{"slug": "alibaba-open-code-review", "title": "Alibaba/Open-Code-Review", "summary": "Alibaba Group has open-sourced its internal AI code review tool, Open Code Review, which has served tens of thousands of developers and identified millions of code defects over the past two years. The CLI tool reads Git diffs and uses a configurable large language model agent to generate structured, line-level review comments, combining deterministic engineering for precise file selection and rule matching with agent-driven dynamic decision-making. The release aims to address common pain points in AI code review, such as incomplete coverage and unstable quality, by providing a more stable and predictable open-source alternative.", "body_md": "The open source AI code review agent.\n\nEnglish | [简体中文](/alibaba/open-code-review/blob/main/README.zh-CN.md)\n\nOpen Code Review is an AI-powered code review CLI tool. It originated as Alibaba Group's internal official AI code review assistant — over the past two years, it has served tens of thousands of developers and identified millions of code defects. After thorough validation at massive scale, we incubated it into an open source project for the community. Simply configure a model endpoint to get started.\n\nIt reads Git diffs, sends changed files to a configurable LLM via an agent with tool-use capabilities, and generates structured review comments with line-level precision. The agent can read full file contents, search the codebase, inspect other changed files for context, and produce deep reviews — not just surface-level diff feedback.\n\nIf you've used general-purpose agents like Claude Code with Skills for code review, you've likely encountered these pain points:\n\n**Incomplete coverage**— On larger changesets, agents tend to \"cut corners,\" selectively reviewing only some files and missing others.** Position drift**— Reported issues frequently don't match the actual code location, with line numbers or file references drifting off target.**Unstable quality**— Natural-language-driven Skills are hard to debug, and review quality fluctuates significantly with minor prompt variations.\n\nThe root cause: a purely language-driven architecture lacks hard constraints on the review process.\n\nOpen Code Review's core philosophy is to combine deterministic engineering with an agent, each handling what it does best.\n\n**Deterministic Engineering — Hard Constraints**\n\nFor review steps that *must not go wrong*, engineering logic — not the language model — guarantees correctness:\n\n**Precise file selection**— Determines exactly which files need review and which should be filtered, ensuring no important change is missed.** Smart file bundling**— Groups related files into a single review unit (e.g.,`message_en.properties`\n\nand`message_zh.properties`\n\nare bundled together). Each bundle runs as a sub-agent with isolated context — a divide-and-conquer strategy that stays stable on very large changesets and naturally supports concurrent review.**Fine-grained rule matching**— Matches review rules to each file's characteristics, keeping the model's attention sharply focused and eliminating information noise at the source. Compared to purely language-driven rule guidance, template-engine-based rule matching is more stable and predictable.**External positioning and reflection modules**— Independent comment-positioning and comment-reflection modules systematically improve both the location accuracy and content accuracy of AI feedback.\n\n**Agent — Dynamic Decision-Making**\n\nThe agent's strengths are concentrated where they matter most — dynamic decisions and dynamic context retrieval:\n\n**Scenario-tuned prompts**— Prompt templates deeply optimized for code review, improving effectiveness while reducing token consumption.** Scenario-tuned toolset**— Distilled from deep analysis of tool-call traces in large-scale production data — including call frequency distributions, per-tool repetition rates, and the impact of new tools on the overall call chain — resulting in a purpose-built toolset that is more stable and predictable for code review than a generic agent toolkit.\n\n**Via NPM (Recommended)**\n\n```\nnpm install -g @alibaba-group/open-code-review\n```\n\nAfter installation, the `ocr`\n\ncommand is available globally.