Alibaba has open-sourced Open Code Review, the AI review assistant it says ran internally for two years across tens of thousands of developers and flagged millions of code defects before being released to the community.
The design choice that stands out is the hybrid split: deterministic pipelines enforce a fine-tuned ruleset for specific bug classes such as null-pointer exceptions, thread-safety, XSS and SQL injection, while an LLM agent reads full file contents, searches the codebase and inspects other changed files for context before writing line-level comments. That is meant to fix the usual weakness of diff-only reviewers, which judge a change without seeing what it touches. It is OpenAI and Anthropic compatible, and installs as a Claude Code slash command.
"Battle-tested at Alibaba's scale" is the pitch, but it also lands in an already crowded field of open AI reviewers. The differentiator worth watching is whether that deterministic ruleset actually cuts the false-positive noise that makes most of them easy to ignore.