@opencodereview/cli

@opencodereview/cli

AI code quality scanner for the terminal — Detect hallucinated packages, phantom dependencies, stale APIs, and logic gaps in seconds. Open-source, runs locally, zero API cost.

✨ Why?

AI code assistants generate code fast — but they hallucinate packages, reference outdated APIs, and leave logic gaps. open-code-review catches these AI-specific defects before they ship.

🚀 Quick Start

# Run directly — no install needed
npx @opencodereview/cli scan .

# Or install globally
npm install -g @opencodereview/cli
ocr scan .

That's it. Scans your project and prints a quality report to the terminal.

📦 Installation

# Global install
npm install -g @opencodereview/cli

# Or use npx (no install)
npx @opencodereview/cli scan .

The CLI provides two binary names: open-code-review and ocr (shorthand).

📋 Commands

scan [path] — Scan for AI-generated defects (V4, default)

# Basic scan (L1, structural analysis)
ocr scan .

# Scan a specific directory
ocr scan ./src

# Higher accuracy with L2 (embedding + Ollama)
ocr scan . --sla L2

# Deep analysis with L3 (LLM)
ocr scan . --sla L3

# Diff-only mode (scan changed files vs main)
ocr scan . --diff

# Output as JSON
ocr scan . --format json --output report.json

# Output as SARIF (GitHub Code Scanning compatible)
ocr scan . --format sarif --output report.sarif

# Output as HTML report
ocr scan . --format html --output report.html

# Output as Markdown
ocr scan . --format markdown

# Chinese output
ocr scan . --locale zh

# Exclude test files
ocr scan . --exclude "**/test/**,**/*.test.*"

# Offline mode (skip registry checks)
ocr scan . --offline

# Skip scoring, just list issues
ocr scan . --no-score

scan-v3 [paths...] — Legacy V3 scan

ocr scan-v3 ./src --threshold 80 --format json
ocr scan-v3 ./src --heal    # Generate AI self-heal prompt

init — Create configuration file

ocr init    # Creates .ocrrc.yml in current directory

login — Set up license key

ocr login   # Opens registration page and prompts for key

config — View or update configuration

ocr config show                        # Show current config
ocr config set license AICV-XXXX-...   # Set license key
ocr config set cloud-url https://...   # Set cloud URL
ocr config set api-key your-key        # Set API key

⚙️ V4 Scan Options

Option	Description	Default
--sla <level>	SLA level: L1 (fast), L2 (standard), L3 (deep)	L1
--locale <locale>	Output language: en, zh	en
--format <fmt>	Output format: terminal, json, sarif, markdown, html	terminal
--diff	Scan only changed files (vs origin/main)	off
--base <ref>	Base branch for diff	origin/main
--head <ref>	Head branch for diff	HEAD
--config <path>	Custom config file path	.ocrrc.yml
--offline	Skip registry verification	off
--include <patterns>	File patterns to include (comma-separated)	(auto-detect)
--exclude <patterns>	File patterns to exclude (comma-separated)	(none)
--ai-local-model <name>	Ollama model for L2/L3	(default)
--ai-local-url <url>	Ollama base URL	http://localhost:11434
--ai-remote-provider	Remote AI provider: openai, anthropic	—
--ai-remote-model <name>	Remote AI model name	—
--ai-remote-key <key>	Remote AI API key	—
--no-score	Skip scoring, just list issues	off
--json	Shorthand for --format json	off
--output <path>	Write report to file	(stdout)
--license <key>	License key	—

Environment Variables

Variable	Description
OCR_API_KEY	Remote AI API key
OCR_SLA	Default SLA level
OCR_LOCALE	Default locale
OCR_OLLAMA_URL	Ollama base URL
OCR_OLLAMA_MODEL	Ollama model name

📊 Output Formats

Terminal (default)

  Open Code Review V4
  SLA: L1 | Locale: en

  Scanning...
  Found 3 issue(s) in 12 file(s)

  🔴 error    src/auth.ts:12     Package `@supabase/auth-helpers` not found in registry
  ⚠️ warning  src/date.ts:5      Deprecated API `moment().format()` used
  ℹ️ info     src/api.ts:23       Unused variable `tempResult`

  Score: 78/100 (C) — Threshold: 70 ✅ Passed

JSON

ocr scan . --format json
# Outputs structured JSON with version, issues, score, dimensions, and metadata

SARIF

ocr scan . --format sarif --output report.sarif
# Compatible with GitHub Code Scanning — upload as a check

HTML

ocr scan . --format html --output report.html
# Generates a visual HTML report with score breakdown and issue details

🔗 GitHub Action Integration

Open Code Review works great as a GitHub Action too. Use it in CI to automatically review every PR:

- name: Open Code Review
  uses: raye-deng/open-code-review@v1
  with:
    sla: L1
    threshold: 70
    github-token: ${{ secrets.GITHUB_TOKEN }}

Or use the CLI directly in your workflow:

- name: Scan with CLI
  run: npx @opencodereview/cli scan . --format json --output report.json

📋 Scan Levels

Level	What it does	Speed	AI Required
L1	AST analysis: hallucinated packages, stale APIs, dead code, logic gaps	⚡ ~5s	No
L2	L1 + embedding recall for deeper pattern matching	🚀 ~30s	Optional (Ollama)
L3	L2 + LLM deep analysis for nuanced code review	🐢 ~2min	Yes (Ollama / Cloud)

🔒 Privacy

• L1 & L2 (TF-IDF): 100% local — no external API calls
• L2 (Ollama) / L3: Your code only goes to your own Ollama server or your chosen cloud API
• We never see your code

📜 License

• Personal & Open-source: Free under BSL 1.1
• Commercial: License required — see codes.evallab.ai
• Converts to Apache 2.0 on 2030-03-11

Links

• GitHub: raye-deng/open-code-review
• GitHub Action: Marketplace
• npm: @opencodereview/cli
• Issues: GitHub Issues
• Website: codes.evallab.ai