π€ AI code quality gate for AI-generated code. Detects hallucinated packages, phantom dependencies, stale APIs, and more. MCP Server + CLI + CI/CD Action.
Config is the same across clients β only the file and path differ.
{
"mcpServers": {
"open-code-review": {
"args": [
"-y",
"@opencodereview/mcp-server"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
The first open-source CI/CD quality gate built specifically for AI-generated code. > Detects hallucinated imports, stale APIs, over-engineering, and security anti-patterns β powered by local LLMs and any OpenAI-compatible provider. > Free. Self-hostable. 6 languages.
This server supports HTTP transport. Be the first to test it β help the community know if it works.
Five weighted categories β click any category to see the underlying evidence.
No known CVEs.
Checked @opencodereview/cli against OSV.dev.
Be the first to review
Have you used this server?
Share your experience β it helps other developers decide.
Sign in to write a review.
Others in developer-tools / devops
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
Manage Supabase projects β databases, auth, storage, and edge functions
MCP Security Weekly
Get CVE alerts and security updates for Open Code Review and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
The first open-source CI/CD quality gate built specifically for AI-generated code. Detects hallucinated imports, stale APIs, over-engineering, and security anti-patterns β powered by local LLMs and any OpenAI-compatible provider. Free. Self-hostable. 6 languages.

Any AI tool that generates code β if it writes it, OCR reviews it.
AI coding assistants (Copilot, Cursor, Claude) generate code with defects that traditional tools miss entirely:
| Defect | Example | ESLint / SonarQube |
|---|---|---|
| Hallucinated imports | import { x } from 'non-existent-pkg' | β Miss |
| Stale APIs | Using deprecated APIs from training data | β Miss |
| Context window artifacts | Logic contradictions across files | β Miss |
| Over-engineered patterns | Unnecessary abstractions, dead code | β Miss |
| Security anti-patterns | Hardcoded example secrets, eval() | β Partial |
Open Code Review detects all of them β across 6 languages, for free.

π View full interactive HTML report
$ ocr scan src/ --sla L3
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Open Code Review β Deep Scan Report β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Project: packages/core/src
SLA: L3 Deep β Structural + Embedding + LLM Analysis
112 issues found in 110 files
Overall Score: 67/100 D
Threshold: 70 | Status: FAILED
Files Scanned: 110 | Languages: typescript | Duration: 12.3s
L3 combines three analysis layers for maximum coverage:
Layer 1: Structural Detection Layer 2: Semantic Analysis Layer 3: LLM Deep Scan
βββ Hallucinated imports (npm/PyPI) βββ Embedding similarity recall βββ Cross-file coherence check
βββ Stale API detection βββ Risk scoring βββ Logic bug detection
βββ Security patterns βββ Context window artifacts βββ Confidence scoring
βββ Over-engineering metrics
... [View full README on GitHub](https://github.com/raye-deng/open-code-review#readme)