Open Code Review
AI code quality gate that detects hallucinated imports, stale APIs, over-engineering, and security anti-patterns in AI-generated code.
Add to your client
Copy the config for your MCP client and paste it into its config file.
npx -y @opencodereview/mcp-serverPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"open-code-review": {
"command": "npx",
"args": [
"-y",
"@opencodereview/mcp-server"
]
}
}
}Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf
Before you start
- Node.js with npx available
- Optional: a local LLM via Ollama (e.g. qwen3-coder) or any OpenAI-compatible API endpoint for L3 deep scan and auto-fix
About Open Code Review
Open Code Review's MCP server integrates an AI-code quality gate directly into AI IDEs. Once added to Claude Desktop, Cursor, or Windsurf, the assistant can scan source files for AI-specific defects (hallucinated imports, stale APIs, over-engineering, security anti-patterns), auto-fix detected issues, and explain individual findings. Its L3 deep scan combines structural detection, embedding-based semantic analysis, and LLM cross-file coherence checks. It runs against local LLMs (Ollama) or any OpenAI-compatible provider, supports 6 languages, and verifies package imports against npm/PyPI/Maven/Go registries.
Tools & capabilities (3)
ocr_scanRun a code quality gate scan over source files to detect hallucinated imports, stale APIs, over-engineering, and security anti-patterns.
ocr_healAI auto-fix — automatically generate and apply fixes for the issues OCR finds.
ocr_explainExplain a detected issue in detail, describing why it was flagged.
When to use it
- Reviewing AI-generated code (from Copilot, Cursor, Claude Code, Codex) for hallucinated packages and phantom dependencies before merging
- Letting an AI IDE assistant run a quality-gate scan and auto-fix findings inline during development
- Detecting stale/deprecated APIs and security anti-patterns across TypeScript, Python, Java, Go, and Kotlin
- Keeping code private by running all analysis locally through Ollama
Security notes
Analysis can be run fully locally via Ollama so source code never leaves your machine. If you configure an OpenAI-compatible remote LLM provider instead, code snippets are sent to that provider for the deep-scan (L3) and heal layers. The package is licensed BUSL-1.1 (free for personal/non-commercial use; commercial use requires a Team or Enterprise license).
Open Code Review FAQ
Does my code get sent to the cloud?
Not necessarily. You can run analysis 100% locally with Ollama, in which case nothing leaves your machine. Code is only sent to a remote provider if you explicitly configure an OpenAI-compatible endpoint for the deep-scan or heal layers.
Which AI clients does the MCP server work with?
Any MCP-compatible client. The README documents Claude Desktop, Cursor, Windsurf, and VS Code Copilot using the same npx-based configuration.
What languages are supported?
Six: TypeScript/JavaScript, Python, Java, Go, and Kotlin, with hallucinated-package verification against npm, PyPI, Maven, and Go modules.
Is it free?
It is licensed under BUSL-1.1 — free for personal and non-commercial use, converting to Apache 2.0 on 2030-03-11. Commercial use requires a Team or Enterprise license.
Alternatives to Open Code Review
Compare all alternatives →
Microsoft's official browser-automation MCP using Playwright's accessibility tree (no vision model).
Up-to-date, version-specific library documentation injected into your coding agent.
Code intelligence engine that indexes repos into a persistent knowledge graph for AI coding agents.
Compare Open Code Review with: