diff --git a/.cursor-plugin/marketplace.json b/.cursor-plugin/marketplace.json index 49f6d8e..5e6859c 100644 --- a/.cursor-plugin/marketplace.json +++ b/.cursor-plugin/marketplace.json @@ -72,6 +72,11 @@ "name": "pstack", "source": "pstack", "description": "if you want to go fast, go deep first. pstack helps you write less, but higher quality code. rigorous agent workflows you can parallelize with confidence." + }, + { + "name": "open-code-review", + "source": "open-code-review", + "description": "AI-powered code review on Git diffs — workspace changes, branch ranges, and single commits with concurrent per-file analysis and context-aware review using the ocr CLI." } ] } diff --git a/open-code-review/.cursor-plugin/plugin.json b/open-code-review/.cursor-plugin/plugin.json new file mode 100644 index 0000000..de0cbd9 --- /dev/null +++ b/open-code-review/.cursor-plugin/plugin.json @@ -0,0 +1,27 @@ +{ + "name": "open-code-review", + "displayName": "Open Code Review", + "version": "1.0.0", + "description": "AI-powered code review on Git diffs — supports workspace changes, branch ranges, and single commits with concurrent per-file analysis, codebase search, and deep context-aware review.", + "author": { + "name": "Alibaba" + }, + "homepage": "https://github.com/alibaba/open-code-review", + "repository": "https://github.com/alibaba/open-code-review", + "license": "Apache-2.0", + "keywords": [ + "code-review", + "cursor", + "ocr", + "open-code-review", + "ai-review", + "git-diff" + ], + "category": "developer-tools", + "tags": [ + "review", + "quality", + "automation" + ], + "skills": "./skills/" +} diff --git a/open-code-review/CHANGELOG.md b/open-code-review/CHANGELOG.md new file mode 100644 index 0000000..1ad380a --- /dev/null +++ b/open-code-review/CHANGELOG.md @@ -0,0 +1,7 @@ +# Changelog + +## 1.0.0 + +- Initial Open Code Review plugin release. +- Skills: `open-code-review`. +- Supports workspace, branch-range, and single-commit review modes. diff --git a/open-code-review/LICENSE b/open-code-review/LICENSE new file mode 100644 index 0000000..4dcbd27 --- /dev/null +++ b/open-code-review/LICENSE @@ -0,0 +1,190 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to the Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by the Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding any notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2024 Alibaba Group + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/open-code-review/README.md b/open-code-review/README.md new file mode 100644 index 0000000..86c5b9b --- /dev/null +++ b/open-code-review/README.md @@ -0,0 +1,97 @@ +# Open Code Review plugin + +AI-powered code review on Git diffs — supports workspace changes, branch ranges, and single commits with concurrent per-file analysis, codebase search, and deep context-aware review. + +## Installation + +```bash +/add-plugin open-code-review +``` + +### Prerequisites + +The plugin requires the `ocr` CLI: + +```bash +npm install -g @alibaba-group/open-code-review +``` + +Configure an LLM backend before first use: + +```bash +ocr config set llm.url https://api.anthropic.com/v1/messages +ocr config set llm.auth_token +ocr config set llm.model claude-opus-4-6 +ocr config set llm.use_anthropic true +``` + +Verify connectivity: + +```bash +ocr llm test +``` + +## Architecture + +```mermaid +flowchart TB + USER[User request] --> SKILL[open-code-review skill] + SKILL --> CTX[Gather business context] + CTX --> OCR[ocr review --audience agent] + OCR --> CLASSIFY[Classify by priority] + CLASSIFY --> REPORT[Report findings] + REPORT --> FIX[Apply fixes if requested] +``` + +## Skills + +| Skill | Description | +|:------|:------------| +| `open-code-review` | Run `ocr` CLI to review Git diffs — workspace changes, branch ranges, or single commits. Classifies findings by priority and optionally applies fixes. | + +## Typical usage + +**Review workspace changes:** + +``` +@open-code-review review my current changes +``` + +**Review a branch against its base:** + +``` +@open-code-review review this branch against main +``` + +**Review a specific commit:** + +``` +@open-code-review review commit abc1234 +``` + +**Review and auto-fix high-priority issues:** + +``` +@open-code-review review and fix high-priority issues +``` + +## Custom review rules + +Create `.opencodereview/rule.json` in your repo root: + +```json +{ + "rules": [ + { + "path": "**/*.ts", + "rule": "All exported functions must have JSDoc comments" + } + ] +} +``` + +See [rule documentation](https://github.com/alibaba/open-code-review#custom-review-rules) for details. + +## License + +Apache-2.0 diff --git a/open-code-review/skills/open-code-review/SKILL.md b/open-code-review/skills/open-code-review/SKILL.md new file mode 100644 index 