feat: add AIDLC Code Reviewer tool#282
Open
ayushtr-aws wants to merge 2 commits into
Open
Conversation
ayushtr-aws
requested review from
a team,
Kalindi-Dev,
Copilot,
harmjeff,
leandrodamascena,
raj-jain-aws,
scottschreckengaust and
spraja08
github-actions
Bot
added
the
documentation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Semgrep OSS found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new scripts/aidlc-codereview Python package that provides an AIDLC code-review CLI combining static-analysis tool execution, Bedrock-backed AI review agents, wrapper generation, and HTML/Markdown reporting.
Changes:
- Introduces CLI orchestration, configuration loading, language detection, tool registry, report generation, and shared models/utilities.
- Adds AI agent flows for wrapper generation, critical findings, structure critique, business logic review, and preflight validation.
- Adds package metadata, lockfile, prompts, default configs, setup docs, license, notice, and changelog.
Reviewed changes
Copilot reviewed 40 out of 41 changed files in this pull request and generated 31 comments.
Show a summary per file
| File | Description |
|---|---|
scripts/aidlc-codereview/.gitignore |
Ignores generated reports, Python artifacts, and generated wrappers. |
scripts/aidlc-codereview/CHANGELOG.md |
Documents the initial 0.2.0 package changes. |
scripts/aidlc-codereview/LICENSE |
Adds MIT-0 license text. |
scripts/aidlc-codereview/NOTICE |
Adds package notice and third-party attribution summary. |
scripts/aidlc-codereview/README.md |
Documents quick start, reports, usage, config, and project structure. |
scripts/aidlc-codereview/config/agent-config.yaml |
Defines default Bedrock/AWS and wrapper-generation settings. |
scripts/aidlc-codereview/config/review-config.yaml |
Defines default static-analysis tools. |
scripts/aidlc-codereview/config/prompts/business-logic-review.md |
Adds prompt template for business logic review. |
scripts/aidlc-codereview/config/prompts/critical-findings-v1.md |
Adds prompt template for critical code findings. |
scripts/aidlc-codereview/config/prompts/structure-critique-v1.md |
Adds prompt template for structure critique. |
scripts/aidlc-codereview/config/prompts/wrapper-generator-v1.md |
Adds prompt template for generated tool wrappers. |
scripts/aidlc-codereview/docs/SETUP.md |
Adds detailed setup, AWS, CLI, generation, and troubleshooting docs. |
scripts/aidlc-codereview/pyproject.toml |
Defines package metadata, dependencies, entry point, build, pytest, coverage, and mypy config. |
scripts/aidlc-codereview/uv.lock |
Adds reproducible dependency lockfile. |
scripts/aidlc-codereview/src/code_reviewer/__init__.py |
Defines package-level project/config path constants. |
scripts/aidlc-codereview/src/code_reviewer/runner.py |
Implements CLI parsing, tool execution, AI analysis, report writing, and summary output. |
scripts/aidlc-codereview/src/code_reviewer/agent/__init__.py |
Adds agent package marker. |
scripts/aidlc-codereview/src/code_reviewer/agent/base_agent.py |
Adds shared Strands/Bedrock agent wrapper and retrying invocation. |
scripts/aidlc-codereview/src/code_reviewer/agent/business_logic_agent.py |
Adds business logic prompt construction, model invocation, and response parsing. |
scripts/aidlc-codereview/src/code_reviewer/agent/code_structure_agent.py |
Adds structure critique prompt construction, model invocation, and response parsing. |
scripts/aidlc-codereview/src/code_reviewer/agent/config.py |
Loads agent configuration from YAML and environment variables. |
scripts/aidlc-codereview/src/code_reviewer/agent/critical_findings_agent.py |
Collects source files and runs/parses critical findings analysis. |
scripts/aidlc-codereview/src/code_reviewer/agent/models.py |
Defines wrapper generation and verification result models. |
scripts/aidlc-codereview/src/code_reviewer/agent/preflight.py |
