@alibaba-group/open-code-review 1.1.8 → 1.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CONTRIBUTING.md CHANGED
@@ -151,7 +151,6 @@ Documentation is a crucial part of OpenCodeReview. We welcome improvements to RE
151
151
  | `README.zh-CN.md` | Chinese translation |
152
152
  | `CONTRIBUTING.md` | Contribution guide (English) |
153
153
  | `CONTRIBUTING.zh-CN.md` | Contribution guide (Chinese) |
154
- | `NPM-README.md` | Description shown on npm registry |
155
154
 
156
155
  ## Submitting Changes
157
156
 
@@ -151,7 +151,6 @@ make build
151
151
  | `README.zh-CN.md` | 中文翻译 |
152
152
  | `CONTRIBUTING.md` | 贡献指南(英文) |
153
153
  | `CONTRIBUTING.zh-CN.md` | 贡献指南(中文) |
154
- | `NPM-README.md` | npm 发布页展示的说明 |
155
154
 
156
155
  ## 提交变更
157
156
 
package/README.md CHANGED
@@ -1,8 +1,67 @@
1
- # OpenCodeReview CLI
1
+ <p align="center">
2
+ <a href="https://alibaba.github.io/open-code-review/">
3
+ <img src="imgs/logo.svg" alt="OpenCodeReview logo" width="240" height="240">
4
+ </a>
5
+ </p>
6
+ <p align="center">The open source AI code review agent.</p>
7
+ <p align="center">
8
+ <a href="https://www.npmjs.com/package/@alibaba-group/open-code-review"><img alt="npm" src="https://img.shields.io/npm/v/@alibaba-group/open-code-review?style=flat-square" /></a>
9
+ <a href="https://github.com/alibaba/open-code-review/actions/workflows/release.yml"><img alt="Build status" src="https://img.shields.io/github/actions/workflow/status/alibaba/open-code-review/release.yml?style=flat-square" /></a>
10
+ <a href="https://github.com/alibaba/open-code-review/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/github/license/alibaba/open-code-review?style=flat-square" /></a>
11
+ </p>
12
+ <p align="center">
13
+ English | <a href="README.zh-CN.md">简体中文</a>
14
+ </p>
2
15
 
3
- AI-powered code review tool that reads Git diffs, sends changed files to a configurable LLM via OpenAI-compatible API, and generates structured review comments. It goes beyond surface-level analysis — the Agent can read project context for deep reviews.
16
+ ---
4
17
 
