@enkonix/ai-code-review
v1.0.8
Published
Automated AI-powered code review using AWS Bedrock for GitHub and GitLab
Maintainers
enkonixReadme
AWS Bedrock AI Code Review
Automated AI-powered code review system using AWS Bedrock that runs on pull requests and merge requests. This tool provides intelligent feedback on code quality, security, performance, and best practices using Claude AI models.
Features
- AI-Powered Reviews: Uses AWS Bedrock's Claude models for intelligent code analysis
- Multi-Platform Support: Works with both GitHub Actions and GitLab CI
- Zero Configuration: Works out of the box with sensible defaults
- Customizable: Configure via
.bedrock-review.jsonor environment variables - No File Copying: Install as a package, no need to copy files to each project
- Line-Specific Comments: Posts feedback directly on changed lines
- Comprehensive Analysis: Reviews code quality, security, performance, and best practices
Installation
Option 1: Use via npx (Recommended)
No installation required! Just add to your CI/CD workflow:
npx @enkonix/ai-code-reviewOption 2: Install as a dependency
npm install --save-dev @enkonix/ai-code-reviewOption 3: Install globally
npm install -g @enkonix/ai-code-review
bedrock-reviewPrerequisites
- AWS Account: You need an AWS account with access to Amazon Bedrock
- Git Repository: Works with GitHub or GitLab repositories
- Node.js: Version 18 or higher
AWS Configuration
1. Enable AWS Bedrock
- Log into your AWS Console
- Navigate to Amazon Bedrock service
- Request access to the Claude model (default:
us.anthropic.claude-opus-4-1-20250805-v1:0) - Wait for approval (usually instant for Claude models)
2. Create IAM User for CI/CD
- Go to IAM → Users → Create User
- User name:
bedrock-code-reviewer(or your preference) - Select "Programmatic access"
- Create a new policy with the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel"
],
"Resource": "arn:aws:bedrock:*:*:model/*"
}
]
}- Attach the policy to the user
- Save the Access Key ID and Secret Access Key
GitHub Setup
1. Set GitHub Secrets
In your GitHub repository, go to Settings → Secrets and variables → Actions → New repository secret and add:
Required Secrets:
| Secret Name | Value | Description |
|------------|-------|-------------|
| AWS_BEDROCK_ACCESS_KEY_ID | Your AWS Access Key | AWS credentials for Bedrock |
| AWS_BEDROCK_SECRET_ACCESS_KEY | Your AWS Secret Key | AWS credentials for Bedrock |
| AWS_REGION | us-east-1 | AWS region with Bedrock access |
Optional Secrets:
| Secret Name | Value | Description |
|------------|-------|-------------|
| BEDROCK_MODEL_ID | us.anthropic.claude-opus-4-1-20250805-v1:0 | Override default Claude model |
| MIN_SEVERITY | low, medium, high, or critical | Filter issues by severity level |
Note: GITHUB_TOKEN is automatically provided by GitHub Actions with the necessary permissions to read code and post PR comments. No additional token setup is required!
2. Create GitHub Actions Workflow
Basic Configuration
Create .github/workflows/ai-code-review.yml:
name: AI Code Review
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
ai-review:
name: AWS Bedrock AI Code Review
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
- name: Run AI Code Review
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: npx @enkonix/ai-code-reviewAdvanced Configuration Examples
Example 1: Different severity levels for different branches
name: AI Code Review
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
ai-review:
name: AWS Bedrock AI Code Review
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
- name: Run AI Code Review (Production)
if: github.base_ref == 'main' || github.base_ref == 'master'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
MIN_SEVERITY: high # Only critical and high severity for production
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: npx @enkonix/ai-code-review
- name: Run AI Code Review (Development)
if: github.base_ref != 'main' && github.base_ref != 'master'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
MIN_SEVERITY: low # All issues for development branches
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: npx @enkonix/ai-code-reviewExample 2: Using custom model with severity filtering
- name: Run AI Code Review
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_BEDROCK_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_BEDROCK_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
BEDROCK_MODEL_ID: anthropic.claude-3-sonnet-20240229-v1:0 # Faster, lower cost
MIN_SEVERITY: medium # Balanced feedback
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: npx @enkonix/ai-code-reviewGitLab Setup
1. Set CI/CD Variables
In your GitLab project, go to Settings → CI/CD → Variables and add:
| Variable Name | Value | Protected | Masked |
|--------------|-------|-----------|---------|
| AWS_BEDROCK_ACCESS_KEY_ID | Your AWS Access Key | ✓ | ✓ |
| AWS_BEDROCK_SECRET_ACCESS_KEY | Your AWS Secret Key | ✓ | ✓ |
| AWS_REGION | us-east-1 (or your preferred region) | ✓ | ✗ |
| BEDROCK_MODEL_ID | us.anthropic.claude-opus-4-1-20250805-v1:0 | ✓ | ✗ |
| GIT_TOKEN | Your GitLab personal access token (with api scope) | ✓ | ✓ |
2. Create GitLab Personal Access Token
- Go to GitLab → User Settings → Access Tokens
- Create a new token with:
- Name:
bedrock-code-reviewer - Scopes:
api(required for posting MR comments)
- Name:
- Copy the token and add it as
GIT_TOKENin CI/CD variables
3. Update .gitlab-ci.yml
Add the following job to your .gitlab-ci.yml:
bedrock-code-review:
stage: test
image: node:22
variables:
GIT_STRATEGY: fetch
GIT_DEPTH: 0
AWS_ACCESS_KEY_ID: ${AWS_BEDROCK_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_BEDROCK_SECRET_ACCESS_KEY}
AWS_REGION: ${AWS_REGION}
BEDROCK_MODEL_ID: ${BEDROCK_MODEL_ID}
script:
- npx @enkonix/ai-code-review
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
allow_failure: trueConfiguration
Configuration File
Create a .bedrock-review.json file in your project root to customize behavior:
{
"awsRegion": "us-east-1",
"modelId": "us.anthropic.claude-opus-4-1-20250805-v1:0",
"maxTokens": 1500,
"minSeverity": "low",
"codeFileExtensions": [
".js",
".ts",
".vue",
".jsx",
".tsx",
".py",
".java",
".cs",
".php",
".rb",
".go",
".rs",
".cpp",
".c",
".h",
".scss",
".css",
".html"
],
"debug": false
}Environment Variables
Environment variables override configuration file settings:
| Variable | Description | Default |
|----------|-------------|---------|
| AWS_REGION | AWS region for Bedrock | us-east-1 |
| BEDROCK_MODEL_ID | Claude model ID | us.anthropic.claude-opus-4-1-20250805-v1:0 |
| MIN_SEVERITY | Minimum severity level to report | low |
| AWS_ACCESS_KEY_ID | AWS access key | - |
| AWS_SECRET_ACCESS_KEY | AWS secret key | - |
| AWS_PROFILE | AWS profile name | - |
| DEBUG | Enable debug logging | false |
Severity Filtering
Control which issues are reported by setting the minimum severity level. Only issues at or above the specified level will be shown in the review.
