@alibaba-group/open-code-review 1.1.8 → 1.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CONTRIBUTING.md +0 -1
- package/CONTRIBUTING.zh-CN.md +0 -1
- package/README.md +301 -45
- package/README.zh-CN.md +21 -0
- package/examples/README.md +10 -0
- package/examples/github_actions/README.md +223 -0
- package/examples/github_actions/ocr-review.yml +321 -0
- package/examples/gitlab_ci/.gitlab-ci.yml +225 -0
- package/examples/gitlab_ci/README.md +268 -0
- package/package.json +2 -4
- package/NPM-README.md +0 -95
package/CONTRIBUTING.md
CHANGED
|
@@ -151,7 +151,6 @@ Documentation is a crucial part of OpenCodeReview. We welcome improvements to RE
|
|
|
151
151
|
| `README.zh-CN.md` | Chinese translation |
|
|
152
152
|
| `CONTRIBUTING.md` | Contribution guide (English) |
|
|
153
153
|
| `CONTRIBUTING.zh-CN.md` | Contribution guide (Chinese) |
|
|
154
|
-
| `NPM-README.md` | Description shown on npm registry |
|
|
155
154
|
|
|
156
155
|
## Submitting Changes
|
|
157
156
|
|
package/CONTRIBUTING.zh-CN.md
CHANGED
package/README.md
CHANGED
|
@@ -1,8 +1,67 @@
|
|
|
1
|
-
|
|
1
|
+
<p align="center">
|
|
2
|
+
<a href="https://alibaba.github.io/open-code-review/">
|
|
3
|
+
<img src="imgs/logo.svg" alt="OpenCodeReview logo" width="240" height="240">
|
|
4
|
+
</a>
|
|
5
|
+
</p>
|
|
6
|
+
<p align="center">The open source AI code review agent.</p>
|
|
7
|
+
<p align="center">
|
|
8
|
+
<a href="https://www.npmjs.com/package/@alibaba-group/open-code-review"><img alt="npm" src="https://img.shields.io/npm/v/@alibaba-group/open-code-review?style=flat-square" /></a>
|
|
9
|
+
<a href="https://github.com/alibaba/open-code-review/actions/workflows/release.yml"><img alt="Build status" src="https://img.shields.io/github/actions/workflow/status/alibaba/open-code-review/release.yml?style=flat-square" /></a>
|
|
10
|
+
<a href="https://github.com/alibaba/open-code-review/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/github/license/alibaba/open-code-review?style=flat-square" /></a>
|
|
11
|
+
</p>
|
|
12
|
+
<p align="center">
|
|
13
|
+
English | <a href="README.zh-CN.md">简体中文</a>
|
|
14
|
+
</p>
|
|
2
15
|
|
|
3
|
-
|
|
16
|
+
---
|
|
4
17
|
|
|
5
|
-
##
|
|
18
|
+
## What is Open Code Review?
|
|
19
|
+
|
|
20
|
+
Open Code Review is an AI-powered code review CLI tool. It originated as Alibaba Group's internal official AI code review assistant — over the past two years, it has served tens of thousands of developers and identified millions of code defects. After thorough validation at massive scale, we incubated it into an open source project for the community. Simply configure a model endpoint to get started.
|
|
21
|
+
|
|
22
|
+
It reads Git diffs, sends changed files to a configurable LLM via an agent with tool-use capabilities, and generates structured review comments with line-level precision. The agent can read full file contents, search the codebase, inspect other changed files for context, and produce deep reviews — not just surface-level diff feedback.
|
|
23
|
+
|
|
24
|
+

|
|
25
|
+
|
|
26
|
+
## Why Open Code Review?
|
|
27
|
+
|
|
28
|
+
### The Problem with General-Purpose Agents
|
|
29
|
+
|
|
30
|
+
If you've used general-purpose agents like Claude Code with Skills for code review, you've likely encountered these pain points:
|
|
31
|
+
|
|
32
|
+
- **Incomplete coverage** — On larger changesets, agents tend to "cut corners," selectively reviewing only some files and missing others.
|
|
33
|
+
- **Position drift** — Reported issues frequently don't match the actual code location, with line numbers or file references drifting off target.
|
|
34
|
+
- **Unstable quality** — Natural-language-driven Skills are hard to debug, and review quality fluctuates significantly with minor prompt variations.
|
|
35
|
+
|
|
36
|
+
The root cause: a purely language-driven architecture lacks hard constraints on the review process.
|
|
37
|
+
|
|
38
|
+
### Core Design: Deterministic Engineering × Agent Hybrid
|
|
39
|
+
|
|
40
|
+
Open Code Review's core philosophy is to combine deterministic engineering with an agent, each handling what it does best.