5
- ## Install
18
+ ## What is Open Code Review?
19
+
20
+ Open Code Review is an AI-powered code review CLI tool. It originated as Alibaba Group's internal official AI code review assistant — over the past two years, it has served tens of thousands of developers and identified millions of code defects. After thorough validation at massive scale, we incubated it into an open source project for the community. Simply configure a model endpoint to get started.
21
+
22
+ It reads Git diffs, sends changed files to a configurable LLM via an agent with tool-use capabilities, and generates structured review comments with line-level precision. The agent can read full file contents, search the codebase, inspect other changed files for context, and produce deep reviews — not just surface-level diff feedback.
23
+
24
+ ![Highlights](imgs/highlights-en.png)
25
+
26
+ ## Why Open Code Review?
27
+
28
+ ### The Problem with General-Purpose Agents
29
+
30
+ If you've used general-purpose agents like Claude Code with Skills for code review, you've likely encountered these pain points:
31
+
32
+ - **Incomplete coverage** — On larger changesets, agents tend to "cut corners," selectively reviewing only some files and missing others.
33
+ - **Position drift** — Reported issues frequently don't match the actual code location, with line numbers or file references drifting off target.
34
+ - **Unstable quality** — Natural-language-driven Skills are hard to debug, and review quality fluctuates significantly with minor prompt variations.
35
+
36
+ The root cause: a purely language-driven architecture lacks hard constraints on the review process.
37
+
38
+ ### Core Design: Deterministic Engineering × Agent Hybrid
39
+
40
+ Open Code Review's core philosophy is to combine deterministic engineering with an agent, each handling what it does best.
41
+
42
+ **Deterministic Engineering — Hard Constraints**
43
+
44
+ For review steps that *must not go wrong*, engineering logic — not the language model — guarantees correctness:
45
+
46
+ - **Precise file selection** — Determines exactly which files need review and which should be filtered, ensuring no important change is missed.
47
+ - **Smart file bundling** — Groups related files into a single review unit (e.g., `message_en.properties` and `message_zh.properties` are bundled together). Each bundle runs as a sub-agent with isolated context — a divide-and-conquer strategy that stays stable on very large changesets and naturally supports concurrent review.
48
+ - **Fine-grained rule matching** — Matches review rules to each file's characteristics, keeping the model's attention sharply focused and eliminating information noise at the source. Compared to purely language-driven rule guidance, template-engine-based rule matching is more stable and predictable.
49
+ - **External positioning and reflection modules** — Independent comment-positioning and comment-reflection modules systematically improve both the location accuracy and content accuracy of AI feedback.
50
+
51
+ **Agent — Dynamic Decision-Making**
52
+
53
+ The agent's strengths are concentrated where they matter most — dynamic decisions and dynamic context retrieval:
54
+
55
+ - **Scenario-tuned prompts** — Prompt templates deeply optimized for code review, improving effectiveness while reducing token consumption.
56
+ - **Scenario-tuned toolset** — Distilled from deep analysis of tool-call traces in large-scale production data — including call frequency distributions, per-tool repetition rates, and the impact of new tools on the overall call chain — resulting in a purpose-built toolset that is more stable and predictable for code review than a generic agent toolkit.
57
+
58
+ ## How to Use
59
+
60
+ ### CLI
61
+
62
+ #### Install
63
+
64
+ **Via NPM (Recommended)**
6
65
 
7
66
  ```bash
8
67
  npm install -g @alibaba-group/open-code-review
@@ -10,86 +69,283 @@ npm install -g @alibaba-group/open-code-review
10
69
 
11
70
  After installation, the `ocr` command is available globally.
12
71
 
13
- ### Version Control
72
+ **From GitHub Release**
73
+
74
+ Download the latest binary from [GitHub Releases](https://github.com/alibaba/open-code-review/releases):
14
75
 
15
76
  ```bash
16
- # Install specific version
17
- OCR_VERSION=v1.0.0 npm install -g @alibaba-group/open-code-review
18
- ```
77
+ # macOS (Apple Silicon)
78
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-arm64
79
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
19
80
 
20
- ## Prerequisites
81
+ # macOS (Intel)
82
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-amd64
83
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
84
+
85
+ # Linux (x86_64)
86
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-amd64
87
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
88
+
89
+ # Linux (ARM64)
90
+ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-arm64
91
+ chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
92
+ ```
21
93
 
22
- **You must configure an LLM provider before using `ocr`.** The tool requires access to an OpenAI-compatible API endpoint (OpenAI, Claude, local models, etc.).
94
+ **From Source**
23
95
 
24
96
  ```bash
25
- ocr config set llm.url https://api.anthropic.com/v1/messages \
26
- && ocr config set llm.auth_token {{your-api-key}} \
27
- && ocr config set llm.model claude-opus-4-6 \
28
- && ocr config set llm.use_anthropic true \
29
- && ocr config set language Chinese
97
+ git clone https://github.com/alibaba/open-code-review.git
98
+ cd open-code-review
99
+ make build
100
+ sudo cp dist/opencodereview /usr/local/bin/ocr
30
101
  ```
31
102
 
32
- Config is stored in `~/.opencodereview/config.json`.
103
+ #### Quick Start
104
+
105
+ **1. Configure LLM**
33
106
 
34
- Or via environment variables:
107
+ **You must configure an LLM before reviewing code.**
35
108
 
