refactor: simplify gga script and exclude api/ via config

- Use REJECT/REQUIRE/PREFER keywords for clear action items
- Remove verbose explanations
- Use bullet points instead of paragraphs
- Add clear section separators
- Condense rules to single lines where possible

.gga

@@ -0,0 +1,20 @@
+# Gentleman Guardian Angel (gga) Configuration
+# https://github.com/Gentleman-Programming/gentleman-guardian-angel
+
+# AI Provider (required)
+# Options: claude, gemini, codex, ollama:<model>
+PROVIDER="claude"
+
+# File patterns to include in review (comma-separated globs)
+# Review both TypeScript (UI) and Python (SDK, API, MCP) files
+FILE_PATTERNS="*.ts,*.tsx,*.js,*.jsx,*.py"
+
+# File patterns to exclude from review (comma-separated globs)
+# Excludes: test files, type definitions, and api/ folder (no AGENTS.md yet)
+EXCLUDE_PATTERNS="*.test.ts,*.test.tsx,*.spec.ts,*.spec.tsx,*.d.ts,*_test.py,test_*.py,conftest.py,api/*"
+
+# File containing your coding standards (relative to repo root)
+RULES_FILE="AGENTS-CODE-REVIEW.md"
+
+# Strict mode: fail if AI response is ambiguous (recommended)
+STRICT_MODE="true"

.pre-commit-config.yaml

@@ -82,7 +82,6 @@ repos:
         args: ["--directory=./"]
         pass_filenames: false
 
-
   - repo: https://github.com/hadolint/hadolint
     rev: v2.13.0-beta
     hooks:
@@ -129,9 +128,20 @@ repos:
 
       - id: ui-checks
         name: UI - Husky Pre-commit
-        description: "Run UI pre-commit checks (Claude Code validation + healthcheck)"
+        description: "Run UI pre-commit checks (healthcheck + build)"
         entry: bash -c 'cd ui && .husky/pre-commit'
         language: system
         files: '^ui/.*\.(ts|tsx|js|jsx|json|css)$'
         pass_filenames: false
         verbose: true
+
+      - id: gga
+        name: Gentleman Guardian Angel (AI Code Review)
+        description: "AI-powered code review - runs last after all formatters/linters"
+        entry: ./scripts/gga-review.sh
+        language: system
+        files: '\.(ts|tsx|js|jsx|py)$'
+        exclude: '(\.test\.|\.spec\.|_test\.py|test_.*\.py|conftest\.py|\.d\.ts)'
+        pass_filenames: false
+        stages: ["pre-commit"]
+        verbose: true

AGENTS-CODE-REVIEW.md

@@ -0,0 +1,89 @@
+# Code Review Rules
+
+## References
+
+- UI details: `ui/AGENTS.md`
+- SDK details: `prowler/AGENTS.md`
+- MCP details: `mcp_server/AGENTS.md`
+
+---
+
+## ALL FILES
+
+REJECT if:
+
+- Hardcoded secrets/credentials
+- `any` type (TypeScript) or missing type hints (Python)
+- Code duplication (violates DRY)
+- Silent error handling (no logging)
+
+---
+
+## TypeScript/React (ui/)
+
+REJECT if:
+
+- `import React` or `import * as React` → use `import { useState }`
+- Union types `type X = "a" | "b"` → use `const X = {...} as const`
+- `var()` or hex colors in className → use Tailwind classes
+- `useMemo` or `useCallback` without justification (React 19 Compiler)
+- `z.string().email()` → use `z.email()` (Zod v4)
+- `z.string().nonempty()` → use `z.string().min(1)` (Zod v4)
+- Missing `"use client"` in client components
+- Missing `"use server"` in server actions
+- Images without `alt` attribute
+- Interactive elements without `aria` labels
+- Non-semantic HTML when semantic exists
+
+PREFER:
+
+- `components/shadcn/` over custom components
+- `cn()` for conditional/merged classes
+- Local files if used 1 place, `components/shared/` if 2+
+- Responsive classes: `sm:`, `md:`, `lg:`, `xl:`
+
+EXCEPTION:
+
+- `var()` allowed in chart/graph component props (not className)
+
+---
+
+## Python (prowler/, mcp_server/)
+
+REJECT if:
+
+- Missing type hints on public functions
+- Missing docstrings on classes/public methods
+- Bare `except:` without specific exception
+- `print()` instead of `logger`
+
+REQUIRE for SDK checks:
+
+- Inherit from `Check`
+- `execute()` returns `list[CheckReport]`
+- `report.status` = `"PASS"` | `"FAIL"`
+- `.metadata.json` file exists
+
+REQUIRE for MCP tools:
+
+- Extend `BaseTool` (auto-registration)
+- `MinimalSerializerMixin` for responses
+- `from_api_response()` for API transforms
+
+---
+
+## Response Format
+
+FIRST LINE must be exactly:
+
+```
+STATUS: PASSED
+```
+
+or
+
+```
+STATUS: FAILED
+```
+
+If FAILED, list: `file:line - rule - issue`