|
|
41
|
+
|
|
42
|
+
**Deterministic Engineering — Hard Constraints**
|
|
43
|
+
|
|
44
|
+
For review steps that *must not go wrong*, engineering logic — not the language model — guarantees correctness:
|
|
45
|
+
|
|
46
|
+
- **Precise file selection** — Determines exactly which files need review and which should be filtered, ensuring no important change is missed.
|
|
47
|
+
- **Smart file bundling** — Groups related files into a single review unit (e.g., `message_en.properties` and `message_zh.properties` are bundled together). Each bundle runs as a sub-agent with isolated context — a divide-and-conquer strategy that stays stable on very large changesets and naturally supports concurrent review.
|
|
48
|
+
- **Fine-grained rule matching** — Matches review rules to each file's characteristics, keeping the model's attention sharply focused and eliminating information noise at the source. Compared to purely language-driven rule guidance, template-engine-based rule matching is more stable and predictable.
|
|
49
|
+
- **External positioning and reflection modules** — Independent comment-positioning and comment-reflection modules systematically improve both the location accuracy and content accuracy of AI feedback.
|
|
50
|
+
|
|
51
|
+
**Agent — Dynamic Decision-Making**
|
|
52
|
+
|
|
53
|
+
The agent's strengths are concentrated where they matter most — dynamic decisions and dynamic context retrieval:
|
|
54
|
+
|
|
55
|
+
- **Scenario-tuned prompts** — Prompt templates deeply optimized for code review, improving effectiveness while reducing token consumption.
|
|
56
|
+
- **Scenario-tuned toolset** — Distilled from deep analysis of tool-call traces in large-scale production data — including call frequency distributions, per-tool repetition rates, and the impact of new tools on the overall call chain — resulting in a purpose-built toolset that is more stable and predictable for code review than a generic agent toolkit.
|
|
57
|
+
|
|
58
|
+
## How to Use
|
|
59
|
+
|
|
60
|
+
### CLI
|
|
61
|
+
|
|
62
|
+
#### Install
|
|
63
|
+
|
|
64
|
+
**Via NPM (Recommended)**
|
|
6
65
|
|
|
7
66
|
```bash
|
|
8
67
|
npm install -g @alibaba-group/open-code-review
|
|
@@ -10,86 +69,283 @@ npm install -g @alibaba-group/open-code-review
|
|
|
10
69
|
|
|
11
70
|
After installation, the `ocr` command is available globally.
|
|
12
71
|
|
|
13
|
-
|
|
72
|
+
**From GitHub Release**
|
|
73
|
+
|
|
74
|
+
Download the latest binary from [GitHub Releases](https://github.com/alibaba/open-code-review/releases):
|
|
14
75
|
|
|
15
76
|
```bash
|
|
16
|
-
#
|
|
17
|
-
|
|
18
|
-
|
|
77
|
+
# macOS (Apple Silicon)
|
|
78
|
+
curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-arm64
|
|
79
|
+
chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
|
|
19
80
|
|
|
20
|
-
|
|
81
|
+
# macOS (Intel)
|
|
82
|
+
curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-darwin-amd64
|
|
83
|
+
chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
|
|
84
|
+
|
|
85
|
+
# Linux (x86_64)
|
|
86
|
+
curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-amd64
|
|
87
|
+
chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
|
|
88
|
+
|
|
89
|
+
# Linux (ARM64)
|
|
90
|
+
curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/download/opencodereview-linux-arm64
|
|
91
|
+
chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
|
|
92
|
+
```
|
|
21
93
|
|
|
22
|
-
**
|
|
94
|
+
**From Source**
|
|
23
95
|
|
|
24
96
|
```bash
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
&& ocr config set language Chinese
|
|
97
|
+
git clone https://github.com/alibaba/open-code-review.git
|
|
98
|
+
cd open-code-review
|
|
99
|
+
make build
|
|
100
|
+
sudo cp dist/opencodereview /usr/local/bin/ocr
|
|
30
101
|
```
|
|
31
102
|
|
|
32
|
-
|
|
103
|
+
#### Quick Start
|
|
104
|
+
|
|
105
|
+
**1. Configure LLM**
|
|
33
106
|
|
|
34
|
-
|
|
107
|
+
**You must configure an LLM before reviewing code.**
|
|
35
108
|
|
|
36
109
|
```bash
|
|
110
|
+
# Option A: Interactive config
|
|
111
|
+
ocr config set llm.url https://api.anthropic.com/v1/messages
|
|
112
|
+
ocr config set llm.auth_token your-api-key-here
|
|
113
|
+
ocr config set llm.model claude-opus-4-6
|
|
114
|
+
ocr config set llm.use_anthropic true
|
|
115
|
+
|
|
116
|
+
# Option B: Environment variables (highest priority)
|
|
37
117
|
export OCR_LLM_URL=https://api.anthropic.com/v1/messages
|
|
38
|
-
export OCR_LLM_TOKEN=your-api-key
|
|
118
|
+
export OCR_LLM_TOKEN=your-api-key-here
|
|
39
119
|
export OCR_LLM_MODEL=claude-opus-4-6
|
|
120
|
+
export OCR_USE_ANTHROPIC=true
|
|
40
121
|
```
|
|
41
122
|
|
|
42
|
-
|
|
123
|
+
Config is stored in `~/.opencodereview/config.json`.