36
109
  ```bash
110
+ # Option A: Interactive config
111
+ ocr config set llm.url https://api.anthropic.com/v1/messages
112
+ ocr config set llm.auth_token your-api-key-here
113
+ ocr config set llm.model claude-opus-4-6
114
+ ocr config set llm.use_anthropic true
115
+
116
+ # Option B: Environment variables (highest priority)
37
117
  export OCR_LLM_URL=https://api.anthropic.com/v1/messages
38
- export OCR_LLM_TOKEN=your-api-key
118
+ export OCR_LLM_TOKEN=your-api-key-here
39
119
  export OCR_LLM_MODEL=claude-opus-4-6
120
+ export OCR_USE_ANTHROPIC=true
40
121
  ```
41
122
 
42
- ### Test Connectivity
123
+ Config is stored in `~/.opencodereview/config.json`.
124
+
125
+ It is also compatible with Claude Code environment variables (`ANTHROPIC_BASE_URL`, `ANTHROPIC_AUTH_TOKEN`, `ANTHROPIC_MODEL`) and parses `~/.zshrc` / `~/.bashrc` for those exports.
126
+
127
+ **2. Test Connectivity**
43
128
 
44
129
  ```bash
45
130
  ocr llm test
46
131
  ```
47
132
 
48
- ## Quick Start
49
-
50
- Navigate to any Git repository and run:
133
+ **3. Review**
51
134
 
52
135
  ```bash
53
- # Review all workspace changes
136
+ cd your-project
137
+
138
+ # Workspace mode — review all staged, unstaged, and untracked changes
54
139
  ocr review
55
140
 
56
- # Review diff between two branches
141
+ # Branch range compare two refs
57
142
  ocr review --from main --to feature-branch
58
143
 
59
- # Review a single commit
144
+ # Single commit
60
145
  ocr review --commit abc123
61
146
  ```
62
147
 
148
+ ### Integrate with Coding Agents
149
+
150
+ OCR can be seamlessly integrated into AI coding agents as a slash command, enabling code review directly within your agent workflow.
151
+
152
+ #### Option 1: Install as a Skill
153
+
154
+ Use `npx` to install the OCR skill into your project:
155
+
156
+ ```bash
157
+ npx skills add alibaba/open-code-review --skill open-code-review
158
+ ```
159
+
160
+ This installs the `open-code-review` skill from the [skills registry](skills/open-code-review/SKILL.md), which teaches your coding agent how to invoke `ocr` for code review, classify issues by priority, and optionally apply fixes.
161
+
162
+ #### Option 2: Install as a Claude Code Plugin
163
+
164
+ For [Claude Code](https://docs.anthropic.com/en/docs/claude-code), install the command plugin through the following command in Claude Code:
165
+
166
+ ```bash
167
+ /plugin marketplace add alibaba/open-code-review
168
+ /plugin install open-code-review@open-code-review
169
+ ```
170
+
171
+ This registers the `/open-code-review:review` slash command, which runs OCR and automatically filters and fixes issues.
172
+
173
+ #### Option 3: Copy the Command File Directly
174
+
175
+ For a quick setup without any package manager, simply copy the command file to use the `/open-code-review` slash command in Claude Code.
176
+
177
+ **Project-level** (shared with team via git):
178
+
179
+ ```bash
180
+ mkdir -p .claude/commands
181
+ curl -o .claude/commands/open-code-review.md \
182
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
183
+ ```
184
+
185
+ **User-level** (personal global use across all projects):
186
+
187
+ ```bash
188
+ mkdir -p ~/.claude/commands
189
+ curl -o ~/.claude/commands/open-code-review.md \
190
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
191
+ ```
192
+
193
+ > **Prerequisite**: All integration methods require the `ocr` CLI to be installed and an LLM configured. See [Install](#install) and [Configure LLM](#1-configure-llm) above.
194
+
195
+ ### CI/CD Integration
196
+
197
+ OCR can be integrated into CI/CD pipelines to automate code review on Merge Requests / Pull Requests.
198
+
199
+ The core command for CI integration:
200
+
201
+ ```bash
202
+ ocr review \
203
+ --from "origin/main" \
204
+ --to "origin/feature-branch" \
205
+ --format json \
206
+ --audience agent
207
+ ```
208
+
209
+ The `--format json` and `--audience agent` flags output machine-readable results suitable for parsing in CI scripts.
210
+
211
+ See the [`examples/`](./examples/) directory for integration examples:
212
+
213
+ - [`github_actions/`](./examples/github_actions/) — GitHub Actions integration example
214
+ - [`gitlab_ci/`](./examples/gitlab_ci/) — GitLab CI integration example
215
+
63
216
  ## Commands
64
217
 
