open-code-review: add AI-powered code review plugin

[lizhengfeng101]

Summary

• Add the open-code-review plugin wrapping the ocr CLI — an open-source, self-hosted AI code review tool
• Provides a Cursor skill for reviewing workspace changes, branch ranges, and single commits with concurrent per-file analysis and context-aware review
• Register the plugin in marketplace.json

Why this complements BugBot

Open Code Review (OCR) serves a different segment than BugBot and is complementary, not competitive:

	BugBot	Open Code Review
Hosting	Cursor-managed cloud service	Self-hosted, runs locally via CLI
LLM backend	Cursor-provided	Bring your own (Anthropic, OpenAI, or any compatible API)
Data privacy	Code sent to Cursor servers	Code never leaves your machine — important for regulated industries, air-gapped environments, and enterprise compliance
Custom rules	N/A	Per-repo .opencodereview/rule.json with glob-based file matching and mergeable system rules
Review scope	PR-level	Workspace changes, branch ranges, single commits, and PR-level
License	Proprietary	Apache-2.0, fully open source

OCR is designed for teams that need full control over their review pipeline — choosing their own LLM, keeping code on-premises, and defining project-specific review rules. Users who are happy with BugBot's managed experience will continue to use it; OCR gives Cursor users another option when self-hosting or customization is a requirement.

Plugin structure

open-code-review/
├── .cursor-plugin/
│   └── plugin.json
├── skills/
│   └── open-code-review/
│       └── SKILL.md
├── README.md
├── CHANGELOG.md
└── LICENSE (Apache-2.0)

What it does

The skill invokes ocr review --audience agent to perform line-level code review on Git diffs. It:

1. Checks prerequisites (ocr CLI + LLM config)
2. Gathers business context from the review target
3. Runs concurrent per-file review via the ocr CLI
4. Classifies findings by priority (High / Medium / Low)
5. Optionally applies fixes for high-confidence issues

Usage examples

@open-code-review review my current changes
@open-code-review review this branch against main
@open-code-review review commit abc1234
@open-code-review review and fix high-confidence issues

Test plan

• Install plugin via /add-plugin open-code-review
• Verify ocr CLI detection and LLM connectivity check
• Run workspace review, branch review, and single-commit review
• Confirm findings are classified and reported correctly

---

Note

Low Risk
Additive plugin metadata and agent skill docs only; no changes to core product code paths.

Overview
Adds a new open-code-review marketplace plugin (Apache-2.0) that wires Cursor to the self-hosted ocr CLI for AI review of Git diffs.

Marketplace: Registers the plugin in marketplace.json so it can be installed with /add-plugin open-code-review.

Plugin package: Ships plugin.json, README, CHANGELOG, LICENSE, and the open-code-review skill. The skill documents prerequisite checks (ocr install, ocr llm test), runs ocr review --audience agent with optional --background, maps user intent to workspace / branch-range / commit / preview modes, classifies findings (High/Medium/Low), and optionally applies fixes only when the user asks. It also documents .opencodereview/rule.json and related OCR flags.

No existing plugins or runtime code are modified beyond the marketplace listing.

^{Reviewed by Cursor Bugbot for commit c368619. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes using high effort and found 6 potential issues.

^{Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.}

^{Reviewed by Cursor Bugbot for commit 760db85. Configure here.}

[cursor]

Preview omits agent audience

Low Severity · Logic Bug

The dry-run command ocr review --preview in the workflow table omits the --audience agent flag. This contradicts the instruction to always use this flag to suppress progress UI and ensure agent-parseable output, potentially leading to polluted agent transcripts.

 

^{Reviewed by Cursor Bugbot for commit 760db85. Configure here.}

[lizhengfeng101]

Thanks for the thorough review from BugBot! I've addressed 5 of the 6 flagged issues in commit c368619:

1. Low priority reporting contradiction — Step 3 now explicitly says "discard silently" for Low priority, consistent with the Output Format section.
2. Mispositioned fixes skip permission — The handling now defers to Step 4's permission check instead of applying fixes directly.
3. "high-confidence" undefined — Renamed to "high-priority" in the README to align with the SKILL.md priority classification system.
4. Branch placeholder never resolved — Added explicit guidance to resolve the actual branch ref via git or PR metadata.
5. PR reviews assume main base — Replaced hardcoded main with <base-branch> and instructed the agent to resolve the actual PR target branch.

The 6th issue (preview command missing --audience agent) was intentionally left as-is — --preview is a dry-run that doesn't call the LLM, so --audience agent is unnecessary.

Looking forward to getting this merged! 🙏