AI-Powered Code Review CLI — BYOK

---

Cora is a fast, native CLI that uses any LLM to review your code — in your terminal, CI/CD, or git hooks. Bring your own key, pick any model, review in seconds.

Why Cora?

• 🤖 Multi-LLM — OpenAI, Anthropic, Groq, Ollama, Z.AI, or any OpenAI-compatible API
• ⚡ Native Rust — fast binary, no runtime dependencies, cross-platform
• 🪝 Pre-commit hooks — catch issues before they reach CI
• 📋 SARIF output — upload to GitHub Code Scanning
• 🛡️ Deterministic rules + secrets scanner — regex-based pre-scan that always catches known patterns and leaked credentials
• 💾 Diff-hash caching — skip repeat reviews automatically
• 🔧 Configurable — per-project .cora.yaml, global ~/.cora/config.yaml, or env vars

Quick Start

Install

curl -fsSL https://raw.githubusercontent.com/codecoradev/cora-cli/main/install.sh | sh

Pin a version: CORA_VERSION=v0.4.5 curl -fsSL ... | sh
Or: cargo install --git https://github.com/codecoradev/cora-cli
Pre-built binaries: GitHub Releases

Authenticate

cora auth login

Pick a provider, enter your API key. Done. Provider env vars (ZAI_API_KEY, OPENAI_API_KEY, etc.) are auto-detected.

Review

cora review              # staged changes
cora review --base main  # vs a branch
cora review --unpushed   # unpushed commits

Project Config

cora init  # creates .cora.yaml + installs pre-commit hook

Configuration

Priority: CLI flags → env vars → .cora.yaml (project) → ~/.cora/config.yaml (global) → defaults

# .cora.yaml
provider: zai
model: glm-5.1
focus: [security, bugs]

cora config show           # effective merged config
cora config show --global  # ~/.cora/config.yaml
cora config show --project # .cora.yaml

File	Purpose
~/.cora/auth.toml	API key (secret, chmod 600)
~/.cora/config.yaml	Global defaults (provider, model, etc.)
.cora.yaml	Per-project overrides

See Configuration → for full reference.

CI/CD

# .github/workflows/cora-review.yml
on: pull_request
jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }
      - uses: ./.github/actions/cora-review
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

Required secrets: CORA_API_KEY, CORA_BASE_URL, CORA_MODEL

Commands

Command	Description
cora review	Review code changes
cora scan	Scan files for issues
cora init	Create project config + hook
cora auth login	Save API key
cora config show	Show resolved config
cora providers	List available LLM providers
cora hook install	Install pre-commit hook

See CLI Reference → for all flags and examples.

Environment Variables

Variable	Description
CORA_API_KEY	API key (CI use)
CORA_PROVIDER	Override provider
CORA_MODEL	Override model
CORA_BASE_URL	Override API base URL

Provider-specific keys are auto-detected: OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY, ZAI_API_KEY

Documentation

Page	Description
Getting Started	Install, auth, first review
Configuration	Config files, env vars, priority
CLI Reference	All commands and flags
Providers	Supported LLM providers
Examples	Common workflows
Roadmap	Planned features

Contributing

See CONTRIBUTING.md for guidelines. PRs welcome!

License

MIT