65
- | Command | Description |
66
- |---------|-------------|
67
- | `ocr review` / `ocr r` | Start code review |
68
- | `ocr config set <key> <value>` | Manage configuration |
69
- | `ocr llm test` | Test LLM connectivity |
70
- | `ocr viewer` | Start WebUI session viewer |
71
- | `ocr version` | Show version info |
218
+ | Command | Alias | Description |
219
+ |---------|-------|-------------|
220
+ | `ocr review` | `ocr r` | Start a code review |
221
+ | `ocr rules check <file>` | | Preview which review rule applies to a file path |
222
+ | `ocr config set <key> <value>` | | Set configuration values |
223
+ | `ocr llm test` | | Test LLM connectivity |
224
+ | `ocr viewer` | `ocr v` | Launch WebUI session viewer on `localhost:5483` |
225
+ | `ocr version` | — | Show version info |
72
226
 
73
- ## Common Options
227
+ ### `ocr review` Flags
74
228
 
75
229
  | Flag | Shorthand | Default | Description |
76
230
  |------|-----------|---------|-------------|
77
- | `--repo` | | current dir | Git repository root |
78
- | `--from` | | | Source ref (e.g., `main`) |
79
- | `--to` | | | Target ref (e.g., `feature-branch`) |
80
- | `--commit` | `-c` | | Review a single commit |
231
+ | `--repo` | | current dir | Git repository root |
232
+ | `--from` | | | Source ref (e.g., `main`) |
233
+ | `--to` | | | Target ref (e.g., `feature-branch`) |
234
+ | `--commit` | `-c` | | Single commit to review |
235
+ | `--preview` | `-p` | `false` | Preview which files will be reviewed without running the LLM |
81
236
  | `--format` | `-f` | `text` | Output format: `text` or `json` |
82
- | `--concurrency` | | `4` | Max concurrent file reviews |
83
- | `--timeout` | | `10` | Per-file timeout (minutes) |
237
+ | `--concurrency` | | `8` | Max concurrent file reviews |
238
+ | `--timeout` | | `10` | Concurrent task timeout in minutes |
239
+ | `--audience` | — | `human` | `human` (show progress) or `agent` (summary only) |
240
+ | `--rule` | — | — | Path to custom JSON review rules |
241
+ | `--tools` | — | — | Path to custom JSON tools config |
242
+
243
+ ## Examples
244
+
245
+ ```bash
246
+ # Preview which files will be reviewed (no LLM calls)
247
+ ocr review --preview
248
+ ocr review -c abc123 -p
249
+
250
+ # Review workspace changes with default settings
251
+ ocr review
252
+
253
+ # Review branch diff with higher concurrency
254
+ ocr review --from main --to my-feature --concurrency 4
255
+
256
+ # Review a specific commit with verbose JSON output
257
+ ocr review --commit abc123 --format json --audience agent
258
+
259
+ # Use custom review rules
260
+ ocr review --rule /path/to/my-rules.json
261
+
262
+ # Preview which rule applies to a file
263
+ ocr rules check src/main/java/com/example/Foo.java
264
+ ocr rules check --rule custom.json src/main/resources/mapper/UserMapper.xml
265
+
266
+ # View review session history in browser
267
+ ocr viewer
268
+ ocr viewer --addr :3000
269
+ ```
270
+
271
+ ## Review Rules
272
+
273
+ OCR resolves review rules using a four-layer priority chain. Each layer uses first-match-wins: if a file path matches a pattern, that rule is used; otherwise it falls through to the next layer.
274
+
275
+ | Priority | Source | Path | Description |
276