0000000..4072eb9 --- /dev/null +++ b/open-code-review/skills/open-code-review/SKILL.md @@ -0,0 +1,234 @@ +--- +name: open-code-review +description: > + Performs AI-powered code review on Git changes using the `ocr` CLI from + alibaba/open-code-review. Use when the user asks to review code, review + a pull request, review staged/unstaged changes, review a commit, or + compare branches for code quality issues. Produces line-level review + comments and can automatically apply fixes when requested. With appropriate + review rules, can detect various types of issues including bugs, security + vulnerabilities, performance problems, and code quality concerns. +license: Apache-2.0 +compatibility: > + Requires the `ocr` CLI installed (via `npm install -g + @alibaba-group/open-code-review` or GitHub release binary). Requires a + configured LLM (Anthropic or OpenAI-compatible) before first run. +metadata: + author: alibaba + homepage: https://github.com/alibaba/open-code-review + version: "1.0.0" +--- + +# Open Code Review + +A skill for invoking [open-code-review](https://github.com/alibaba/open-code-review) (`ocr`) — an open-source AI code review CLI that reads Git diffs and generates structured, line-level review comments. + +## Prerequisites check + +Before starting a review, verify the environment: + +```bash +# 1. Check the CLI is installed +which ocr || echo "NOT INSTALLED" + +# 2. Verify LLM connectivity +ocr llm test +``` + +If `ocr` is not installed, install it first: + +```bash +npm install -g @alibaba-group/open-code-review +``` + +If `ocr llm test` fails, the user must configure an LLM. Guide them with one of these options: + +**Option A — Environment variables (highest priority, recommended for CI):** + +```bash +export OCR_LLM_URL=https://api.anthropic.com/v1/messages +export OCR_LLM_TOKEN= +export OCR_LLM_MODEL=claude-opus-4-6 +export OCR_USE_ANTHROPIC=true +``` + +**Option B — Persistent config:** + +```bash +ocr config set llm.url https://api.anthropic.com/v1/messages +ocr config set llm.auth_token +ocr config set llm.model claude-opus-4-6 +ocr config set llm.use_anthropic true +``` + +Stop here and ask the user to provide credentials — never invent or hardcode API keys. + +## Workflow + +### Step 1: Gather Business Context + +Analyze the review target (commits, branch, or changes) to extract concise business context. Pass this context via `--background` to improve review quality. + +### Step 2: Run Code Review + +Run the OCR command with appropriate flags. **Always pass business context via `--background`** when available: + +```bash +ocr review --audience agent --background "business context here" [user-args] +``` + +**Argument handling:** + +- **Background context** (RECOMMENDED): use `--background "context"` or `-b "context"` to provide business context for better review quality +- **Default** (no user arguments): reviews staged, unstaged, and untracked changes (workspace mode) +- **Specific commit**: use `--commit` or `-c` to review a single commit against its parent +- **Branch comparison**: use `--from ` and `--to ` to review diff between two refs +- **Timeout**: default timeout is 10 minutes per file; adjust with `--timeout ` +- **Concurrency**: default concurrency is 8 file workers; reduce with `--concurrency ` if rate limits are hit +- **Preview mode**: use `--preview` or `-p` to preview which files will be reviewed without running the LLM +- **Installation**: if `ocr` command is not found, install it by running `npm i -g @alibaba-group/open-code-review` + +**Common invocation patterns:** + +| User says | Command to run | +|-----------|---------------| +| "review my changes" / "review the working copy" | `ocr review --audience agent -b "context"` | +| "review this PR" / "review feature branch" | `ocr review --audience agent -b "context" --from --to ` (resolve the actual PR base — e.g. `main`, `master`, `develop` — via `git` or the PR metadata; do not assume `main`) | +| "review commit abc123" | `ocr review --audience agent -b "context" --commit abc123` | +| "what would be reviewed?" (dry-run) | `ocr review --preview` | + +**Output mode:** + +- Always use `--audience agent` to suppress progress UI and emit only the final summary + +### Step 3: Classify and Report + +For each comment from the review output, classify by priority: + +- **High**: Obvious bugs, security issues, clear mistakes, or well-founded suggestions with precise fix proposals +- **Medium**: Reasonable concerns but context-dependent, style/performance suggestions, or fixes that require manual implementation +- **Low**: Likely false positives, lacking sufficient context, nitpicks, or meaningless suggestions — discard silently + +Report High and Medium comments grouped by priority level. + +### Step 