|
|
124
|
+
|
|
125
|
+
It is also compatible with Claude Code environment variables (`ANTHROPIC_BASE_URL`, `ANTHROPIC_AUTH_TOKEN`, `ANTHROPIC_MODEL`) and parses `~/.zshrc` / `~/.bashrc` for those exports.
|
|
126
|
+
|
|
127
|
+
**2. Test Connectivity**
|
|
43
128
|
|
|
44
129
|
```bash
|
|
45
130
|
ocr llm test
|
|
46
131
|
```
|
|
47
132
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
Navigate to any Git repository and run:
|
|
133
|
+
**3. Review**
|
|
51
134
|
|
|
52
135
|
```bash
|
|
53
|
-
|
|
136
|
+
cd your-project
|
|
137
|
+
|
|
138
|
+
# Workspace mode — review all staged, unstaged, and untracked changes
|
|
54
139
|
ocr review
|
|
55
140
|
|
|
56
|
-
#
|
|
141
|
+
# Branch range — compare two refs
|
|
57
142
|
ocr review --from main --to feature-branch
|
|
58
143
|
|
|
59
|
-
#
|
|
144
|
+
# Single commit
|
|
60
145
|
ocr review --commit abc123
|
|
61
146
|
```
|
|
62
147
|
|
|
148
|
+
### Integrate with Coding Agents
|
|
149
|
+
|
|
150
|
+
OCR can be seamlessly integrated into AI coding agents as a slash command, enabling code review directly within your agent workflow.
|
|
151
|
+
|
|
152
|
+
#### Option 1: Install as a Skill
|
|
153
|
+
|
|
154
|
+
Use `npx` to install the OCR skill into your project:
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
npx skills add alibaba/open-code-review --skill open-code-review
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
This installs the `open-code-review` skill from the [skills registry](skills/open-code-review/SKILL.md), which teaches your coding agent how to invoke `ocr` for code review, classify issues by priority, and optionally apply fixes.
|
|
161
|
+
|
|
162
|
+
#### Option 2: Install as a Claude Code Plugin
|
|
163
|
+
|
|
164
|
+
For [Claude Code](https://docs.anthropic.com/en/docs/claude-code), install the command plugin through the following command in Claude Code:
|
|
165
|
+
|
|
166
|
+
```bash
|
|
167
|
+
/plugin marketplace add alibaba/open-code-review
|
|
168
|
+
/plugin install open-code-review@open-code-review
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
This registers the `/open-code-review:review` slash command, which runs OCR and automatically filters and fixes issues.
|
|
172
|
+
|
|
173
|
+
#### Option 3: Copy the Command File Directly
|
|
174
|
+
|
|
175
|
+
For a quick setup without any package manager, simply copy the command file to use the `/open-code-review` slash command in Claude Code.
|
|
176
|
+
|
|
177
|
+
**Project-level** (shared with team via git):
|
|
178
|
+
|
|
179
|
+
```bash
|
|
180
|
+
mkdir -p .claude/commands
|
|
181
|
+
curl -o .claude/commands/open-code-review.md \
|
|
182
|
+
https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
|
|
183
|
+
```
|
|
184
|
+
|
|
185
|
+
**User-level** (personal global use across all projects):
|
|
186
|
+
|
|
187
|
+
```bash
|
|
188
|
+
mkdir -p ~/.claude/commands
|
|
189
|
+
curl -o ~/.claude/commands/open-code-review.md \
|
|
190
|
+
https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
> **Prerequisite**: All integration methods require the `ocr` CLI to be installed and an LLM configured. See [Install](#install) and [Configure LLM](#1-configure-llm) above.
|
|
194
|
+
|
|
195
|
+
### CI/CD Integration
|
|
196
|
+
|
|
197
|
+
OCR can be integrated into CI/CD pipelines to automate code review on Merge Requests / Pull Requests.
|
|
198
|
+
|
|
199
|
+
The core command for CI integration:
|
|
200
|
+
|
|
201
|
+
```bash
|
|
202
|
+
ocr review \
|
|
203
|
+
--from "origin/main" \
|
|
204
|
+
--to "origin/feature-branch" \
|
|
205
|
+
--format json \
|
|
206
|
+
--audience agent
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
The `--format json` and `--audience agent` flags output machine-readable results suitable for parsing in CI scripts.