+ |----------|--------|------|-------------|
277
+ | 1 (highest) | `--rule` flag | User-specified path | CLI explicit override |
278
+ | 2 | Project config | `<repoDir>/.opencodereview/rule.json` | Per-project rules, can be committed to git |
279
+ | 3 | Global config | `~/.opencodereview/rule.json` | User-wide personal preferences |
280
+ | 4 (lowest) | System default | Embedded `system_rules.json` | Built-in rules covering common languages and file types |
281
+
282
+ ### Rule File Format
283
+
284
+ Layers 1–3 share the same JSON format:
285
+
286
+ ```json
287
+ {
288
+ "rules": [
289
+ {
290
+ "path": "force-api/**/*.java",
291
+ "rule": "All new methods must validate required parameters for null values"
292
+ },
293
+ {
294
+ "path": "**/*mapper*.xml",
295
+ "rule": "Check SQL for injection risks, parameter errors, and missing closing tags"
296
+ }
297
+ ]
298
+ }
299
+ ```
300
+
301
+ - `path` supports `**` recursive matching and `{java,kt}` brace expansion.
302
+ - Within each layer, rules are evaluated in declaration order — the first match wins.
303
+ - If a rule file does not exist, it is silently skipped.
304
+
305
+ ## Configuration Reference
306
+
307
+ Config file: `~/.opencodereview/config.json`
308
+
309
+ | Key | Type | Example |
310
+ |-----|------|---------|
311
+ | `llm.url` | string | `https://api.openai.com/v1/chat/completions` |
312
+ | `llm.auth_token` | string | `sk-xxxxxxx` |
313
+ | `llm.model` | string | `claude-opus-4-6` |
314
+ | `llm.use_anthropic` | boolean | `true` \| `false` |
315
+ | `language` | string | `English` \| `Chinese` (default: Chinese) |
316
+ | `telemetry.enabled` | boolean | `true` \| `false` |
317
+ | `telemetry.exporter` | string | `console` \| `otlp` |
318
+ | `telemetry.otlp_endpoint` | string | OTLP collector address |
319
+ | `telemetry.content_logging` | boolean | Include prompts in telemetry |
320
+
321
+ Environment variables take precedence over the config file.
322
+
323
+ ### Environment Variables
324
+
325
+ | Variable | Purpose |
326
+ |----------|---------|
327
+ | `OCR_LLM_URL` | LLM API endpoint URL |
328
+ | `OCR_LLM_TOKEN` | API key / auth token |
329
+ | `OCR_LLM_MODEL` | Model name |
330
+ | `OCR_USE_ANTHROPIC` | `true` = Anthropic, `false` = OpenAI |
331
+
332
+
333
+ ## Telemetry
334
+
335
+ OpenTelemetry integration for observability (spans, metrics). Disabled by default.
336
+
337
+ ```bash
338
+ ocr config set telemetry.enabled true
339
+ ocr config set telemetry.exporter otlp
340
+ ocr config set telemetry.otlp_endpoint localhost:4317
341
+ ```
342
+
343
+ Set `telemetry.content_logging` to include LLM prompts and responses in exported data.
84
344
 
85
- ## Features
345
+ ## Contributing
86
346
 
87
- - **Three review modes**: workspace changes, branch range, single commit
88
- - **Context-aware**: Agent reads arbitrary files, searches code via `git grep`, inspects diffs
89
- - **Plan phase**: Large changes (>50 lines) get risk analysis first
90
- - **Any LLM**: Works with OpenAI, Claude-compatible endpoints, local models
91
- - **Concurrent**: Files reviewed in parallel (configurable workers)
347
+ See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, coding guidelines, and how to submit pull requests.
92
348
 
