feat(scripts): Add AIDLC Code Reviewer to scripts/aidlc-codereview/

[ayushtr-aws]

Summary

Adds the AIDLC Code Reviewer tool to scripts/aidlc-codereview/, following the aidlc-designreview package structure. The tool provides AI-powered code review via Amazon Bedrock (Strands Agents SDK) with three analysis modes: critical findings, structure critique, and business logic review.

Changes

• scripts/aidlc-codereview/ — new standalone Python package
  • pyproject.toml — hatchling build, entry point code-reviewer = "code_reviewer.common.cli:main", packages = ["src/code_reviewer"]
  • LICENSE — MIT-0 (MIT No Attribution)
  • CHANGELOG.md — v0.2.0 initial release
  • LEGAL_DISCLAIMER.md — standard AWS AI legal disclaimer
  • README.md — full documentation
  • docs/SETUP.md — installation and AWS Bedrock configuration guide
• src/code_reviewer/ — main package with all imports using code_reviewer. prefix
  • agent/ — BaseAgent ABC (Strands + Bedrock + backoff retry), CriticalFindingsAgent, StructureCritiqueAgent, BusinessLogicAgent
  • common/ — cli.py (Click entry point), config.py (ConfigManager using Path(__file__).parent for YAML resolution), models.py (Pydantic: Severity, Finding, ReviewResult, CodeReviewReport), scanner.py (code file discovery with .gitignore support)
  • tools/ — ToolRegistry with read_file and list_files tools for Strands agents
  • prompts/ — system prompt markdown files for each review type
  • review-config.yaml / agent-config.yaml — config files kept inside src/code_reviewer/ (not a separate config/) to preserve Path(__file__).parent resolution
  • runner.py — ReviewRunner orchestrating the full pipeline with Rich progress display

User experience

Before: No automated code review tool in the AIDLC workflow scripts.

After: Users can run:

# Install
cd scripts/aidlc-codereview && uv sync

# Review a repository
code-reviewer --repo-path /path/to/code --output review-report.md

# With options
code-reviewer --repo-path ./src --model claude-sonnet-4-6 --format json

The tool scans source files, runs three AI-powered review agents against Amazon Bedrock, and produces a structured Markdown or JSON report with severity-rated findings across critical security issues, structural problems, and business logic gaps.

Checklist

• I have reviewed the contributing guidelines
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented

Test Plan

cd scripts/aidlc-codereview
uv sync --dev
uv run pytest tests/ -v
# → 20 passed in 0.12s

uv build
# → Successfully built dist/aidlc_codereview-0.2.0.tar.gz
# → Successfully built dist/aidlc_codereview-0.2.0-py3-none-any.whl

uv run ruff check src/ tests/
# → All checks passed!

All 20 unit tests pass (testing CodeScanner: file discovery, exclusions, metadata, .gitignore support, edge cases). Package builds cleanly as both sdist and wheel. Lint (ruff) passes with zero warnings.

Agent notes

What went well:

• The aidlc-traceability and aidlc-designreview (fetched from upstream feature/aidlc-designreview branch) provided clear patterns for the hatchling build system, Strands Agents integration, and Rich console output style.
• The uv workflow (sync, build, test) worked smoothly.
• Ruff auto-fixed all lint issues in one pass.

What was difficult:

• The source repository https://github.com/ayushtr-aws/ai-dlc-code-reviewer referenced in the task does not exist publicly, so the code reviewer was implemented from scratch based on the task specification and patterns from the design reviewer tool.
• The mise tasks (mise run build, mise run lint) are not configured at any level in this repo — builds are done via uv directly per-package.

Conventions discovered:

• Each scripts/ subdirectory is an independent Python package with its own pyproject.toml, uv.lock, LICENSE, CHANGELOG.md, and tests/.
• Build system: hatchling with packages = ["src/<pkg>"] in [tool.hatch.build.targets.wheel].
• AWS integration uses Strands Agents SDK with Amazon Bedrock models.
• MIT-0 license (no attribution) is the standard for tools in this repo.
• Commit messages follow <type>(<scope>): description conventional commit format.

Suggestions for future tasks:

• Add a mise.toml at repo root (or per-script) to standardize mise run build / mise run lint / mise run test commands.
• Consider adding a Claude Code hook integration (pre-tool-use) similar to the design reviewer's tool-install/ approach.
• Add integration tests that mock the Bedrock API calls using moto or unittest.mock.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.