@alibaba-group/open-code-review 1.1.8 → 1.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CONTRIBUTING.md CHANGED
@@ -151,7 +151,6 @@ Documentation is a crucial part of OpenCodeReview. We welcome improvements to RE
151
151
  | `README.zh-CN.md` | Chinese translation |
152
152
  | `CONTRIBUTING.md` | Contribution guide (English) |
153
153
  | `CONTRIBUTING.zh-CN.md` | Contribution guide (Chinese) |
154
- | `NPM-README.md` | Description shown on npm registry |
155
154
 
156
155
  ## Submitting Changes
157
156
 
@@ -151,7 +151,6 @@ make build
151
151
  | `README.zh-CN.md` | 中文翻译 |
152
152
  | `CONTRIBUTING.md` | 贡献指南(英文) |
153
153
  | `CONTRIBUTING.zh-CN.md` | 贡献指南(中文) |
154
- | `NPM-README.md` | npm 发布页展示的说明 |
155
154
 
156
155
  ## 提交变更
157
156
 
package/README.md CHANGED
@@ -1,8 +1,67 @@
1
- # OpenCodeReview CLI
1
+ <p align="center">
2
+ <a href="https://alibaba.github.io/open-code-review/">
3
+ <img src="imgs/logo.svg" alt="OpenCodeReview logo" width="240" height="240">
4
+ </a>
5
+ </p>
6
+ <p align="center">The open source AI code review agent.</p>
7
+ <p align="center">
8
+ <a href="https://www.npmjs.com/package/@alibaba-group/open-code-review"><img alt="npm" src="https://img.shields.io/npm/v/@alibaba-group/open-code-review?style=flat-square" /></a>
9
+ <a href="https://github.com/alibaba/open-code-review/actions/workflows/release.yml"><img alt="Build status" src="https://img.shields.io/github/actions/workflow/status/alibaba/open-code-review/release.yml?style=flat-square" /></a>
10
+ <a href="https://github.com/alibaba/open-code-review/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/github/license/alibaba/open-code-review?style=flat-square" /></a>
11
+ </p>
12
+ <p align="center">
13
+ English | <a href="README.zh-CN.md">简体中文</a>
14
+ </p>
2
15
 
3
- AI-powered code review tool that reads Git diffs, sends changed files to a configurable LLM via OpenAI-compatible API, and generates structured review comments. It goes beyond surface-level analysis — the Agent can read project context for deep reviews.
16
+ ---
4
17
 
5
- ## Install
18
+ ## What is Open Code Review?
19
+
20
+ Open Code Review is an AI-powered code review CLI tool. It originated as Alibaba Group's internal official AI code review assistant — over the past two years, it has served tens of thousands of developers and identified millions of code defects. After thorough validation at massive scale, we incubated it into an open source project for the community. Simply configure a model endpoint to get started.
21
+
22
+ It reads Git diffs, sends changed files to a configurable LLM via an agent with tool-use capabilities, and generates structured review comments with line-level precision. The agent can read full file contents, search the codebase, inspect other changed files for context, and produce deep reviews — not just surface-level diff feedback.
23
+
24
+ ![Highlights](imgs/highlights-en.png)
25
+
26
+ ## Why Open Code Review?
27
+
28
+ ### The Problem with General-Purpose Agents
29
+
30
+ If you've used general-purpose agents like Claude Code with Skills for code review, you've likely encountered these pain points:
31
+
32
+ - **Incomplete coverage** — On larger changesets, agents tend to "cut corners," selectively reviewing only some files and missing others.
33
+ - **Position drift** — Reported issues frequently don't match the actual code location, with line numbers or file references drifting off target.
34
+ - **Unstable quality** — Natural-language-driven Skills are hard to debug, and review quality fluctuates significantly with minor prompt variations.
35
+
36
+ The root cause: a purely language-driven architecture lacks hard constraints on the review process.
37
+
38
+ ### Core Design: Deterministic Engineering × Agent Hybrid
39
+
40
+ Open Code Review's core philosophy is to combine deterministic engineering with an agent, each handling what it does best.
41
+
42
+ **Deterministic Engineering — Hard Constraints**
43
+
44
+ For review steps that *must not go wrong*, engineering logic — not the language model — guarantees correctness:
45
+
46
+ - **Precise file selection** — Determines exactly which files need review and which should be filtered, ensuring no important change is missed.
47
+ - **Smart file bundling** — Groups related files into a single review unit (e.g., `message_en.properties` and `message_zh.properties` are bundled together). Each bundle runs as a sub-agent with isolated context — a divide-and-conquer strategy that stays stable on very large changesets and naturally supports concurrent review.
48
+ - **Fine-grained rule matching** — Matches review rules to each file's characteristics, keeping the model's attention sharply focused and eliminating information noise at the source. Compared to purely language-driven rule guidance, template-engine-based rule matching is more stable and predictable.
49
+ - **External positioning and reflection modules** — Independent comment-positioning and comment-reflection modules systematically improve both the location accuracy and content accuracy of AI feedback.
50
+
51
+ **Agent — Dynamic Decision-Making**
52
+
53
+ The agent's strengths are concentrated where they matter most — dynamic decisions and dynamic context retrieval:
54
+
55
+ - **Scenario-tuned prompts** — Prompt templates deeply optimized for code review, improving effectiveness while reducing token consumption.
56
+ - **Scenario-tuned toolset** — Distilled from deep analysis of tool-call traces in large-scale production data — including call frequency distributions, per-tool repetition rates, and the impact of new tools on the overall call chain — resulting in a purpose-built toolset that is more stable and predictable for code review than a generic agent toolkit.
57
+
58
+ ## How to Use
59
+
60
+ ### CLI
61
+
62
+ #### Install
63
+
64
+ **Via NPM (Recommended)**
6
65
 