|
|
210
|
+
|
|
211
|
+
See the [`examples/`](./examples/) directory for integration examples:
|
|
212
|
+
|
|
213
|
+
- [`github_actions/`](./examples/github_actions/) — GitHub Actions integration example
|
|
214
|
+
- [`gitlab_ci/`](./examples/gitlab_ci/) — GitLab CI integration example
|
|
215
|
+
|
|
63
216
|
## Commands
|
|
64
217
|
|
|
65
|
-
| Command | Description |
|
|
66
|
-
|
|
67
|
-
| `ocr review`
|
|
68
|
-
| `ocr
|
|
69
|
-
| `ocr
|
|
70
|
-
| `ocr
|
|
71
|
-
| `ocr
|
|
218
|
+
| Command | Alias | Description |
|
|
219
|
+
|---------|-------|-------------|
|
|
220
|
+
| `ocr review` | `ocr r` | Start a code review |
|
|
221
|
+
| `ocr rules check <file>` | — | Preview which review rule applies to a file path |
|
|
222
|
+
| `ocr config set <key> <value>` | — | Set configuration values |
|
|
223
|
+
| `ocr llm test` | — | Test LLM connectivity |
|
|
224
|
+
| `ocr viewer` | `ocr v` | Launch WebUI session viewer on `localhost:5483` |
|
|
225
|
+
| `ocr version` | — | Show version info |
|
|
72
226
|
|
|
73
|
-
|
|
227
|
+
### `ocr review` Flags
|
|
74
228
|
|
|
75
229
|
| Flag | Shorthand | Default | Description |
|
|
76
230
|
|------|-----------|---------|-------------|
|
|
77
|
-
| `--repo` | | current dir | Git repository root |
|
|
78
|
-
| `--from` | | | Source ref (e.g., `main`) |
|
|
79
|
-
| `--to` | | | Target ref (e.g., `feature-branch`) |
|
|
80
|
-
| `--commit` | `-c` | |
|
|
231
|
+
| `--repo` | — | current dir | Git repository root |
|
|
232
|
+
| `--from` | — | — | Source ref (e.g., `main`) |
|
|
233
|
+
| `--to` | — | — | Target ref (e.g., `feature-branch`) |
|
|
234
|
+
| `--commit` | `-c` | — | Single commit to review |
|
|
235
|
+
| `--preview` | `-p` | `false` | Preview which files will be reviewed without running the LLM |
|
|
81
236
|
| `--format` | `-f` | `text` | Output format: `text` or `json` |
|
|
82
|
-
| `--concurrency` | | `
|
|
83
|
-
| `--timeout` | | `10` |
|
|
237
|
+
| `--concurrency` | — | `8` | Max concurrent file reviews |
|
|
238
|
+
| `--timeout` | — | `10` | Concurrent task timeout in minutes |
|
|
239
|
+
| `--audience` | — | `human` | `human` (show progress) or `agent` (summary only) |
|
|
240
|
+
| `--rule` | — | — | Path to custom JSON review rules |
|
|
241
|
+
| `--tools` | — | — | Path to custom JSON tools config |
|
|
242
|
+
|
|
243
|
+
## Examples
|
|
244
|
+
|
|
245
|
+
```bash
|
|
246
|
+
# Preview which files will be reviewed (no LLM calls)
|
|
247
|
+
ocr review --preview
|
|
248
|
+
ocr review -c abc123 -p
|
|
249
|
+
|
|
250
|
+
# Review workspace changes with default settings
|
|
251
|
+
ocr review
|
|
252
|
+
|
|
253
|
+
# Review branch diff with higher concurrency
|
|
254
|
+
ocr review --from main --to my-feature --concurrency 4
|
|
255
|
+
|
|
256
|
+
# Review a specific commit with verbose JSON output
|
|
257
|
+
ocr review --commit abc123 --format json --audience agent
|
|
258
|
+
|
|
259
|
+
# Use custom review rules
|
|
260
|
+
ocr review --rule /path/to/my-rules.json
|
|
261
|
+
|
|
262
|
+
# Preview which rule applies to a file
|
|
263
|
+
ocr rules check src/main/java/com/example/Foo.java
|
|
264
|
+
ocr rules check --rule custom.json src/main/resources/mapper/UserMapper.xml
|
|
265
|
+
|
|
266
|
+
# View review session history in browser
|
|
267
|
+
ocr viewer
|
|
268
|
+
ocr viewer --addr :3000
|
|
269
|
+
```
|
|
270
|
+
|
|
271
|
+
## Review Rules
|
|
272
|
+
|
|
273
|
+
OCR resolves review rules using a four-layer priority chain. Each layer uses first-match-wins: if a file path matches a pattern, that rule is used; otherwise it falls through to the next layer.