Adds dependency, AWS credential, Bedrock, and tool preflight checks. |
scripts/aidlc-codereview/src/code_reviewer/agent/prompt_builder.py |
Assembles wrapper-generation prompts from templates and source context. |
scripts/aidlc-codereview/src/code_reviewer/agent/response_parser.py |
Extracts Python code blocks from LLM responses. |
scripts/aidlc-codereview/src/code_reviewer/agent/retry.py |
Classifies retryable and non-retryable Bedrock errors. |
scripts/aidlc-codereview/src/code_reviewer/agent/verification.py |
Verifies generated wrappers statically and with live tool execution. |
scripts/aidlc-codereview/src/code_reviewer/agent/wrapper_generator.py |
Generates, verifies, writes, imports, and registers tool wrappers. |
scripts/aidlc-codereview/src/code_reviewer/common/__init__.py |
Adds common package marker. |
scripts/aidlc-codereview/src/code_reviewer/common/cli.py |
Exposes the installed CLI entry point. |
scripts/aidlc-codereview/src/code_reviewer/common/config.py |
Loads and validates review tool configuration. |
scripts/aidlc-codereview/src/code_reviewer/common/language_detector.py |
Detects programming languages from file extensions. |
scripts/aidlc-codereview/src/code_reviewer/common/models.py |
Defines findings, results, critique, and business review data models. |
scripts/aidlc-codereview/src/code_reviewer/common/output.py |
Adds verbose output helpers. |
scripts/aidlc-codereview/src/code_reviewer/common/report.py |
Generates technical, business, and summary reports in Markdown/HTML. |
scripts/aidlc-codereview/src/code_reviewer/common/SEVERITY_MAPPING.md |
Documents severity mapping policy. |
scripts/aidlc-codereview/src/code_reviewer/common/spinner.py |
Adds terminal spinner for long-running operations. |
scripts/aidlc-codereview/src/code_reviewer/common/utils.py |
Adds subprocess/tool availability helpers. |
scripts/aidlc-codereview/src/code_reviewer/tools/__init__.py |
Adds tool wrapper package marker. |
scripts/aidlc-codereview/src/code_reviewer/tools/registry.py |
Adds dynamic tool wrapper discovery and registry lookup. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| build-backend = "hatchling.build" | ||
|
|
||
| [tool.hatch.build.targets.wheel] | ||
| packages = ["src/code_reviewer"] |
Comment on lines
+15
to
+19
| _EXAMPLE_WRAPPERS = { | ||
| "bandit (JSON)": _SRC_ROOT / "tools" / "bandit.py", | ||
| "checkstyle (XML)": _SRC_ROOT / "tools" / "checkstyle.py", | ||
| "vulture (text)": _SRC_ROOT / "tools" / "vulture.py", | ||
| } |
Comment on lines
+27
to
+32
| def _write_and_register(tool_name: str, source: str) -> Path: | ||
| """Write wrapper source to tools/<name>.py and register it.""" | ||
| # Sanitize name for filename | ||
| safe_name = tool_name.replace("-", "_").replace(" ", "_") | ||
| wrapper_path = _TOOLS_DIR / f"{safe_name}.py" | ||
| wrapper_path.write_text(source) |
Comment on lines
+27
to
+30
| def _try_load_from_disk(tool_name: str) -> ModuleType | None: | ||
| """Try to load a wrapper from tools/<name>.py.""" | ||
| safe_name = tool_name.replace("-", "_").replace(" ", "_") | ||
| wrapper_path = _TOOLS_DIR / f"{safe_name}.py" |
Comment on lines
+27
to
+32
| def _write_and_register(tool_name: str, source: str) -> Path: | ||
| """Write wrapper source to tools/<name>.py and register it.""" | ||
| # Sanitize name for filename | ||
| safe_name = tool_name.replace("-", "_").replace(" ", "_") | ||
| wrapper_path = _TOOLS_DIR / f"{safe_name}.py" | ||
| wrapper_path.write_text(source) |
Comment on lines
+22
to
+27
| with tempfile.NamedTemporaryFile( | ||
| mode="w", suffix=".py", prefix=f"{module_name}_", delete=False | ||
| ) as f: | ||
| f.write(source) | ||
| f.flush() | ||
| tmp_path = f.name |
Comment on lines
+209
to
+215
| if (tool_path == file_path | ||
| or tool_path.endswith("/" + file_path) | ||
| or file_path.endswith("/" + tool_path) | ||
| or Path(tool_path).name == Path(file_path).name): | ||
| for f in tool_findings: | ||
