AWS Bedrock AI Code Review

Automated AI-powered code review system using AWS Bedrock that runs on pull requests and merge requests. This tool provides intelligent feedback on code quality, security, performance, and best practices using Claude AI models.

Features

- AI-Powered Reviews: Uses AWS Bedrock's Claude models for intelligent code analysis
- Multi-Platform Support: Works with both GitHub Actions and GitLab CI
- Zero Configuration: Works out of the box with sensible defaults
- Customizable: Configure via .bedrock-review.json or environment variables
- No File Copying: Install as a package, no need to copy files to each project
- Line-Specific Comments: Posts feedback directly on changed lines
- Comprehensive Analysis: Reviews code quality, security, performance, and best practices

Installation

$3

No installation required! Just add to your CI/CD workflow:

``bash
npx @enkonix/ai-code-review
`

$3

`bash
npm install --save-dev @enkonix/ai-code-review
`

$3

`bash
npm install -g @enkonix/ai-code-review
bedrock-review
`

Prerequisites

1. AWS Account: You need an AWS account with access to Amazon Bedrock
2. Git Repository: Works with GitHub or GitLab repositories
3. Node.js: Version 18 or higher

AWS Configuration

$3

1. Log into your AWS Console
2. Navigate to Amazon Bedrock service
3. Request access to the Claude model (default: us.anthropic.claude-opus-4-1-20250805-v1:0)
4. Wait for approval (usually instant for Claude models)

$3

1. Go to IAM → Users → Create User
2. User name: bedrock-code-reviewer (or your preference)
3. Select "Programmatic access"
4. Create a new policy with the following permissions:

`json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel"
],
"Resource": "arn:aws:bedrock:::model/*"
}
]
}
`

5. Attach the policy to the user
6. Save the Access Key ID and Secret Access Key

GitHub Setup

$3

In your GitHub repository, go to Settings → Secrets and variables → Actions → New repository secret and add:

Required Secrets:

| Secret Name | Value | Description |
|------------|-------|-------------|
| AWS_BEDROCK_ACCESS_KEY_ID | Your AWS Access Key | AWS credentials for Bedrock |
| AWS_BEDROCK_SECRET_ACCESS_KEY | Your AWS Secret Key | AWS credentials for Bedrock |
| AWS_REGION | us-east-1 | AWS region with Bedrock access |

Optional Secrets:

| Secret Name | Value | Description |
|------------|-------|-------------|
| BEDROCK_MODEL_ID | us.anthropic.claude-opus-4-1-20250805-v1:0 | Override default Claude model |
| MIN_SEVERITY | low, medium, high, or critical | Filter issues by severity level |

Note: GITHUB_TOKEN is automatically provided by GitHub Actions with the necessary permissions to read code and post PR comments. No additional token setup is required!

$3

Basic Configuration

Create .github/workflows/ai-code-review.yml:

`yaml
name: AI Code Review

on:
pull_request:
types: [opened, synchronize, reopened]

jobs:
ai-review:
name: AWS Bedrock AI Code Review
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'

- name: Run AI Code Review
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: npx @enkonix/ai-code-review
`

Advanced Configuration Examples

Example 1: Different severity levels for different branches

`yaml
name: AI Code Review

on:
pull_request:
types: [opened, synchronize, reopened]

jobs:
ai-review:
name: AWS Bedrock AI Code Review
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'

- name: Run AI Code Review (Production)
if: github.base_ref == 'main' || github.base_ref == 'master'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
MIN_SEVERITY: high # Only critical and high severity for production
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: npx @enkonix/ai-code-review

- name: Run AI Code Review (Development)
if: github.base_ref != 'main' && github.base_ref != 'master'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
MIN_SEVERITY: low # All issues for development branches
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: npx @enkonix/ai-code-review
`

Example 2: Using custom model with severity filtering

`yaml
- name: Run AI Code Review
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
BEDROCK_MODEL_ID: anthropic.claude-3-sonnet-20240229-v1:0 # Faster, lower cost
MIN_SEVERITY: medium # Balanced feedback
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: npx @enkonix/ai-code-review
`

GitLab Setup

$3

In your GitLab project, go to Settings → CI/CD → Variables and add:

| Variable Name | Value | Protected | Masked |
|--------------|-------|-----------|---------|
| AWS_BEDROCK_ACCESS_KEY_ID | Your AWS Access Key | ✓ | ✓ |
| AWS_BEDROCK_SECRET_ACCESS_KEY | Your AWS Secret Key | ✓ | ✓ |
| AWS_REGION | us-east-1 (or your preferred region) | ✓ | ✗ |
| BEDROCK_MODEL_ID | us.anthropic.claude-opus-4-1-20250805-v1:0 | ✓ | ✗ |
| GIT_TOKEN | Your GitLab personal access token (with api scope) | ✓ | ✓ |

$3

1. Go to GitLab → User Settings → Access Tokens
2. Create a new token with:
- Name: bedrock-code-reviewer
- Scopes: api (required for posting MR comments)
3. Copy the token and add it as GIT_TOKEN in CI/CD variables

$3

Add the following job to your .gitlab-ci.yml:

`yaml
bedrock-code-review:
stage: test
image: node:22
variables:
GIT_STRATEGY: fetch
GIT_DEPTH: 0
AWS_ACCESS_KEY_ID: ${AWS_BEDROCK_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_BEDROCK_SECRET_ACCESS_KEY}
AWS_REGION: ${AWS_REGION}
BEDROCK_MODEL_ID: ${BEDROCK_MODEL_ID}
script:
- npx @enkonix/ai-code-review
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
allow_failure: true
`

