Open-source AI code reviewer with bring-your-own-model, custom rule enforcement, and zero LLM markup for engineering teams.
What it does
Kodus is an open-source AI code review tool that runs on any LLM you choose, enforces your team's custom rules on every pull request, and charges zero markup on model costs. It integrates with GitHub, GitLab, Bitbucket, and Azure DevOps in under five minutes.
Generic AI reviewers apply the same checks to every codebase. They miss the rules that actually matter to your team: where the domain boundary sits, which decorators are required on PII endpoints, what naming convention repository methods follow. Those rules live in senior engineers' heads and never make it into automated tooling.
Kodus is an open-source AI code review platform (licensed AGPLv3) that lets teams encode their standards as plain-English markdown files, attach scope via YAML frontmatter, and have those rules enforced on every pull request automatically. It launched as the explicit open-source alternative to CodeRabbit, and its differentiation rests on three pillars: model freedom, zero LLM markup, and policy-as-code.
Kody, the reviewing agent, reads the PR diff, loads your rule files, and posts inline comments directly inside the pull request. Rules live in version control like any other engineering artifact: a ## Instructions block in plain English, a YAML header for path globs and severity, nothing else. Kodus also auto-detects existing IDE rule files (.cursorrules, CLAUDE.md, .windsurfrules, .github/copilot-instructions.md), so whatever your team already wrote for Cursor or Claude Code transfers automatically.
Four capabilities ship beyond the review comment itself. A Tech Debt Cockpit turns unimplemented suggestions into tracked issues. An engineering metrics dashboard surfaces deploy frequency, cycle time, bug ratio, and PR sizes. MCP server connections (Jira, Notion, Linear) let Kody cross-reference specs while reviewing code. And a Quality Radar flags issues consistently over time rather than only at merge.
Community (self-hosted or cloud) is free with unlimited PRs when you bring your own API key, up to 10 Kody Rules, and up to 3 active plugins. Teams tier is $10 per developer per month (or $8 annually) and unlocks unlimited rules, plugins, and the engineering metrics cockpit. Enterprise adds SSO, RBAC, audit logs, and SOC 2 compliance at custom pricing. A 14-day free trial with up to 35 PR reviews requires no credit card.
Self-hosted instances send one anonymous heartbeat per day (aggregated counters only, no code or identifiers). Per the README, you can opt out by setting KODUS_TELEMETRY_DISABLED=true. The Community tier also caps Kody Rules at 10 and active plugins at 3, which may feel tight on larger, rule-heavy teams.
Kodus is the right call when your team has coding standards that no generic reviewer will ever know. If you are already paying a markup on LLM tokens or locked into one model vendor, the math for switching is direct: bring your own key, pay the provider's listed price, write your rules once in markdown, and let them run on every PR.
Features
Field notes
Reviewed Jun 26, 2026
Best for
Builder outcomes
Watch out
Tested with
Kodus is an open-source (AGPLv3) AI code review platform built around two core ideas: you choose the LLM, and you write the rules. The reviewing agent, Kody, reads pull request diffs, applies your team's custom policies (written as plain-English markdown files with YAML scope headers), and posts inline comments inside your existing Git workflow. It supports GitHub, GitLab, Bitbucket, and Azure DevOps.
The fastest path is the cloud edition: create a free account at app.kodus.io and connect your Git provider, which takes under five minutes per the documentation. For self-hosting, Kodus provides a one-click Railway template, Docker and generic VM installation guides, and a CLI for local and CI/CD use. The install command for the CLI skill is `curl -fsSL https://review-skill.com/install | bash`.
Kodus is open-source under the AGPLv3 license, and a Community tier is available for free with unlimited PRs when you bring your own API key, up to 10 Kody Rules, and up to 3 active plugins. The Teams tier costs $10 per developer per month ($8 billed annually) and adds unlimited rules, plugins, and the engineering metrics cockpit. A 14-day free trial with up to 35 PR reviews is available with no credit card required.
Kodus excels when a team has coding standards, architecture constraints, or compliance requirements that generic AI reviewers will never know about. By encoding those rules as markdown files in version control and scoping them to specific paths or PR shapes, teams get consistent enforcement on every pull request regardless of who is online. It is also the right fit for orgs that want to bring their own LLM key and avoid paying a markup on AI token costs.
Kodus positions itself as the open-source alternative to CodeRabbit, and the key differences are model choice, cost structure, and rule portability. Per the Kodus FAQ, CodeRabbit locks teams into its own model choices and bundles AI costs into opaque pricing, while Kodus lets you use any OpenAI-compatible model and pays providers directly at their listed price with zero markup. Kodus also auto-detects existing IDE rule files (Cursor, Claude Code, Copilot, Windsurf), so standards already written for your editor carry over to PR review without rework.
The Community (free) tier caps Kody Rules at 10 and active plugins at 3, which may constrain larger teams with many standards to enforce. The engineering metrics cockpit and priority agent queue are only available on the paid Teams tier. Self-hosted instances send one anonymous aggregated heartbeat per day by default; you can disable this with the `KODUS_TELEMETRY_DISABLED=true` environment variable. SSO, RBAC, audit logs, and SOC 2 compliance are exclusive to the Enterprise tier.
Anatomia, CLI harness that gives AI coding agents a verifiable pipeline and proof chain, not just prompts. MIT-licensed, works with Claude Code, Codex, and more.
Open-source toolkit for Spec-Driven Development with AI coding agents, structured specs, plans, and tasks instead of vibe coding.
Best for Teams using AI coding agents on projects where correctness and reliability matter more than speed of first outputOpenAI's open-source agent orchestrator that converts project tasks into autonomous, isolated coding runs, so teams manage work, not coding agents.
Best for Engineering teams with mature test and lint harnesses who want autonomous task-to-PR pipelinesjscpd is an open-source copy/paste detector for 223+ languages, with a Rust-powered v5 engine that is 24-37x faster and AI-ready out of the box.
Best for Teams wanting fast, language-agnostic duplicate code detection across large monorepos or mixed-format codebasesOpen Design is the open-source, local-first Claude Design alternative for builders who want agent-native design, prototypes, decks, and video, without a vendor lock-in.
Best for Developers who want to generate design artifacts from a brief using their existing coding agentNVIDIA's open-source security scanner for AI agent skills, detects prompt injection, supply chain attacks, and 66 other vulnerability patterns before you install.
Best for Teams auditing AI agent skills before installation in Claude Code, Codex CLI, or Gemini CLI environments