93
349
  ## License
94
350
 
95
- Apache-2.0
351
+ [Apache-2.0](LICENSE) — Copyright 2026 Alibaba
package/README.zh-CN.md CHANGED
@@ -192,6 +192,27 @@ curl -o ~/.claude/commands/open-code-review.md \
192
192
 
193
193
  > **前置条件**:所有集成方式都需要安装 `ocr` CLI 并配置 LLM。参见上方[安装](#安装)和[配置 LLM](#1-配置-llm)。
194
194
 
195
+ ### CI/CD 集成
196
+
197
+ OCR 可以集成到 CI/CD 流水线中,在 Merge Request / Pull Request 时自动进行代码审查。
198
+
199
+ CI 集成的核心命令:
200
+
201
+ ```bash
202
+ ocr review \
203
+ --from "origin/main" \
204
+ --to "origin/feature-branch" \
205
+ --format json \
206
+ --audience agent
207
+ ```
208
+
209
+ `--format json` 和 `--audience agent` 参数输出适合 CI 脚本解析的机器可读结果。
210
+
211
+ 集成示例请参见 [`examples/`](./examples/) 目录:
212
+
213
+ - [`github_actions/`](./examples/github_actions/) — GitHub Actions 集成示例
214
+ - [`gitlab_ci/`](./examples/gitlab_ci/) — GitLab CI 集成示例
215
+
195
216
  ## 命令
196
217
 
