Open Code Review

Name: Open Code Review
Author: alibaba

alibaba/open-code-review·Apache-2.0

Run AI line-level code review on staged changes, commits, PRs, or branch diffs using Alibaba's ocr CLI before merge or release.

Overview

Open Code Review is an agent skill most often used in Ship (also Operate) that runs the ocr CLI on Git diffs for AI line-level review and optional fixes.

Install

npx skills add https://github.com/alibaba/open-code-review --skill open-code-review

What is this skill?

Invokes open-code-review ocr CLI on Git diffs for structured line-level comments
Supports staged/unstaged changes, commits, pull requests, and branch comparisons
Optional automatic fix application when the user requests it
Prerequisite checks: which ocr and ocr llm test before first review
Configurable review rules for bugs, security, performance, and style when rules are supplied
Prerequisite check sequence: CLI which ocr plus ocr llm test

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1 installs on skills.sh; 5.5k GitHub stars.

What problem does it solve?

You have local or PR diffs but no consistent reviewer to catch bugs, security issues, and quality problems before merge.

Who is it for?

Solo builders and small teams who already use Git and want a repeatable AI review pass tied to real diffs.

Skip if: Repos without Git, environments where installing global npm CLIs is blocked, or teams that need formal compliance sign-off without human review.

When should I use this skill?

User asks to review code, a pull request, staged/unstaged changes, a commit, or compare branches for quality issues.

What do I get? / Deliverables

You get structured line-level review comments on the scoped Git change set, with optional applied fixes when you ask for them.

Line-level review comments on scoped diffs
Optional auto-applied fixes when requested
Environment verification guidance when ocr or LLM is missing

Recommended Skills

Improve Codebase Architecturemattpocock/skills

Improve Codebase Architecture is an agent skill that teaches how to deepen a cluster of shallow modules without breaking…226k installs·121k stars

Zoom Outmattpocock/skills

Lightweight meta-prompt skill that tells the agent to zoom out and deliver a domain-aligned overview of modules and call…181k installs·121k stars

Caveman Reviewjuliusbrussee/caveman

Formats code review as single actionable lines: location, problem, fix, with minimal noise.139k installs·70k stars

Requesting Code Reviewobra/superpowers

Requesting Code Review is an agent skill from the Superpowers collection that gives solo and indie builders a copy-ready…119k installs·221k stars

Receiving Code Reviewobra/superpowers

Superpowers methodology for agents receiving code review: prioritize technical correctness over social comfort, verify e…96.2k installs·221k stars

Request Refactor Planmattpocock/skills

request-refactor-plan is a structured agent workflow for solo and small-team maintainers who want refactors filed as act…30.5k installs·121k stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Ship-phase review is the canonical shelf for pre-merge quality gates; solo builders invoke it when diffs exist and need structured feedback. Review subphase matches git-scoped inspection and comment output rather than writing features or deploying infra.

Also useful

OperateIteration & experiments

Where it fits

Example use

ShipCode review

Run ocr on a feature branch diff the night before opening a PR.

Example use

ShipTesting & QA

Scan a hotfix commit for regression risks alongside test runs.

Example use

OperateIteration & experiments

Re-review production patch branches after incident fixes.

How it compares

CLI-backed diff review with rule hooks—not the same as informal 'please review this file' chat without Git context.

Common Questions / FAQ

Who is open-code-review for?

Developers using Claude Code, Cursor, Codex, or similar agents who want Alibaba open-code-review (ocr) to comment on actual Git changes.

When should I use open-code-review?

In ship before merging—review staged work, a commit, or a PR; in operate when iterating on hotfixes—whenever the user asks for code review on Git scopes.

Is open-code-review safe to install?

It runs a third-party CLI with LLM access to your diffs; review the Security Audits panel on this Prism page and keep API keys out of committed rules.

SKILL.md

READMESKILL.md - Open Code Review

# Open Code Review

A skill for invoking [open-code-review](https://github.com/alibaba/open-code-review) (`ocr`) — an open-source AI code review CLI that reads Git diffs and generates structured, line-level review comments.

## Prerequisites check

Before starting a review, verify the environment:

```bash
# 1. Check the CLI is installed
which ocr || echo "NOT INSTALLED"

# 2. Verify LLM connectivity
ocr llm test
```

If `ocr` is not installed, install it first:

```bash
npm install -g @alibaba-group/open-code-review
```

If `ocr llm test` fails, the user must configure an LLM. Guide them with one of these options:

**Option A — Environment variables (highest priority, recommended for CI):**

```bash
export OCR_LLM_URL=https://api.anthropic.com/v1/messages
export OCR_LLM_TOKEN=<api-key>
export OCR_LLM_MODEL=claude-opus-4-6
export OCR_USE_ANTHROPIC=true
```

**Option B — Persistent config:**

```bash
ocr config set llm.url https://api.anthropic.com/v1/messages
ocr config set llm.auth_token <api-key>
ocr config set llm.model claude-opus-4-6
ocr config set llm.use_anthropic true
```

Stop here and ask the user to provide credentials — never invent or hardcode API keys.

## Workflow

### Step 1: Gather Business Context

Analyze the review target (commits, branch, or changes) to extract concise business context. Pass this context via `--background` to improve review quality.