\n\n**From GitHub Release**\n\nDownload the latest binary from [GitHub Releases](https://github.com/alibaba/open-code-review/releases):\n\n```\n# macOS (Apple Silicon)\ncurl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-arm64\nchmod +x ocr && sudo mv ocr /usr/local/bin/ocr\n\n# macOS (Intel)\ncurl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-amd64\nchmod +x ocr && sudo mv ocr /usr/local/bin/ocr\n\n# Linux (x86_64)\ncurl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-amd64\nchmod +x ocr && sudo mv ocr /usr/local/bin/ocr\n\n# Linux (ARM64)\ncurl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-arm64\nchmod +x ocr && sudo mv ocr /usr/local/bin/ocr\n\n# Windows (x86_64) — move ocr.exe to a directory in your PATH\ncurl -Lo ocr.exe https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-windows-amd64.exe\n\n# Windows (ARM64) — move ocr.exe to a directory in your PATH\ncurl -Lo ocr.exe https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-windows-arm64.exe\n```\n\n**From Source**\n\n```\ngit clone https://github.com/alibaba/open-code-review.git\ncd open-code-review\nmake build\nsudo cp dist/opencodereview /usr/local/bin/ocr\n```\n\n**1. Configure LLM**\n\n**You must configure an LLM before reviewing code.**\n\n```\n# Option A: Interactive config\nocr config set llm.url https://api.anthropic.com/v1/messages\nocr config set llm.auth_token your-api-key-here\nocr config set llm.model claude-opus-4-6\nocr config set llm.use_anthropic true\n\n# Option B: Environment variables (highest priority)\nexport OCR_LLM_URL=https://api.anthropic.com/v1/messages\nexport OCR_LLM_TOKEN=your-api-key-here\nexport OCR_LLM_MODEL=claude-opus-4-6\nexport OCR_USE_ANTHROPIC=true\n```\n\nConfig is stored in `~/.opencodereview/config.json`\n\n.\n\nIt is also compatible with Claude Code environment variables (`ANTHROPIC_BASE_URL`\n\n, `ANTHROPIC_AUTH_TOKEN`\n\n, `ANTHROPIC_MODEL`\n\n) and parses `~/.zshrc`\n\n/ `~/.bashrc`\n\nfor those exports.\n\n**2. Test Connectivity**\n\n```\nocr llm test\n```\n\n**3. Review**\n\n```\ncd your-project\n\n# Workspace mode — review all staged, unstaged, and untracked changes\nocr review\n\n# Branch range — compare two refs\nocr review --from main --to feature-branch\n\n# Single commit\nocr review --commit abc123\n```\n\nOCR can be seamlessly integrated into AI coding agents as a slash command, enabling code review directly within your agent workflow.\n\nUse `npx`\n\nto install the OCR skill into your project:\n\n```\nnpx skills add alibaba/open-code-review --skill open-code-review\n```\n\nThis installs the `open-code-review`\n\nskill from the [skills registry](/alibaba/open-code-review/blob/main/skills/open-code-review/SKILL.md), which teaches your coding agent how to invoke `ocr`\n\nfor code review, classify issues by priority, and optionally apply fixes.\n\nFor [Claude Code](https://docs.anthropic.com/en/docs/claude-code), install the command plugin through the following command in Claude Code:\n\n```\n/plugin marketplace add alibaba/open-code-review\n/plugin install open-code-review@open-code-review\n```\n\nThis registers the `/open-code-review:review`\n\nslash command, which runs OCR and automatically filters and fixes issues.\n\nFor a quick setup without any package manager, simply copy the command file to use the `/open-code-review`\n\nslash command in Claude Code.\n\n**Project-level** (shared with team via git):\n\n```\nmkdir -p .claude/commands\ncurl -o .claude/commands/open-code-review.md \\\n  https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md\n```\n\n**User-level** (personal global use across all projects):\n\n```\nmkdir -p ~/.claude/commands\ncurl -o ~/.claude/commands/open-code-review.md \\\n  https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md\n```\n\nPrerequisite: All integration methods require the`ocr`\n\nCLI to be installed and an LLM configured. See[Install]and[Configure LLM]above.\n\nOCR can be integrated into CI/CD pipelines to automate code review on Merge Requests / Pull Requests.\n\nThe core command for CI integration:\n\n```\nocr review \\\n  --from \"origin/main\" \\\n  --to \"origin/feature-branch\" \\\n  --format json\n```\n\nThe `--format json`\n\nflag outputs machine-readable results suitable for parsing in CI scripts.\n\nSee the [ examples/](/alibaba/open-code-review/blob/main/examples) directory for integration examples:\n\n— GitHub Actions integration example`github_actions/`\n\n— GitLab CI integration example`gitlab_ci/`\n\n| Command | Alias | Description |\n|---|---|---|\n`ocr review` |\n`ocr r` |\nStart a code review |\n`ocr rules check <file>` |\n— | Preview which review rule applies to a file path |\n`ocr config set <key> <value>` |\n— | Set configuration values |\n`ocr llm test` |\n— | Test LLM connectivity |\n`ocr viewer` |\n`ocr v` |\nLaunch WebUI session viewer on `localhost:5483` |\n`ocr version` |\n— | Show version info |\n\n| Flag | Shorthand | Default | Description |\n|---|---|---|---|\n`--repo` |\n— | current dir | Git repository root |\n`--from` |\n— | — | Source ref (e.g., `main` ) |\n`--to` |\n— | — | Target ref (e.g., `feature-branch` ) |\n`--commit` |\n`-c` |\n— | Single commit to review |\n`--preview` |\n`-p` |\n`false` |\nPreview which files will be reviewed without running the LLM |\n`--format` |\n`-f` |\n`text` |\nOutput format: `text` or `json` |\n`--concurrency` |\n— | `8` |\nMax concurrent file reviews |\n`--timeout` |\n— | `10` |\nConcurrent task timeout in minutes |\n`--audience` |\n— | `human` |\n`human` (show progress) or `agent` (summary