概述

Open Code Review — AI Code Quality Scanner

Scan codebases for AI-specific defects that traditional linters (ESLint, SonarQube, Checkstyle) cannot detect.

What It Detects

Category	Example	Severity
----------	---------	----------
Hallucinated packages	`import { parseJson } from 'fast-json-utils'` (package doesn't exist on npm)	🔴 Critical
Stale APIs	`response.json().then()` with v2 API that was removed in v4	🟡 Warning
Context breaks	Two files reference the same function name with different signatures	🟡 Warning
Security anti-patterns	Hardcoded secrets, deprecated crypto, insecure defaults	🔴 Critical
Over-engineering	Unnecessary abstraction layers, dead code, excessive indirection	🔵 Info

Quick Start

# Install
npx @opencodereview/cli scan ./src --sla L1

# With AI-powered deep scan (requires Ollama or API key)
npx @opencodereview/cli scan ./src --sla L2

# Diff mode for CI/CD
npx @opencodereview/cli scan ./src --diff --base origin/main --head HEAD

# SARIF output for GitHub Actions
npx @opencodereview/cli scan ./src --format sarif --output results.sarif

Three Scan Levels

L1 — Structural analysis (AST, ~3 seconds, no AI needed)
L2 — L1 + Embedding recall (detects hallucinated packages via vector similarity)
L3 — L2 + LLM deep scan (understands context, semantics, business logic)

GitHub Action

- uses: raye-deng/open-code-review@v1
  with:
    scan-path: src/
    sla-level: L1
    diff-mode: true

MCP Server

Available on Smithery, Cursor Directory, and npm:

{
  "mcpServers": {
    "open-code-review": {
      "url": "https://open-code-review-mcp.v2ray-seins.workers.dev/mcp"
    }
  }
}

Or via stdio:

{
  "mcpServers": {
    "open-code-review": {
      "command": "npx",
      "args": ["-y", "@opencodereview/mcp-server"]
    }
  }
}

Supported Languages

TypeScript, JavaScript, Python, Java, Go, Kotlin

When to Use This Skill

A PR contains AI-generated code (Copilot, Cursor, Claude, GPT)
You want to catch defects that pass all unit tests but will fail in production
Pre-merge quality gate for AI-assisted development workflows
Scanning third-party AI-generated code before integration

When NOT to Use

Basic linting (use ESLint, Ruff, Checkstyle instead)
Code formatting (use Prettier, gofmt)
General code review guidance (use the built-in code-review skill)

Links

GitHub: https://github.com/raye-deng/open-code-review
Portal: https://codes.evallab.ai
npm CLI: @opencodereview/cli
npm MCP: @opencodereview/mcp-server
License: BSL 1.1 (free for individuals, commercial subscription for teams)

版本历史

共 1 个版本

v1.0.0 当前

2026-03-20 07:07 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)