Open Code Review
The first open-source CI/CD quality gate built specifically for AI-generated code.Detects hallucinated imports, stale APIs, over-engineering, and security anti-patterns โ powered by local LLMs and any OpenAI-compatible provider.Free. Self-hostable. 6 languages.
Works With
Any AI tool that generates code โ if it writes it, OCR reviews it.
What AI Linters Miss
AI coding assistants (Copilot, Cursor, Claude) generate code with defects that traditional tools miss entirely:
| Defect | Example | ESLint / SonarQube |
|---|---|---|
| Hallucinated imports | import { x } from 'non-existent-pkg' |
โ Miss |
| Stale APIs | Using deprecated APIs from training data | โ Miss |
| Context window artifacts | Logic contradictions across files | โ Miss |
| Over-engineered patterns | Unnecessary abstractions, dead code | โ Miss |
| Security anti-patterns | Hardcoded example secrets, eval() |
โ Partial |
Open Code Review detects all of them โ across 6 languages, for free.
Demo
๐ View full interactive HTML report
Quick Preview
$ ocr scan src/ --sla L3
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Open Code Review โ Deep Scan Report โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Project: packages/core/src
SLA: L3 Deep โ Structural + Embedding + LLM Analysis
112 issues found in 110 files
Overall Score: 67/100 D
Threshold: 70 | Status: FAILED
Files Scanned: 110 | Languages: typescript | Duration: 12.3s
Deep Scan (L3) โ How It Works
L3 combines three analysis layers for maximum coverage:
Layer 1: Structural Detection Layer 2: Semantic Analysis Layer 3: LLM Deep Scan
โโโ Hallucinated imports (npm/PyPI) โโโ Embedding similarity recall โโโ Cross-file coherence check
โโโ Stale API detection โโโ Risk scoring โโโ Logic bug detection
โโโ Security patterns โโโ Context window artifacts โโโ Confidence scoring
โโโ Over-engineering metrics โโโ Enhanced severity ranking โโโ AI-powered fix suggestions
โโโ A+ โ F quality scoring
Powered by local LLMs or any OpenAI-compatible API. Run Ollama for 100% local analysis, or connect to any remote LLM provider โ the interface is the same.
# Local analysis (Ollama)
ocr scan src/ --sla L3 --provider ollama --model qwen3-coder
# Any OpenAI-compatible provider
ocr scan src/ --sla L3 --provider openai-compatible \
--api-base https://your-llm-endpoint/v1 --model your-model --api-key YOUR_KEY
AI Auto-Fix โ ocr heal
Let AI automatically fix the issues it finds. Review changes before applying.
# Preview fixes without changing files
ocr heal src/ --dry-run
# Apply fixes + generate IDE rules
ocr heal src/ --provider ollama --model qwen3-coder --setup-ide
# Only generate IDE rules (Cursor, Copilot, Augment)
ocr setup src/
Multi-Language Detection
Language-specific detectors for 6 languages, plus hallucinated package databases (npm, PyPI, Maven, Go modules):
| Language | Specific Detectors |
|---|---|
| TypeScript / JavaScript | Hallucinated imports (npm), stale APIs, over-engineering |
| Python | Bare except, eval(), mutable default args, hallucinated imports (PyPI) |
| Java | System.out.println leaks, deprecated Date/Calendar, hallucinated imports (Maven) |
| Go | Unhandled errors, deprecated ioutil, panic in library code |
| Kotlin | !! abuse, println leaks, null-safety anti-patterns |
How It Compares
| Open Code Review | Claude Code Review | CodeRabbit | GitHub Copilot | |
|---|---|---|---|---|
| Price | Free | $15โ25/PR | $24/mo/seat | $10โ39/mo |
| Open Source | โ | โ | โ | โ |
| Self-hosted | โ | โ | Enterprise | โ |
| AI Hallucination Detection | โ | โ | โ | โ |
| Stale API Detection | โ | โ | โ | โ |
