If you want AI-assisted code review without handing your codebase to a hosted product, Alibaba's open-sourced open-code-review is worth a close look. It's a CLI tool that takes a Git diff, sends it to a configurable LLM backend, and returns actionable review comments — security issues, logic problems, style violations — directly in your terminal or CI pipeline.
The practical appeal is straightforward: you control the model and the data. Because it runs locally and talks to whatever LLM endpoint you point it at (including self-hosted models), sensitive code never has to leave your infrastructure. That matters for teams in regulated industries or anyone working on proprietary systems who can't justify sending source code to a third-party API.
Integration is the real strength here. Since it's a CLI, dropping it into a GitHub Actions workflow, a pre-commit hook, or a GitLab CI stage takes minutes. You can gate pull requests on review output, log findings to your existing tooling, or just run it interactively before pushing. The structured output makes it machine-readable, so building downstream automation on top of it is practical rather than aspirational.
The project is early-stage — expect rough edges and evolving configuration options — but the architecture is sensible. It's built around the idea that the review logic should be separate from the model choice, so swapping in a newer or cheaper model as the landscape shifts requires minimal rework.
For builders evaluating this: clone it, point it at a recent diff in a non-critical repo, and compare the output against what your team would catch manually. That's the fastest way to calibrate whether the signal-to-noise ratio justifies adding it to your workflow.