|
|
274
|
+
|
|
275
|
+
| Priority | Source | Path | Description |
|
|
276
|
+
|----------|--------|------|-------------|
|
|
277
|
+
| 1 (highest) | `--rule` flag | User-specified path | CLI explicit override |
|
|
278
|
+
| 2 | Project config | `<repoDir>/.opencodereview/rule.json` | Per-project rules, can be committed to git |
|
|
279
|
+
| 3 | Global config | `~/.opencodereview/rule.json` | User-wide personal preferences |
|
|
280
|
+
| 4 (lowest) | System default | Embedded `system_rules.json` | Built-in rules covering common languages and file types |
|
|
281
|
+
|
|
282
|
+
### Rule File Format
|
|
283
|
+
|
|
284
|
+
Layers 1–3 share the same JSON format:
|
|
285
|
+
|
|
286
|
+
```json
|
|
287
|
+
{
|
|
288
|
+
"rules": [
|
|
289
|
+
{
|
|
290
|
+
"path": "force-api/**/*.java",
|
|
291
|
+
"rule": "All new methods must validate required parameters for null values"
|
|
292
|
+
},
|
|
293
|
+
{
|
|
294
|
+
"path": "**/*mapper*.xml",
|
|
295
|
+
"rule": "Check SQL for injection risks, parameter errors, and missing closing tags"
|
|
296
|
+
}
|
|
297
|
+
]
|
|
298
|
+
}
|
|
299
|
+
```
|
|
300
|
+
|
|
301
|
+
- `path` supports `**` recursive matching and `{java,kt}` brace expansion.
|
|
302
|
+
- Within each layer, rules are evaluated in declaration order — the first match wins.
|
|
303
|
+
- If a rule file does not exist, it is silently skipped.
|
|
304
|
+
|
|
305
|
+
## Configuration Reference
|
|
306
|
+
|
|
307
|
+
Config file: `~/.opencodereview/config.json`
|
|
308
|
+
|
|
309
|
+
| Key | Type | Example |
|
|
310
|
+
|-----|------|---------|
|
|
311
|
+
| `llm.url` | string | `https://api.openai.com/v1/chat/completions` |
|
|
312
|
+
| `llm.auth_token` | string | `sk-xxxxxxx` |
|
|
313
|
+
| `llm.model` | string | `claude-opus-4-6` |
|
|
314
|
+
| `llm.use_anthropic` | boolean | `true` \| `false` |
|
|
315
|
+
| `language` | string | `English` \| `Chinese` (default: Chinese) |
|
|
316
|
+
| `telemetry.enabled` | boolean | `true` \| `false` |
|
|
317
|
+
| `telemetry.exporter` | string | `console` \| `otlp` |
|
|
318
|
+
| `telemetry.otlp_endpoint` | string | OTLP collector address |
|
|
319
|
+
| `telemetry.content_logging` | boolean | Include prompts in telemetry |
|
|
320
|
+
|
|
321
|
+
Environment variables take precedence over the config file.
|
|
322
|
+
|
|
323
|
+
### Environment Variables
|
|
324
|
+
|
|
325
|
+
| Variable | Purpose |
|
|
326
|
+
|----------|---------|
|
|
327
|
+
| `OCR_LLM_URL` | LLM API endpoint URL |
|
|
328
|
+
| `OCR_LLM_TOKEN` | API key / auth token |
|
|
329
|
+
| `OCR_LLM_MODEL` | Model name |
|
|
330
|
+
| `OCR_USE_ANTHROPIC` | `true` = Anthropic, `false` = OpenAI |
|
|
331
|
+
|
|
332
|
+
|
|
333
|
+
## Telemetry
|
|
334
|
+
|
|
335
|
+
OpenTelemetry integration for observability (spans, metrics). Disabled by default.
|
|
336
|
+
|
|
337
|
+
```bash
|
|
338
|
+
ocr config set telemetry.enabled true
|
|
339
|
+
ocr config set telemetry.exporter otlp
|
|
340
|
+
ocr config set telemetry.otlp_endpoint localhost:4317
|
|
341
|
+
```
|
|
342
|
+
|
|
343
|
+
Set `telemetry.content_logging` to include LLM prompts and responses in exported data.
|
|
84
344
|
|
|
85
|
-
##
|
|
345
|
+
## Contributing
|
|
86
346
|
|
|
87
|
-
|
|
88
|
-
- **Context-aware**: Agent reads arbitrary files, searches code via `git grep`, inspects diffs
|
|
89
|
-
- **Plan phase**: Large changes (>50 lines) get risk analysis first
|
|
90
|
-
- **Any LLM**: Works with OpenAI, Claude-compatible endpoints, local models
|
|
91
|
-
- **Concurrent**: Files reviewed in parallel (configurable workers)
|
|
347
|
+
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, coding guidelines, and how to submit pull requests.