4: Fix + +Before applying fixes, check whether the user requested automatic fixes: + +- If the user explicitly requested "review and fix" or similar, proceed with automatic fixes +- If the user only requested "review" without fix intent, ask for permission before applying any changes + +When fixing issues and suggestions: + +- Focus on High and Medium priority items +- Apply fixes directly to the code when safe and well-defined +- For complex fixes requiring manual intervention, clearly describe what needs to be done +- Always verify fixes with the user before committing + +## Output Format + +Each comment contains: + +- `path`: File path +- `content`: Review comment text +- `start_line` / `end_line`: Line range (both 0 means positioning failed) +- `suggestion_code`: Optional fix suggestion +- `existing_code`: Optional original code snippet +- `thinking`: Optional LLM reasoning process + +After filtering comments by priority, present results using this template: + +```markdown +## Code Review Results + +**Files reviewed**: N +**Issues found**: X high priority / Y medium priority + +### High Priority + +- **`path/to/file.java:42`** — Brief description + > Recommendation: How to fix + +### Medium Priority + +- **`path/to/file.ts:88`** — Brief description + > Recommendation: How to fix (if applicable) +``` + +If the review found no issues after filtering, simply state: "Review complete — no issues found in N files." + +**Priority classification:** + +- **High**: Obvious bugs, security issues, clear mistakes, or well-founded suggestions with precise fix proposals +- **Medium**: Reasonable concerns but context-dependent, style/performance suggestions, or fixes that require manual implementation +- **Low**: Discarded silently (likely false positives, lacking context, nitpicks, or meaningless suggestions) + +**Handling mispositioned comments:** + +When `start_line` and `end_line` are both `0`, the comment failed to locate the exact position in the file. In such cases: + +1. Read the comment content to understand the issue +2. Examine the target file mentioned in the comment +3. Identify the relevant code section based on the comment's context +4. Report the finding with the corrected location (apply fixes only if the user requested automatic fixes per Step 4) + +## Custom Review Rules + +If the user wants project-specific rules, OCR resolves them in this priority order: + +1. `--rule ` flag (highest) +2. `/.opencodereview/rule.json` +3. `~/.opencodereview/rule.json` +4. Built-in system defaults (lowest) + +By default, the first matching user rule replaces the built-in system rule. Set `merge_system_rule: true` on a rule entry when the matched system rule and user rule should both be included. + +Rule file format: + +```json +{ + "rules": [ + { + "path": "**/*.java", + "rule": "All new methods must validate required parameters for null", + "merge_system_rule": true + }, + { + "path": "**/*mapper*.xml", + "rule": "Check SQL for injection risks and missing closing tags" + } + ] +} +``` + +To preview which rule applies to a file before reviewing: + +```bash +ocr rules check src/main/java/com/example/Foo.java +``` + +## Gotchas + +- **LLM must be configured first** — `ocr review` will fail loudly if no LLM is reachable. Always run `ocr llm test` before the first review. +- **Working directory matters** — `ocr review` operates on the Git repo at the current directory. Use `--repo /path/to/repo` to run from elsewhere. +- **Untracked files are reviewed in workspace mode** — running bare `ocr review` includes staged, unstaged, *and* untracked changes. Stage selectively if you want narrower scope. +- **Large diffs may hit token limits** — files with very large diffs may be truncated. The default `MAX_TOKENS` is 58888 per request. +- **Plan phase triggers at 50 lines** — diffs exceeding 50 changed lines run an extra risk-analysis phase before main review. This adds latency but improves quality. +- **Don't pass `--audience human`** — it streams progress UI that pollutes output. Always use `--audience agent`. +- **Comment language follows config** — set `language` config to `English` or `Chinese` (default: Chinese) to control review comment language. + +## Validation + +After the review completes, verify success by checking: + +1. The command exited with code 0 +2. Comments were generated (or "No comments generated" message appears) +3. Warnings (if any) are displayed in stderr + +If errors occurred, check the stderr warnings for details about which files failed and why. + +## References + +- Full docs: https://github.com/alibaba/open-code-review +- NPM package: https://www.npmjs.com/package/@alibaba-group/open-code-review +- Issue tracker: https://github.com/alibaba/open-code-review/issues