Dev & Engineering agentagent-skillscode-reviewclirepository-level-context

OpenCodeReview

Hybrid AI code review with line-level comments.

What it does & when to use it

OpenCodeReview is an open-source AI code review CLI from Alibaba built around a deterministic-pipeline-plus-agent architecture. It reviews Git diffs or whole files, uses repository context, and produces line-level comments with built-in rules aimed at issues such as null pointers, thread safety, XSS, and SQL injection. The project says it has been used internally at Alibaba for two years, serving tens of thousands of developers and finding millions of defects. In the project's published benchmark, it reports higher Precision and F1 than general-purpose agents on the same base model, with about one-ninth of the token usage, while deliberately accepting lower Recall.

This repository is focused on code review rather than general coding assistance. ocr review handles diff-based review for workspace changes, branch ranges, single commits, and resumable sessions, while ocr scan reviews full files or directories for audits and unfamiliar codebases. The tool can read full file contents, search the repository, inspect related changed files, and emit structured findings with category and severity fields. The repo also documents integrations for Claude Code, Codex, Cursor, GitHub Actions, and MCP servers.

  1. Review staged, unstaged, and untracked local changes before opening a pull request.
  2. Run automated review in CI/CD against a base branch and commit SHA, then parse JSON output.
  3. Audit a repository or subdirectory with full-file scanning when there is no meaningful diff.
  4. Use it as a skill or plugin inside Claude Code, Codex, or Cursor to trigger review from an agent workflow.
  5. Apply rule-based review to files such as Java or XML where null safety, thread safety, SQL injection, or XSS checks matter.

Pros & cons

Pros
  • The design is purpose-built for review: deterministic file selection, rule matching, and comment positioning are meant to reduce skipped files, position drift, and prompt instability.
  • It produces line-level feedback plus structured `category` and `severity` fields, which is useful for CI filtering, grouping, and gating.
  • The repo covers multiple workflows: diff review, whole-file scan, resumable sessions, a local viewer, GitHub Action support, and agent integrations.
  • It supports OpenAI- and Anthropic-compatible endpoints and allows custom providers, which helps with private gateways and enterprise setups.
Limitations
  • You must configure an external LLM before it can review anything, so quality, latency, and cost depend on the chosen provider and model.
  • By the project's own benchmark, it trades away some Recall in favor of higher Precision, so it is not optimized for maximum issue coverage at any cost.
  • The prompt only says SKILL.md is not cached, so the exact packaged skill behavior cannot be independently verified here.
  • The source material does not provide a definitive supported-language list; it only states that the benchmark spans 10 programming languages.

How to install

Install via NPM with npm install -g @alibaba-group/open-code-review. The README also provides a release installer: curl -fsSL https://raw.githubusercontent.com/alibaba/open-code-review/main/install.sh | sh. For agent-skill style installation, the documented command is npx skills add alibaba/open-code-review --skill open-code-review.

How to use

First configure an LLM provider and model, for example with ocr config provider and ocr config model, then test connectivity with ocr llm test. Typical commands include ocr review for current changes, ocr review --from main --to feature-branch for a branch comparison, ocr review --commit abc123 for a single commit, and ocr scan for full-file review. For automation, the documented CI pattern is ocr review --from "origin/main" --to "<commit_sha>" --format json.

Compared to similar skills

The project explicitly contrasts itself with general-purpose agents such as Claude Code, arguing that purely language-driven review leads to incomplete coverage, position drift, and unstable quality. In its published benchmark, OpenCodeReview claims higher Precision and F1 on the same underlying model, faster reviews, and roughly one-ninth of the token use, with lower Recall as an intentional trade-off.

FAQ

Is this a general coding agent?
No. The repository describes it as an AI-powered code review CLI focused on diff review, whole-file scanning, and structured review output.
Can it work without a useful Git diff?
Yes. `ocr scan` is designed for whole-file review and can also run in non-Git directories by falling back to a filesystem walk that honors `.gitignore`.
Does it only work with one model vendor?
No. The source says it supports OpenAI- and Anthropic-compatible protocols, includes built-in providers, and allows custom providers.
Can it be used in CI or hosted review workflows?
Yes. The README documents JSON output for CI, example integrations for GitHub Actions, GitLab CI, and GitFlic CI, plus a composite GitHub Action shipped in the repository root.