| if start <= f.line <= end and f.severity not in _LOW_INFO_SEV: | ||
| matched.append(f) |
Comment on lines
+73
to
+85
| def _find_tool_findings_for_range( | ||
| file_path: str, | ||
| start: int, | ||
| end: int, | ||
| findings_by_file: dict[str, list[Finding]], | ||
| ) -> list[Finding]: | ||
| """Match tool findings by file path (handles absolute vs relative mismatch).""" | ||
| matched: list[Finding] = [] | ||
| for tool_path, tool_findings in findings_by_file.items(): | ||
| if (tool_path == file_path | ||
| or tool_path.endswith("/" + file_path) | ||
| or file_path.endswith("/" + tool_path) | ||
| or Path(tool_path).name == Path(file_path).name): |
Comment on lines
+316
to
+323
| biz_files = { | ||
| (Path(blf.file).name, blf.start_line) | ||
| for blf in business_logic_review.findings | ||
| } | ||
| tech_critical_findings = [ | ||
| cf for cf in critical_findings | ||
| if (Path(cf.file).name, cf.start_line) not in biz_files | ||
| ] |
Comment on lines
+153
to
+182
| # Level 2 verification (if tool is installed and target provided) | ||
| if target is not None: | ||
| v2, live_tool_result = verify_level2(source, tool_config.command, target) | ||
| if v2.passed: | ||
| logger.info("Level 2 (live) verification passed for %s", tool_name) | ||
| vprint(f" Level 2 (live) verification passed for '{tool_name}'", flush=True) | ||
| break # Both levels passed | ||
| else: | ||
| last_errors = v2.errors | ||
| last_error_level = 2 | ||
| if attempt < max_retries: | ||
| logger.warning( | ||
| "Attempt %d: Level 2 verification failed (%s), retrying", | ||
| attempt + 1, | ||
| "; ".join(v2.errors), | ||
| ) | ||
| continue | ||
| # Final attempt failed Level 2 — report failure | ||
| print( | ||
| f" Level 2 verification failed for '{tool_name}' " | ||
| f"after {max_retries + 1} attempts: {'; '.join(v2.errors)}", | ||
| flush=True, | ||
| ) | ||
| return GenerationResult( | ||
| status=GenerationStatus.VERIFICATION_FAILED, | ||
| tool_name=tool_name, | ||
| verification=v2, | ||
| error=f"Level 2 verification failed: {'; '.join(v2.errors)}", | ||
| token_usage=token_usage, | ||
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the AIDLC Code Reviewer — an automated, language-agnostic code quality analysis CLI tool that combines static analysis tools with AI-powered critical code analysis and business logic review. It produces structured HTML (for human review) and Markdown reports (for LLM review), designed to review code assets generated through the AI-DLC.
Changes
Introduces the scripts/aidlc-codereview/ package (41 files, ~9,000 lines) containing:
Key design decisions:
User experience
Before: No automated code review tooling existed in the AIDLC workflow. Developers had to manually run individual static analysis tools, interpret raw output, and perform business logic review entirely by hand.
After: Developers run a single command to get a comprehensive code review:
The summary HTML serves as the entry point, linking to detailed technical and business logic reports. Users can also
run --technical-reportor--business-reportindependently, use --preflight to verify AWS setup, or--no-generateto skip LLM-based wrapper generation.Checklist
If your change doesn't seem to apply, please leave them unchecked.
Test Plan
Reviewers should verify:
pip install -e scripts/aidlc-codereviewcompletes without errors on Python 3.11+aidlc-code-reviewer --preflightvalidates AWS credentials and Bedrock model access (requires bedrock:InvokeModel permission)aidlc-code-reviewer ./scripts/aidlc-codereview/src --technical-reportruns built-in tools (bandit, ruff, mypy, radon, vulture) and produces HTML + Markdown output in./reports/aidlc-code-reviewer ./scripts/aidlc-codereview/src --business-reportproduces the AI-driven domain reviewsrc/code_reviewer/tools/--no-generateskips tools without built-in wrappers gracefullyAcknowledgment
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.