Skip to content

Instantly share code, notes, and snippets.

@Nateliason

Nateliason/sentry-codex-workflow-guide.md

Created January 30, 2026 16:03
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Nateliason/5d63ac0ae0539ada7a73292ceae2f938 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Nateliason/5d63ac0ae0539ada7a73292ceae2f938 to your computer and use it in GitHub Desktop.
Download ZIP
From Sentry Alert to Merged PR in Minutes: Automating Bug Fixes with Clawdbot + Codex
Raw
sentry-codex-workflow-guide.md

From Sentry Alert to Merged PR in Minutes: Automating Bug Fixes with Clawdbot + Codex

A practical guide to building an autonomous bug-fix pipeline using Sentry, Slack, Clawdbot, and OpenAI Codex CLI.

What This Is

Imagine this workflow:

  1. A bug fires in Sentry
  2. Sentry posts the alert to a Slack channel
  3. Clawdbot (your AI chief of staff) sees it, triages the error, and decides it's fixable
  4. Clawdbot spins up Codex CLI in an isolated git worktree to write the fix
  5. Codex commits, pushes, and opens a PR targeting your staging branch
  6. Clawdbot notifies you via Telegram/Signal/WhatsApp: "Fixed it, PR is up"
  7. You review, merge, ship

The whole thing takes minutes, not hours. No context switching. No staring at stack traces at 11pm.

This guide walks through how to set it up.

Architecture Overview

Sentry → Slack channel → Clawdbot (via Slack integration) → Codex CLI → GitHub PR
                                                                ↓
                                                         Wake event → You get notified

Key pieces:

  • Sentry sends alerts to Slack (native integration, no custom code)
  • Clawdbot monitors the Slack channel, reads incoming alerts, triages
  • Codex CLI does the actual code fix in an isolated worktree
  • GitHub CLI (gh) opens the PR
  • Clawdbot's wake system pings you when it's done

Prerequisites

  • Clawdbot installed and running
  • Codex CLI installed and authenticated (codex auth login)
  • GitHub CLI installed and authenticated (gh auth login)
  • A Sentry project with alerts configured
  • A Slack workspace where you can install apps

Step 1: Set Up Slack as a Clawdbot Channel

Clawdbot connects to Slack via Socket Mode (recommended) or HTTP webhooks. You need a Slack app with the right permissions.

Create the Slack App

  1. Go to api.slack.com/appsCreate New AppFrom scratch
  2. Enable Socket Mode under Settings
  3. Generate an App-Level Token (xapp-...) with the connections:write scope
  4. Under OAuth & Permissions, add the bot token scopes below, then Install to Workspace
  5. Copy the Bot User OAuth Token (xoxb-...)

Required Bot Token Scopes

chat:write
channels:history
channels:read
groups:history
groups:read
im:history
im:read
im:write
mpim:history
mpim:read
mpim:write
users:read
app_mentions:read
reactions:read
reactions:write
pins:read
pins:write
emoji:read
commands
files:read
files:write

Subscribe to Events

Under Event Subscriptions, enable events and subscribe to:

  • message.channels, message.groups, message.im, message.mpim
  • app_mention
  • reaction_added, reaction_removed

Configure Clawdbot

Add to your ~/.clawdbot/clawdbot.json:

{
  channels: {
    slack: {
      enabled: true,
      appToken: "xapp-...",       // or set SLACK_APP_TOKEN env var
      botToken: "xoxb-...",       // or set SLACK_BOT_TOKEN env var
      groupPolicy: "allowlist",
      channels: {
        "#sentry-alerts": {
          allow: true,
          requireMention: false    // Process all messages, no @mention needed
        }
      }
    }
  }
}

Setting requireMention: false is key — you want Clawdbot to see every Sentry alert automatically, not just ones where someone tags it.

Invite the bot to your #sentry-alerts channel (or whatever you call it).

Step 2: Connect Sentry to Slack

This is Sentry's native integration — no custom code needed.

  1. In Sentry, go to Settings → Integrations → Slack
  2. Connect your workspace
  3. Set up Alert Rules to post to your channel:
    • Go to Alerts → Create Alert Rule
    • Set conditions (e.g., "When a new issue is created" or "When an issue happens X times in Y minutes")
    • Add action: Send a Slack notification to #sentry-alerts

Now when bugs fire, Sentry posts formatted alerts to Slack, and Clawdbot sees them.

