{"id":50519512,"url":"https://github.com/codecoradev/cora-cli","last_synced_at":"2026-06-03T03:00:40.802Z","repository":{"id":361320408,"uuid":"1254014703","full_name":"codecoradev/cora-cli","owner":"codecoradev","description":"CLI-first AI code review — BYOK, diff/scan/branch, pre-commit hooks. 100% open source (MIT).","archived":false,"fork":false,"pushed_at":"2026-06-02T09:12:41.000Z","size":744,"stargazers_count":3,"open_issues_count":21,"forks_count":0,"subscribers_count":0,"default_branch":"develop","last_synced_at":"2026-06-02T09:17:33.575Z","etag":null,"topics":["ai","byok","cli","code-analysis","code-quality","code-review","developer-tools","github-actions","llm","pre-commit","rust","sarif"],"latest_commit_sha":null,"homepage":"https://cora.ajianaz.dev","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codecoradev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-30T03:34:52.000Z","updated_at":"2026-06-02T09:13:46.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/codecoradev/cora-cli","commit_stats":null,"previous_names":["ajianaz/cora-cli","codecoradev/cora-cli"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/codecoradev/cora-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codecoradev%2Fcora-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codecoradev%2Fcora-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codecoradev%2Fcora-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codecoradev%2Fcora-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codecoradev","download_url":"https://codeload.github.com/codecoradev/cora-cli/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codecoradev%2Fcora-cli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33845770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","byok","cli","code-analysis","code-quality","code-review","developer-tools","github-actions","llm","pre-commit","rust","sarif"],"created_at":"2026-06-03T03:00:34.440Z","updated_at":"2026-06-03T03:00:40.789Z","avatar_url":"https://github.com/codecoradev.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"assets/logo.png\" alt=\"CodeCora\" width=\"120\" /\u003e\n\n**AI-Powered Code Review CLI**\n\n[![CI](https://github.com/codecoradev/cora-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/codecoradev/cora-cli/actions/workflows/ci.yml)\n[![Crates.io](https://img.shields.io/crates/v/cora-cli.svg)](https://crates.io/crates/cora-cli)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Rust](https://img.shields.io/badge/Rust-1.85+-orange.svg)](https://www.rust-lang.org/)\n\n**Cora** is a fast, opinionated CLI tool that uses LLMs to review your code changes — directly in your terminal, CI/CD pipeline, or git hooks.\n\n\u003c/div\u003e\n\n---\n\n## ✨ Features\n\n- 🔍 **Git-Aware Scanning** — Automatically detects staged, committed, or changed files\n- 🤖 **Multi-LLM Support** — Works with OpenAI, Anthropic, Google, Ollama, and any OpenAI-compatible API\n- 🎨 **Beautiful Output** — Colorized, structured review output with severity levels\n- 🏗️ **CI/CD Ready** — Designed for GitHub Actions, GitLab CI, and any pipeline\n- ⚡ **Fast \u0026 Lightweight** — Native Rust binary, no runtime dependencies\n- 📋 **SARIF Output** — Upload results to GitHub Code Scanning\n- 🔧 **Configurable** — YAML config file with project-level defaults\n- 🪝 **Git Hooks** — Pre-commit integration for instant feedback\n- 📊 **Exit Codes** — Non-zero exit on critical findings for pipeline gating\n- 🧠 **Deterministic Reviews** — Temperature 0 by default: same diff always produces the same issues\n- 💾 **Diff-Hash Caching** — Reviews cached by diff hash in `~/.cache/cora/reviews/` — skip repeat reviews with `--no-cache`\n- 🎯 **Custom System Prompts** — Override review/scan prompts via config or file path\n- 🛡️ **Anti-Hallucination** — File path injection and post-parse filtering keep LLM output grounded\n- 🌡️ **Configurable LLM Params** — Tune temperature, max tokens, timeout, and cache TTL per project\n\n## 📦 Installation\n\n### Cargo (Recommended)\n\n```bash\ncargo install cora-cli\n```\n\n### Binary Download\n\nDownload the latest release from [GitHub Releases](https://github.com/codecoradev/cora-cli/releases):\n\n```bash\n# Determine your platform tag from the releases page, e.g.:\n#   cora-aarch64-unknown-linux-gnu-v0.2.0.tar.gz\n#   cora-x86_64-unknown-linux-gnu-v0.2.0.tar.gz\n#   cora-aarch64-apple-darwin-v0.2.0.tar.gz\n#   cora-x86_64-pc-windows-msvc-v0.2.0.zip\n\n# Example: Linux aarch64\nVERSION=$(curl -s https://api.github.com/repos/codecoradev/cora-cli/releases/latest | grep tag_name | cut -d'\"' -f4)\ncurl -L \"https://github.com/codecoradev/cora-cli/releases/download/${VERSION}/cora-aarch64-unknown-linux-gnu-${VERSION}.tar.gz\" | tar xz\nsudo mv cora /usr/local/bin/\n```\n\n\u003e **Tip:** Visit the [Releases page](https://github.com/codecoradev/cora-cli/releases) to find the correct asset name for your platform.\n\n### Homebrew\n\n\u003e 🚧 Homebrew tap is planned — check back soon!\n\n### Build from Source\n\nRequires **Rust 1.85+**.\n\n```bash\ngit clone https://github.com/codecoradev/cora-cli.git\ncd cora-cli\ncargo install --path .\n```\n\n## 🚀 Quick Start\n\n### 1. Set Your API Key\n\n```bash\nexport OPENAI_API_KEY=\"sk-...\"\n# or\nexport ANTHROPIC_API_KEY=\"sk-ant-...\"\n```\n\n### 2. Initialize Config (Optional)\n\n```bash\ncora init\n```\n\n### 3. Review Staged Changes\n\n```bash\ncora review --staged\n```\n\n### 4. Review the Last Commit\n\n```bash\ncora review --commit HEAD\n```\n\n### 5. Scan the Entire Project\n\n```bash\ncora scan\n```\n\n## 📖 Commands\n\n### `cora review`\n\nReview code changes using an LLM.\n\n```bash\n# Review staged files (default)\ncora review\n\n# Review unpushed changes\ncora review --unpushed\n\n# Review a range of commits\ncora review --commit HEAD~3..HEAD\n\n# Review changes vs a base branch\ncora review --base origin/main\n\n# Review a pull request diff from a file\ncora review --diff-file pr.diff\n\n# Use a specific model\ncora review --model gpt-4o\n\n# Output as SARIF\ncora review --format sarif\n\n# Output as JSON\ncora review --format json\n\n# Upload SARIF to GitHub Code Scanning (implies --format sarif)\ncora review --upload\n\n# Set severity threshold\ncora review --severity major\n\n# Quiet mode (machine-readable)\ncora review --quiet\n\n# Skip cached reviews\ncora review --no-cache\n```\n\n### `cora scan`\n\nScan files for code quality issues without requiring git context.\n\n```bash\n# Scan current directory\ncora scan\n\n# Scan a specific directory\ncora scan --path src/\n\n# Scan with focus areas\ncora scan --focus security,performance\n\n# Exclude patterns\ncora scan --exclude \"tests/**\" --exclude \"examples/**\"\n\n# Only scan changed files (incremental)\ncora scan --incremental\n```\n\n### `cora config`\n\nManage configuration. Supports both project-level (`.cora.yaml`) and global (`~/.cora/config.yaml`) config.\n\n```bash\n# Show current resolved configuration\ncora config show\n\n# Set a project-level value (writes to .cora.yaml)\ncora config set model claude-sonnet-4-20250514\ncora config set base_url https://api.openai.com/v1\ncora config set severity major\n\n# Set a global value (writes to ~/.cora/config.yaml)\ncora config set --global model gpt-4o-mini\ncora config set --global provider anthropic\n\n# Supported keys: model, provider, base_url, format, severity\n```\n\n**Priority**: CLI flags → env vars → `.cora.yaml` (project) → `~/.cora/config.yaml` (global) → defaults\n\n### `cora init`\n\nCreate a `.cora.yaml` config file in the current directory.