Severity Levels (from highest to lowest):
critical- Critical issues that must be fixed (security vulnerabilities, data loss risks)high- Important issues that should be addressed (bugs, major code quality issues)medium- Moderate issues worth addressing (code smells, minor improvements)low- Minor suggestions and optimizations (default, shows all issues)
Configuration Options:
Option 1: Environment Variable
- name: Run AI Code Review
env:
MIN_SEVERITY: high # Only show critical and high severity issues
# ... other env varsOption 2: Configuration File
{
"minSeverity": "high"
}Example Use Cases:
- Production PRs: Set
minSeverity: "high"to focus on critical bugs and security issues - Feature Development: Use
minSeverity: "medium"for balanced feedback - Code Quality Reviews: Keep default
minSeverity: "low"to see all suggestions
Available Models
Update the BEDROCK_MODEL_ID to use different models:
- Claude Opus 4:
us.anthropic.claude-opus-4-1-20250805-v1:0(default, best quality) - Claude Sonnet 3.5:
us.anthropic.claude-sonnet-3-5-20241022-v2:0(balanced) - Claude Sonnet 3:
anthropic.claude-3-sonnet-20240229-v1:0(faster, lower cost) - Claude Haiku 3:
anthropic.claude-3-haiku-20240307-v1:0(fastest, lowest cost)
How It Works
- Trigger: The review runs automatically when a PR/MR is created or updated
- File Analysis: Only reviews code files (configurable extensions)
- Diff Review: Analyzes only the changed lines in the PR/MR
- AI Review: Uses AWS Bedrock's Claude model to review the code for:
- Code quality and design patterns
- Performance optimization opportunities
- Security vulnerabilities
- Best practices and conventions
- Maintainability and documentation
- Error handling and edge cases
- Feedback: Posts line-specific comments directly on the PR/MR
- Summary: Provides an overall review summary with statistics
Local Testing
You can test the code review locally:
# Set required environment variables
export AWS_ACCESS_KEY_ID=your_key
export AWS_SECRET_ACCESS_KEY=your_secret
export AWS_REGION=us-east-1
# For GitHub
export GITHUB_TOKEN=your_github_token
export GITHUB_REPOSITORY=owner/repo
export PR_NUMBER=123
export GITHUB_BASE_REF=main
# For GitLab
export GIT_TOKEN=your_gitlab_token
export CI_PROJECT_ID=12345
export CI_MERGE_REQUEST_IID=1
export CI_SERVER_URL=https://gitlab.com
export CI_MERGE_REQUEST_TARGET_BRANCH_NAME=main
# Run the review
npx @enkonix/ai-code-reviewTroubleshooting
AWS Credentials Issues
If you see authentication errors:
- Verify AWS credentials are correctly set in CI/CD variables
- Check IAM user has proper Bedrock permissions
- Ensure the AWS region supports Bedrock
- Test credentials with AWS STS:
aws sts get-caller-identity
GitHub/GitLab API Issues
If comments aren't posting:
- Verify token has required scopes (
repofor GitHub,apifor GitLab) - Check token hasn't expired
- Ensure user has write access to the repository
Review Not Running
- Check the PR/MR is from a feature branch to the target branch
- Verify all required environment variables are set
- Check CI pipeline logs for errors
- Ensure Node.js version is 18 or higher
Platform Not Detected
The tool auto-detects the platform based on environment variables:
- GitHub: Requires
GITHUB_REPOSITORYandPR_NUMBER - GitLab: Requires
CI_PROJECT_IDandCI_MERGE_REQUEST_IID
If neither is detected, ensure your CI workflow is passing the required variables.
Cost Considerations
- AWS Bedrock charges per token processed
- Claude Opus provides the highest quality but is more expensive
- Consider using Claude Sonnet or Haiku for cost optimization
- Monitor AWS billing dashboard for usage
- Set up AWS Budgets to track costs
Security Notes
- AWS credentials are stored securely in CI/CD variables
- Never commit credentials to the repository
- Use protected and masked variables for sensitive data
- The tool uses
simple-gitlibrary to safely interact with Git - All Git operations are performed through a secure API
License
MIT
Support
For issues, feature requests, or questions:
- GitHub Issues: https://github.com/enkonix/ai_code_review/issues
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.