### Step 2: Run Code Review

Run the OCR command with appropriate flags. **Always pass business context via `--background`** when available:

```bash
ocr review --audience agent --background "business context here" [user-args]
```

**Argument handling:**

- **Background context** (RECOMMENDED): use `--background "context"` or `-b "context"` to provide business context for better review quality
- **Default** (no user arguments): reviews staged, unstaged, and untracked changes (workspace mode)
- **Specific commit**: use `--commit` or `-c` to review a single commit against its parent
- **Branch comparison**: use `--from <ref>` and `--to <ref>` to review diff between two refs
- **Timeout**: default timeout is 10 minutes per file; adjust with `--timeout <minutes>`
- **Concurrency**: default concurrency is 8 file workers; reduce with `--concurrency <n>` if rate limits are hit
- **Preview mode**: use `--preview` or `-p` to preview which files will be reviewed without running the LLM
- **Installation**: if `ocr` command is not found, install it by running `npm i -g @alibaba-group/open-code-review`

**Common invocation patterns:**

| User says | Command to run |
|-----------|---------------|
| "review my changes" / "review the working copy" | `ocr review --audience agent -b "context"` |
| "review this PR" / "review feature branch" | `ocr review --audience agent -b "context" --from main --to <branch>` |
| "review commit abc123" | `ocr review --audience agent -b "context" --commit abc123` |
| "what would be reviewed?" (dry-run) | `ocr review --preview` |

**Output mode:**

- Always use `--audience agent` to suppress progress UI and emit only the final summary

### Step 3: Classify and Report

What is this skill?

Invokes open-code-review ocr CLI on Git diffs for structured line-level comments

Supports staged/unstaged changes, commits, pull requests, and branch comparisons

Optional automatic fix application when the user requests it

Prerequisite checks: which ocr and ocr llm test before first review

Configurable review rules for bugs, security, performance, and style when rules are supplied

Prerequisite check sequence: CLI which ocr plus ocr llm test

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1 installs on skills.sh; 5.5k GitHub stars.

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

OperateIteration & experiments

Where it fits

Example use

ShipCode review

Run ocr on a feature branch diff the night before opening a PR.

Example use

ShipTesting & QA

Scan a hotfix commit for regression risks alongside test runs.

Example use

OperateIteration & experiments

Re-review production patch branches after incident fixes.

SKILL.md

READMESKILL.md - Open Code Review

# Open Code Review

A skill for invoking [open-code-review](https://github.com/alibaba/open-code-review) (`ocr`) — an open-source AI code review CLI that reads Git diffs and generates structured, line-level review comments.

## Prerequisites check

Before starting a review, verify the environment:

```bash
# 1. Check the CLI is installed
which ocr || echo "NOT INSTALLED"

# 2. Verify LLM connectivity
ocr llm test
```

If `ocr` is not installed, install it first:

```bash
npm install -g @alibaba-group/open-code-review
```

If `ocr llm test` fails, the user must configure an LLM. Guide them with one of these options:

**Option A — Environment variables (highest priority, recommended for CI):**

```bash
export OCR_LLM_URL=https://api.anthropic.com/v1/messages
export OCR_LLM_TOKEN=<api-key>
export OCR_LLM_MODEL=claude-opus-4-6
export OCR_USE_ANTHROPIC=true
```

**Option B — Persistent config:**

```bash
ocr config set llm.url https://api.anthropic.com/v1/messages
ocr config set llm.auth_token <api-key>
ocr config set llm.model claude-opus-4-6
ocr config set llm.use_anthropic true
```

Stop here and ask the user to provide credentials — never invent or hardcode API keys.

## Workflow

### Step 1: Gather Business Context

Analyze the review target (commits, branch, or changes) to extract concise business context. Pass this context via `--background` to improve review quality.

### Step 2: Run Code Review

Run the OCR command with appropriate flags. **Always pass business context via `--background`** when available:

```bash
ocr review --audience agent --background "business context here" [user-args]
```

**Argument handling:**

- **Background context** (RECOMMENDED): use `--background "context"` or `-b "context"` to provide business context for better review quality
- **Default** (no user arguments): reviews staged, unstaged, and untracked changes (workspace mode)
- **Specific commit**: use `--commit` or `-c` to review a single commit against its parent
- **Branch comparison**: use `--from <ref>` and `--to <ref>` to review diff between two refs
- **Timeout**: default timeout is 10 minutes per file; adjust with `--timeout <minutes>`
- **Concurrency**: default concurrency is 8 file workers; reduce with `--concurrency <n>` if rate limits are hit
- **Preview mode**: use `--preview` or `-p` to preview which files will be reviewed without running the LLM
- **Installation**: if `ocr` command is not found, install it by running `npm i -g @alibaba-group/open-code-review`

**Common invocation patterns:**

| User says | Command to run |
|-----------|---------------|
| "review my changes" / "review the working copy" | `ocr review --audience agent -b "context"` |
| "review this PR" / "review feature branch" | `ocr review --audience agent -b "context" --from main --to <branch>` |
| "review commit abc123" | `ocr review --audience agent -b "context" --commit abc123` |
| "what would be reviewed?" (dry-run) | `ocr review --preview` |

**Output mode:**

- Always use `--audience agent` to suppress progress UI and emit only the final summary

### Step 3: Classify and Report

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is open-code-review for?

When should I use open-code-review?

Is open-code-review safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is open-code-review for?

When should I use open-code-review?

Is open-code-review safe to install?

SKILL.md