\n\n```bash\ncora init\n```\n\n### `cora completion`\n\nGenerate shell completions.\n\n```bash\ncora completion bash \u003e ~/.cora-completion.bash\ncora completion zsh \u003e ~/.cora-completion.zsh\ncora completion fish \u003e ~/.cora-completion.fish\n```\n\n### `cora hook`\n\nManage pre-commit git hooks.\n\n```bash\ncora hook install\ncora hook uninstall\n```\n\n## ⚙️ Configuration\n\nCora reads configuration from multiple sources in priority order:\n\n```\nCLI flags → CORA_* env vars → .cora.yaml (project) → ~/.cora/config.yaml (global) → defaults\n```\n\nCreate a `.cora.yaml` in your project root, or use `~/.cora/config.yaml` for global settings. Project config always overrides global.\n\n```yaml\n# .cora.yaml\n\n# Provider configuration\nprovider:\n  provider: openai          # openai | anthropic | google | ollama | custom\n  model: gpt-4o-mini\n  base_url: https://api.openai.com/v1   # Override for custom/self-hosted endpoints\n\n# LLM parameters\nllm:\n  temperature: 0              # Default: 0 (deterministic — same diff = same issues)\n  max_tokens: 4096            # Default: 4096\n  timeout: 120                # Default: 120 (seconds)\n  cache_ttl: 1440             # Default: 1440 (minutes) — diff-hash cache TTL\n\n# Focus areas for review (empty = all)\nfocus:\n  - security\n  - performance\n  - bugs\n  - best_practice\n\n# Review options\nreview:\n  system_prompt: \"You are a senior Rust code reviewer.\"\n  # system_prompt_file: ./review-prompt.md   # Load prompt from file\n  response_format: json_object              # Opt-in structured JSON output\n\n# Scan options\n# scan:\n#   system_prompt: \"Focus on security vulnerabilities.\"\n#   system_prompt_file: ./scan-prompt.md\n\n# Custom rules\nrules:\n  - \"no unwrap\"\n\n# Ignore configuration\nignore:\n  files:\n    - \"tests/**\"\n    - \"vendor/**\"\n    - \"*.generated.*\"\n  rules:\n    - \"skip-rule-1\"\n\n# Hook configuration\nhook:\n  mode: warn               # warn | block\n  min_severity: major       # info | minor | major | critical\n  max_diff_size: 51200      # Max diff size in bytes (50 KB)\n\n# Output settings\noutput:\n  format: pretty            # pretty | json | compact | sarif\n  color: true\n```\n\n### Environment Variables\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `OPENAI_API_KEY` | OpenAI API key | — |\n| `ANTHROPIC_API_KEY` | Anthropic API key | — |\n| `GOOGLE_API_KEY` | Google AI API key | — |\n| `CORA_API_KEY` | API key (overrides provider-specific keys) | — |\n| `CORA_MODEL` | Override model | — |\n| `CORA_PROVIDER` | Override provider | — |\n| `CORA_BASE_URL` | Override API base URL | — |\n| `CORA_CONFIG` | Path to config file | `.cora.yaml` |\n| `CORA_FORMAT` | Output format (`pretty`, `json`, `compact`, `sarif`) | `pretty` |\n| `CORA_NO_COLOR` | Disable colored output | — |\n| `CORA_NO_CACHE` | Skip diff-hash cache (same as `--no-cache`) | — |\n\n### Authentication\n\nAPI keys can be provided via environment variable (`CORA_API_KEY`), provider-specific env vars (`OPENAI_API_KEY`, etc.), or stored in `~/.cora/auth.toml` (auto-created by `cora auth login`, permission `0600`).\n\n```bash\n# Interactive login (stores key in ~/.cora/auth.toml)\ncora auth login\n\n# Or set via environment variable\nexport CORA_API_KEY=sk-...