Open Code Review – An AI-powered code review CLI tool
Alibaba open-sources Open Code Review, an AI-powered CLI tool combining deterministic engineering with LLM agents for precise code review.
Open Code Review is a CLI tool born from Alibaba's internal code review system used by tens of thousands of developers to identify millions of defects over two years. It reads Git diffs and uses an LLM agent with tool-use capabilities to generate line-level review comments. The core design pairs deterministic engineering (precise file selection, smart bundling, rule matching, positioning modules) with agent strengths (dynamic prompts, scenario-tuned toolsets). This hybrid approach addresses problems with general-purpose agents: incomplete coverage on large changesets, position drift in reported issues, and unstable quality.
The tool supports OpenAI and Anthropic models, integrates with GitHub Actions and GitLab CI, and can be added to Claude Code as a skill or plugin. Installation via NPM or binary is straightforward; configuration requires an LLM endpoint and API key. It includes built-in rulesets for common security issues (XSS, SQL injection, NPE, thread safety) and allows custom rules via JSON files.
What HN community is saying
Users show genuine interest in replacing internal review systems. Commenters reference competing tools (CodeRabbit, Coderabbit's Atlas UI, Thermonuclear, Cursor plugins) and discuss broader practices: running /review-triage-fix loops locally before opening PRs, using multiple models for review to catch different blind spots, and the necessity of human review despite AI improvements. One user noted CodeRabbit's security vulnerability and cost concerns; another built a hackathon prototype using Claude Code without special tooling. Key tension: whether automated review theater (without human engagement) adds value, and whether token costs make AI review economically sustainable at scale.