Step 3: Tell Clawdbot How to Handle Sentry Alerts

This is where it gets interesting. You need to give Clawdbot instructions for triaging and fixing bugs. Add this to your AGENTS.md or SOUL.md in your workspace (default ~/clawd/):

## Sentry Alert Handling

When you see a Sentry alert in the #sentry-alerts Slack channel:

### Triage
1. Read the error message, stack trace, and affected file(s)
2. Determine if this is something you can fix autonomously:
   - ✅ Fix: null reference errors, type mismatches, missing imports,
     obvious logic bugs, unhandled edge cases, formatting issues
   - ⚠️ Escalate: architecture issues, unclear business logic,
     security-sensitive code, database migrations
3. If you can't fix it, summarize the issue and notify me

### Fix Process
1. Create an isolated git worktree from the staging branch
2. Spawn Codex CLI to fix the issue
3. Codex must run tests + linter before committing
4. Open a PR targeting the staging branch
5. Notify me when the PR is ready

### Standard Codex Task Footer
Always append to Codex prompts:
- Run the test suite after changes
- Run the linter/formatter
- Fix any failures before committing
- Create a descriptive branch name like fix/sentry-<short-description>
- Push and open a PR targeting staging
- When done: clawdbot gateway wake --text "Done: <summary>" --mode now

Step 4: The Codex Workflow (How the Fix Actually Happens)

When Clawdbot decides to fix a bug, here's the exact sequence it follows. This is the pattern you'd teach your own Clawdbot:

1. Create an Isolated Worktree

cd ~/Coding/your-project
git worktree add -b fix/sentry-null-user-profile /tmp/codex-fix-1 staging

This creates a separate working copy branched from staging. The main repo is untouched. You can run multiple worktrees in parallel for different fixes.

2. Spawn Codex CLI in the Worktree

# Clawdbot runs this with pty:true (required for Codex's interactive terminal)
codex --yolo exec "Fix the following Sentry error:

Error: Cannot read property 'name' of null
File: app/Services/UserProfileService.php:45
Stack trace: [paste from Sentry alert]

The issue is a null reference when accessing user profile data.
Add proper null checks and handle the edge case gracefully.

After making changes:
1. Run tests: php artisan test
2. Run linter: ./vendor/bin/pint
3. Fix any issues
4. Create branch and commit with a descriptive message
5. Push and open PR targeting staging

When completely finished, run:
clawdbot gateway wake --text \"Done: Fixed null user profile error in UserProfileService\" --mode now"

Key flags:

  • --yolo: No sandbox, no approval prompts. Fastest mode. (Use --full-auto if you want sandbox isolation.)
  • exec: One-shot mode — runs the task and exits
  • The wake command at the end triggers an instant notification back to Clawdbot

3. Clawdbot Monitors in the Background

Clawdbot spawns Codex as a background process with PTY (pseudo-terminal) support:

# What Clawdbot actually runs:
bash pty:true workdir:/tmp/codex-fix-1 background:true command:"codex --yolo exec '...prompt...'"

It can check progress anytime:

  • process action:poll sessionId:XXX — is it still running?
  • process action:log sessionId:XXX — what's the output so far?

4. Codex Finishes → Wake Event → Notification

When Codex completes, the clawdbot gateway wake command fires. This:

  1. Sends a system event to Clawdbot's main session
  2. Triggers an immediate heartbeat
  3. Clawdbot reads the wake message, verifies the PR was created, and notifies you

5. Verification Before Declaring Success

Before telling you the fix is done, Clawdbot verifies:

# In the worktree:
git log --oneline -3          # Did Codex commit?
git diff --stat               # Any uncommitted changes?
gh pr list --head fix/sentry-null-user-profile  # Was a PR opened?

Only if all checks pass does it report success.

Step 5: Set Up Notifications

You probably want to hear about fixes on your primary messaging surface (Telegram, Signal, WhatsApp, etc.), not just in Slack. Clawdbot handles this naturally — when it finishes processing a Sentry alert from Slack, it reports back to your main chat.

If you want explicit control, you can configure cron jobs or webhook delivery targets:

{
  // In your Clawdbot config — cron job for a daily Sentry digest
  // (optional, beyond the real-time flow)
}

But for the real-time flow, Clawdbot's wake system handles it: Codex finishes → wake event → Clawdbot tells you on Telegram/Signal/whatever your primary channel is.

