Documentation

Get started with Open Code Review in minutes. Detect AI code hallucinations, logic gaps, and quality issues — then auto-fix them with AI.

Detect & Heal — end-to-end self-healing code review

# Quick Start

Scan your project in one command. No account needed for local scans.

npx @opencodereview/cli@latest scan ./src

This scans all files in ./src using local AI models (Ollama) and outputs a quality score (0-100).

# Installation

Using npx (no install)

npx @opencodereview/cli@latest scan ./src

Global install

npm install -g @opencodereview/cli
ocr scan ./src

GitHub Actions

# .github/workflows/ci.yml
name: Code Quality Check
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: raye-deng/open-code-review@v1
        with:
          threshold: 70
          paths: 'src/**/*.ts'
          fail-on-low-score: true

GitLab CI

# .gitlab-ci.yml
include:
  - component: open-code-review/validate@v1
    inputs:
      threshold: 70
      paths: src

Register

Create a free account to unlock team features, dashboards, and license management.

License Key

Activate your license to unlock Pro and Enterprise features.

ocr license activate ocr-xxxx-xxxx-xxxx

# Detect & Heal — Complete Workflow

OCR's killer feature: detect issues, then auto-fix them with AI. Other tools just report — OCR heals.

Scan→Detect→Heal→Clean Code

Step 1: Scan your code

npx @opencodereview/cli@latest scan ./src --level l3 --provider glm --api-key your-key

OCR analyzes your code across 3 levels and detects AI-specific defects.

Step 2: Preview fixes (dry-run)

npx @opencodereview/cli@latest heal ./src --dry-run

Preview AI-generated fixes without modifying any files.

Step 3: Auto-fix

npx @opencodereview/cli@latest heal ./src

AI auto-fixes all detected issues. Done. Zero human intervention.

Generate IDE rules for Cursor / Copilot / Augment

npx @opencodereview/cli@latest heal ./src --generate-rules
# Creates .cursorrules, .copilot-rules, or .augmentrules

# CI/CD Self-Heal Integration

Integrate detect & heal into your CI/CD pipeline for fully automated code quality — scan, fix, and commit automatically.

GitHub Actions — Scan + Auto-Heal

# .github/workflows/ci.yml
name: AI Code Review & Self-Heal
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Scan
        run: npx @opencodereview/cli@latest scan ./src --threshold 70
      - name: Heal (auto-fix)
        run: npx @opencodereview/cli@latest heal ./src
        env:
          OCR_PROVIDER: glm
          OCR_API_KEY: ${{ secrets.OCR_API_KEY }}
      - name: Commit fixes
        run: |
          git config --global user.name "OCR Bot"
          git config --global user.email "[email protected]"
          git add -A
          git diff --cached --quiet || git commit -m "fix: OCR auto-heal applied"
          git push

GitLab CI — Scan + Heal

# .gitlab-ci.yml
ocr-review:
  stage: test
  image: node:20
  script:
    - npx @opencodereview/cli@latest scan ./src
    - npx @opencodereview/cli@latest heal ./src
  variables:
    OCR_PROVIDER: "glm"
    OCR_API_KEY: "$OCR_API_KEY"

# Supported LLM Providers

OCR supports 8 LLM providers for scan and heal. GLM and Ollama are completely free.

Provider	--provider value	Cost	Notes
GLM (智谱)	glm	FREE	Recommended — free, high quality
Ollama (本地)	ollama	FREE	Local models, no API needed
OpenAI	openai	Paid	GPT-4o, GPT-4
DeepSeek	deepseek	Paid	DeepSeek-V3
Together AI	together	Paid	Multiple models
Fireworks	fireworks	Paid	Fast inference
Anthropic	anthropic	Paid	Claude models
OpenAI-compatible	custom	Varies	Any LLM service with --api-base

# Configuration

Create an .ocrrc.yml file in your project root:

# .ocrrc.yml
threshold: 70
paths:
  - "src/**/*.ts"
  - "src/**/*.tsx"
exclude:
  - "node_modules/**"
  - "**/*.test.ts"
analysis:
  - hallucination
  - logic-gap
  - quality-score
fail-on-low-score: true
output: json

# What It Detects

Hallucinated Packages

Detects npm packages that don't exist but are imported as if they do. Common in AI-generated code.

Logic Gaps

Empty catch blocks, unreachable code, TODO markers, and missing error handling from context limits.

Quality Score

0-100 score across 4 dimensions: completeness, coherence, consistency, conciseness.

Multi-Language AI Defects

Language-specific detectors for TypeScript/JS, Python, Java, Go, Kotlin, Rust.

