Open Code Review MCP Server

The first open-source CI/CD quality gate built for AI-generated code.

ai-tools 4code-reviewai-securitystatic-analysisci-cd
README.md

Open Code Review

The first open-source CI/CD quality gate built specifically for AI-generated code. Detects hallucinated imports, stale APIs, over-engineering, and security anti-patterns — powered by local LLMs and any OpenAI-compatible provider. Free. Self-hostable. 6 languages.

Open Code Review

Works With

Any AI tool that generates code — if it writes it, OCR reviews it.

What AI Linters Miss

AI coding assistants (Copilot, Cursor, Claude) generate code with defects that traditional tools miss entirely:

Defect Example ESLint / SonarQube
Hallucinated imports import { x } from 'non-existent-pkg' ❌ Miss
Stale APIs Using deprecated APIs from training data ❌ Miss
Context window artifacts Logic contradictions across files ❌ Miss
Over-engineered patterns Unnecessary abstractions, dead code ❌ Miss
Security anti-patterns Hardcoded example secrets, eval() ❌ Partial

Open Code Review detects all of them — across 6 languages, for free.

Demo

L2 HTML Report Screenshot

📄 View full interactive HTML report

Quick Preview

$ ocr scan src/ --sla L3

╔══════════════════════════════════════════════════════════════╗
║           Open Code Review — Deep Scan Report               ║
╚══════════════════════════════════════════════════════════════╝

  Project: packages/core/src
  SLA: L3 Deep — Structural + Embedding + LLM Analysis

  112 issues found in 110 files

  Overall Score: 67/100  D
  Threshold: 70  |  Status: FAILED
  Files Scanned: 110  |  Languages: typescript  |  Duration: 12.3s

Deep Scan (L3) — How It Works

L3 combines three analysis layers for maximum coverage:

Layer 1: Structural Detection         Layer 2: Semantic Analysis        Layer 3: LLM Deep Scan
├── Hallucinated imports (npm/PyPI)   ├── Embedding similarity recall   ├── Cross-file coherence check
├── Stale API detection               ├── Risk scoring                  ├── Logic bug detection
├── Security patterns                 ├── Context window artifacts      ├── Confidence scoring
├── Over-engineering metrics          └── Enhanced severity ranking     └── AI-powered fix suggestions
└── A+ → F quality scoring

Powered by local LLMs or any OpenAI-compatible API. Run Ollama for 100% local analysis, or connect to any remote LLM provider — the interface is the same.

# Local analysis (Ollama)
ocr scan src/ --sla L3 --provider ollama --model qwen3-coder

# Any OpenAI-compatible provider
ocr scan src/ --sla L3 --provider openai-compatible \
  --api-base https://your-llm-endpoint/v1 --model your-model --api-key YOUR_KEY

AI Auto-Fix — `ocr heal`

Let AI automatically fix the issues it finds. Review changes before applying.

# Preview fixes without changing files
ocr heal src/ --dry-run

# Apply fixes + generate IDE rules
ocr heal src/ --provider ollama --model qwen3-coder --setup-ide

# Only generate IDE rules (Cursor, Copilot, Augment)
ocr setup src/

Multi-Language Detection

Language-specific detectors for 6 languages, plus hallucinated package databases (npm, P

Tools 2

scanPerforms a deep scan of the codebase to detect hallucinated imports, stale APIs, and security anti-patterns.
healAutomatically fixes issues found during the scan and generates IDE rules.

Environment Variables

OPENAI_API_KEYAPI key for OpenAI-compatible providers if not using local models.

Try it

Scan the current directory for hallucinated imports and security anti-patterns.
Perform a deep L3 scan on the src folder to check for cross-file logic contradictions.
Run a code heal on the project to fix identified issues and generate IDE rules.
Check the codebase for any deprecated API usage or over-engineered patterns.

Frequently Asked Questions

What are the key features of Open Code Review?

Detects hallucinated imports and stale APIs missed by traditional linters.. Identifies cross-file logic contradictions and context window artifacts.. Provides AI-powered fix suggestions for detected defects.. Supports 6 programming languages including TypeScript, Python, and Go.. Compatible with local LLMs via Ollama or any OpenAI-compatible provider..

What can I use Open Code Review for?

Validating code generated by AI assistants like Cursor or Claude before merging.. Detecting security vulnerabilities like hardcoded secrets or eval() usage.. Refactoring over-engineered code patterns and removing dead code.. Ensuring cross-file coherence in large projects with complex dependencies..

How do I install Open Code Review?

Install Open Code Review by running: npx -y @opencodereview/mcp-server

What MCP clients work with Open Code Review?

Open Code Review works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Conare · memory for coding agents

Turn this server into reusable context

Keep Open Code Review docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Set up free$npx conare@latest

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library — production-ready code for LLMs
ai-tools1.3K stars