7
66
  ```bash
8
67
  npm install -g @alibaba-group/open-code-review
@@ -10,86 +69,284 @@ npm install -g @alibaba-group/open-code-review
10
69
 
11
70
  After installation, the `ocr` command is available globally.
12
71
 
13
- ### Version Control
72
+ **From GitHub Release**
73
+
74
+ Download the latest binary from [GitHub Releases](https://github.com/alibaba/open-code-review/releases):
14
75
 
15
76
  ```bash
16
- # Install specific version
17
- OCR_VERSION=v1.0.0 npm install -g @alibaba-group/open-code-review
18
- ```
77
+ # macOS (Apple Silicon)
78
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-arm64
79
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
19
80
 
20
- ## Prerequisites
81
+ # macOS (Intel)
82
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-amd64
83
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
84
+
85
+ # Linux (x86_64)
86
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-amd64
87
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
88
+
89
+ # Linux (ARM64)
90
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-arm64
91
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
92
+ ```
21
93
 
22
- **You must configure an LLM provider before using `ocr`.** The tool requires access to an OpenAI-compatible API endpoint (OpenAI, Claude, local models, etc.).
94
+ **From Source**
23
95
 
24
96
  ```bash
25
- ocr config set llm.url https://api.anthropic.com/v1/messages \
26
- && ocr config set llm.auth_token {{your-api-key}} \
27
- && ocr config set llm.model claude-opus-4-6 \
28
- && ocr config set llm.use_anthropic true \
29
- && ocr config set language Chinese
97
+ git clone https://github.com/alibaba/open-code-review.git
98
+ cd open-code-review
99
+ make build
100
+ sudo cp dist/opencodereview /usr/local/bin/ocr
30
101
  ```
31
102
 
32
- Config is stored in `~/.opencodereview/config.json`.
103
+ #### Quick Start
104
+
105
+ **1. Configure LLM**
33
106
 
34
- Or via environment variables:
107
+ **You must configure an LLM before reviewing code.**
35
108
 
36
109
  ```bash
110
+ # Option A: Interactive config
111
+ ocr config set llm.url https://api.anthropic.com/v1/messages
112
+ ocr config set llm.auth_token your-api-key-here
113
+ ocr config set llm.model claude-opus-4-6
114
+ ocr config set llm.use_anthropic true
115
+
116
+ # Option B: Environment variables (highest priority)
37
117
  export OCR_LLM_URL=https://api.anthropic.com/v1/messages
38
- export OCR_LLM_TOKEN=your-api-key
118
+ export OCR_LLM_TOKEN=your-api-key-here
39
119
  export OCR_LLM_MODEL=claude-opus-4-6
120
+ export OCR_USE_ANTHROPIC=true
40
121
  ```
41
122
 
42
- ### Test Connectivity
123
+ Config is stored in `~/.opencodereview/config.json`.
124
+
125
+ It is also compatible with Claude Code environment variables (`ANTHROPIC_BASE_URL`, `ANTHROPIC_AUTH_TOKEN`, `ANTHROPIC_MODEL`) and parses `~/.zshrc` / `~/.bashrc` for those exports.
126
+
127
+ **2. Test Connectivity**
43
128
 
