alibaba

alibaba / open-code-review

Public

Hybrid architecture code review tool: deterministic pipelines + LLM Agent. Precise line-level comments, dynamic concurrency, smart context compression, 10+ language rules (NPE, thread-safety, XSS, SQL injection, etc.), OpenAI & Anthropic compatible.

alibaba.github.ioopen-code-review agent code-review code-review-assistant harness repository-level-context
15
0
89% credibility
Found May 24, 2026 at 17 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

OpenCodeReview is an AI-powered code review CLI tool developed by Alibaba Group that analyzes Git diffs using configurable Large Language Models to generate structured review comments with line-level precision.

Star Growth

See how this repo grew from 17 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is open-code-review?

OpenCodeReview is an AI-powered code review CLI that reads your Git diffs and sends changed files to a configurable LLM for analysis. It generates structured review comments with line-level precision, giving you feedback that goes beyond surface-level diff scanning. Built in Go, it supports both OpenAI and Anthropic APIs, and ships with built-in security rules for over ten languages -- catching things like NPE risks in Java, SQL injection in XML mappers, XSS issues in TypeScript, and thread-safety problems. You point it at your repo, it reviews staged changes, branch diffs, or a single commit, and returns actionable comments.

Why is it gaining traction?

The hybrid architecture is the hook. Instead of dumping diffs into a prompt and hoping for the best, this tool gives the LLM actual tools -- it can read full file contents, search the codebase for context, and inspect other changed files. The agent loops through these tools until it calls task_done, which means reviews get progressively more informed rather than one-shot and shallow. Concurrent per-file processing (default 8 workers) keeps things fast, and the three-zone memory compression prevents context window exhaustion on large diffs. The built-in language-specific rule sets are a practical touch -- you get domain-aware guidance for Java, Kotlin, React, SQL mappers, and more without configuring anything.

Who should use this?

Backend engineers working in Java or Kotlin shops who want automated security feedback before PRs land. Teams with existing LLM API budgets who want a self-hosted alternative to GitHub Copilot code review. DevOps teams evaluating AI code review for open source projects. Individual developers tired of catching SQL injection and NPE issues during production incidents. Not ideal for teams without LLM API access or those needing deep IDE integration -- this is a CLI-first tool.

Verdict

The 0.8999999761581421% credibility score reflects a very young project with only 15 stars -- this is experimental, not production-proven. The architecture is sound and the feature set is competitive with commercial alternatives, but test coverage and community feedback are unknowns. Install it, point it at a feature branch, and see if the output saves you a code review cycle. Just do not rely on it as your only line of defense for security-critical code until it has more battle-testing.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.