Vercel’s Labs team has published OpenReview, an open-source, self-hosted AI code review bot that plugs into GitHub pull requests and runs on Vercel infrastructure. It’s positioned as a beta project that originally served as an internal proving ground, which shows up in both its ambition—automated reviews that can actually push fixes—and the explicit warning to expect rough edges and breaking changes.
What OpenReview actually does in a PR
OpenReview’s core interaction model is intentionally lightweight: mention @openreview in a PR comment to request a review, optionally adding a specific instruction (security checks, lint runs, explanations of flows, and so on). From there, OpenReview posts feedback back into the PR as line-level comments with GitHub suggestion blocks, aimed at making changes easy to accept.
A notable step beyond “comment-only” review bots is that OpenReview can also make changes directly: it’s designed to fix formatting, lint errors, and simple bugs, then commit and push those updates to the PR branch.
Sandboxes, workflows, and the “durable” execution model
Under the hood, OpenReview leans heavily on Vercel’s platform primitives:
- Vercel Workflow is used for reliable, resumable execution, handling the orchestration from webhook to review completion.
- Vercel Sandbox provides isolated execution with full repo access, including the ability to clone the PR branch and run repository tooling like linters, formatters, and tests.
The repository’s sequence diagram lays out the lifecycle: a PR comment triggers a GitHub webhook, a workflow checks push access, spins up a sandbox, clones the repo, installs dependencies, configures git, runs the Claude agent with PR context, posts inline suggestions to GitHub, and—if needed—commits and pushes changes before tearing the sandbox down. Reactions on OpenReview comments can also drive follow-up runs: 👍 or ❤️ to approve/apply suggestions, and 👎 or 😕 to skip.
Skills: keeping the agent focused on relevant guidance
OpenReview uses a progressive skill system that loads specialized instructions only when they match the task, with skills discovered at runtime from .agents/skills/. Built-in skills include targeted guidance for Next.js best practices, caching-related patterns, Next.js upgrades, React composition and performance patterns, React Native/Expo practices, and web design/accessibility checks.
Custom skills can be added by creating a new folder under .agents/skills/ and providing a SKILL.md with YAML frontmatter for name and description.
Setup and local development
Deployment is designed around Vercel plus a GitHub App. Setup includes configuring a webhook endpoint (/api/webhooks), granting repo permissions (contents, issues, pull requests, metadata), subscribing to issue comment and PR review comment events, and adding environment variables such as ANTHROPIC_API_KEY plus GitHub App credentials. REDIS_URL is optional for persistent state, with an in-memory fallback.
Local development is straightforward: bun install and bun dev.
Underlying stack (and licensing)
OpenReview is built with Next.js, Vercel Workflow, Vercel Sandbox, the AI SDK, Chat SDK for webhook handling, and Octokit for GitHub API access. The project is MIT-licensed.