Do I need an AI API key for Open Code Review?

For L1 and local scans, no — Ollama runs locally for free. For L3 Deep Scan and heal, you need an API key from one of 8 supported providers. GLM (智谱) is completely free.

What is Detect & Heal in Open Code Review?

OCR's core differentiator: 'ocr scan' detects AI-specific issues, 'ocr heal' auto-fixes them. Other tools just tell you what's wrong — OCR fixes it for you with AI-generated patches.

What programming languages does Open Code Review support?

TypeScript, JavaScript, Python, Java, Go, Kotlin, and Rust. Each language has its own AI-specific defect detector for hallucinated packages, broken patterns, and deprecated APIs.

How is Open Code Review different from ESLint or SonarQube?

ESLint checks code style and SonarQube finds traditional bugs. Open Code Review detects AI-specific issues (hallucinated packages, phantom dependencies, stale APIs) that traditional tools miss, and auto-fixes them with AI.

How much does it cost to run Open Code Review in CI/CD?

Open Code Review is free for individual and open-source use. The CLI and L1 Fast scan are completely free. L3 Deep Scan uses your own LLM API key — GLM (智谱) offers free API access. Commercial teams need a Pro license ($19/seat/month).

Will Open Code Review slow down my CI/CD pipeline?

L1 Fast scan adds ~10-30 seconds. L3 Deep scan adds ~1-3 minutes depending on codebase size. You can run L1 on every PR and L3 on scheduled builds or main branch merges.

Can I use Open Code Review with GitHub Code Scanning?

Yes. Open Code Review supports SARIF output, which integrates directly with GitHub Code Scanning. Results appear alongside CodeQL findings in the Security tab.

What happens when a PR fails the quality threshold?

The CI job exits with a non-zero code, blocking the merge. You can configure the threshold (--threshold) and optionally enable auto-heal (--heal) to automatically fix issues and push corrections.

30-second setup

CI/CD Integration Guide

Automatically detect AI code quality issues on every pull request. Works with GitHub Actions, GitLab CI, Bitbucket Pipelines, and Jenkins.

# Quick Install

npm install -g @opencodereview/cli

Or use npx (no install required):

npx @opencodereview/cli@latest scan ./src

# Choose Your CI/CD Platform

Basic Config (Quality Gate)

Run AI code scan on every PR, block merge when quality score falls below threshold.

Basic Quality Gate.github/workflows/ocr.yml

name: AI Code Review
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: raye-deng/open-code-review@v1
        with:
          threshold: 70
          paths: 'src/**/*.ts'
          fail-on-low-score: true

Advanced Config (Scan + Auto-Heal + SARIF)

L3 Deep scan + GitHub Code Scanning integration + AI auto-heal.

Complete CI/CD Pipeline.github/workflows/ocr-advanced.yml

name: AI Code Review + Self-Heal
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      contents: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install OCR
        run: npm install -g @opencodereview/cli

      - name: Scan code
        run: ocr scan ./src --threshold 70 --output sarif --output-file ocr-results.sarif

      - name: Upload SARIF to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ocr-results.sarif
          category: open-code-review

      - name: Auto-heal detected issues
        run: ocr heal ./src
        env:
          OCR_PROVIDER: ${{ secrets.OCR_PROVIDER }}
          OCR_API_KEY: ${{ secrets.OCR_API_KEY }}

      - name: Commit fixes
        run: |
          git config --global user.name "OCR Bot"
          git config --global user.email "[email protected]"
          git add -A
          git diff --cached --quiet || git commit -m "fix: OCR auto-heal"
          git push

PR Comment Mode.github/workflows/ocr-comment.yml

name: AI Code Review with PR Comment
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - uses: actions/checkout@v4

      - name: Run OCR and comment
        uses: raye-deng/open-code-review@v1
        with:
          threshold: 70
          paths: 'src/**/*.ts'
          github-token: ${{ secrets.GITHUB_TOKEN }}
          comment-on-pr: true

# Environment Variables

Variable	Description	Default
OCR_PROVIDER	LLM provider	openai
OCR_API_KEY	LLM API key	—
OCR_MODEL	Model name	provider default
OCR_THRESHOLD	Quality threshold (0-100)	70
OCR_LICENSE_KEY	License key	—
OCR_LEVEL	Scan level (l1/l2/l3)	l1

💡 Tip: Add OCR_API_KEY to your CI/CD secrets, never hardcode it in config files.

# Recommended CI Scan Strategy

L1Every PR

Fast rule-based scan

10-30s · Free · No API key

# Every PR
ocr scan ./src --level l1

L3Scheduled

Weekly deep scan of full codebase

1-5min · Needs API key · Most thorough

# Weekly cron
ocr scan ./src --level l3
  --provider glm

HEALAuto-Heal

AI auto-fixes detected issues

Optional · Needs API key · Auto-commits

# After scan
ocr heal ./src
# + git commit + push

# CI/CD Integration Features

10-30s per PR

L1 Fast scan adds minimal overhead to your pipeline

Free for open source

GLM provider offers free API access for L3 deep scans

Fail on low quality

Block PRs that fall below your quality threshold

Auto-heal issues

AI-powered auto-fix for hallucinated packages, stale APIs, and more

PR comments

Post review results directly as PR comments

SARIF integration

Results appear in GitHub Code Scanning alongside CodeQL

GitHub Actions Marketplace

Search "Open Code Review" in the Marketplace and add it to your repo — no manual config needed.

View Marketplace

# FAQ

Ready to get started?

Create a free account, get your license key, and integrate in 30 seconds.

Create Free Account View Full Documentation