The open source AI code review agent.
English | ็ฎไฝไธญๆ
Open Code Review is an AI-powered code review CLI tool. It originated as Alibaba Group's internal official AI code review assistant โ over the past two years, it has served tens of thousands of developers and identified millions of code defects. After thorough validation at massive scale, we incubated it into an open source project for the community. Simply configure a model endpoint to get started.
It reads Git diffs, sends changed files to a configurable LLM via an agent with tool-use capabilities, and generates structured review comments with line-level precision. The agent can read full file contents, search the codebase, inspect other changed files for context, and produce deep reviews โ not just surface-level diff feedback.
If you've used general-purpose agents like Claude Code with Skills for code review, you've likely encountered these pain points:
Incomplete coverageโ On larger changesets, agents tend to "cut corners," selectively reviewing only some files and missing others.** Position drift**โ Reported issues frequently don't match the actual code location, with line numbers or file references drifting off target.Unstable qualityโ Natural-language-driven Skills are hard to debug, and review quality fluctuates significantly with minor prompt variations.
The root cause: a purely language-driven architecture lacks hard constraints on the review process.
Open Code Review's core philosophy is to combine deterministic engineering with an agent, each handling what it does best.
Deterministic Engineering โ Hard Constraints
For review steps that must not go wrong, engineering logic โ not the language model โ guarantees correctness:
Precise file selectionโ Determines exactly which files need review and which should be filtered, ensuring no important change is missed.** Smart file bundling**โ Groups related files into a single review unit (e.g.,message_en.properties
andmessage_zh.properties
are bundled together). Each bundle runs as a sub-agent with isolated context โ a divide-and-conquer strategy that stays stable on very large changesets and naturally supports concurrent review.Fine-grained rule matchingโ Matches review rules to each file's characteristics, keeping the model's attention sharply focused and eliminating information noise at the source. Compared to purely language-driven rule guidance, template-engine-based rule matching is more stable and predictable.External positioning and reflection modulesโ Independent comment-positioning and comment-reflection modules systematically improve both the location accuracy and content accuracy of AI feedback.
Agent โ Dynamic Decision-Making
The agent's strengths are concentrated where they matter most โ dynamic decisions and dynamic context retrieval:
Scenario-tuned promptsโ Prompt templates deeply optimized for code review, improving effectiveness while reducing token consumption.** Scenario-tuned toolset**โ Distilled from deep analysis of tool-call traces in large-scale production data โ including call frequency distributions, per-tool repetition rates, and the impact of new tools on the overall call chain โ resulting in a purpose-built toolset that is more stable and predictable for code review than a generic agent toolkit.
Via NPM (Recommended)
npm install -g @alibaba-group/open-code-review
After installation, the ocr
command is available globally.
From GitHub Release
Download the latest binary from GitHub Releases:
curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-arm64
chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-amd64
chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-amd64
chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-arm64
chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
curl -Lo ocr.exe https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-windows-amd64.exe
curl -Lo ocr.exe https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-windows-arm64.exe
From Source
git clone https://github.com/alibaba/open-code-review.git
cd open-code-review
make build
sudo cp dist/opencodereview /usr/local/bin/ocr
1. Configure LLM
You must configure an LLM before reviewing code.
ocr config set llm.url https://api.anthropic.com/v1/messages
ocr config set llm.auth_token your-api-key-here
ocr config set llm.model claude-opus-4-6
ocr config set llm.use_anthropic true
export OCR_LLM_URL=https://api.anthropic.com/v1/messages
export OCR_LLM_TOKEN=your-api-key-here
export OCR_LLM_MODEL=claude-opus-4-6
export OCR_USE_ANTHROPIC=true
Config is stored in ~/.opencodereview/config.json
.
It is also compatible with Claude Code environment variables (ANTHROPIC_BASE_URL
, ANTHROPIC_AUTH_TOKEN
, ANTHROPIC_MODEL
) and parses ~/.zshrc
/ ~/.bashrc
for those exports.
2. Test Connectivity
ocr llm test
3. Review
cd your-project
ocr review
ocr review --from main --to feature-branch
ocr review --commit abc123
OCR can be seamlessly integrated into AI coding agents as a slash command, enabling code review directly within your agent workflow.
Use npx
to install the OCR skill into your project:
npx skills add alibaba/open-code-review --skill open-code-review
This installs the open-code-review
skill from the skills registry, which teaches your coding agent how to invoke ocr
for code review, classify issues by priority, and optionally apply fixes.
For Claude Code, install the command plugin through the following command in Claude Code:
/plugin marketplace add alibaba/open-code-review
/plugin install open-code-review@open-code-review
This registers the /open-code-review:review
slash command, which runs OCR and automatically filters and fixes issues.
For a quick setup without any package manager, simply copy the command file to use the /open-code-review
slash command in Claude Code.
Project-level (shared with team via git):
mkdir -p .claude/commands
curl -o .claude/commands/open-code-review.md \
https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
User-level (personal global use across all projects):
mkdir -p ~/.claude/commands
curl -o ~/.claude/commands/open-code-review.md \
https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
Prerequisite: All integration methods require theocr
CLI to be installed and an LLM configured. See[Install]and[Configure LLM]above.
OCR can be integrated into CI/CD pipelines to automate code review on Merge Requests / Pull Requests.