44
129
  ```bash
45
130
  ocr llm test
46
131
  ```
47
132
 
48
- ## Quick Start
49
-
50
- Navigate to any Git repository and run:
133
+ **3. Review**
51
134
 
52
135
  ```bash
53
- # Review all workspace changes
136
+ cd your-project
137
+
138
+ # Workspace mode — review all staged, unstaged, and untracked changes
54
139
  ocr review
55
140
 
56
- # Review diff between two branches
141
+ # Branch range compare two refs
57
142
  ocr review --from main --to feature-branch
58
143
 
59
- # Review a single commit
144
+ # Single commit
60
145
  ocr review --commit abc123
61
146
  ```
62
147
 
148
+ ### Integrate with Coding Agents
149
+
150
+ OCR can be seamlessly integrated into AI coding agents as a slash command, enabling code review directly within your agent workflow.
151
+
152
+ #### Option 1: Install as a Skill
153
+
154
+ Use `npx` to install the OCR skill into your project:
155
+
156
+ ```bash
157
+ npx skills add alibaba/open-code-review --skill open-code-review
158
+ ```
159
+
160
+ This installs the `open-code-review` skill from the [skills registry](skills/open-code-review/SKILL.md), which teaches your coding agent how to invoke `ocr` for code review, classify issues by priority, and optionally apply fixes.
161
+
162
+ #### Option 2: Install as a Claude Code Plugin
163
+
164
+ For [Claude Code](https://docs.anthropic.com/en/docs/claude-code), install the command plugin through the following command in Claude Code:
165
+
166
+ ```bash
167
+ /plugin marketplace add alibaba/open-code-review
168
+ /plugin install open-code-review@open-code-review
169
+ ```
170
+
171
+ This registers the `/open-code-review:review` slash command, which runs OCR and automatically filters and fixes issues.
172
+
173
+ #### Option 3: Copy the Command File Directly
174
+
175
+ For a quick setup without any package manager, simply copy the command file to use the `/open-code-review` slash command in Claude Code.
176
+
177
+ **Project-level** (shared with team via git):
178
+
179
+ ```bash
180
+ mkdir -p .claude/commands
181
+ curl -o .claude/commands/open-code-review.md \
182
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
183
+ ```
184
+
185
+ **User-level** (personal global use across all projects):
186
+
187
+ ```bash
188
+ mkdir -p ~/.claude/commands
189
+ curl -o ~/.claude/commands/open-code-review.md \
190
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
191
+ ```
192
+
193
+ > **Prerequisite**: All integration methods require the `ocr` CLI to be installed and an LLM configured. See [Install](#install) and [Configure LLM](#1-configure-llm) above.
194
+
195
+ ### CI/CD Integration
196
+
197
+ OCR can be integrated into CI/CD pipelines to automate code review on Merge Requests / Pull Requests.
198
+
199
+ The core command for CI integration:
200
+
201
+ ```bash
202
+ ocr review \
203
+ --from "origin/main" \
204
+ --to "origin/feature-branch" \
205
+ --format json \
206
+ --audience agent
207
+ ```
208
+
209
+ The `--format json` and `--audience agent` flags output machine-readable results suitable for parsing in CI scripts.
210
+
211
+ See the [`examples/`](./examples/) directory for integration examples:
212
+
213
+ - [`github_actions/`](./examples/github_actions/) — GitHub Actions integration example
214
+ - [`gitlab_ci/`](./examples/gitlab_ci/) — GitLab CI integration example
215
+
63
216
  ## Commands
64
217
 
65
- | Command | Description |
66
- |---------|-------------|
67
- | `ocr review` / `ocr r` | Start code review |
68
- | `ocr config set <key> <value>` | Manage configuration |
69
- | `ocr llm test` | Test LLM connectivity |
70
- | `ocr viewer` | Start WebUI session viewer |
71
- | `ocr version` | Show version info |
218
+ | Command | Alias | Description |
219
+ |---------|-------|-------------|
220
+ | `ocr review` | `ocr r` | Start a code review |
221
+ | `ocr rules check <file>` | | Preview which review rule applies to a file path |
222
+ | `ocr config set <key> <value>` | | Set configuration values |
223
+ | `ocr llm test` | | Test LLM connectivity |
224
+ | `ocr viewer` | `ocr v` | Launch WebUI session viewer on `localhost:5483` |
225
+ | `ocr version` | — | Show version info |
72
226
 