197
218
  | 命令 | 别名 | 描述 |
@@ -0,0 +1,10 @@
1
+ # CI/CD Integration Examples
2
+
3
+ This directory contains examples for integrating OpenCodeReview (OCR) into various CI/CD pipelines.
4
+
5
+ ## Contents
6
+
7
+ - **[github_actions/](./github_actions/)** - GitHub Actions integration example
8
+ - **[gitlab_ci/](./gitlab_ci/)** - GitLab CI integration example
9
+
10
+ Each subdirectory contains its own README with detailed setup instructions.
@@ -0,0 +1,223 @@
1
+ # OpenCodeReview - GitHub Actions Demo
2
+
3
+ This demo shows how to integrate OpenCodeReview into your GitHub Actions workflow to automatically review Pull Requests and post review comments.
4
+
5
+ ## How It Works
6
+
7
+ ```
8
+ PR Created/Updated → GitHub Actions Triggered → OCR Reviews Diff → Comments Posted on PR
9
+ OR
10
+ Comment with trigger keyword ↗
11
+ ```
12
+
13
+ 1. When a PR is opened, synchronized, or reopened, the workflow triggers
14
+ 2. Alternatively, when a comment containing `/open-code-review` or `@open-code-review` is posted on a PR, the workflow triggers
15
+ 3. It installs OCR via `npm install -g @alibaba-group/open-code-review`
16
+ 4. Runs `ocr review --from origin/<base> --to origin/<head> --format json` to analyze the diff
17
+ 5. Parses the JSON output and posts inline review comments on the PR using GitHub's Pull Request Review API
18
+
19
+ ## Setup
20
+
21
+ ### 1. Copy the workflow file
22
+
23
+ Copy `ocr-review.yml` to your repository's `.github/workflows/` directory:
24
+
25
+ ```bash
26
+ mkdir -p .github/workflows
27
+ cp ocr-review.yml .github/workflows/ocr-review.yml
28
+ ```
29
+
30
+ ### 2. Configure secrets
31
+
32
+ Go to your repository's **Settings → Secrets and variables → Actions** and add:
33
+
34
+ | Secret | Required | Description |
35
+ |--------|----------|-------------|
36
+ | `OCR_LLM_URL` | Yes | LLM API endpoint URL (e.g., `https://api.openai.com/v1/chat/completions`) |
37
+ | `OCR_LLM_AUTH_TOKEN` | Yes | API authentication token |
38
+ | `OCR_LLM_MODEL` | No | Model name (defaults to `gpt-4o`) |
39
+ | `OCR_LLM_USE_ANTHROPIC` | No | Set to `true` if using Anthropic Claude models |
40
+
41
+ > **Note:** `GITHUB_TOKEN` is automatically provided by GitHub Actions with the required `pull-requests: write` permission.
42
+ >
43
+ > The workflow also configures `llm.extra_body` to disable thinking mode for compatibility with various LLM providers.
44
+
45
+ ## Customization
46
+
47
+ ### Change the trigger events
48
+
49
+ Modify the `on.pull_request.types` array in the workflow file:
50
+
51
+ ```yaml
52
+ on:
53
+ pull_request:
54
+ types: [opened, synchronize, reopened, ready_for_review]
55
+ ```
56
+
57
+ ### Customize comment trigger keywords
58
+
59
+ By default, the workflow triggers when a PR comment starts with `/open-code-review` or `@open-code-review`. You can customize these keywords by modifying the `if` condition in the workflow:
60
+
61
+ ```yaml
62
+ if: |
63
+ github.event_name == 'pull_request' ||
64
+ (github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/review')) ||
65
+ (github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '@mybot'))
66
+ ```
67
+
68
+ Or use a more flexible pattern with `contains` to trigger on any comment containing the keyword:
69
+
70
+ ```yaml
71
+ if: |
72
+ github.event_name == 'pull_request' ||
73
+ (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/review'))
74
+ ```
75
+
76
+ > **Note:** The condition `github.event.issue.pull_request` ensures the comment is on a PR, not a regular issue.
77
+
78
+ ### Use a specific OCR version
79
+
80
+ ```yaml
81
+ - name: Install OpenCodeReview
82
+ run: npm install -g @alibaba-group/open-code-review@1.0.0
83
+ ```
84
+
85
+ ### Add custom review rules
86
+
87
+ Use the `--rule` flag to pass a custom rules JSON file:
88
+
89
+ ```yaml
90
+ - name: Run OCR review
91
+ run: ocr review --rule ./my-rules.json --from origin/${{ github.base_ref }} --to origin/${{ github.head_ref }}
92
+ ```
93
+
94
+ ### Limit concurrency
95
+
96
+ Adjust the `--concurrency` flag for large PRs to control the number of concurrent LLM requests:
97
+
98
+ ```yaml
99
+ - name: Run OCR review
100
+ run: ocr review --concurrency 5 --from origin/${{ github.base_ref }} --to origin/${{ github.head_ref }}
101
+ ```
102
+
103
+ ### Provide background context
104
+
105
+ Use the `--background` flag to pass additional context that helps OCR better understand the purpose of the changes:
106
+
107
+ ```yaml
108
+ - name: Run OCR review
109
+ run: ocr review --background "${{ github.event.pull_request.title }}" --from origin/${{ github.base_ref }} --to origin/${{ github.head_ref }}
110
+ ```
111
+
112
