Backend · Architecture · JavaScript

Alibaba's Open Code Review Turns AI Code Review into a Configurable Pipeline

By candyTong · Jun 26, 2026

Read original on juejin.cn ↗ Google Translate ↗ Alt translation

For Western engineering teams integrating AI into their CI/CD pipelines, Alibaba's Open Code Review demonstrates a production-ready pattern: AI code review that is configurable, deterministic, and tool-augmented. It shifts the conversation from "can an LLM spot bugs?" to "how do we build a reliable, repeatable review process that teams can trust?" — a question every platform engineering team is facing right now.

Summary

Alibaba has open-sourced Open Code Review, a CLI tool that turns AI-powered code review into a repeatable, engineering-grade process. The core command, `ocr review`, reads a Git diff, filters files through configurable rules, and dispatches each file to a Review Agent equipped with tool-calling capabilities. The agent can read related files, search the codebase, and submit structured comments with file paths and line numbers.

The tool's architecture is a seven-node pipeline: from npm command to Go CLI, configuration normalization, diff-based review queue generation, context assembly, concurrent file distribution, single-file agent review (with an optional planning phase for large diffs), and final comment aggregation. Rules are defined in a `rule.json` file with path-based matching, layered priority (CLI > project > user > built-in), and support for include/exclude filters.

What sets this apart from simply asking an agent to "review my code" is the engineering discipline: review scope is bounded by the diff, rules are version-controlled alongside the code, the agent can call tools to gather context, and the output is structured JSON or text ready for CI pipelines. The tool also handles edge cases like large diffs (skipped with a warning), test files (excluded by default), and comment filtering (removing false positives that the diff itself disproves).

Takeaways

— Open Code Review is an open-source CLI from Alibaba, installed via `npm install -g @alibaba-group/open-code-review`.

— The `ocr review` command reads a Git diff and dispatches each changed file to a Review Agent for analysis.

— Review rules are defined in a `rule.json` file with path-based matching and a four-level priority hierarchy: CLI flag > project file > user global file > built-in defaults.

— The tool supports `include` and `exclude` filters to control which files enter the review queue; test files are excluded by default.

— Each file review runs in a separate agent subtask, with configurable concurrency via `--concurrency`.

— Large diffs exceeding a threshold are skipped with a warning to avoid overflowing the prompt.

— The Review Agent can call tools like `file_read`, `file_read_diff`, `code_search`, and `file_find` to gather context before submitting comments.

— Comments are submitted via a `code_comment` tool and are filtered post-review to remove false positives that the diff itself disproves.

— Output can be formatted as text (for terminal) or JSON (for CI or other agents), including status, summary, warnings, and statistics.

— A planning phase (`Plan`) runs before the review for large files, generating a structured roadmap of risk points and suggested context reads.

Conclusions

The key innovation isn't the AI model — it's the engineering pipeline that constrains the model's scope, provides it with tools, and structures its output for machine consumption.

By making review rules version-controllable and path-based, Open Code Review turns code review policy into infrastructure-as-code, not a prompt engineering exercise.

The tool's layered rule priority (CLI > project > user > built-in) mirrors the configuration patterns of mature DevOps tools like ESLint or Terraform, suggesting a convergence between AI tooling and traditional platform engineering.

The planning phase for large diffs is a pragmatic admission that LLMs struggle with long contexts — the tool doesn't just throw more tokens at the problem, it decomposes the task.

Comment filtering after review — removing comments that the diff itself disproves — is a clever guardrail against one of the most annoying failure modes of AI code review: hallucinated issues.

Concepts & terms

Review Agent

An AI agent that reviews a single file's diff, with the ability to call tools (read files, search code, query other diffs) to gather context before submitting structured comments.

DiffMap

A read-only data structure that stores all diffs from the current Git change, allowing the Review Agent to query diffs of other changed files by path during a single-file review.

Plan phase

An optional pre-review step for large file diffs where an agent analyzes the changes, identifies potential risk points, and suggests which files or diffs the Review Agent should read for context.

Structured comment

A review comment submitted via the `code_comment` tool that includes the file path, line number, and a description of the issue, designed for machine parsing and CI integration.

Source: juejin.cn ↗ Google Translate ↗ Backup ↗