73
- ## Common Options
227
+ ### `ocr review` Flags
74
228
 
75
229
  | Flag | Shorthand | Default | Description |
76
230
  |------|-----------|---------|-------------|
77
- | `--repo` | | current dir | Git repository root |
78
- | `--from` | | | Source ref (e.g., `main`) |
79
- | `--to` | | | Target ref (e.g., `feature-branch`) |
80
- | `--commit` | `-c` | | Review a single commit |
231
+ | `--repo` | | current dir | Git repository root |
232
+ | `--from` | | | Source ref (e.g., `main`) |
233
+ | `--to` | | | Target ref (e.g., `feature-branch`) |
234
+ | `--commit` | `-c` | | Single commit to review |
235
+ | `--preview` | `-p` | `false` | Preview which files will be reviewed without running the LLM |
81
236
  | `--format` | `-f` | `text` | Output format: `text` or `json` |
82
- | `--concurrency` | | `4` | Max concurrent file reviews |
83
- | `--timeout` | | `10` | Per-file timeout (minutes) |
237
+ | `--concurrency` | | `8` | Max concurrent file reviews |
238
+ | `--timeout` | | `10` | Concurrent task timeout in minutes |
239
+ | `--audience` | — | `human` | `human` (show progress) or `agent` (summary only) |
240
+ | `--rule` | — | — | Path to custom JSON review rules |
241
+ | `--max-tools` | — | built-in | Max tool call rounds per file; only takes effect when greater than template default |
242
+ | `--tools` | — | — | Path to custom JSON tools config |
243
+
244
+ ## Examples
245
+
246
+ ```bash
247
+ # Preview which files will be reviewed (no LLM calls)
248
+ ocr review --preview
249
+ ocr review -c abc123 -p
250
+
251
+ # Review workspace changes with default settings
252
+ ocr review
253
+
254
+ # Review branch diff with higher concurrency
255
+ ocr review --from main --to my-feature --concurrency 4
256
+
257
+ # Review a specific commit with verbose JSON output
258
+ ocr review --commit abc123 --format json --audience agent
259
+
260
+ # Use custom review rules
261
+ ocr review --rule /path/to/my-rules.json
262
+
263
+ # Preview which rule applies to a file
264
+ ocr rules check src/main/java/com/example/Foo.java
265
+ ocr rules check --rule custom.json src/main/resources/mapper/UserMapper.xml
266
+
267
+ # View review session history in browser
268
+ ocr viewer
269
+ ocr viewer --addr :3000
270
+ ```
271
+
272
+ ## Review Rules
273
+
274
+ OCR resolves review rules using a four-layer priority chain. Each layer uses first-match-wins: if a file path matches a pattern, that rule is used; otherwise it falls through to the next layer.
275
+
276
+ | Priority | Source | Path | Description |
277
+ |----------|--------|------|-------------|
278
+ | 1 (highest) | `--rule` flag | User-specified path | CLI explicit override |
279
+ | 2 | Project config | `<repoDir>/.opencodereview/rule.json` | Per-project rules, can be committed to git |
280
+ | 3 | Global config | `~/.opencodereview/rule.json` | User-wide personal preferences |
281
+ | 4 (lowest) | System default | Embedded `system_rules.json` | Built-in rules covering common languages and file types |
282
+
283
+ ### Rule File Format
284
+
285
+ Layers 1–3 share the same JSON format:
286
+
287
+ ```json
288
+ {
289
+ "rules": [
290
+ {
291
+ "path": "force-api/**/*.java",
292
+ "rule": "All new methods must validate required parameters for null values"
293
+ },
294
+ {
295
+ "path": "**/*mapper*.xml",
296
+ "rule": "Check SQL for injection risks, parameter errors, and missing closing tags"
297
+ }
298
+ ]
299
+ }
300
+ ```
301
+
302
+ - `path` supports `**` recursive matching and `{java,kt}` brace expansion.
303
+ - Within each layer, rules are evaluated in declaration order — the first match wins.
304
+ - If a rule file does not exist, it is silently skipped.
305
+
306
+ ## Configuration Reference
307
+
308
+ Config file: `~/.opencodereview/config.json`
309
+
310
+ | Key | Type | Example |
311
+ |-----|------|---------|
312
+ | `llm.url` | string | `https://api.openai.com/v1/chat/completions` |
313
+ | `llm.auth_token` | string | `sk-xxxxxxx` |
314
+ | `llm.model` | string | `claude-opus-4-6` |
315
+ | `llm.use_anthropic` | boolean | `true` \| `false` |
316
+ | `language` | string | `English` \| `Chinese` (default: Chinese) |
317
+ | `telemetry.enabled` | boolean | `true` \| `false` |
318
+ | `telemetry.exporter` | string | `console` \| `otlp` |
319
+ | `telemetry.otlp_endpoint` | string | OTLP collector address |
320
+ | `telemetry.content_logging` | boolean | Include prompts in telemetry |
321
+
322
+ Environment variables take precedence over the config file.
323
+
324
+ ### Environment Variables
325
+
326
+ | Variable | Purpose |
327
+ |----------|---------|
328
+ | `OCR_LLM_URL` | LLM API endpoint URL |
329
+ | `OCR_LLM_TOKEN` | API key / auth token |
330
+ | `OCR_LLM_MODEL` | Model name |
331
+ | `OCR_USE_ANTHROPIC` | `true` = Anthropic, `false` = OpenAI |
332
+
333
+
334
+ ## Telemetry
335
+
336
+ OpenTelemetry integration for observability (spans, metrics). Disabled by default.
337
+
338
+ ```bash
339
+ ocr config set telemetry.enabled true
340
+ ocr config set telemetry.exporter otlp
341
+ ocr config set telemetry.otlp_endpoint localhost:4317
342
+ ```
343
+
344
+ Set `telemetry.content_logging` to include LLM prompts and responses in exported data.
84
345
 
