alibaba/open-code-review

This is a code review tool that does not ask the LLM to do everything. The architecture splits the work: deterministic pipelines handle the rule-based catches — null pointer exposure, thread-safety antipatterns, XSS, SQL injection — and the LLM agent handles the things that need judgment. The result is line-level comments that are grounded in actual rules rather than vibes-based suggestions a model hallucinated from training data. The fine-tuned ruleset is the headline differentiator here. Most AI code review tools hand the model the diff and hope for the best. This one ships with battle-tested rules that reportedly came from running at Alibaba's scale, which means the false-positive rate on the common Java antipatterns should be lower than a raw GPT prompt. It is OpenAI and Anthropic compatible, so there is no vendor lock-in. Reservation: the ruleset skews toward Java patterns (NPE, thread-safety) and the docs look like they were written for an internal audience first, so ramp-up on a non-Java codebase may take work. -> Best for: SaaS team of 2-5 shipping Java or JVM-adjacent backend code who want automated review with fewer useless comments.