@alibaba-group/open-code-review 1.1.7 → 1.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,8 +1,67 @@
1
- # OpenCodeReview CLI
1
+ <p align="center">
2
+ <a href="https://alibaba.github.io/open-code-review/">
3
+ <img src="imgs/logo.svg" alt="OpenCodeReview logo" width="240" height="240">
4
+ </a>
5
+ </p>
6
+ <p align="center">The open source AI code review agent.</p>
7
+ <p align="center">
8
+ <a href="https://www.npmjs.com/package/@alibaba-group/open-code-review"><img alt="npm" src="https://img.shields.io/npm/v/@alibaba-group/open-code-review?style=flat-square" /></a>
9
+ <a href="https://github.com/alibaba/open-code-review/actions/workflows/release.yml"><img alt="Build status" src="https://img.shields.io/github/actions/workflow/status/alibaba/open-code-review/release.yml?style=flat-square" /></a>
10
+ <a href="https://github.com/alibaba/open-code-review/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/github/license/alibaba/open-code-review?style=flat-square" /></a>
11
+ </p>
12
+ <p align="center">
13
+ English | <a href="README.zh-CN.md">简体中文</a>
14
+ </p>
2
15
 
3
- AI-powered code review tool that reads Git diffs, sends changed files to a configurable LLM via OpenAI-compatible API, and generates structured review comments. It goes beyond surface-level analysis — the Agent can read project context for deep reviews.
16
+ ---
4
17
 
5
- ## Install
18
+ ## What is Open Code Review?
19
+
20
+ Open Code Review is an AI-powered code review CLI tool. It originated as Alibaba Group's internal official AI code review assistant — over the past two years, it has served tens of thousands of developers and identified millions of code defects. After thorough validation at massive scale, we incubated it into an open source project for the community. Simply configure a model endpoint to get started.
21
+
22
+ It reads Git diffs, sends changed files to a configurable LLM via an agent with tool-use capabilities, and generates structured review comments with line-level precision. The agent can read full file contents, search the codebase, inspect other changed files for context, and produce deep reviews — not just surface-level diff feedback.
23
+
24
+ ![Highlights](imgs/highlights-en.png)
25
+
26
+ ## Why Open Code Review?
27
+
28
+ ### The Problem with General-Purpose Agents
29
+
30
+ If you've used general-purpose agents like Claude Code with Skills for code review, you've likely encountered these pain points:
31
+
32
+ - **Incomplete coverage** — On larger changesets, agents tend to "cut corners," selectively reviewing only some files and missing others.
33
+ - **Position drift** — Reported issues frequently don't match the actual code location, with line numbers or file references drifting off target.
34
+ - **Unstable quality** — Natural-language-driven Skills are hard to debug, and review quality fluctuates significantly with minor prompt variations.
35
+
36
+ The root cause: a purely language-driven architecture lacks hard constraints on the review process.
37
+
38
+ ### Core Design: Deterministic Engineering × Agent Hybrid
39
+
40
+ Open Code Review's core philosophy is to combine deterministic engineering with an agent, each handling what it does best.
41
+
42
+ **Deterministic Engineering — Hard Constraints**
43
+
44
+ For review steps that *must not go wrong*, engineering logic — not the language model — guarantees correctness:
45
+
46
+ - **Precise file selection** — Determines exactly which files need review and which should be filtered, ensuring no important change is missed.
47
+ - **Smart file bundling** — Groups related files into a single review unit (e.g., `message_en.properties` and `message_zh.properties` are bundled together). Each bundle runs as a sub-agent with isolated context — a divide-and-conquer strategy that stays stable on very large changesets and naturally supports concurrent review.
48
+ - **Fine-grained rule matching** — Matches review rules to each file's characteristics, keeping the model's attention sharply focused and eliminating information noise at the source. Compared to purely language-driven rule guidance, template-engine-based rule matching is more stable and predictable.
49
+ - **External positioning and reflection modules** — Independent comment-positioning and comment-reflection modules systematically improve both the location accuracy and content accuracy of AI feedback.
50
+
51
+ **Agent — Dynamic Decision-Making**
52
+
53
+ The agent's strengths are concentrated where they matter most — dynamic decisions and dynamic context retrieval:
54
+
55
+ - **Scenario-tuned prompts** — Prompt templates deeply optimized for code review, improving effectiveness while reducing token consumption.
56
+ - **Scenario-tuned toolset** — Distilled from deep analysis of tool-call traces in large-scale production data — including call frequency distributions, per-tool repetition rates, and the impact of new tools on the overall call chain — resulting in a purpose-built toolset that is more stable and predictable for code review than a generic agent toolkit.
57
+
58
+ ## How to Use
59
+
60
+ ### CLI
61
+
62
+ #### Install
63
+
64
+ **Via NPM (Recommended)**
6
65
 