|
|
92
348
|
|
|
93
349
|
## License
|
|
94
350
|
|
|
95
|
-
Apache-2.0
|
|
351
|
+
[Apache-2.0](LICENSE) — Copyright 2026 Alibaba
|
package/README.zh-CN.md
CHANGED
|
@@ -192,6 +192,27 @@ curl -o ~/.claude/commands/open-code-review.md \
|
|
|
192
192
|
|
|
193
193
|
> **前置条件**:所有集成方式都需要安装 `ocr` CLI 并配置 LLM。参见上方[安装](#安装)和[配置 LLM](#1-配置-llm)。
|
|
194
194
|
|
|
195
|
+
### CI/CD 集成
|
|
196
|
+
|
|
197
|
+
OCR 可以集成到 CI/CD 流水线中,在 Merge Request / Pull Request 时自动进行代码审查。
|
|
198
|
+
|
|
199
|
+
CI 集成的核心命令:
|
|
200
|
+
|
|
201
|
+
```bash
|
|
202
|
+
ocr review \
|
|
203
|
+
--from "origin/main" \
|
|
204
|
+
--to "origin/feature-branch" \
|
|
205
|
+
--format json \
|
|
206
|
+
--audience agent
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
`--format json` 和 `--audience agent` 参数输出适合 CI 脚本解析的机器可读结果。
|
|
210
|
+
|
|
211
|
+
集成示例请参见 [`examples/`](./examples/) 目录:
|
|
212
|
+
|
|
213
|
+
- [`github_actions/`](./examples/github_actions/) — GitHub Actions 集成示例
|
|
214
|
+
- [`gitlab_ci/`](./examples/gitlab_ci/) — GitLab CI 集成示例
|
|
215
|
+
|
|
195
216
|
## 命令
|
|
196
217
|
|
|
197
218
|
| 命令 | 别名 | 描述 |
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# CI/CD Integration Examples
|
|
2
|
+
|
|
3
|
+
This directory contains examples for integrating OpenCodeReview (OCR) into various CI/CD pipelines.
|
|
4
|
+
|
|
5
|
+
## Contents
|
|
6
|
+
|
|
7
|
+
- **[github_actions/](./github_actions/)** - GitHub Actions integration example
|
|
8
|
+
- **[gitlab_ci/](./gitlab_ci/)** - GitLab CI integration example
|
|
9
|
+
|
|
10
|
+
Each subdirectory contains its own README with detailed setup instructions.
|
|
@@ -0,0 +1,223 @@
|
|
|
1
|
+
# OpenCodeReview - GitHub Actions Demo
|
|
2
|
+
|
|
3
|
+
This demo shows how to integrate OpenCodeReview into your GitHub Actions workflow to automatically review Pull Requests and post review comments.
|
|
4
|
+
|
|
5
|
+
## How It Works
|
|
6
|
+
|
|
7
|
+
```
|
|
8
|
+
PR Created/Updated → GitHub Actions Triggered → OCR Reviews Diff → Comments Posted on PR
|
|
9
|
+
OR
|
|
10
|
+
Comment with trigger keyword ↗
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
1. When a PR is opened, synchronized, or reopened, the workflow triggers
|
|
14
|
+
2. Alternatively, when a comment containing `/open-code-review` or `@open-code-review` is posted on a PR, the workflow triggers
|
|
15
|
+
3. It installs OCR via `npm install -g @alibaba-group/open-code-review`
|
|
16
|
+
4. Runs `ocr review --from origin/<base> --to origin/<head> --format json` to analyze the diff
|
|
17
|
+
5. Parses the JSON output and posts inline review comments on the PR using GitHub's Pull Request Review API
|
|
18
|
+
|
|
19
|
+
## Setup
|
|
20
|
+
|
|
21
|
+
### 1. Copy the workflow file
|
|
22
|
+
|
|
23
|
+
Copy `ocr-review.yml` to your repository's `.github/workflows/` directory:
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
mkdir -p .github/workflows
|
|
27
|
+
cp ocr-review.yml .github/workflows/ocr-review.yml
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
### 2. Configure secrets
|
|
31
|
+
|
|
32
|
+
Go to your repository's **Settings → Secrets and variables → Actions** and add:
|
|
33
|
+
|
|
34
|
+
| Secret | Required | Description |
|
|
35
|
+
|--------|----------|-------------|
|
|
36
|
+
| `OCR_LLM_URL` | Yes | LLM API endpoint URL (e.g., `https://api.openai.com/v1/chat/completions`) |
|
|
37
|
+
| `OCR_LLM_AUTH_TOKEN` | Yes | API authentication token |
|
|
38
|
+
| `OCR_LLM_MODEL` | No | Model name (defaults to `gpt-4o`) |
|
|
39
|
+
| `OCR_LLM_USE_ANTHROPIC` | No | Set to `true` if using Anthropic Claude models |
|
|
40
|
+
|
|
41
|
+
> **Note:** `GITHUB_TOKEN` is automatically provided by GitHub Actions with the required `pull-requests: write` permission.
|
|
42
|
+
>
|
|
43
|
+
> The workflow also configures `llm.extra_body` to disable thinking mode for compatibility with various LLM providers.
