The AI code review agent born at Alibaba's scale — combining deterministic engineering with LLM intelligence for precise, token-efficient reviews.
Open Code Review is an AI-powered code review CLI that originated as Alibaba Group’s internal official code review assistant. Over two years it served tens of thousands of developers and caught millions of code defects at production scale before being open-sourced for the broader community. The core idea is simple to configure — point it at any OpenAI-compatible or Anthropic endpoint and run ocr review.
Unlike general-purpose agents that send raw diffs to a language model and hope for the best, Open Code Review wraps the LLM in a deterministic engineering harness. File selection, bundling of related files into sub-agent contexts, and per-language rule matching all happen before the model sees a single token. The result is consistent, predictable coverage with no file-skipping on large changesets, precise line-number attribution for every comment, and token consumption roughly one-ninth that of a raw general-purpose agent approach on the same diff.
The built-in ruleset covers language-specific patterns across Java, TypeScript/JavaScript, Go, Rust, Kotlin, C/C++, and configuration formats like YAML, JSON, and Maven POM files. Rules target high-value classes of bugs — NPE chains, thread-safety violations, XSS injection, SQL injection, dead code, and logic boundary errors — keeping the model focused and comment noise low.
Integration paths are flexible: a global npm install exposes the ocr CLI, pre-built binaries cover all major platforms, and ready-made workflow files enable automated PR review in GitHub Actions and GitLab CI. It also ships as a Claude Code plugin and a Codex plugin for inline agent-driven reviews.
ocr) installable via npm or pre-built binaries for macOS, Linux, and Windows on both x86 and ARMocr config providerocr review against staged or unstaged workspace changes before committing to catch bugs without waiting for CIocr review --from main --to feature-branch to audit the full changeset before merge/open-code-review:review command runs OCR and auto-fixes high-confidence issues in-contextArchitecture Open Code Review is built around a divide-and-conquer agent harness that separates what must be deterministic from what benefits from language model judgment. The outer pipeline — implemented in Go — handles file enumeration, extension and path filtering, smart bundling of semantically related files (such as paired locale property files), and path-based rule resolution. Each bundle becomes an isolated sub-agent that runs concurrently, keeping context windows tight and enabling parallel execution on large changesets. Two post-processing modules — comment positioning and comment reflection — run outside the LLM loop as independent passes, correcting line-number drift and filtering out false positives before any output is surfaced. This architectural discipline is why the tool achieves higher precision than general-purpose agents while consuming far fewer tokens.
Tech Stack
The core is written in Go 1.25, compiled to statically linked binaries distributed for six platform/architecture targets. The LLM layer wraps both the Anthropic SDK and the OpenAI Go SDK, with a unified LLMClient interface that abstracts protocol differences. A provider registry ships with first-class configurations for Anthropic Claude, OpenAI, Alibaba DashScope, and several others. The interactive TUI for provider and model selection is built on Bubbletea and Lipgloss. Observability is wired through OpenTelemetry with both gRPC and stdout exporters. The npm package simply wraps the platform binary download, making npm install -g @alibaba-group/open-code-review the primary distribution path.
Code Quality
The codebase has comprehensive test coverage at all layers — the diff parsing and hunk resolution modules, the LLM client and provider registry, the review command flag parsing, the output formatter, and the agent template renderer all carry dedicated test files with race-detector-enabled runs (go test -race). Error handling is explicit and propagated with fmt.Errorf("context: %w", err) wrapping throughout rather than being swallowed. The task template system is stored as an embedded JSON file and validated at startup. CI runs build, vet, and test on every push with release automation generating signed binaries and an npm package on each tag.
What Makes It Unique
The genuinely novel contribution is the external positioning and reflection architecture. Rather than asking the LLM to produce a correctly positioned comment in a single shot — which general-purpose agents do and fail at on large diffs — Open Code Review separates comment generation from comment positioning into two independent pipeline stages. When hunk-based text matching fails to locate a comment, a dedicated re-location LLM call renders a fresh existing_code snippet from the diff and retries. A separate reflection pass then acts as a fact-checker, reading only the diff to veto comments that contradict visible evidence. This combination of deterministic engineering guards around a language model core is what allows the tool to report both higher precision and lower token consumption on the same benchmark workloads compared to vanilla agent approaches.
Open Code Review is released under the Apache License 2.0. This is a permissive open-source license that allows you to use, modify, and distribute the software freely in commercial products and internal tooling without any copyleft obligations. There are no dual-license restrictions, no enterprise tiers requiring a paid license, and no feature flags that unlock themselves only in a paid build. The full source code as shipped to production at Alibaba is what you get.
Running Open Code Review yourself is operationally lightweight compared to typical self-hosted AI infrastructure. The tool is a single statically linked binary with no external database, no sidecar services, and no persistent daemon — it runs as a CLI command and exits. The only runtime dependency you supply is an LLM API endpoint (any OpenAI-compatible service or Anthropic). Configuration is stored in a JSON file under ~/.opencodereview/. For CI integration, the GitHub Actions workflow file handles everything; there is no server to maintain, no container to keep healthy, and no persistent state to back up. Scaling to more concurrent reviewers means adding more CI runners, not provisioning more infrastructure.
Because there is no hosted SaaS tier, there is also no vendor-managed upgrade path, no support SLA, and no cloud-managed audit log of review sessions. If your organization needs a guaranteed response time on issues or a fully managed review pipeline with role-based access and SSO, you would build that wrapper yourself around the CLI. The project is very actively maintained — releasing multiple times per week at the time of writing — so staying current requires periodic binary upgrades on your side. The trade-off is full control over which LLM endpoint and model you use, no data leaving your chosen provider, and zero per-seat licensing cost.
No Code Platforms · AI Development · Developer Tools
Visual LLM workflow platform with RAG pipelines, agent capabilities, and model management for building production AI applications.
Developer Tools · Game Development · Design Tools
Free, MIT-licensed 2D and 3D game engine with one-click multi-platform export and no royalties.
Developer Tools · Databases · Search
The open-source Postgres development platform that replaces Firebase with authentication, real-time APIs, edge functions, storage, and vector embeddings — all built on PostgreSQL.