Configuration

$3

Create a .bedrock-review.json file in your project root to customize behavior:

`json
{
"awsRegion": "us-east-1",
"modelId": "us.anthropic.claude-opus-4-1-20250805-v1:0",
"maxTokens": 1500,
"minSeverity": "low",
"codeFileExtensions": [
".js",
".ts",
".vue",
".jsx",
".tsx",
".py",
".java",
".cs",
".php",
".rb",
".go",
".rs",
".cpp",
".c",
".h",
".scss",
".css",
".html"
],
"debug": false
}
`

$3

Environment variables override configuration file settings:

| Variable | Description | Default |
|----------|-------------|---------|
| AWS_REGION | AWS region for Bedrock | us-east-1 |
| BEDROCK_MODEL_ID | Claude model ID | us.anthropic.claude-opus-4-1-20250805-v1:0 |
| MIN_SEVERITY | Minimum severity level to report | low |
| AWS_ACCESS_KEY_ID | AWS access key | - |
| AWS_SECRET_ACCESS_KEY | AWS secret key | - |
| AWS_PROFILE | AWS profile name | - |
| DEBUG | Enable debug logging | false |

$3

Control which issues are reported by setting the minimum severity level. Only issues at or above the specified level will be shown in the review.

Severity Levels (from highest to lowest):
- critical - Critical issues that must be fixed (security vulnerabilities, data loss risks)
- high - Important issues that should be addressed (bugs, major code quality issues)
- medium - Moderate issues worth addressing (code smells, minor improvements)
- low - Minor suggestions and optimizations (default, shows all issues)

Configuration Options:

Option 1: Environment Variable
`yaml
- name: Run AI Code Review
env:
MIN_SEVERITY: high # Only show critical and high severity issues
# ... other env vars
`

Option 2: Configuration File
`json
{
"minSeverity": "high"
}
`

Example Use Cases:
- Production PRs: Set minSeverity: "high" to focus on critical bugs and security issues
- Feature Development: Use minSeverity: "medium" for balanced feedback
- Code Quality Reviews: Keep default minSeverity: "low" to see all suggestions

$3

Update the BEDROCK_MODEL_ID to use different models:

- Claude Opus 4: us.anthropic.claude-opus-4-1-20250805-v1:0 (default, best quality)
- Claude Sonnet 3.5: us.anthropic.claude-sonnet-3-5-20241022-v2:0 (balanced)
- Claude Sonnet 3: anthropic.claude-3-sonnet-20240229-v1:0 (faster, lower cost)
- Claude Haiku 3: anthropic.claude-3-haiku-20240307-v1:0 (fastest, lowest cost)

How It Works

1. Trigger: The review runs automatically when a PR/MR is created or updated
2. File Analysis: Only reviews code files (configurable extensions)
3. Diff Review: Analyzes only the changed lines in the PR/MR
4. AI Review: Uses AWS Bedrock's Claude model to review the code for:
- Code quality and design patterns
- Performance optimization opportunities
- Security vulnerabilities
- Best practices and conventions
- Maintainability and documentation
- Error handling and edge cases
5. Feedback: Posts line-specific comments directly on the PR/MR
6. Summary: Provides an overall review summary with statistics

Local Testing

You can test the code review locally:

`bash


Set required environment variables

export AWS_ACCESS_KEY_ID=your_key
export AWS_SECRET_ACCESS_KEY=your_secret
export AWS_REGION=us-east-1

For GitHub

export GITHUB_TOKEN=your_github_token
export GITHUB_REPOSITORY=owner/repo
export PR_NUMBER=123
export GITHUB_BASE_REF=main

For GitLab

export GIT_TOKEN=your_gitlab_token
export CI_PROJECT_ID=12345
export CI_MERGE_REQUEST_IID=1
export CI_SERVER_URL=https://gitlab.com
export CI_MERGE_REQUEST_TARGET_BRANCH_NAME=main

Run the review

npx @enkonix/ai-code-review
`

Troubleshooting

$3

If you see authentication errors:
1. Verify AWS credentials are correctly set in CI/CD variables
2. Check IAM user has proper Bedrock permissions
3. Ensure the AWS region supports Bedrock
4. Test credentials with AWS STS: aws sts get-caller-identity

$3

If comments aren't posting:
1. Verify token has required scopes (repo for GitHub, api for GitLab)
2. Check token hasn't expired
3. Ensure user has write access to the repository

$3

1. Check the PR/MR is from a feature branch to the target branch
2. Verify all required environment variables are set
3. Check CI pipeline logs for errors
4. Ensure Node.js version is 18 or higher

$3

The tool auto-detects the platform based on environment variables:
- GitHub: Requires GITHUB_REPOSITORY and PR_NUMBER
- GitLab: Requires CI_PROJECT_ID and CI_MERGE_REQUEST_IID

If neither is detected, ensure your CI workflow is passing the required variables.

Cost Considerations

- AWS Bedrock charges per token processed
- Claude Opus provides the highest quality but is more expensive
- Consider using Claude Sonnet or Haiku for cost optimization
- Monitor AWS billing dashboard for usage
- Set up AWS Budgets to track costs

Security Notes

- AWS credentials are stored securely in CI/CD variables
- Never commit credentials to the repository
- Use protected and masked variables for sensitive data
- The tool uses simple-git` library to safely interact with Git
- All Git operations are performed through a secure API

License

MIT

Support

For issues, feature requests, or questions:
- GitHub Issues: https://github.com/enkonix/ai_code_review/issues

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.