|
|
44
|
+
|
|
45
|
+
## Customization
|
|
46
|
+
|
|
47
|
+
### Change the trigger events
|
|
48
|
+
|
|
49
|
+
Modify the `on.pull_request.types` array in the workflow file:
|
|
50
|
+
|
|
51
|
+
```yaml
|
|
52
|
+
on:
|
|
53
|
+
pull_request:
|
|
54
|
+
types: [opened, synchronize, reopened, ready_for_review]
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
### Customize comment trigger keywords
|
|
58
|
+
|
|
59
|
+
By default, the workflow triggers when a PR comment starts with `/open-code-review` or `@open-code-review`. You can customize these keywords by modifying the `if` condition in the workflow:
|
|
60
|
+
|
|
61
|
+
```yaml
|
|
62
|
+
if: |
|
|
63
|
+
github.event_name == 'pull_request' ||
|
|
64
|
+
(github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/review')) ||
|
|
65
|
+
(github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '@mybot'))
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
Or use a more flexible pattern with `contains` to trigger on any comment containing the keyword:
|
|
69
|
+
|
|
70
|
+
```yaml
|
|
71
|
+
if: |
|
|
72
|
+
github.event_name == 'pull_request' ||
|
|
73
|
+
(github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/review'))
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
> **Note:** The condition `github.event.issue.pull_request` ensures the comment is on a PR, not a regular issue.
|
|
77
|
+
|
|
78
|
+
### Use a specific OCR version
|
|
79
|
+
|
|
80
|
+
```yaml
|
|
81
|
+
- name: Install OpenCodeReview
|
|
82
|
+
run: npm install -g @alibaba-group/open-code-review@1.0.0
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
### Add custom review rules
|
|
86
|
+
|
|
87
|
+
Use the `--rule` flag to pass a custom rules JSON file:
|
|
88
|
+
|
|
89
|
+
```yaml
|
|
90
|
+
- name: Run OCR review
|
|
91
|
+
run: ocr review --rule ./my-rules.json --from origin/${{ github.base_ref }} --to origin/${{ github.head_ref }}
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
### Limit concurrency
|
|
95
|
+
|
|
96
|
+
Adjust the `--concurrency` flag for large PRs to control the number of concurrent LLM requests:
|
|
97
|
+
|
|
98
|
+
```yaml
|
|
99
|
+
- name: Run OCR review
|
|
100
|
+
run: ocr review --concurrency 5 --from origin/${{ github.base_ref }} --to origin/${{ github.head_ref }}
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
### Provide background context
|
|
104
|
+
|
|
105
|
+
Use the `--background` flag to pass additional context that helps OCR better understand the purpose of the changes:
|
|
106
|
+
|
|
107
|
+
```yaml
|
|
108
|
+
- name: Run OCR review
|
|
109
|
+
run: ocr review --background "${{ github.event.pull_request.title }}" --from origin/${{ github.base_ref }} --to origin/${{ github.head_ref }}
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
This is particularly useful when your PR titles follow semantic conventions (e.g., `feat(auth): add OAuth2 support`) that clearly summarize what the PR implements. The background information helps OCR provide more relevant and context-aware review comments.
|
|
113
|
+
|
|
114
|
+
### Customize the review comment author with GitHub App
|
|
115
|
+
|
|
116
|
+
By default, review comments are posted using the built-in `GITHUB_TOKEN`, which appears as `github-actions[bot]`. You can customize this by creating a GitHub App and using its credentials instead.
|
|
117
|
+
|
|
118
|
+
For more details about GitHub Apps, see the [GitHub Apps documentation](https://docs.github.com/en/apps).
|
|
119
|
+
|
|
120
|
+
#### Step 1: Create a GitHub App
|
|
121
|
+
|
|
122
|
+
1. Go to your organization or personal account **Settings → Developer settings → GitHub Apps → New GitHub App**
|
|
123
|
+
2. Fill in the following:
|
|
124
|
+
- **GitHub App name**: e.g., `OpenCodeReview Bot`
|
|
125
|
+
- **Homepage URL**: Your repository or documentation URL
|
|
126
|
+
- **Webhook**: Uncheck "Active" (not needed for this use case)
|
|
127
|
+
3. Under **Repository permissions**, set:
|
|
128
|
+
- **Pull requests**: Read and write
|
|
129
|
+
- **Contents**: Read-only (for fetching diffs)
|
|
130
|
+
- **Metadata**: Read-only (required)
|
|
131
|
+
4. Click **Create GitHub App**
|
|
132
|
+
|
|
133
|
+
#### Step 2: Generate a Private Key
|
|
134
|
+
|
|
135
|
+
1. After creating the app, scroll down to **Private keys**
|
|
136
|
+
2. Click **Generate a private key**
|
|
137
|
+
3. Download and save the `.pem` file securely
|
|
138
|
+
|
|
139
|
+
Note your App ID from the app settings page.