The core command for CI integration:
ocr review \
--from "origin/main" \
--to "origin/feature-branch" \
--format json
The --format json
flag outputs machine-readable results suitable for parsing in CI scripts.
See the examples/ directory for integration examples:
โ GitHub Actions integration examplegithub_actions/
โ GitLab CI integration examplegitlab_ci/
| Command | Alias | Description |
|---|---|---|
ocr review |
||
ocr r |
||
| Start a code review | ||
ocr rules check <file> |
||
| โ | Preview which review rule applies to a file path | |
ocr config set <key> <value> |
||
| โ | Set configuration values | |
ocr llm test |
||
| โ | Test LLM connectivity | |
ocr viewer |
||
ocr v |
||
Launch WebUI session viewer on localhost:5483 |
||
ocr version |
||
| โ | Show version info |
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--repo |
|||
| โ | current dir | Git repository root | |
--from |
|||
| โ | โ | Source ref (e.g., main ) |
|
--to |
|||
| โ | โ | Target ref (e.g., feature-branch ) |
|
--commit |
|||
-c |
|||
| โ | Single commit to review | ||
--preview |
|||
-p |
|||
false |
|||
| Preview which files will be reviewed without running the LLM | |||
--format |
|||
-f |
|||
text |
|||
Output format: text or json |
|||
--concurrency |
|||
| โ | 8 |
||
| Max concurrent file reviews | |||
--timeout |
|||
| โ | 10 |
||
| Concurrent task timeout in minutes | |||
--audience |
|||
| โ | human |
||
human (show progress) or agent (summary only) |
|||
--rule |
|||
| โ | โ | Path to custom JSON review rules | |
--max-tools |
|||
| โ | built-in | Max tool call rounds per file; only takes effect when greater than template default | |
--tools |
|||
| โ | โ | Path to custom JSON tools config |
ocr review --preview
ocr review -c abc123 -p
ocr review
ocr review --from main --to my-feature --concurrency 4
ocr review --commit abc123 --format json --audience agent
ocr review --rule /path/to/my-rules.json
ocr rules check src/main/java/com/example/Foo.java
ocr rules check --rule custom.json src/main/resources/mapper/UserMapper.xml
ocr viewer
ocr viewer --addr :3000
The viewer serves session JSONL contents (LLM request messages and responses) over HTTP. It enforces a Host-header allowlist on every request: loopback names (localhost
, 127.0.0.0/8
, ::1
) and the concrete bind host are always allowed. Wildcard binds (--addr :3000
, --addr 0.0.0.0:3000
) and other non-loopback Hostnames must be added via the OCR_VIEWER_ALLOWED_HOSTS
environment variable (comma-separated):
OCR_VIEWER_ALLOWED_HOSTS=review.internal,ocr.lan ocr viewer --addr :3000
This blocks DNS-rebinding attacks against the local viewer.
OCR resolves review rules using a four-layer priority chain. Each layer uses first-match-wins: if a file path matches a pattern, that rule is used; otherwise it falls through to the next layer.
| Priority | Source | Path | Description |
|---|---|---|---|
| 1 (highest) | --rule flag |
||
| User-specified path | CLI explicit override | ||
| 2 | Project config | <repoDir>/.opencodereview/rule.json |
|
| Per-project rules, can be committed to git | |||
| 3 | Global config | ~/.opencodereview/rule.json |
|
| User-wide personal preferences | |||
| 4 (lowest) | System default | Embedded system_rules.json |
|
| Built-in rules covering common languages and file types |
Layers 1โ3 share the same JSON format:
{
"rules": [
{
"path": "force-api/**/*.java",
"rule": "All new methods must validate required parameters for null values"
},
{
"path": "**/*mapper*.xml",
"rule": "Check SQL for injection risks, parameter errors, and missing closing tags"
}
]
}
path
supports**
recursive matching and{java,kt}
brace expansion.- Within each layer, rules are evaluated in declaration order โ the first match wins.
- If a rule file does not exist, it is silently skipped.
Config file: ~/.opencodereview/config.json
| Key | Type | Example |
|---|---|---|
llm.url |
||
| string | https://api.openai.com/v1/chat/completions |
|
llm.auth_token |
||
| string | sk-xxxxxxx |
|
llm.model |
||
| string | claude-opus-4-6 |
|
llm.use_anthropic |
||
| boolean | true |
false |
language |
||
| string | English |
Chinese (default: Chinese) |
telemetry.enabled |
||
| boolean | true |
false |
telemetry.exporter |
||
| string | console |
otlp |
telemetry.otlp_endpoint |
||
| string | OTLP collector address | |
telemetry.content_logging |
||
| boolean | Include prompts in telemetry |
Environment variables take precedence over the config file.
| Variable | Purpose |
|---|---|
OCR_LLM_URL |
|
| LLM API endpoint URL | |
OCR_LLM_TOKEN |
|
| API key / auth token | |
OCR_LLM_MODEL |
|
| Model name | |
OCR_USE_ANTHROPIC |
|
true = Anthropic, false = OpenAI |
OpenTelemetry integration for observability (spans, metrics). Disabled by default.
ocr config set telemetry.enabled true
ocr config set telemetry.exporter otlp
ocr config set telemetry.otlp_endpoint localhost:4317
Set telemetry.content_logging
to include LLM prompts and responses in exported data.
See CONTRIBUTING.md for development setup, coding guidelines, and how to submit pull requests.
Apache-2.0 โ Copyright 2026 Alibaba