| Deep LLM Analysis | โ | โ | โ | โ |
| AI Auto-Fix | โ | โ | โ | โ |
| Multi-Language | โ 6 langs | โ | JS/TS | JS/TS |
| Registry Verification | โ npm/PyPI/Maven | โ | โ | โ |
| Unicode Security Detection | โ | โ | โ | โ |
| SARIF Output | โ | โ | โ | โ |
| GitHub + GitLab | โ Both | GitHub only | Both | GitHub only |
| Data Privacy | โ 100% local | โ Cloud | โ Cloud | โ Cloud |
Quick Start
# Install
npm install -g @opencodereview/cli
# Fast scan โ no AI needed
ocr scan src/
# Deep scan โ with local LLM (Ollama)
ocr scan src/ --sla L3 --provider ollama --model qwen3-coder
# Deep scan โ with any OpenAI-compatible provider
ocr scan src/ --sla L3 --provider openai-compatible \
--api-base https://your-provider/v1 --model your-model --api-key YOUR_KEY
CI/CD Integration
GitHub Actions (30 seconds)
name: Code Review
on: [pull_request]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: raye-deng/open-code-review@v1
with:
sla: L1
threshold: 60
github-token: ${{ secrets.GITHUB_TOKEN }}
GitLab CI
code-review:
script:
- npx @opencodereview/cli scan src/ --sla L1 --threshold 60 --format json --output ocr-report.json
artifacts:
reports:
codequality: ocr-report.json
Output Formats
ocr scan src/ --format terminal # Pretty terminal output
ocr scan src/ --format json # JSON for CI pipelines
ocr scan src/ --format sarif # SARIF for GitHub Code Scanning
ocr scan src/ --format html # Interactive HTML report
Configuration
# .ocrrc.yml
sla: L3
ai:
embedding:
provider: ollama
model: nomic-embed-text
baseUrl: http://localhost:11434
llm:
provider: ollama
model: qwen3-coder
endpoint: http://localhost:11434
# Or use any OpenAI-compatible provider:
# provider: openai-compatible
# apiBase: https://your-llm-endpoint/v1
# model: your-model
MCP Server โ Use in Claude Desktop, Cursor, Windsurf
Integrate Open Code Review directly into your AI IDE via the Model Context Protocol:
npx @opencodereview/mcp-server
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"open-code-review": {
"command": "npx",
"args": ["-y", "@opencodereview/mcp-server"]
}
}
}
Cursor / Windsurf / VS Code Copilot: Add the same configuration in your MCP settings.
Available MCP Tools: ocr_scan (quality gate scan), ocr_heal (AI auto-fix), ocr_explain (issue explanation).
๐ก Chrome DevTools MCP Compatible: The OCR MCP Server follows the standard Model Context Protocol. Pair it with Google's Chrome DevTools MCP Server for a complete AI-native dev workflow โ one inspects your running app, the other inspects your source code.
Project Structure
packages/
core/ # Detection engine + scoring (@opencodereview/core)
cli/ # CLI tool โ ocr command (@opencodereview/cli)
mcp-server/ # MCP Server for AI IDEs (@opencodereview/mcp-server)
github-action/ # GitHub Action wrapper
Who Is This For?
- Teams using AI coding assistants โ Copilot, Cursor, Claude Code, Codex, or any LLM-based tool that generates production code
- Open-source maintainers โ Review AI-generated PRs for hallucinated imports, stale APIs, and security anti-patterns before merging
- DevOps / Platform engineers โ Add a quality gate to CI/CD pipelines without sending code to cloud services
- Security-conscious teams โ Run everything locally (Ollama), keep your code on your machines
- Solo developers โ Free, fast, and works with zero configuration (
npx @opencodereview/cli scan src/)
Featured On
License
BSL-1.1 โ Free for personal and non-commercial use. Converts to Apache 2.0 on 2030-03-11.Commercial use requires a Team or Enterprise license.
Star this repo if you find it useful โ it helps more than you think!
