Fix Amazon Q workflow to analyze C/C++ code instead of reporting zero files

[Copilot]

The Amazon Q review workflow reported "0 source files analyzed" because it only searched for Python/JavaScript/TypeScript/Java/Go files, while this repository contains C code.

Changes

Workflow analysis (.github/workflows/auto-amazonq-review.yml)

• Extended file detection to include C/C++ extensions (.c, .h, .cpp, .hpp)
• Added C-specific security checks:
  • Unsafe function detection: strcpy, strcat, sprintf, gets, scanf
  • Memory management: tracks malloc/calloc/realloc/posix_memalign vs free calls
  • Credential pattern matching for hardcoded secrets
• Loop detection using (for\s*\(|while\s*\() to match actual statements, not words in comments
• Standardized all grep patterns to use -E flag with proper grouping

Documentation

• Created .github/WORKFLOWS.md documenting workflow features, triggers, and example output
• Updated README.md to reference workflow documentation

Example output

#### Code Structure Analysis
- Total source files analyzed: 32
- C/C++ source files found: 32

#### Security Considerations
- Credential scanning: 0 potential hardcoded secrets found
- Unsafe C functions: 0 instances found
- Memory management: 8 allocations found, 8 free calls found (heuristic - requires manual review)

#### Performance Optimization Opportunities
- Loop usage: 162 loops found - review for optimization opportunities

The workflow now provides actionable C-specific analysis instead of generic placeholders.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Amazon Q Code Review - 2025-12-20</issue_title>
<issue_description># Amazon Q Code Review Report

This review was triggered after GitHub Copilot agent workflows completed.

Amazon Q Code Review Report

Review Date: 2025-12-20 00:13:07 UTC

Code Quality Assessment

Following the GitHub Copilot agent reviews, Amazon Q provides additional insights:

Code Structure Analysis

• Total source files analyzed: 0

Security Considerations

• Credential scanning: Check for hardcoded secrets
• Dependency vulnerabilities: Review package versions
• Code injection risks: Validate input handling

Performance Optimization Opportunities

• Algorithm efficiency: Review computational complexity
• Resource management: Check for memory leaks and resource cleanup
• Caching opportunities: Identify repeated computations

Architecture and Design Patterns

• Design patterns usage: Verify appropriate pattern application
• Separation of concerns: Check module boundaries
• Dependency management: Review coupling and cohesion

Integration with Previous Reviews

This review complements the GitHub Copilot agent findings with:

• Additional security analysis
• AWS best practices recommendations
• Performance optimization suggestions
• Enterprise architecture patterns

Next Steps

1. Review findings from both GitHub Copilot and Amazon Q
2. Prioritize issues based on severity and impact
3. Create action items for high-priority findings
4. Schedule follow-up reviews for resolved items

Review Context

• Triggered by: Complete CI/CD Agent Review Pipeline
• Repository: P4X-ng/af_xdp
• Branch: main
• Commit: d226f2e

Related Reviews

Check for related issues with these labels:

• code-cleanliness - Code structure and organization
• test-coverage - Test quality and Playwright usage
• documentation - Documentation completeness

Instructions for Amazon Q Integration

To enable full Amazon Q integration:

1. Set up AWS credentials in repository secrets:

   • AWS_ACCESS_KEY_ID
   • AWS_SECRET_ACCESS_KEY

2. Install Amazon Q Developer CLI (when available):

   • Follow AWS documentation for Amazon Q setup
   • Configure repository access

3. Enable Amazon CodeWhisperer for security scanning

4. Configure custom review rules based on your needs

Action Items

• Review Amazon Q findings
• Compare with GitHub Copilot recommendations
• Prioritize and assign issues
• Implement high-priority fixes
• Update documentation as needed

---

This issue was automatically generated by the Amazon Q Review workflow.
</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Amazon Q Code Review - 2025-12-20 #17

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}