Alibaba has open-sourced Open Code Review, an AI code-review CLI it says served tens of thousands of its own developers and flagged millions of defects over two years before release.
Its pitch is a hybrid architecture: deterministic pipelines plus an LLM agent with tool use, rather than a general-purpose agent doing review through a skill. Alibaba names the two failure modes it is targeting. "Incomplete coverage," where agents cut corners and skip files on large changesets, and "position drift," where reported issues point to the wrong lines. The agent can read full files, search the codebase, and inspect other changed files for context.
It is model-agnostic, working with OpenAI- and Anthropic-compatible endpoints, and carries a fine-tuned ruleset for null-pointer exceptions, thread-safety, XSS and SQL injection. The interesting bet is architectural: that reliable review needs deterministic scaffolding around the model, not just a sharper prompt.