7
66
  ```bash
8
67
  npm install -g @alibaba-group/open-code-review
@@ -10,86 +69,283 @@ npm install -g @alibaba-group/open-code-review
10
69
 
11
70
  After installation, the `ocr` command is available globally.
12
71
 
13
- ### Version Control
72
+ **From GitHub Release**
73
+
74
+ Download the latest binary from [GitHub Releases](https://github.com/alibaba/open-code-review/releases):
14
75
 
15
76
  ```bash
16
- # Install specific version
17
- OCR_VERSION=v1.0.0 npm install -g @alibaba-group/open-code-review
18
- ```
77
+ # macOS (Apple Silicon)
78
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-arm64
79
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
19
80
 
20
- ## Prerequisites
81
+ # macOS (Intel)
82
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-amd64
83
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
84
+
85
+ # Linux (x86_64)
86
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-amd64
87
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
88
+
89
+ # Linux (ARM64)
90
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-arm64
91
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
92
+ ```
21
93
 
22
- **You must configure an LLM provider before using `ocr`.** The tool requires access to an OpenAI-compatible API endpoint (OpenAI, Claude, local models, etc.).
94
+ **From Source**
23
95
 
24
96
  ```bash
25
- ocr config set llm.url https://api.anthropic.com/v1/messages \
26
- && ocr config set llm.auth_token {{your-api-key}} \
27
- && ocr config set llm.model claude-opus-4-6 \
28
- && ocr config set llm.use_anthropic true \
29
- && ocr config set language Chinese
97
+ git clone https://github.com/alibaba/open-code-review.git
98
+ cd open-code-review
99
+ make build
100
+ sudo cp dist/opencodereview /usr/local/bin/ocr
30
101
  ```
31
102
 
32
- Config is stored in `~/.opencodereview/config.json`.
103
+ #### Quick Start
104
+
105
+ **1. Configure LLM**
33
106
 
34
- Or via environment variables:
107
+ **You must configure an LLM before reviewing code.**
35
108
 
36
109
  ```bash
110
+ # Option A: Interactive config
111
+ ocr config set llm.url https://api.anthropic.com/v1/messages
112
+ ocr config set llm.auth_token your-api-key-here
113
+ ocr config set llm.model claude-opus-4-6
114
+ ocr config set llm.use_anthropic true
115
+
116
+ # Option B: Environment variables (highest priority)
37
117
  export OCR_LLM_URL=https://api.anthropic.com/v1/messages
38
- export OCR_LLM_TOKEN=your-api-key
118
+ export OCR_LLM_TOKEN=your-api-key-here
39
119
  export OCR_LLM_MODEL=claude-opus-4-6
120
+ export OCR_USE_ANTHROPIC=true
40
121
  ```
41
122
 
42
- ### Test Connectivity
123
+ Config is stored in `~/.opencodereview/config.json`.
124
+
125
+ It is also compatible with Claude Code environment variables (`ANTHROPIC_BASE_URL`, `ANTHROPIC_AUTH_TOKEN`, `ANTHROPIC_MODEL`) and parses `~/.zshrc` / `~/.bashrc` for those exports.
126
+
127
+ **2. Test Connectivity**
43
128
 
44
129
  ```bash
45
130
  ocr llm test
46
131
  ```
47
132
 
48
- ## Quick Start
49
-
50
- Navigate to any Git repository and run:
133
+ **3. Review**
51
134
 
52
135
  ```bash
53
- # Review all workspace changes
136
+ cd your-project
137
+
138
+ # Workspace mode — review all staged, unstaged, and untracked changes
54
139
  ocr review
55
140
 
56
- # Review diff between two branches
141
+ # Branch range compare two refs
57
142
  ocr review --from main --to feature-branch
58
143
 
59
- # Review a single commit
144
+ # Single commit
60
145
  ocr review --commit abc123
61
146
  ```
62
147
 
148
+ ### Integrate with Coding Agents
149
+
150
+ OCR can be seamlessly integrated into AI coding agents as a slash command, enabling code review directly within your agent workflow.
151
+
152
+ #### Option 1: Install as a Skill
153
+
154
+ Use `npx` to install the OCR skill into your project:
155
+
156
+ ```bash
157
+ npx skills add alibaba/open-code-review --skill open-code-review
158
+ ```
159
+
160
+ This installs the `open-code-review` skill from the [skills registry](skills/open-code-review/SKILL.md), which teaches your coding agent how to invoke `ocr` for code review, classify issues by priority, and optionally apply fixes.
161
+
162
+ #### Option 2: Install as a Claude Code Plugin
163
+
164
+ For [Claude Code](https://docs.anthropic.com/en/docs/claude-code), install the command plugin through the following command in Claude Code:
165
+
166
+ ```bash
167
+ /plugin marketplace add alibaba/open-code-review
168
+ /plugin install open-code-review@open-code-review
169
+ ```
170
+
171
+ This registers the `/open-code-review:review` slash command, which runs OCR and automatically filters and fixes issues.
172
+
173
+ #### Option 3: Copy the Command File Directly
174
+
175
+ For a quick setup without any package manager, simply copy the command file to use the `/open-code-review` slash command in Claude Code.
176
+
177
+ **Project-level** (shared with team via git):
178
+
179
+ ```bash
180
+ mkdir -p .claude/commands
181
+ curl -o .claude/commands/open-code-review.md \
182
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
183
+ ```
184
+
185
+ **User-level** (personal global use across all projects):
186
+
187
+ ```bash
188
+ mkdir -p ~/.claude/commands
189
+ curl -o ~/.claude/commands/open-code-review.md \
190
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
191
+ ```
192
+
193
+ > **Prerequisite**: All integration methods require the `ocr` CLI to be installed and an LLM configured. See [Install](#install) and [Configure LLM](#1-configure-llm) above.
194
+
195
+ ### CI/CD Integration
196
+
197
+ OCR can be integrated into CI/CD pipelines to automate code review on Merge Requests / Pull Requests.
198
+
199
+ The core command for CI integration:
200
+
201
+ ```bash
202
+ ocr review \
203
+ --from "origin/main" \
204
+ --to "origin/feature-branch" \
205
+ --format json \
206
+ --audience agent
207
+ ```
208
+
209
+ The `--format json` and `--audience agent` flags output machine-readable results suitable for parsing in CI scripts.
210
+
211
+ See the [`examples/`](./examples/) directory for integration examples:
212
+
213
+ - [`github_actions/`](./examples/github_actions/) — GitHub Actions integration example
214
+ - [`gitlab_ci/`](./examples/gitlab_ci/) — GitLab CI integration example
215
+
63
216
  ## Commands
64
217
 
65
- | Command | Description |
66
- |---------|-------------|
67
- | `ocr review` / `ocr r` | Start code review |
68
- | `ocr config set <key> <value>` | Manage configuration |
69
- | `ocr llm test` | Test LLM connectivity |
70
- | `ocr viewer` | Start WebUI session viewer |
71
- | `ocr version` | Show version info |
218
+ | Command | Alias | Description |
219
+ |---------|-------|-------------|
220
+ | `ocr review` | `ocr r` | Start a code review |
221
+ | `ocr rules check <file>` | | Preview which review rule applies to a file path |
222
+ | `ocr config set <key> <value>` | | Set configuration values |
223
+ | `ocr llm test` | | Test LLM connectivity |
224
+ | `ocr viewer` | `ocr v` | Launch WebUI session viewer on `localhost:5483` |
225
+ | `ocr version` | — | Show version info |
72
226
 
73
- ## Common Options
227
+ ### `ocr review` Flags
74
228
 
75
229
  | Flag | Shorthand | Default | Description |
76
230
  |------|-----------|---------|-------------|
77
- | `--repo` | | current dir | Git repository root |
78
- | `--from` | | | Source ref (e.g., `main`) |
79
- | `--to` | | | Target ref (e.g., `feature-branch`) |
80
- | `--commit` | `-c` | | Review a single commit |
231
+ | `--repo` | | current dir | Git repository root |
232
+ | `--from` | | | Source ref (e.g., `main`) |
233
+ | `--to` | | | Target ref (e.g., `feature-branch`) |
234
+ | `--commit` | `-c` | | Single commit to review |
235
+ | `--preview` | `-p` | `false` | Preview which files will be reviewed without running the LLM |
81
236
  | `--format` | `-f` | `text` | Output format: `text` or `json` |
82
- | `--concurrency` | | `4` | Max concurrent file reviews |
83
- | `--timeout` | | `10` | Per-file timeout (minutes) |
237
+ | `--concurrency` | | `8` | Max concurrent file reviews |
238
+ | `--timeout` | | `10` | Concurrent task timeout in minutes |
239
+ | `--audience` | — | `human` | `human` (show progress) or `agent` (summary only) |
240
+ | `--rule` | — | — | Path to custom JSON review rules |
241
+ | `--tools` | — | — | Path to custom JSON tools config |
242
+
243
+ ## Examples
244
+
245
+ ```bash
246
+ # Preview which files will be reviewed (no LLM calls)
247
+ ocr review --preview
248
+ ocr review -c abc123 -p
249
+
250
+ # Review workspace changes with default settings
251
+ ocr review
252
+
253
+ # Review branch diff with higher concurrency
254
+ ocr review --from main --to my-feature --concurrency 4
255
+
256
+ # Review a specific commit with verbose JSON output
257
+ ocr review --commit abc123 --format json --audience agent
258
+
259
+ # Use custom review rules
260
+ ocr review --rule /path/to/my-rules.json
261
+
262
+ # Preview which rule applies to a file
263
+ ocr rules check src/main/java/com/example/Foo.java
264
+ ocr rules check --rule custom.json src/main/resources/mapper/UserMapper.xml
265
+
266
+ # View review session history in browser
267
+ ocr viewer
268
+ ocr viewer --addr :3000
269
+ ```
270
+
271
+ ## Review Rules
272
+
273
+ OCR resolves review rules using a four-layer priority chain. Each layer uses first-match-wins: if a file path matches a pattern, that rule is used; otherwise it falls through to the next layer.
274
+
275
+ | Priority | Source | Path | Description |
276
+ |----------|--------|------|-------------|
277
+ | 1 (highest) | `--rule` flag | User-specified path | CLI explicit override |
278
+ | 2 | Project config | `<repoDir>/.opencodereview/rule.json` | Per-project rules, can be committed to git |
279
+ | 3 | Global config | `~/.opencodereview/rule.json` | User-wide personal preferences |
280
+ | 4 (lowest) | System default | Embedded `system_rules.json` | Built-in rules covering common languages and file types |
281
+
282
+ ### Rule File Format
283
+
284
+ Layers 1–3 share the same JSON format:
285
+
286
+ ```json
287
+ {
288
+ "rules": [
289
+ {
290
+ "path": "force-api/**/*.java",
291
+ "rule": "All new methods must validate required parameters for null values"
292
+ },
293
+ {
294
+ "path": "**/*mapper*.xml",
295
+ "rule": "Check SQL for injection risks, parameter errors, and missing closing tags"
296
+ }
297
+ ]
298
+ }
299
+ ```
300
+
301
+ - `path` supports `**` recursive matching and `{java,kt}` brace expansion.
302
+ - Within each layer, rules are evaluated in declaration order — the first match wins.
303
+ - If a rule file does not exist, it is silently skipped.
304
+
305
+ ## Configuration Reference
306
+
307
+ Config file: `~/.opencodereview/config.json`
308
+
309
+ | Key | Type | Example |
310
+ |-----|------|---------|
311
+ | `llm.url` | string | `https://api.openai.com/v1/chat/completions` |
312
+ | `llm.auth_token` | string | `sk-xxxxxxx` |
313
+ | `llm.model` | string | `claude-opus-4-6` |
314
+ | `llm.use_anthropic` | boolean | `true` \| `false` |
315
+ | `language` | string | `English` \| `Chinese` (default: Chinese) |
316
+ | `telemetry.enabled` | boolean | `true` \| `false` |
317
+ | `telemetry.exporter` | string | `console` \| `otlp` |
318
+ | `telemetry.otlp_endpoint` | string | OTLP collector address |
319
+ | `telemetry.content_logging` | boolean | Include prompts in telemetry |
320
+
321
+ Environment variables take precedence over the config file.
322
+
323
+ ### Environment Variables
324
+
325
+ | Variable | Purpose |
326
+ |----------|---------|
327
+ | `OCR_LLM_URL` | LLM API endpoint URL |
328
+ | `OCR_LLM_TOKEN` | API key / auth token |
329
+ | `OCR_LLM_MODEL` | Model name |
330
+ | `OCR_USE_ANTHROPIC` | `true` = Anthropic, `false` = OpenAI |
331
+
332
+
333
+ ## Telemetry
334
+
335
+ OpenTelemetry integration for observability (spans, metrics). Disabled by default.
336
+
337
+ ```bash
338
+ ocr config set telemetry.enabled true
339
+ ocr config set telemetry.exporter otlp
340
+ ocr config set telemetry.otlp_endpoint localhost:4317
341
+ ```
342
+
343
+ Set `telemetry.content_logging` to include LLM prompts and responses in exported data.
84
344
 
85
- ## Features
345
+ ## Contributing
86
346
 
87
- - **Three review modes**: workspace changes, branch range, single commit
88
- - **Context-aware**: Agent reads arbitrary files, searches code via `git grep`, inspects diffs
89
- - **Plan phase**: Large changes (>50 lines) get risk analysis first
90
- - **Any LLM**: Works with OpenAI, Claude-compatible endpoints, local models
91
- - **Concurrent**: Files reviewed in parallel (configurable workers)
347
+ See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, coding guidelines, and how to submit pull requests.
92
348
 
93
349
  ## License
94
350
 
95
- Apache-2.0
351
+ [Apache-2.0](LICENSE) — Copyright 2026 Alibaba
package/README.zh-CN.md CHANGED
@@ -15,15 +15,53 @@
15
15
 
16
16
  ---
17
17
 
18
- AI 驱动的代码审查 CLI 工具,读取 Git diff,通过具备工具调用能力的 Agent 将变更文件发送至可配置的 LLM,生成具有行级精度的结构化审查意见。
18
+ ## Open Code Review 是什么?
19
19
 
20
- Agent 可以读取完整文件内容、搜索代码库、检查其他变更文件以获取上下文,从而进行深度审查 —— 而非仅停留在表面的 diff 反馈。
20
+ Open Code Review 是一款 AI 驱动的代码审查 CLI 工具。它的前身是阿里集团内部官方 AI 代码审查助手,过去两年在内部服务了数万开发者,识别了数百万个代码缺陷。经过大规模充分验证后,我们将其孵化为开源项目,对社区开放。只需配置一个模型端点即可使用。
21
21
 
22
- ![Open Benchmark](imgs/open-benchmark.png)
22
+ 它读取 Git diff,通过具备工具调用能力的 Agent 将变更文件发送至可配置的 LLM,生成具有行级精度的结构化审查意见。Agent 可以读取完整文件内容、搜索代码库、检查其他变更文件以获取上下文,从而进行深度审查——而非仅停留在表面的 diff 反馈。
23
23
 
24
- ## 安装
24
+ ![Highlights](imgs/highlights-zh.png)
25
25
 
26
- ### 通过 NPM 安装(推荐)
26
+ ## 为什么选择 Open Code Review?
27
+
28
+ ### 通用 Agent 的局限
29
+
30
+ 如果你深度用过 Claude Code 等通用 Agent + Skills 方案做代码审查,可能对以下问题深有同感:
31
+
32
+ - **覆盖不全** —— 变更较大时,Agent 倾向于"偷懒",选择性地审查部分文件,导致遗漏。
33
+ - **位置漂移** —— 报告的问题与实际代码位置常常对不上,出现行号或文件偏移。
34
+ - **效果不稳定** —— 基于自然语言驱动的 Skills 难以调试,审查质量因提示词的细微差异而大幅波动。
35
+
36
+ 这些问题的根源在于:纯语言驱动的架构缺乏对审查流程的强约束。
37
+
38
+ ### 核心设计:确定性工程 × Agent 混合驱动
39
+
40
+ Open Code Review 的核心设计理念是将确定性工程与 Agent 结合,各司其职。
41
+
42
+ **确定性工程——负责强约束**
43
+
44
+ 对代码审查场景中"不能出错"的环节,由工程逻辑而非语言模型来保证:
45
+
46
+ - **精准的文件筛选** —— 明确哪些文件需要审查、哪些应当过滤,确保真正重要的改动一个不漏。
47
+ - **智能的文件打包** —— 将关联文件归并为同一审查单元(例如 `message_en.properties` 与 `message_zh.properties` 会被打包在一起)。每个包会作为 sub-agent 进行任务,它们之间的上下文是隔离的——这一分治策略在超大变更场景下表现更为稳定,同时天然支持并发审查。
48
+ - **精细化规则匹配** —— 针对不同文件的特征,匹配对应的审查规则,确保模型的注意力足够聚焦,从源头规避信息噪声的干扰。相比纯语言驱动的规则引导,基于模板引擎的规则匹配行为更稳定、结果更可预期。
49
+ - **外挂的定位与反思组件** —— 独立的评论定位模块与评论反思模块,系统性地提升 AI 反馈的位置准确性与内容准确性。
50
+
51
+ **Agent——负责动态决策**
52
+
53
+ 将 Agent 的优势集中发挥在它真正擅长的地方——动态决策、动态召回上下文:
54
+
55
+ - **场景化提示词调优** —— 针对代码审查场景深度优化提示词模板,在提升效果的同时有效降低 Token 消耗。
56
+ - **场景化工具集沉淀** —— 基于对大量线上数据中工具调用轨迹的深入分析,包括不同工具的调用频率分布、单一工具的重复调用率、新增工具对整体调用链路的影响等多维度分析,从而对通用 Agent 工具集进行取舍与拆分,最终沉淀出一套在代码审查场景下效果更稳定、行为更可预期的专属工具集。
57
+
58
+ ## 如何使用
59
+
60
+ ### CLI
61
+
62
+ #### 安装
63
+
64
+ **通过 NPM 安装(推荐)**
27
65
 
28
66
  ```bash
29
67
  npm install -g @alibaba-group/open-code-review
@@ -31,7 +69,7 @@ npm install -g @alibaba-group/open-code-review
31
69
 
32
70
  安装后,`ocr` 命令即可全局使用。
33
71
 
34
- ### GitHub Release 下载
72
+ **从 GitHub Release 下载**
35
73
 
36
74
  从 [GitHub Releases](https://github.com/alibaba/open-code-review/releases) 下载最新二进制文件:
37
75
 
@@ -53,7 +91,7 @@ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/downloa
53
91
  chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
54
92
  ```
55
93
 
56
- ### 从源码构建
94
+ **从源码构建**
57
95
 
58
96
  ```bash
59
97
  git clone https://github.com/alibaba/open-code-review.git
@@ -62,9 +100,9 @@ make build
62
100
  sudo cp dist/opencodereview /usr/local/bin/ocr
63
101
  ```
64
102
 
65
- ## 快速开始
103
+ #### 快速开始
66
104
 
67
- ### 1. 配置 LLM
105
+ **1. 配置 LLM**
68
106
 
69
107
  **在审查代码之前,必须先配置 LLM。**
70
108
 
@@ -84,15 +122,15 @@ export OCR_USE_ANTHROPIC=true
84
122
 
85
123
  配置存储于 `~/.opencodereview/config.json`。
86
124
 
87
- 工具也会回退使用 Claude Code 环境变量(`ANTHROPIC_BASE_URL`、`ANTHROPIC_AUTH_TOKEN`、`ANTHROPIC_MODEL`),并解析 `~/.zshrc` / `~/.bashrc` 中的相关导出。
125
+ 同时兼容了 Claude Code 环境变量(`ANTHROPIC_BASE_URL`、`ANTHROPIC_AUTH_TOKEN`、`ANTHROPIC_MODEL`),并解析 `~/.zshrc` / `~/.bashrc` 中的相关导出。
88
126
 
89
- ### 2. 测试连通性
127
+ **2. 测试连通性**
90
128
 
91
129
  ```bash
92
130
  ocr llm test
93
131
  ```
94
132
 
95
- ### 3. 开始审查
133
+ **3. 开始审查**
96
134
 
97
135
  ```bash
98
136
  cd your-project
@@ -107,6 +145,74 @@ ocr review --from main --to feature-branch
107
145
  ocr review --commit abc123
108
146
  ```
109
147
 
148
+ ### 集成到编程 Agent
149
+
150
+ OCR 可以无缝集成到 AI 编程 Agent 中,作为斜杠命令使用,在 Agent 工作流中直接进行代码审查。
151
+
152
+ #### 方式一:作为 Skill 安装
153
+
154
+ 使用 `npx` 将 OCR skill 安装到项目中:
155
+
156
+ ```bash
157
+ npx skills add alibaba/open-code-review --skill open-code-review
158
+ ```
159
+
160
+ 此命令从 [skills 注册表](skills/open-code-review/SKILL.md)安装 `open-code-review` skill,教会你的编程 Agent 如何调用 `ocr` 进行代码审查、按优先级分类问题,并可选择性地应用修复。
161
+
162
+ #### 方式二:作为 Claude Code Plugin 安装
163
+
164
+ 对于 [Claude Code](https://docs.anthropic.com/en/docs/claude-code),在 Claude Code 中通过以下命令安装命令插件:
165
+
166
+ ```bash
167
+ /plugin marketplace add alibaba/open-code-review
168
+ /plugin install open-code-review@open-code-review
169
+ ```
170
+
171
+ 此命令注册 `/open-code-review:review` 斜杠命令,运行 OCR 并自动过滤和修复问题。
172
+
173
+ #### 方式三:直接复制命令文件
174
+
175
+ 如果不想使用任何包管理器,可以直接复制命令文件,在 Claude Code 中使用 `/open-code-review` 斜杠命令。
176
+
177
+ **项目级**(通过 git 与团队共享):
178
+
179
+ ```bash
180
+ mkdir -p .claude/commands
181
+ curl -o .claude/commands/open-code-review.md \
182
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
183
+ ```
184
+
185
+ **用户级**(个人全局使用,适用于所有项目):
186
+
187
+ ```bash
188
+ mkdir -p ~/.claude/commands
189
+ curl -o ~/.claude/commands/open-code-review.md \
190
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
191
+ ```
192
+
193
+ > **前置条件**:所有集成方式都需要安装 `ocr` CLI 并配置 LLM。参见上方[安装](#安装)和[配置 LLM](#1-配置-llm)。
194
+
195
+ ### CI/CD 集成
196
+
197
+ OCR 可以集成到 CI/CD 流水线中,在 Merge Request / Pull Request 时自动进行代码审查。
198
+
199
+ CI 集成的核心命令:
200
+
201
+ ```bash
202
+ ocr review \
203
+ --from "origin/main" \
204
+ --to "origin/feature-branch" \
205
+ --format json \
206
+ --audience agent
207
+ ```
208
+
209
+ `--format json` 和 `--audience agent` 参数输出适合 CI 脚本解析的机器可读结果。
210
+
211
+ 集成示例请参见 [`examples/`](./examples/) 目录:
212
+
213
+ - [`github_actions/`](./examples/github_actions/) — GitHub Actions 集成示例
214
+ - [`gitlab_ci/`](./examples/gitlab_ci/) — GitLab CI 集成示例
215
+
110
216
  ## 命令
111
217
 
112
218
  | 命令 | 别名 | 描述 |
@@ -196,20 +302,6 @@ OCR 通过四层优先级链解析评审规则。每层采用首次匹配原则
196
302
  - 在每一层内,规则按声明顺序评估 —— 首次匹配生效。
197
303
  - 如果规则文件不存在,将被静默跳过。
198
304
 
199
- ## 架构
200
-
201
- 审查 Agent 遵循**三阶段工作流**:
202
-
203
- 1. **计划阶段** —— 对于超过 50 行的变更,Agent 会在审查前进行风险分析。较小的 diff 直接跳至主阶段。
204
- 2. **主任务循环** —— 每个变更文件分配独立的 goroutine。LLM 在对话循环中与内置工具交互(读取文件、搜索代码、读取 diff、提交评论),直到调用 `task_done`。
205
- 3. **记忆压缩** —— 当提示上下文超过 token 阈值(异步 60%,同步 80%)时,Agent 使用三区分区(冻结 / 压缩 / 活跃)管理上下文窗口大小。
206
-
207
- ### 关键设计决策
208
-
209
- - **按文件并发处理** —— 文件并行审查(默认 8 个 worker)。超时机制防止单个文件阻塞其他文件。
210
- - **双协议支持** —— 同时支持 Anthropic Messages API 和 OpenAI Chat Completions API,自动 URL 规范化。
211
- - **工具调用 Agent** —— LLM 可以访问领域特定工具(`code_search`、`file_read`、`code_comment`、`file_find`、`file_read_diff`),实现跨引用的上下文感知审查,而非孤立的 diff 扫描。
212
-
213
305
  ## 配置参考
214
306
 
215
307
  配置文件:`~/.opencodereview/config.json`
@@ -237,48 +329,6 @@ OCR 通过四层优先级链解析评审规则。每层采用首次匹配原则
237
329
  | `OCR_LLM_MODEL` | 模型名称 |
238
330
  | `OCR_USE_ANTHROPIC` | `true` = Anthropic,`false` = OpenAI |
239
331
 
240
- ### 模板参数
241
-
242
- 内部默认值定义于 `internal/config/template/task_template.json`:
243
-
244
- | 参数 | 默认值 | 描述 |
245
- |------|--------|------|
246
- | `MAX_TOKENS` | 58888 | 每次 LLM 请求最大 token 数 |
247
- | `MAX_TOOL_REQUEST_TIMES` | 20 | 每个文件最大工具调用迭代次数 |
248
- | `PLAN_MODE_LINE_THRESHOLD` | 50 | 低于此行数跳过计划阶段 |
249
- | `TOOL_REQUEST_WAIT_TIME_MS` | 10000 | 单次工具请求超时时间 |
250
-
251
- ## 内置工具
252
-
253
- 审查过程中 LLM Agent 可调用的工具:
254
-
255
- | 工具 | 可用阶段 | 用途 |
256
- |------|----------|------|
257
- | `task_done` | main_task | 终止审查(DONE/FAILED) |
258
- | `code_comment` | main_task | 提交行级审查意见 |
259
- | `file_read` | main_task | 按行范围读取文件内容 |
260
- | `code_search` | plan + main | 跨文件搜索文本/正则表达式 |
261
- | `file_read_diff` | plan + main | 查看其他变更文件的 diff 内容 |
262
- | `file_find` | plan + main | 按文件名关键词查找文件 |
263
-
264
- ## 系统审查规则
265
-
266
- 按文件类型通过 glob 模式匹配的内置审查清单,定义于 `internal/config/rules/system_rules.json`:
267
-
268
- | 模式 | 关注领域 |
269
- |------|----------|
270
- | `*.java` | NPE 风险、死循环、switch 穿透、N+1 查询、线程安全 |
271
- | `*.{ts,js,tsx,jsx}` | 代码质量、React 最佳实践、异步规范、XSS/安全 |
272
- | `*.kt` | 空安全、协程使用、惯用模式 |
273
- | `*{go,py,ets,lua,dart,swift,groovy}` | 逻辑缺陷、拼写错误 |
274
- | `*{cpp,cc,hpp}` | 智能指针、RAII、STL、const 正确性 |
275
- | `*.c` | malloc/free 配对、缓冲区溢出 |
276
- | `pom.xml` / `build.gradle` | 禁止 SNAPSHOT 版本 |
277
- | `package.json` | latest/通配符版本、依赖冲突 |
278
- | `*mapper*.xml` / `*dao*.xml` | SQL 注入、性能、逻辑错误 |
279
- | `*.properties` | 拼写检测、重复键、安全问题 |
280
-
281
- 可通过 `--rule path/to/rules.json` 覆盖。
282
332
 
283
333
  ## 遥测
284
334
 
@@ -292,15 +342,9 @@ ocr config set telemetry.otlp_endpoint localhost:4317
292
342
 
293
343
  设置 `telemetry.content_logging` 可在导出数据中包含 LLM 提示词和响应。
294
344
 
295
- ## 开发
345
+ ## 贡献
296
346
 
297
- ```bash
298
- make build # 为当前平台构建
299
- make test # 带竞态检测运行测试
300
- make clean # 清除 dist/
301
- make build-all # 交叉编译(linux/amd64, linux/arm64, darwin/amd64, darwin/arm64)
302
- make dist # 完整发布流水线
303
- ```
347
+ 参见 [CONTRIBUTING.zh-CN.md](CONTRIBUTING.zh-CN.md) 了解开发环境搭建、编码规范以及如何提交 Pull Request。
304
348
 
305
349
  ## 许可证
306
350
 
@@ -0,0 +1,10 @@
1
+ # CI/CD Integration Examples
2
+
3
+ This directory contains examples for integrating OpenCodeReview (OCR) into various CI/CD pipelines.
4
+
5
+ ## Contents
6
+
7
+ - **[github_actions/](./github_actions/)** - GitHub Actions integration example
8
+ - **[gitlab_ci/](./gitlab_ci/)** - GitLab CI integration example
9
+
10
+ Each subdirectory contains its own README with detailed setup instructions.