85
- ## Features
346
+ ## Contributing
86
347
 
87
- - **Three review modes**: workspace changes, branch range, single commit
88
- - **Context-aware**: Agent reads arbitrary files, searches code via `git grep`, inspects diffs
89
- - **Plan phase**: Large changes (>50 lines) get risk analysis first
90
- - **Any LLM**: Works with OpenAI, Claude-compatible endpoints, local models
91
- - **Concurrent**: Files reviewed in parallel (configurable workers)
348
+ See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, coding guidelines, and how to submit pull requests.
92
349
 
93
350
  ## License
94
351
 
95
- Apache-2.0
352
+ [Apache-2.0](LICENSE) — Copyright 2026 Alibaba
package/README.zh-CN.md CHANGED
@@ -192,6 +192,27 @@ curl -o ~/.claude/commands/open-code-review.md \
192
192
 
193
193
  > **前置条件**:所有集成方式都需要安装 `ocr` CLI 并配置 LLM。参见上方[安装](#安装)和[配置 LLM](#1-配置-llm)。
194
194
 
195
+ ### CI/CD 集成
196
+
197
+ OCR 可以集成到 CI/CD 流水线中,在 Merge Request / Pull Request 时自动进行代码审查。
198
+
199
+ CI 集成的核心命令:
200
+
201
+ ```bash
202
+ ocr review \
203
+ --from "origin/main" \
204
+ --to "origin/feature-branch" \
205
+ --format json \
206
+ --audience agent
207
+ ```
208
+
209
+ `--format json` 和 `--audience agent` 参数输出适合 CI 脚本解析的机器可读结果。
210
+
211
+ 集成示例请参见 [`examples/`](./examples/) 目录:
212
+
213
+ - [`github_actions/`](./examples/github_actions/) — GitHub Actions 集成示例
214
+ - [`gitlab_ci/`](./examples/gitlab_ci/) — GitLab CI 集成示例
215
+
195
216
  ## 命令
196
217
 
197
218
  | 命令 | 别名 | 描述 |
@@ -217,6 +238,7 @@ curl -o ~/.claude/commands/open-code-review.md \
217
238
  | `--timeout` | — | `10` | 并发任务超时时间(分钟) |
218
239
  | `--audience` | — | `human` | `human`(显示进度)或 `agent`(仅输出摘要) |
219
240
  | `--rule` | — | — | 自定义 JSON 审查规则路径 |
241
+ | `--max-tools` | — | 内置默认 | 每个文件的最大工具调用轮次;仅在大于模板默认值时生效 |
220
242
  | `--tools` | — | — | 自定义 JSON 工具配置路径 |
221
243
 
222
244
  ## 示例
@@ -0,0 +1,10 @@
1
+ # CI/CD Integration Examples
2
+
3
+ This directory contains examples for integrating OpenCodeReview (OCR) into various CI/CD pipelines.
4
+
5
+ ## Contents
6
+
7
+ - **[github_actions/](./github_actions/)** - GitHub Actions integration example
8
+ - **[gitlab_ci/](./gitlab_ci/)** - GitLab CI integration example
9
+
10
+ Each subdirectory contains its own README with detailed setup instructions.