PR review runs with project rollups, per-project filtering, review attribution, token and cost details, credential source, and a Trace drawer for per-review step timing.
  • Manual review trigger. Admins can manually trigger PR reviews, and repeated triggers on the same SHA reuse recent or running reviews instead of creating duplicate jobs.
  • Incremental review and carry-over. Qodex suppresses duplicate inline comments across review runs, carries findings forward safely, and avoids hard-filtering findings against a truncated incremental diff.
  • Walkthrough table. Review comments now include a per-file walkthrough table so readers can see what changed and where Qodex focused.
  • Pre-LLM routing and cost control. Qodex can route skip-eligible and effort-tier PRs before the main LLM call, drops the diff from agent context after turn one, and uses a sanity pass before posting findings.
  • Tool-augmented PR agent. The reviewer can now use review tools, repo cards, AST-backed symbol lookup, find_callers, find_definition, and find_tests to ground findings in code context.
  • Static-analysis ensemble. Semgrep and gitleaks now feed review candidates into the agent.
  • Repo and learning context. Qodex injects a repo card into the initial review prompt and adds a lens catalog plus per-repo learnings to guide future reviews.
  • Slash-command triage. @qodex resolve and @qodex ignore landed for review workflows.
See Walkthrough comment anatomy, Troubleshooting PR review, and How a review fires.
June 7, 2026
Transparency block lands at the bottom of every PR review walkthrough.

Transparency block on every walkthrough

  • Every PR review walkthrough now ends with a “What Qodex checked” block: rules applied, files reviewed, findings dropped by post-filter, probe outcomes per verified finding.
  • On by default. The severity_threshold and confidence_floor reported in the block come straight from the repo’s .qodex.yaml.
  • Intent: decide in one glance whether to trust the review or read the diff yourself.
See Walkthrough comment anatomy and How a review fires.
June 6, 2026
M1 PR review surface ships end to end: webhook, walkthrough, inline comments, verification probes, .qodex.yaml, slash commands, Check Run, multi-project routing.

M1 PR review ships

  • Reviews fire on every PR. pull_request events (opened, synchronize, reopened) trigger a top-level walkthrough comment plus inline comments on findings inside the diff. Findings outside the diff fall back into the walkthrough body so nothing is dropped silently. See PR review and How a review fires.
  • .qodex.yaml per-repo config. Each linked repo can set severity_threshold, confidence_floor, path includes and excludes, and advisory vs blocking mode. Read off the PR head SHA, so config changes ship with the PR. Invalid YAML is reported as an inline comment on the file, not silently ignored. See .qodex.yaml reference.
  • Slash commands. @qodex review re-runs the walkthrough and inline findings on the current head SHA. @qodex help posts the supported-command list. Permissions inherited from the GitHub App install. Author must be a repo collaborator. See Slash commands.
  • Pre-merge Check Run. Every review creates a GitHub Check Run that starts in in_progress on webhook receipt and ends in neutral (advisory, default), success, or failure (blocking, opt-in via .qodex.yaml). Branch protection can require qodex/review. See Check Run and merge gating.
  • Verification probes against preview deployments. When a PR has a successful preview, the reviewer emits one or more HTTP probes per finding, runs them against the preview URL, and attaches request line + response status + verdict (verified, unverified, inconclusive) as evidence. SSRF allowlist rejects link-local, loopback, private, and reserved ranges. See Verification probes.
  • Multi-project install routing. One GitHub App install can now serve many projects through a project_installs grant table. Connecting a new project to an already-installed org is one click, not a re-install. Existing single-project installs auto-backfilled. See Multi-project routing and Connect a repo.