only) |\n`--rule` |\n— | — | Path to custom JSON review rules |\n`--max-tools` |\n— | built-in | Max tool call rounds per file; only takes effect when greater than template default |\n`--tools` |\n— | — | Path to custom JSON tools config |\n\n```\n# Preview which files will be reviewed (no LLM calls)\nocr review --preview\nocr review -c abc123 -p\n\n# Review workspace changes with default settings\nocr review\n\n# Review branch diff with higher concurrency\nocr review --from main --to my-feature --concurrency 4\n\n# Review a specific commit with verbose JSON output\nocr review --commit abc123 --format json --audience agent\n\n# Use custom review rules\nocr review --rule /path/to/my-rules.json\n\n# Preview which rule applies to a file\nocr rules check src/main/java/com/example/Foo.java\nocr rules check --rule custom.json src/main/resources/mapper/UserMapper.xml\n\n# View review session history in browser\nocr viewer\nocr viewer --addr :3000\n```\n\nThe viewer serves session JSONL contents (LLM request messages and responses) over HTTP. It enforces a Host-header allowlist on every request: loopback names (`localhost`\n\n, `127.0.0.0/8`\n\n, `::1`\n\n) and the concrete bind host are always allowed. Wildcard binds (`--addr :3000`\n\n, `--addr 0.0.0.0:3000`\n\n) and other non-loopback Hostnames must be added via the `OCR_VIEWER_ALLOWED_HOSTS`\n\nenvironment variable (comma-separated):\n\n```\nOCR_VIEWER_ALLOWED_HOSTS=review.internal,ocr.lan ocr viewer --addr :3000\n```\n\nThis blocks DNS-rebinding attacks against the local viewer.\n\nOCR resolves review rules using a four-layer priority chain. Each layer uses first-match-wins: if a file path matches a pattern, that rule is used; otherwise it falls through to the next layer.\n\n| Priority | Source | Path | Description |\n|---|---|---|---|\n| 1 (highest) | `--rule` flag |\nUser-specified path | CLI explicit override |\n| 2 | Project config | `<repoDir>/.opencodereview/rule.json` |\nPer-project rules, can be committed to git |\n| 3 | Global config | `~/.opencodereview/rule.json` |\nUser-wide personal preferences |\n| 4 (lowest) | System default | Embedded `system_rules.json` |\nBuilt-in rules covering common languages and file types |\n\nLayers 1–3 share the same JSON format:\n\n```\n{\n  \"rules\": [\n    {\n      \"path\": \"force-api/**/*.java\",\n      \"rule\": \"All new methods must validate required parameters for null values\"\n    },\n    {\n      \"path\": \"**/*mapper*.xml\",\n      \"rule\": \"Check SQL for injection risks, parameter errors, and missing closing tags\"\n    }\n  ]\n}\n```\n\n`path`\n\nsupports`**`\n\nrecursive matching and`{java,kt}`\n\nbrace expansion.- Within each layer, rules are evaluated in declaration order — the first match wins.\n- If a rule file does not exist, it is silently skipped.\n\nConfig file: `~/.opencodereview/config.json`\n\n| Key | Type | Example |\n|---|---|---|\n`llm.url` |\nstring | `https://api.openai.com/v1/chat/completions` |\n`llm.auth_token` |\nstring | `sk-xxxxxxx` |\n`llm.model` |\nstring | `claude-opus-4-6` |\n`llm.use_anthropic` |\nboolean | `true` | `false` |\n`language` |\nstring | `English` | `Chinese` (default: Chinese) |\n`telemetry.enabled` |\nboolean | `true` | `false` |\n`telemetry.exporter` |\nstring | `console` | `otlp` |\n`telemetry.otlp_endpoint` |\nstring | OTLP collector address |\n`telemetry.content_logging` |\nboolean | Include prompts in telemetry |\n\nEnvironment variables take precedence over the config file.\n\n| Variable | Purpose |\n|---|---|\n`OCR_LLM_URL` |\nLLM API endpoint URL |\n`OCR_LLM_TOKEN` |\nAPI key / auth token |\n`OCR_LLM_MODEL` |\nModel name |\n`OCR_USE_ANTHROPIC` |\n`true` = Anthropic, `false` = OpenAI |\n\nOpenTelemetry integration for observability (spans, metrics). Disabled by default.\n\n```\nocr config set telemetry.enabled true\nocr config set telemetry.exporter otlp\nocr config set telemetry.otlp_endpoint localhost:4317\n```\n\nSet `telemetry.content_logging`\n\nto include LLM prompts and responses in exported data.\n\nSee [CONTRIBUTING.md](/alibaba/open-code-review/blob/main/CONTRIBUTING.md) for development setup, coding guidelines, and how to submit pull requests.\n\n[Apache-2.0](/alibaba/open-code-review/blob/main/LICENSE) — Copyright 2026 Alibaba", "url": "https://wpnews.pro/news/alibaba-open-code-review", "canonical_source": "https://github.com/alibaba/open-code-review", "published_at": "2026-06-05 00:04:29+00:00", "updated_at": "2026-06-05 00:47:35.717423+00:00", "lang": "en", "topics": ["ai-tools", "ai-agents", "large-language-models", "artificial-intelligence"], "entities": ["Alibaba", "Open Code Review", "Claude Code"], "alternates": {"html": "https://wpnews.pro/news/alibaba-open-code-review", "markdown": "https://wpnews.pro/news/alibaba-open-code-review.md", "text": "https://wpnews.pro/news/alibaba-open-code-review.txt", "jsonld": "https://wpnews.pro/news/alibaba-open-code-review.jsonld"}}