+ This is particularly useful when your PR titles follow semantic conventions (e.g., `feat(auth): add OAuth2 support`) that clearly summarize what the PR implements. The background information helps OCR provide more relevant and context-aware review comments.
113
+
114
+ ### Customize the review comment author with GitHub App
115
+
116
+ By default, review comments are posted using the built-in `GITHUB_TOKEN`, which appears as `github-actions[bot]`. You can customize this by creating a GitHub App and using its credentials instead.
117
+
118
+ For more details about GitHub Apps, see the [GitHub Apps documentation](https://docs.github.com/en/apps).
119
+
120
+ #### Step 1: Create a GitHub App
121
+
122
+ 1. Go to your organization or personal account **Settings → Developer settings → GitHub Apps → New GitHub App**
123
+ 2. Fill in the following:
124
+ - **GitHub App name**: e.g., `OpenCodeReview Bot`
125
+ - **Homepage URL**: Your repository or documentation URL
126
+ - **Webhook**: Uncheck "Active" (not needed for this use case)
127
+ 3. Under **Repository permissions**, set:
128
+ - **Pull requests**: Read and write
129
+ - **Contents**: Read-only (for fetching diffs)
130
+ - **Metadata**: Read-only (required)
131
+ 4. Click **Create GitHub App**
132
+
133
+ #### Step 2: Generate a Private Key
134
+
135
+ 1. After creating the app, scroll down to **Private keys**
136
+ 2. Click **Generate a private key**
137
+ 3. Download and save the `.pem` file securely
138
+
139
+ Note your App ID from the app settings page.
140
+
141
+ #### Step 3: Install the App
142
+
143
+ 1. In the left sidebar, click **Install App**
144
+ 2. Select the repositories where you want to use OCR
145
+ 3. After installation, note the **Installation ID** from the URL (e.g., `https://github.com/settings/installations/12345` → Installation ID is `12345`)
146
+
147
+ #### Step 4: Configure Repository Secrets
148
+
149
+ Add the following secrets to your repository (**Settings → Secrets and variables → Actions**):
150
+
151
+ | Secret | Description |
152
+ |--------|-------------|
153
+ | `GITHUB_APP_ID` | Your GitHub App's ID |
154
+ | `GITHUB_APP_PRIVATE_KEY` | Contents of the `.pem` file (including `-----BEGIN RSA PRIVATE KEY-----` and `-----END RSA PRIVATE KEY-----`) |
155
+ | `GITHUB_APP_INSTALLATION_ID` | The Installation ID from Step 3 |
156
+
157
+ #### Step 5: Update the Workflow
158
+
159
+ Add a step to obtain a token from the GitHub App, then use it in the "Post review comments to PR" step:
160
+
161
+ ```yaml
162
+ - name: Get GitHub App Token
163
+ id: app-token
164
+ uses: actions/create-github-app-token@v1
165
+ with:
166
+ app-id: ${{ secrets.GITHUB_APP_ID }}
167
+ private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
168
+
169
+ - name: Post review comments to PR
170
+ uses: actions/github-script@v7
171
+ with:
172
+ github-token: ${{ steps.app-token.outputs.token }}
173
+ script: |
174
+ # ... existing script
175
+ ```
176
+
177
+ Now review comments will be posted with your custom GitHub App identity (e.g., `OpenCodeReview Bot`), providing a more professional and distinguishable appearance in your PRs.
178
+
179
+ ## Example Output
180
+
181
+ When a PR is reviewed, comments appear directly in the PR's "Files changed" tab:
182
+
183
+ - ✅ If no issues found: A comment saying "No comments generated. Looks good to me."
184
+ - 🔍 If issues found: Inline review comments with suggestions using GitHub's native suggestion syntax
185
+
186
+ ### Inline Comment Example
187
+
188
+ The workflow uses GitHub's `suggestion` code block syntax, so reviewers can apply fixes with one click:
189
+
190
+ ````markdown
191
+ **Suggestion:**
192
+ ```suggestion
193
+ // Fixed code here
194
+ ```
195
+ ````
196
+
197
+ ## Supported LLM Providers
198
+
199
+ OCR supports both OpenAI and Anthropic API formats:
200
+
201
+ - **OpenAI-compatible APIs** (default):
202
+ - OpenAI (GPT-4o, GPT-4, etc.)
203
+ - Azure OpenAI
204
+ - Self-hosted models (vLLM, Ollama, etc.)
205
+ - **Anthropic APIs** (set `OCR_LLM_USE_ANTHROPIC: true`):
206
+ - Anthropic Claude models
207
+
208
+ ## Troubleshooting
209
+
210
+ ### Common Issues
211
+
212
+ 1. **"Failed to parse OCR output"**: Check that `OCR_LLM_URL` and `OCR_LLM_AUTH_TOKEN` secrets are correctly set
213
+ 2. **"Cannot find merge-base"**: Ensure `fetch-depth: 0` is set in the checkout step
214
+ 3. **Review comments not appearing on correct lines**: This can happen when the diff has changed since the review started; the workflow handles this gracefully with a fallback to issue comments
215
+
216
+ ### Debugging
217
+
218
+ Enable debug logging by adding to the OCR review step:
219
+
220
+ ```yaml
221
+ env:
222
+ OCR_DEBUG: "1"
223
+ ```