The Full Config (Putting It All Together)

Here's what your ~/.clawdbot/clawdbot.json needs for this workflow:

{
  channels: {
    // Your primary chat channel (e.g., Telegram)
    telegram: {
      enabled: true,
      token: "...",
      allowFrom: [123456789]
    },
    // Slack for Sentry alerts
    slack: {
      enabled: true,
      appToken: "xapp-...",
      botToken: "xoxb-...",
      groupPolicy: "allowlist",
      channels: {
        "#sentry-alerts": {
          allow: true,
          requireMention: false
        }
      }
    }
  },
  hooks: {
    enabled: true,
    token: "your-webhook-secret"  // For the wake endpoint
  }
}

And your workspace instructions (AGENTS.md, TOOLS.md, etc.) should include:

  1. Sentry triage rules (what to fix vs. escalate)
  2. Codex task template (tests, linter, PR target branch, wake command)
  3. Verification checklist (git log, git diff, gh pr list)

Tips from Production Use

Use Worktrees, Not Branches in Your Main Checkout

Git worktrees give you isolated working directories. Codex can do whatever it wants in /tmp/codex-fix-N without affecting your main repo. Multiple fixes can run in parallel.

git worktree add -b fix/issue-name /tmp/codex-fix-N staging
# ... Codex works here ...
git worktree remove /tmp/codex-fix-N  # Clean up after merge

Always Run Tests + Linter Before PR

Include this in every Codex prompt. It catches 90% of issues before you ever see the PR:

After making changes:
1. Run tests
2. Run linter/formatter
3. Fix any failures before committing
4. Only open PR if everything passes

The Wake Command is Essential

Without it, you're polling. With it, you get instant notification:

When completely finished, run:
clawdbot gateway wake --text "Done: <what you did>" --mode now

This triggers Clawdbot's heartbeat system immediately instead of waiting for the next scheduled check.

One Codex Agent at a Time (for OAuth setups)

If you're using Codex with OAuth authentication, there's a known token refresh race condition when running multiple Codex processes simultaneously. Stick to one at a time, or use API key auth for parallel runs.

Verify Before Declaring Failure

Sometimes Codex exits and it looks like nothing happened, but it actually committed and pushed. Always check:

  1. git log --oneline -3 in the worktree
  2. git diff --stat for uncommitted changes
  3. The actual process output

PR Targets

Make sure your Codex prompt specifies the right target branch. For most setups, you want PRs targeting a staging or develop branch, not main/production.

Alternative: Webhook-Based Approach

Instead of going through Slack, you can wire Sentry directly to Clawdbot via webhooks:

# Sentry webhook → Clawdbot's /hooks/agent endpoint
curl -X POST http://your-gateway:18789/hooks/agent \
  -H 'Authorization: Bearer YOUR_HOOK_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "message": "Sentry alert: [error details here]",
    "name": "Sentry",
    "sessionKey": "hook:sentry:issue-123",
    "wakeMode": "now",
    "deliver": true,
    "channel": "telegram"
  }'

You'd need a small transform (Clawdbot supports hooks.mappings with JS/TS transforms) to parse Sentry's webhook payload into the right format. The Slack approach is simpler because Sentry's Slack integration is already well-formatted.

What This Looks Like Day-to-Day

You're at dinner. Your phone buzzes once:

🔧 Sentry alert in #sentry-alerts: NullPointerException in UserProfileService.php:45

I've triaged this — it's a null check issue when a user hasn't completed onboarding. Spinning up Codex to fix it.

Three minutes later:

✅ Fix is ready. PR #247: "fix: add null check for incomplete user profiles" Tests pass, linter clean. Targeting staging. https://github.com/yourorg/yourapp/pull/247

You glance at the diff on your phone, tap merge, go back to dinner.

Summary

Component Role Setup Effort
Sentry Error detection + alerting Already have it
Slack Alert routing to Clawdbot ~15 min (app creation)
Clawdbot Triage + orchestration Configure Slack channel + write triage rules
Codex CLI Autonomous code fix Install + auth
GitHub CLI PR creation Install + auth
Wake system Instant completion notification Built into Clawdbot

The total setup is about an hour if you already have Clawdbot running. The ROI is every bug fix you don't have to context-switch for.

Built with Clawdbot. Find skills and community at clawdhub.com and Discord.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment