@alibaba-group/open-code-review 1.1.7 → 1.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,231 @@
1
+ ---
2
+ name: open-code-review
3
+ description: >
4
+ Performs AI-powered code review on Git changes using the `ocr` CLI from
5
+ alibaba/open-code-review. Use when the user asks to review code, review
6
+ a pull request, review staged/unstaged changes, review a commit, or
7
+ compare branches for code quality issues. Produces line-level review
8
+ comments and can automatically apply fixes when requested. With appropriate
9
+ review rules, can detect various types of issues including bugs, security
10
+ vulnerabilities, performance problems, and code quality concerns.
11
+ license: Apache-2.0
12
+ compatibility: >
13
+ Requires the `ocr` CLI installed (via `npm install -g
14
+ @alibaba-group/open-code-review` or GitHub release binary). Requires a
15
+ configured LLM (Anthropic or OpenAI-compatible) before first run.
16
+ metadata:
17
+ author: alibaba
18
+ homepage: https://github.com/alibaba/open-code-review
19
+ version: "1.0.0"
20
+ ---
21
+
22
+ # Open Code Review
23
+
24
+ A skill for invoking [open-code-review](https://github.com/alibaba/open-code-review) (`ocr`) — an open-source AI code review CLI that reads Git diffs and generates structured, line-level review comments.
25
+
26
+ ## Prerequisites check
27
+
28
+ Before starting a review, verify the environment:
29
+
30
+ ```bash
31
+ # 1. Check the CLI is installed
32
+ which ocr || echo "NOT INSTALLED"
33
+
34
+ # 2. Verify LLM connectivity
35
+ ocr llm test
36
+ ```
37
+
38
+ If `ocr` is not installed, install it first:
39
+
40
+ ```bash
41
+ npm install -g @alibaba-group/open-code-review
42
+ ```
43
+
44
+ If `ocr llm test` fails, the user must configure an LLM. Guide them with one of these options:
45
+
46
+ **Option A — Environment variables (highest priority, recommended for CI):**
47
+
48
+ ```bash
49
+ export OCR_LLM_URL=https://api.anthropic.com/v1/messages
50
+ export OCR_LLM_TOKEN=<api-key>
51
+ export OCR_LLM_MODEL=claude-opus-4-6
52
+ export OCR_USE_ANTHROPIC=true
53
+ ```
54
+
55
+ **Option B — Persistent config:**
56
+
57
+ ```bash
58
+ ocr config set llm.url https://api.anthropic.com/v1/messages
59
+ ocr config set llm.auth_token <api-key>
60
+ ocr config set llm.model claude-opus-4-6
61
+ ocr config set llm.use_anthropic true
62
+ ```
63
+
64
+ Stop here and ask the user to provide credentials — never invent or hardcode API keys.
65
+
66
+ ## Workflow
67
+
68
+ ### Step 1: Gather Business Context
69
+
70
+ Analyze the review target (commits, branch, or changes) to extract concise business context. Pass this context via `--background` to improve review quality.
71
+
72
+ ### Step 2: Run Code Review
73
+
74
+ Run the OCR command with appropriate flags. **Always pass business context via `--background`** when available:
75
+
76
+ ```bash
77
+ ocr review --audience agent --background "business context here" [user-args]
78
+ ```
79
+
80
+ **Argument handling:**
81
+
82
+ - **Background context** (RECOMMENDED): use `--background "context"` or `-b "context"` to provide business context for better review quality
83
+ - **Default** (no user arguments): reviews staged, unstaged, and untracked changes (workspace mode)
84
+ - **Specific commit**: use `--commit` or `-c` to review a single commit against its parent
85
+ - **Branch comparison**: use `--from <ref>` and `--to <ref>` to review diff between two refs
86
+ - **Timeout**: default timeout is 10 minutes per file; adjust with `--timeout <minutes>`
87
+ - **Concurrency**: default concurrency is 8 file workers; reduce with `--concurrency <n>` if rate limits are hit
88
+ - **Preview mode**: use `--preview` or `-p` to preview which files will be reviewed without running the LLM
89
+ - **Installation**: if `ocr` command is not found, install it by running `npm i -g @alibaba-group/open-code-review`
90
+
91
+ **Common invocation patterns:**
92
+
93
+ | User says | Command to run |
94
+ |-----------|---------------|
95
+ | "review my changes" / "review the working copy" | `ocr review --audience agent -b "context"` |
96
+ | "review this PR" / "review feature branch" | `ocr review --audience agent -b "context" --from main --to <branch>` |
97
+ | "review commit abc123" | `ocr review --audience agent -b "context" --commit abc123` |
98
+ | "what would be reviewed?" (dry-run) | `ocr review --preview` |
99
+
100
+ **Output mode:**
101
+
102
+ - Always use `--audience agent` to suppress progress UI and emit only the final summary
103
+
104
+ ### Step 3: Classify and Report
105
+
106
+ For each comment from the review output, classify by priority and report all issues to the user:
107
+
108
+ - **High**: Obvious bugs, security issues, clear mistakes, or well-founded suggestions with precise fix proposals
109
+ - **Medium**: Reasonable concerns but context-dependent, style/performance suggestions, or fixes that require manual implementation
110
+ - **Low**: Likely false positives, lacking sufficient context, nitpicks, or meaningless suggestions
111
+
112
+ Report all comments grouped by priority level.
113
+
114
+ ### Step 4: Fix
115
+
116
+ Before applying fixes, check whether the user requested automatic fixes:
117
+
118
+ - If the user explicitly requested "review and fix" or similar, proceed with automatic fixes
119
+ - If the user only requested "review" without fix intent, ask for permission before applying any changes
120
+
121
+ When fixing issues and suggestions:
122
+
123
+ - Focus on High and Medium priority items
124
+ - Apply fixes directly to the code when safe and well-defined
125
+ - For complex fixes requiring manual intervention, clearly describe what needs to be done
126
+ - Always verify fixes with the user before committing
127
+
128
+ ## Output Format
129
+
130
+ Each comment contains:
131
+
132
+ - `path`: File path
133
+ - `content`: Review comment text
134
+ - `start_line` / `end_line`: Line range (both 0 means positioning failed)
135
+ - `suggestion_code`: Optional fix suggestion
136
+ - `existing_code`: Optional original code snippet
137
+ - `thinking`: Optional LLM reasoning process
138
+
139
+ After filtering comments by priority, present results using this template:
140
+
141
+ ```markdown
142
+ ## Code Review Results
143
+
144
+ **Files reviewed**: N
145
+ **Issues found**: X high priority / Y medium priority
146
+
147
+ ### High Priority
148
+
149
+ - **`path/to/file.java:42`** — Brief description
150
+ > Recommendation: How to fix
151
+
152
+ ### Medium Priority
153
+
154
+ - **`path/to/file.ts:88`** — Brief description
155
+ > Recommendation: How to fix (if applicable)
156
+ ```
157
+
158
+ If the review found no issues after filtering, simply state: "Review complete — no issues found in N files."
159
+
160
+ **Priority classification:**
161
+
162
+ - **High**: Obvious bugs, security issues, clear mistakes, or well-founded suggestions with precise fix proposals
163
+ - **Medium**: Reasonable concerns but context-dependent, style/performance suggestions, or fixes that require manual implementation
164
+ - **Low**: Discarded silently (likely false positives, lacking context, nitpicks, or meaningless suggestions)
165
+
166
+ **Handling mispositioned comments:**
167
+
168
+ When `start_line` and `end_line` are both `0`, the comment failed to locate the exact position in the file. In such cases:
169
+
170
+ 1. Read the comment content to understand the issue
171
+ 2. Examine the target file mentioned in the comment
172
+ 3. Identify the relevant code section based on the comment's context
173
+ 4. Apply the fix or suggestion to the correct location
174
+
175
+ ## Custom Review Rules
176
+
177
+ If the user wants project-specific rules, OCR resolves them in this priority order:
178
+
179
+ 1. `--rule <path>` flag (highest)
180
+ 2. `<repo>/.opencodereview/rule.json`
181
+ 3. `~/.opencodereview/rule.json`
182
+ 4. Built-in system defaults (lowest)
183
+
184
+ Rule file format:
185
+
186
+ ```json
187
+ {
188
+ "rules": [
189
+ {
190
+ "path": "**/*.java",
191
+ "rule": "All new methods must validate required parameters for null"
192
+ },
193
+ {
194
+ "path": "**/*mapper*.xml",
195
+ "rule": "Check SQL for injection risks and missing closing tags"
196
+ }
197
+ ]
198
+ }
199
+ ```
200
+
201
+ To preview which rule applies to a file before reviewing:
202
+
203
+ ```bash
204
+ ocr rules check src/main/java/com/example/Foo.java
205
+ ```
206
+
207
+ ## Gotchas
208
+
209
+ - **LLM must be configured first** — `ocr review` will fail loudly if no LLM is reachable. Always run `ocr llm test` before the first review.
210
+ - **Working directory matters** — `ocr review` operates on the Git repo at the current directory. Use `--repo /path/to/repo` to run from elsewhere.
211
+ - **Untracked files are reviewed in workspace mode** — running bare `ocr review` includes staged, unstaged, *and* untracked changes. Stage selectively if you want narrower scope.
212
+ - **Large diffs may hit token limits** — files with very large diffs may be truncated. The default `MAX_TOKENS` is 58888 per request.
213
+ - **Plan phase triggers at 50 lines** — diffs exceeding 50 changed lines run an extra risk-analysis phase before main review. This adds latency but improves quality.
214
+ - **Don't pass `--audience human`** — it streams progress UI that pollutes output. Always use `--audience agent`.
215
+ - **Comment language follows config** — set `language` config to `English` or `Chinese` (default: Chinese) to control review comment language.
216
+
217
+ ## Validation
218
+
219
+ After the review completes, verify success by checking:
220
+
221
+ 1. The command exited with code 0
222
+ 2. Comments were generated (or "No comments generated" message appears)
223
+ 3. Warnings (if any) are displayed in stderr
224
+
225
+ If errors occurred, check the stderr warnings for details about which files failed and why.
226
+
227
+ ## References
228
+
229
+ - Full docs: https://github.com/alibaba/open-code-review
230
+ - NPM package: https://www.npmjs.com/package/@alibaba-group/open-code-review
231
+ - Issue tracker: https://github.com/alibaba/open-code-review/issues
package/NPM-README.md DELETED
@@ -1,95 +0,0 @@
1
- # OpenCodeReview CLI
2
-
3
- AI-powered code review tool that reads Git diffs, sends changed files to a configurable LLM via OpenAI-compatible API, and generates structured review comments. It goes beyond surface-level analysis — the Agent can read project context for deep reviews.
4
-
5
- ## Install
6
-
7
- ```bash
8
- npm install -g @alibaba-group/open-code-review
9
- ```
10
-
11
- After installation, the `ocr` command is available globally.
12
-
13
- ### Version Control
14
-
15
- ```bash
16
- # Install specific version
17
- OCR_VERSION=v1.0.0 npm install -g @alibaba-group/open-code-review
18
- ```
19
-
20
- ## Prerequisites
21
-
22
- **You must configure an LLM provider before using `ocr`.** The tool requires access to an OpenAI-compatible API endpoint (OpenAI, Claude, local models, etc.).
23
-
24
- ```bash
25
- ocr config set llm.url https://api.anthropic.com/v1/messages \
26
- && ocr config set llm.auth_token {{your-api-key}} \
27
- && ocr config set llm.model claude-opus-4-6 \
28
- && ocr config set llm.use_anthropic true \
29
- && ocr config set language Chinese
30
- ```
31
-
32
- Config is stored in `~/.opencodereview/config.json`.
33
-
34
- Or via environment variables:
35
-
36
- ```bash
37
- export OCR_LLM_URL=https://api.anthropic.com/v1/messages
38
- export OCR_LLM_TOKEN=your-api-key
39
- export OCR_LLM_MODEL=claude-opus-4-6
40
- ```
41
-
42
- ### Test Connectivity
43
-
44
- ```bash
45
- ocr llm test
46
- ```
47
-
48
- ## Quick Start
49
-
50
- Navigate to any Git repository and run:
51
-
52
- ```bash
53
- # Review all workspace changes
54
- ocr review
55
-
56
- # Review diff between two branches
57
- ocr review --from main --to feature-branch
58
-
59
- # Review a single commit
60
- ocr review --commit abc123
61
- ```
62
-
63
- ## Commands
64
-
65
- | Command | Description |
66
- |---------|-------------|
67
- | `ocr review` / `ocr r` | Start code review |
68
- | `ocr config set <key> <value>` | Manage configuration |
69
- | `ocr llm test` | Test LLM connectivity |
70
- | `ocr viewer` | Start WebUI session viewer |
71
- | `ocr version` | Show version info |
72
-
73
- ## Common Options
74
-
75
- | Flag | Shorthand | Default | Description |
76
- |------|-----------|---------|-------------|
77
- | `--repo` | | current dir | Git repository root |
78
- | `--from` | | | Source ref (e.g., `main`) |
79
- | `--to` | | | Target ref (e.g., `feature-branch`) |
80
- | `--commit` | `-c` | | Review a single commit |
81
- | `--format` | `-f` | `text` | Output format: `text` or `json` |
82
- | `--concurrency` | | `4` | Max concurrent file reviews |
83
- | `--timeout` | | `10` | Per-file timeout (minutes) |
84
-
85
- ## Features
86
-
87
- - **Three review modes**: workspace changes, branch range, single commit
88
- - **Context-aware**: Agent reads arbitrary files, searches code via `git grep`, inspects diffs
89
- - **Plan phase**: Large changes (>50 lines) get risk analysis first
90
- - **Any LLM**: Works with OpenAI, Claude-compatible endpoints, local models
91
- - **Concurrent**: Files reviewed in parallel (configurable workers)
92
-
93
- ## License
94
-
95
- Apache-2.0
Binary file