Skip to content

Hadrian OpenHack — Open-source AI Code Review for Claude Code / Codex / Cursor

Summary

Hadrian open-sourced OpenHack — an MIT-licensed framework that turns commodity LLMs into reliable code-review tooling and runs directly inside Claude Code, Codex, and Cursor. It targets two well-known failure modes of single-agent code review: unscoped prompts ("the agent doesn't know what question it's answering") and self-graded findings ("the same agent proposing bugs decides their validity"). Hadrian used the same methodology to find hundreds of vulnerabilities, including critical-severity flaws, in OSS used by Dutch government agencies.

Key Details

  • Scenario-based scoping — every unit of work is one routing unit, one expert, and one specific proof question. Mirrors the toolkit's instinct toward narrow, single-purpose skills and agents.
  • Independent triage agent — a separate triage agent reviews each candidate before it becomes a recorded finding. Directly addresses the self-grading bias that affects single-agent reviewers like the current security-sentinel.
  • Inspectable artifact trail — all output lives as plain files on disk for end-to-end auditability. Same philosophy as intake/, specs/, .claude-checkpoint.md.
  • Harness-agnostic, model-agnostic — works under Claude Code, Codex, or Cursor with any supported model. No vendor lock-in.
  • MIT-licensed, Python 3.9+ — installable today, low-friction to evaluate against an existing PR.

Direct overlap with our /vt-c-4-review (six parallel reviewers) and /vt-c-security-scan workflows. Two distinct adoption paths: bundle OpenHack as a backend, or borrow the scoping + triage patterns into our own agent definitions.

Why Rolf Thinks This Matters

Further Reading