|
|
140
|
+
|
|
141
|
+
#### Step 3: Install the App
|
|
142
|
+
|
|
143
|
+
1. In the left sidebar, click **Install App**
|
|
144
|
+
2. Select the repositories where you want to use OCR
|
|
145
|
+
3. After installation, note the **Installation ID** from the URL (e.g., `https://github.com/settings/installations/12345` → Installation ID is `12345`)
|
|
146
|
+
|
|
147
|
+
#### Step 4: Configure Repository Secrets
|
|
148
|
+
|
|
149
|
+
Add the following secrets to your repository (**Settings → Secrets and variables → Actions**):
|
|
150
|
+
|
|
151
|
+
| Secret | Description |
|
|
152
|
+
|--------|-------------|
|
|
153
|
+
| `GITHUB_APP_ID` | Your GitHub App's ID |
|
|
154
|
+
| `GITHUB_APP_PRIVATE_KEY` | Contents of the `.pem` file (including `-----BEGIN RSA PRIVATE KEY-----` and `-----END RSA PRIVATE KEY-----`) |
|
|
155
|
+
| `GITHUB_APP_INSTALLATION_ID` | The Installation ID from Step 3 |
|
|
156
|
+
|
|
157
|
+
#### Step 5: Update the Workflow
|
|
158
|
+
|
|
159
|
+
Add a step to obtain a token from the GitHub App, then use it in the "Post review comments to PR" step:
|
|
160
|
+
|
|
161
|
+
```yaml
|
|
162
|
+
- name: Get GitHub App Token
|
|
163
|
+
id: app-token
|
|
164
|
+
uses: actions/create-github-app-token@v1
|
|
165
|
+
with:
|
|
166
|
+
app-id: ${{ secrets.GITHUB_APP_ID }}
|
|
167
|
+
private-key: ${{ secrets.GITHUB_APP_PRIVATE_KEY }}
|
|
168
|
+
|
|
169
|
+
- name: Post review comments to PR
|
|
170
|
+
uses: actions/github-script@v7
|
|
171
|
+
with:
|
|
172
|
+
github-token: ${{ steps.app-token.outputs.token }}
|
|
173
|
+
script: |
|
|
174
|
+
# ... existing script
|
|
175
|
+
```
|
|
176
|
+
|
|
177
|
+
Now review comments will be posted with your custom GitHub App identity (e.g., `OpenCodeReview Bot`), providing a more professional and distinguishable appearance in your PRs.
|
|
178
|
+
|
|
179
|
+
## Example Output
|
|
180
|
+
|
|
181
|
+
When a PR is reviewed, comments appear directly in the PR's "Files changed" tab:
|
|
182
|
+
|
|
183
|
+
- ✅ If no issues found: A comment saying "No comments generated. Looks good to me."
|
|
184
|
+
- 🔍 If issues found: Inline review comments with suggestions using GitHub's native suggestion syntax
|
|
185
|
+
|
|
186
|
+
### Inline Comment Example
|
|
187
|
+
|
|
188
|
+
The workflow uses GitHub's `suggestion` code block syntax, so reviewers can apply fixes with one click:
|
|
189
|
+
|
|
190
|
+
````markdown
|
|
191
|
+
**Suggestion:**
|
|
192
|
+
```suggestion
|
|
193
|
+
// Fixed code here
|
|
194
|
+
```
|
|
195
|
+
````
|
|
196
|
+
|
|
197
|
+
## Supported LLM Providers
|
|
198
|
+
|
|
199
|
+
OCR supports both OpenAI and Anthropic API formats:
|
|
200
|
+
|
|
201
|
+
- **OpenAI-compatible APIs** (default):
|
|
202
|
+
- OpenAI (GPT-4o, GPT-4, etc.)
|
|
203
|
+
- Azure OpenAI
|
|
204
|
+
- Self-hosted models (vLLM, Ollama, etc.)
|
|
205
|
+
- **Anthropic APIs** (set `OCR_LLM_USE_ANTHROPIC: true`):
|
|
206
|
+
- Anthropic Claude models
|
|
207
|
+
|
|
208
|
+
## Troubleshooting
|
|
209
|
+
|
|
210
|
+
### Common Issues
|
|
211
|
+
|
|
212
|
+
1. **"Failed to parse OCR output"**: Check that `OCR_LLM_URL` and `OCR_LLM_AUTH_TOKEN` secrets are correctly set
|
|
213
|
+
2. **"Cannot find merge-base"**: Ensure `fetch-depth: 0` is set in the checkout step
|
|
214
|
+
3. **Review comments not appearing on correct lines**: This can happen when the diff has changed since the review started; the workflow handles this gracefully with a fallback to issue comments
|
|
215
|
+
|
|
216
|
+
### Debugging
|
|
217
|
+
|
|
218
|
+
Enable debug logging by adding to the OCR review step:
|
|
219
|
+
|
|
220
|
+
```yaml
|
|
221
|
+
env:
|
|
222
|
+
OCR_DEBUG: "1"
|
|
223
|
+
```
|