\n```\n\n## 🔗 CI/CD Integration\n\n### GitHub Actions\n\nUsing the official [cora-review composite action](.github/actions/cora-review):\n\n```yaml\nname: CI\non:\n  pull_request:\n    branches: [develop]\n\njobs:\n  cora-review:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n        with:\n          fetch-depth: 0\n      - uses: ./.github/actions/cora-review\n        with:\n          github-token: ${{ secrets.GITHUB_TOKEN }}\n          infisical-identity-id: ${{ secrets.INFISICAL_IDENTITY_ID }}\n          severity: major\n          upload-sarif: 'true'\n```\n\nOr install manually:\n\n```yaml\n# Manual install in CI\n- name: Install cora-cli\n  run: |\n    curl -fsSL https://github.com/codecoradev/cora-cli/releases/latest/download/cora-x86_64-unknown-linux-gnu.tar.gz | tar xz\n    sudo mv cora /usr/local/bin/\n```\n\n### GitLab CI\n\n```yaml\n# .gitlab-ci.yml\ncode-review:\n  stage: test\n  image: rust:latest\n  before_script:\n    - cargo install cora-cli\n  script:\n    - cora review --base origin/main --severity major\n  variables:\n    OPENAI_API_KEY: $CI_OPENAI_API_KEY\n  rules:\n    - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n```\n\n### Pre-commit Hook\n\nAdd cora as a git pre-commit hook for instant feedback:\n\n```bash\n# Install as pre-commit hook\ncora hook install\n\n# Review only staged files before each commit\n# This runs automatically on `git commit`\n\n# Remove the hook\ncora hook uninstall\n```\n\nOr add it manually to `.git/hooks/pre-commit`:\n\n```bash\n#!/bin/sh\n# cora-cli pre-commit hook\ncora review --quiet --severity major\nif [ $? -ne 0 ]; then\n  echo \"❌ Code review found critical issues. Commit blocked.\"\n  echo \"   Run 'cora review' to see details, or use 'git commit --no-verify' to skip.\"\n  exit 1\nfi\n```\n\n### With [pre-commit](https://pre-commit.com) framework\n\n\u003e 🚧 Planned — the pre-commit hook repo will be available soon. For now, use `cora hook install` directly.\n\n## 🆚 Positioning: How Cora Compares\n\n| Feature | **cora-cli** | AI Agent IDE Tools | Standard Linters |\n|---------|:---:|:---:|:---:|\n| Semantic code understanding | ✅ | ✅ | ❌ |\n| Security vulnerability detection | ✅ | ✅ | ⚠️ (pattern only) |\n| Performance suggestions | ✅ | ✅ | ❌ |\n| Runs in CI/CD pipeline | ✅ | ❌ | ✅ |\n| SARIF / structured output | ✅ | ❌ | ✅ |\n| Zero-config quick start | ✅ | ❌ | ⚠️ |\n| No IDE required | ✅ | ❌ | ✅ |\n| Understands business context | ⚠️ | ✅ | ❌ |\n| Near-instant feedback | ⚠️ | ✅ | ✅ |\n| Cost per review | 💰 | 💰💰💰 | Free |\n| Works with any codebase | ✅ | ⚠️ | ⚠️ |\n\n**cora-cli sits between traditional linters and AI IDE agents**: it provides semantic understanding that static tools can't match, while being lightweight enough to run in any CI pipeline or terminal — no IDE plugin required.\n\n- **vs. Linters (clippy, eslint, etc.)**: Cora understands *intent* and *context*, catching logical errors, security flaws, and design issues that pattern-based tools miss.\n- **vs. AI IDE Agents (Copilot, Cursor)**: Cora is pipeline-first — it runs in CI/CD, pre-commit hooks, and headless environments. It's the tool you use when you want AI review baked into your development workflow, not tied to a specific editor.\n\n## 🛠️ Development\n\nRequires **Rust 1.85+**.\n\n```bash\n# Build\ncargo build\n\n# Test\ncargo test\n\n# Lint\ncargo clippy -- -D warnings\n\n# Format\ncargo fmt\n```\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for detailed guidelines.\n\n## 🤝 Contributing\n\nContributions are welcome! Please read our [Contributing Guide](CONTRIBUTING.md) before submitting PRs.\n\n## 📄 License\n\nThis project is licensed under the MIT License — see the [LICENSE](LICENSE) file for details.\n\n## 🙏 Acknowledgments\n\n- Built with [Rust](https://www.rust-lang.org/) and [Clap](https://clap.rs/)\n- Powered by state-of-the-art LLMs from [OpenAI](https://openai.com/), [Anthropic](https://www.anthropic.com/), and [Google](https://ai.google/)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**Made with 🦀 by [Anaz S Aji](https://github.com/ajianaz)**\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodecoradev%2Fcora-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodecoradev%2Fcora-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodecoradev%2Fcora-cli/lists"}