MCP Hub
Back to servers

open-code-review

AI-powered code review tool that detects AI-generated code defects invisible to traditional linters — hallucinated packages, deprecated APIs, cross-file contradictions, hidden security anti-patterns, and over-engineering. Works as a standalone CLI, GitHub Action, or MCP server. Supports TypeScript, Python, Java, Go, and Kotlin. Free for individuals, no API key required.

glama
Stars
4
Forks
3
Updated
Mar 16, 2026
Validated
Mar 18, 2026
View Source
Claim this server

Open Code Review

The first open-source CI/CD quality gate built specifically for AI-generated code. Detects hallucinated imports, stale APIs, over-engineering, and security anti-patterns — powered by local LLMs and any OpenAI-compatible provider. Free. Self-hostable. 6 languages.

Open Code Review

npm version npm version npm downloads License: BUSL-1.1 CI GitHub Stars PRs Welcome

Works With

Cursor GitHub Copilot Claude Code Windsurf Codex Augment Code Supermaven Aider

Any AI tool that generates code — if it writes it, OCR reviews it.

What AI Linters Miss

AI coding assistants (Copilot, Cursor, Claude) generate code with defects that traditional tools miss entirely:

DefectExampleESLint / SonarQube
Hallucinated importsimport { x } from 'non-existent-pkg'❌ Miss
Stale APIsUsing deprecated APIs from training data❌ Miss
Context window artifactsLogic contradictions across files❌ Miss
Over-engineered patternsUnnecessary abstractions, dead code❌ Miss
Security anti-patternsHardcoded example secrets, eval()❌ Partial

Open Code Review detects all of them — across 6 languages, for free.

Demo

L2 HTML Report Screenshot

📄 View full interactive HTML report

Quick Preview

$ ocr scan src/ --sla L3

╔══════════════════════════════════════════════════════════════╗
║           Open Code Review — Deep Scan Report               ║
╚══════════════════════════════════════════════════════════════╝

  Project: packages/core/src
  SLA: L3 Deep — Structural + Embedding + LLM Analysis

  112 issues found in 110 files

  Overall Score: 67/100  D
  Threshold: 70  |  Status: FAILED
  Files Scanned: 110  |  Languages: typescript  |  Duration: 12.3s

Deep Scan (L3) — How It Works

L3 combines three analysis layers for maximum coverage:

Layer 1: Structural Detection         Layer 2: Semantic Analysis        Layer 3: LLM Deep Scan
├── Hallucinated imports (npm/PyPI)   ├── Embedding similarity recall   ├── Cross-file coherence check
├── Stale API detection               ├── Risk scoring                  ├── Logic bug detection
├── Security patterns                 ├── Context window artifacts      ├── Confidence scoring
├── Over-engineering metrics          └── Enhanced severity ranking     └── AI-powered fix suggestions
└── A+ → F quality scoring

Powered by local LLMs or any OpenAI-compatible API. Run Ollama for 100% local analysis, or connect to any remote LLM provider — the interface is the same.

# Local analysis (Ollama)
ocr scan src/ --sla L3 --provider ollama --model qwen3-coder

# Any OpenAI-compatible provider
ocr scan src/ --sla L3 --provider openai-compatible \
  --api-base https://your-llm-endpoint/v1 --model your-model --api-key YOUR_KEY

AI Auto-Fix — ocr heal

Let AI automatically fix the issues it finds. Review changes before applying.

# Preview fixes without changing files
ocr heal src/ --dry-run

# Apply fixes + generate IDE rules
ocr heal src/ --provider ollama --model qwen3-coder --setup-ide

# Only generate IDE rules (Cursor, Copilot, Augment)
ocr setup src/

Multi-Language Detection

Language-specific detectors for 6 languages, plus hallucinated package databases (npm, PyPI, Maven, Go modules):

LanguageSpecific Detectors
TypeScript / JavaScriptHallucinated imports (npm), stale APIs, over-engineering
PythonBare except, eval(), mutable default args, hallucinated imports (PyPI)
JavaSystem.out.println leaks, deprecated Date/Calendar, hallucinated imports (Maven)
GoUnhandled errors, deprecated ioutil, panic in library code
Kotlin!! abuse, println leaks, null-safety anti-patterns

How It Compares

Open Code ReviewClaude Code ReviewCodeRabbitGitHub Copilot
PriceFree$15–25/PR$24/mo/seat$10–39/mo
Open Source
Self-hostedEnterprise
AI Hallucination Detection
Stale API Detection
Deep LLM Analysis
AI Auto-Fix
Multi-Language✅ 6 langsJS/TSJS/TS
Registry Verification✅ npm/PyPI/Maven
Unicode Security Detection
SARIF Output
GitHub + GitLab✅ BothGitHub onlyBothGitHub only
Data Privacy✅ 100% local❌ Cloud❌ Cloud❌ Cloud

Quick Start

# Install
npm install -g @opencodereview/cli

# Fast scan — no AI needed
ocr scan src/

# Deep scan — with local LLM (Ollama)
ocr scan src/ --sla L3 --provider ollama --model qwen3-coder

# Deep scan — with any OpenAI-compatible provider
ocr scan src/ --sla L3 --provider openai-compatible \
  --api-base https://your-provider/v1 --model your-model --api-key YOUR_KEY

CI/CD Integration

GitHub Actions (30 seconds)

name: Code Review
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: raye-deng/open-code-review@v1
        with:
          sla: L1
          threshold: 60
          github-token: ${{ secrets.GITHUB_TOKEN }}

GitLab CI

code-review:
  script:
    - npx @opencodereview/cli scan src/ --sla L1 --threshold 60 --format json --output ocr-report.json
  artifacts:
    reports:
      codequality: ocr-report.json

Output Formats

ocr scan src/ --format terminal    # Pretty terminal output
ocr scan src/ --format json        # JSON for CI pipelines
ocr scan src/ --format sarif       # SARIF for GitHub Code Scanning
ocr scan src/ --format html        # Interactive HTML report

Configuration

# .ocrrc.yml
sla: L3
ai:
  embedding:
    provider: ollama
    model: nomic-embed-text
    baseUrl: http://localhost:11434
  llm:
    provider: ollama
    model: qwen3-coder
    endpoint: http://localhost:11434

  # Or use any OpenAI-compatible provider:
  # provider: openai-compatible
  # apiBase: https://your-llm-endpoint/v1
  # model: your-model

MCP Server — Use in Claude Desktop, Cursor, Windsurf

Integrate Open Code Review directly into your AI IDE via the Model Context Protocol:

npx @opencodereview/mcp-server

Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "open-code-review": {
      "command": "npx",
      "args": ["-y", "@opencodereview/mcp-server"]
    }
  }
}

Cursor / Windsurf / VS Code Copilot: Add the same configuration in your MCP settings.

Available MCP Tools: ocr_scan (quality gate scan), ocr_heal (AI auto-fix), ocr_explain (issue explanation).

💡 Chrome DevTools MCP Compatible: The OCR MCP Server follows the standard Model Context Protocol. Pair it with Google's Chrome DevTools MCP Server for a complete AI-native dev workflow — one inspects your running app, the other inspects your source code.

Project Structure

packages/
  core/              # Detection engine + scoring (@opencodereview/core)
  cli/               # CLI tool — ocr command (@opencodereview/cli)
  mcp-server/        # MCP Server for AI IDEs (@opencodereview/mcp-server)
  github-action/     # GitHub Action wrapper

Who Is This For?

  • Teams using AI coding assistants — Copilot, Cursor, Claude Code, Codex, or any LLM-based tool that generates production code
  • Open-source maintainers — Review AI-generated PRs for hallucinated imports, stale APIs, and security anti-patterns before merging
  • DevOps / Platform engineers — Add a quality gate to CI/CD pipelines without sending code to cloud services
  • Security-conscious teams — Run everything locally (Ollama), keep your code on your machines
  • Solo developers — Free, fast, and works with zero configuration (npx @opencodereview/cli scan src/)

Featured On

Product Hunt

License

BSL-1.1 — Free for personal and non-commercial use. Converts to Apache 2.0 on 2030-03-11. Commercial use requires a Team or Enterprise license.

Star this repo if you find it useful — it helps more than you think!

Reviews

No reviews yet

Sign in to write a review