Alibaba, one of the largest Chinese IT companies, published the open platform Open Code Review with the implementation of a hybrid review architecture that combines rigorous review methods with the flexibility of large language models. The project is based on the code of Alibaba’s internal change review system, written in Go and distributed under the Apache 2.0 license.
The system supports integration with various large language models, allows comments to be tied to specific lines in the code, and contains built-in sets of rules for identifying common problems and vulnerabilities, such as errors in thread synchronization, cross-site scripting and SQL substitution. Rules-based checking is provided for Java, TypeScript, Go, Python, Kotlin, C++, and C.
Open Code Review offers a command-line toolkit that reads changes from git, pushes them to the larger language model through the chosen AI agent, and generates a structured report with line-by-line comments. In addition to analyzing submitted changes, the AI agent can search the code base, download files from the repository, and inspect other changed files for a deeper dive into the context and take into account relationships with other changes.