Skip to content

codecoradev/cora-cli

BranchesTags

Repository files navigation

CodeCora

AI-Powered Code Review CLI — BYOK

GitHub stars CI Crates.io License: MIT Rust

Cora is a fast, native CLI that uses any LLM to review your code — in your terminal, CI/CD, git hooks, or directly inside AI coding agents. Bring your own key, pick any model, review in seconds.

Why Cora?

  • 🤖 Multi-LLM — OpenAI, Anthropic, Groq, Ollama, Z.AI, or any OpenAI-compatible API
  • Native Rust — fast binary, no runtime dependencies, cross-platform
  • 🪝 Pre-commit hooks — catch issues before they reach CI
  • 📋 SARIF output — upload to GitHub Code Scanning
  • 🛡️ Deterministic scanners — 11 security patterns + 12 secret detection patterns that run without LLM
  • 🧠 Language-specific analysis — tailored review guidance for Dart/Flutter, Svelte, TypeScript, Go, Rust, Python
  • 🚧 Quality gate — configurable pass/fail thresholds for CI enforcement
  • 📐 Quality profiles — strict, balanced, or lax presets for different project needs
  • 📏 Custom rule engine — write your own regex rules in .cora.yaml
  • ✂️ Auto-chunking — splits large PRs into reviewable chunks automatically
  • 🔌 MCP server — expose rules and config to AI agents (Claude Code, Cursor, Copilot, Windsurf)
  • 💾 Diff-hash caching — skip repeat reviews automatically
  • 🔧 Configurable — per-project .cora.yaml, global ~/.cora/config.yaml, or env vars

Quick Start

Install

Pick one install method — mixing channels can leave stale binaries on your PATH.

Method When to use
curl … install.sh (recommended) Quick standalone install; fetches the latest GitHub release binary
cargo install --git … You already have a Rust toolchain; builds from source
Pre-built binaries Manual download from Releases 
# Recommended: Cora only (standalone)
curl -fsSL https://raw.githubusercontent.com/codecoradev/cora-cli/main/install.sh | sh

# Or install both Cora + Uteke (code review with memory)
curl -fsSL https://raw.githubusercontent.com/codecoradev/cora-cli/main/install-bundle.sh | sh

# Or build from source with cargo
cargo install --git https://github.com/codecoradev/cora-cli

Pin a version: CORA_VERSION=v0.6.1 curl -fsSL ... | sh

Verify which cora you're runningwhich -a cora will reveal stale copies from other channels:

which -a cora            # list every `cora` on your PATH (one entry = healthy)
cora --version           # should match the latest release

If which -a cora shows more than one path (e.g. ~/.local/bin/cora and ~/.cargo/bin/cora), remove the one you don't want or reorder your PATH. See Issue #314 for background.

macOS note — binary killed on launch (Killed: 9)?

The prebuilt aarch64-apple-darwin binary is not Apple-notarized. On macOS, downloaded binaries may be tagged with com.apple.quarantine / com.apple.provenance and killed by Gatekeeper with no error message.

The install.sh installer strips these attributes automatically. If you downloaded the binary manually (e.g. gh release download), strip them yourself:

xattr -dr com.apple.quarantine /path/to/cora
xattr -dr com.apple.provenance /path/to/cora

Or install via cargo / Homebrew to sidestep Gatekeeper entirely.

Authenticate

cora auth login

Pick a provider, enter your API key. Done. Provider env vars (ZAI_API_KEY, OPENAI_API_KEY, etc.) are auto-detected.

Review

cora review              # staged changes
cora review --base main  # vs a branch
cora review --unpushed   # unpushed commits
cora commit              # review + generate commit msg + commit
cora commit --yolo       # auto-commit, no prompts

Project Config

cora init  # creates .cora.yaml + installs pre-commit hook

Configuration

Priority: CLI flags → env vars → .cora.yaml (project) → ~/.cora/config.yaml (global) → defaults

# .cora.yaml
provider: zai
model: glm-5.1
focus: [security, bugs]

# Quality gate — enforce code quality in CI
quality_gate:
  enabled: true
  thresholds:
    max_critical: 0     # 0 critical = gate FAIL
    max_security: 0     # 0 security findings = gate FAIL
  categories:
    performance:
      action: warn      # warn only, don't fail CI
      max_findings: 5
cora config show           # effective merged config
cora config show --global  # ~/.cora/config.yaml
cora config show --project # .cora.yaml
File Purpose
~/.cora/auth.toml API key (secret, chmod 600)
~/.cora/config.yaml Global defaults (provider, model, etc.)
.cora.yaml Per-project overrides

See Configuration → for full reference.

CI/CD

GitHub Marketplace

# .github/workflows/cora-review.yml
on: pull_request
jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }
      - uses: codecoradev/cora-review-action@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          cora-api-key: ${{ secrets.CORA_API_KEY }}

Required secrets: CORA_API_KEY, CORA_BASE_URL (optional), CORA_MODEL (optional)

See GitHub Marketplace for full documentation.

Works on all CI platformsGitea, GitLab, Bitbucket →

Commands

Command Description
cora commit Review + generate commit message + commit
cora review Review code changes
cora scan Scan files for issues
cora init Create project config + hook
cora auth login Save API key
cora config show Show resolved config
cora providers List available LLM providers
cora debt Show tech debt report from review history
cora review --memory Recall project patterns from Uteke before review
cora review --learn Recall + save findings to Uteke
cora mcp Start MCP server for AI coding agents
cora hook install Install pre-commit hook

See CLI Reference → for all flags and examples.

Uteke Memory Integration

Cora works 100% standalone. Install Uteke to unlock memory-powered reviews that learn from your codebase history.

Mode Command What it does
Standalone (default) cora review AI review, zero deps
Memory recall cora review --memory Recall project patterns before review
Learning cora review --memory --learn Recall + save findings after review 
# Install Uteke separately
curl -fsSL https://raw.githubusercontent.com/codecoradev/uteke/main/install.sh | sh

# Or install both at once
curl -fsSL https://raw.githubusercontent.com/codecoradev/cora-cli/main/install-bundle.sh | sh

# Enable memory
export PATH="$HOME/.local/bin:$PATH"
cora review --staged --memory --learn

Your code review gets smarter every sprint.

Environment Variables

Variable Description
CORA_API_KEY API key (CI use)
CORA_PROVIDER Override provider
CORA_MODEL Override model
CORA_BASE_URL Override API base URL

Provider-specific keys are auto-detected: OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY, ZAI_API_KEY

Documentation

Page Description
Getting Started Install, auth, first review
Configuration Config files, env vars, priority
CLI Reference All commands and flags
Providers Supported LLM providers
Examples Common workflows & CI setup
Changelog Release history
Roadmap Planned features

Star History

Star History Chart

Contributing

See CONTRIBUTING.md for guidelines. PRs welcome!

License

MIT

About

CLI-first AI code review — BYOK, diff/scan/branch, pre-commit hooks. 100% open source (MIT).

codecora.dev

Topics

rust cli ai pre-commit code-analysis developer-tools code-review code-quality sarif github-actions llm byok

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

12 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 23

Release v0.6.2 Latest
Jun 21, 2026
+ 22 releases

Packages

 
 
 

Contributors

Languages