L3 Deep Analysis

Suspicious code blocks sent to remote LLMs for thorough analysis. Foundation for precise auto-fix.

AI Auto-Heal

Not just detection — auto-fix. OCR heals your code with LLM reasoning, supports dry-run preview.

# L3 Deep Scan

L3 Deep Scan sends suspicious code blocks to a remote LLM for deep analysis. It's the foundation for precise healing — you can't fix what you can't detect deeply.

Quick Start with L3

npx @opencodereview/cli@latest scan ./src --level l3 --provider openai --api-key sk-xxx

Using Free Providers (GLM)

# GLM (智谱) — free
npx @opencodereview/cli@latest scan ./src --level l3 --provider glm --api-key your-glm-key

# Multi-Language AI Detection

Language-specific AI defect detectors for maximum precision.

TypeScript / JS

npm hallucinations, unused imports, broken async patterns

Python

pip hallucinations, type errors, broken numpy patterns

Java

Maven hallucinations, wrong annotations, deprecated APIs

Go

module hallucinations, error handling patterns, goroutine leaks

Kotlin

Gradle hallucinations, coroutine misuse, wrong extensions

Rust

crate hallucinations, unsafe patterns, lifetime issues

# Provider Configuration Reference

Configure providers via CLI flags, environment variables, or ocr.config.json.

CLI Flags

npx @opencodereview/cli@latest scan ./src \
  --level l3 \
  --provider glm \
  --api-key your-glm-key \
  --model glm-4

Config File (ocr.config.json)

{
  "level": "l3",
  "provider": "glm",
  "apiKey": "your-glm-key",
  "model": "glm-4",
  "paths": ["src/**/*.ts"],
  "threshold": 70
}

Environment Variables

export OCR_PROVIDER=glm
export OCR_API_KEY=your-glm-key
export OCR_MODEL=glm-4

# Output Format

{
  "score": 82,
  "dimensions": {
    "completeness": 85,
    "coherence": 80,
    "consistency": 78,
    "conciseness": 85
  },
  "issues": [
    {
      "type": "hallucination",
      "severity": "high",
      "message": "Package 'lodash-utils' not found on npm",
      "file": "src/utils/helpers.ts",
      "line": 3,
      "fix": "Replace with 'lodash' or install the package"
    }
  ],
  "passed": true
}

# Cloud API Reference

The Open Code Review Cloud provides a REST API for managing licenses, scans, and reports programmatically.

1. Get Your License Key

Register at opencodereview.com/register to create an account. Your License Key is available in the Dashboard after sign-up, or via the API:

# Register a new account
curl -X POST https://cloud.opencodereview.com/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"your-password"}'

# Login to get your API token
curl -X POST https://cloud.opencodereview.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"your-password"}'

# Response includes your access token:
# { "accessToken": "eyJ...", "licenseKey": "ocr-xxxx-xxxx-xxxx" }

2. API Authentication

All API requests require a Bearer token in the Authorization header:

curl https://cloud.opencodereview.com/api/licenses \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

3. Activate License in CLI

ocr license activate ocr-xxxx-xxxx-xxxx

4. API Endpoints

Method	Endpoint	Description
POST	/api/auth/register	Register new account
POST	/api/auth/login	Login & get access token
GET	/api/licenses	List your licenses
GET	/api/licenses/:id	Get license details
POST	/api/scans	Submit a new scan
GET	/api/scans/:id	Get scan results
GET	/api/scans	List scan history
GET	/api/reports/:scanId	Get scan report
GET	/api/users/me	Get current user profile
PUT	/api/users/me	Update profile
GET	/api/usage	Get usage statistics

5. Submit a Scan via API

curl -X POST https://cloud.opencodereview.com/api/scans \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "repositoryUrl": "https://github.com/your/repo",
    "branch": "main",
    "level": "l3",
    "paths": ["src/**/*.ts"]
  }'

# FAQ

Do I need an AI API key?

For L1 and local scans, no — Ollama runs locally for free. For L3 Deep Scan and heal, you need an API key from one of 8 supported providers. GLM is completely free.

What is Detect & Heal?

OCR's core differentiator: ocr scan detects issues, ocr heal auto-fixes them. Other tools just tell you what's wrong — OCR fixes it for you.

What languages are supported?

TypeScript, JavaScript, Python, Java, Go, Kotlin, and Rust. Each has its own AI-specific defect detector.

How is this different from ESLint?

ESLint checks code style. Open Code Review detects AI-specific issues and auto-fixes them — not just reports.