prowler/CHANGELOG.md

@@ -17,6 +17,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Update AWS Inspector v2 service metadata to new format [(#9260)](https://github.com/prowler-cloud/prowler/pull/9260)
 - Update AWS Service Catalog service metadata to new format [(#9410)](https://github.com/prowler-cloud/prowler/pull/9410)
 - Update AWS SNS service metadata to new format [(#9428)](https://github.com/prowler-cloud/prowler/pull/9428)
+- Update AWS Trusted Advisor service metadata to new format [(#9435)](https://github.com/prowler-cloud/prowler/pull/9435)
 
 ---
 

prowler/providers/aws/services/trustedadvisor/trustedadvisor_errors_and_warnings/trustedadvisor_errors_and_warnings.metadata.json

@@ -1,26 +1,32 @@
 {
   "Provider": "aws",
   "CheckID": "trustedadvisor_errors_and_warnings",
-  "CheckTitle": "Check Trusted Advisor for errors and warnings.",
-  "CheckType": [],
+  "CheckTitle": "Trusted Advisor check has no errors or warnings",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices"
+  ],
   "ServiceName": "trustedadvisor",
   "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:service:region:account-id",
+  "ResourceIdTemplate": "",
   "Severity": "medium",
   "ResourceType": "Other",
-  "Description": "Check Trusted Advisor for errors and warnings.",
-  "Risk": "Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.",
-  "RelatedUrl": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/",
+  "Description": "**AWS Trusted Advisor** check statuses are assessed to identify items in `warning` or `error`. The finding reflects the state reported by Trusted Advisor across categories such as **Security**, **Fault Tolerance**, **Service Limits**, and **Cost**, indicating where configurations or quotas require attention.",
+  "Risk": "Unaddressed **warnings/errors** can leave misconfigurations that impact CIA:\n- **Confidentiality**: public access or weak auth exposes data\n- **Integrity**: overly permissive settings allow unwanted changes\n- **Availability**: limit exhaustion or poor resilience triggers outages\nThey can also increase unnecessary cost.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/TrustedAdvisor/checks.html"
+  ],
   "Remediation": {
     "Code": {
       "CLI": "",
       "NativeIaC": "",
-      "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/TrustedAdvisor/checks.html",
+      "Other": "1. Sign in to the AWS Console and open Trusted Advisor\n2. Go to Checks and filter Status to Warning and Error\n3. Open each failing check and click View details/Recommended actions\n4. Apply the listed fix to the affected resources\n5. Click Refresh on the check and repeat until all checks show OK",
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "Review and act upon its recommendations.",
-      "Url": "https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/"
+      "Text": "Adopt a continuous process to remediate Trusted Advisor findings:\n- Prioritize **`error`** then `warning`\n- Assign ownership and SLAs\n- Integrate alerts with workflows\n- Enforce **least privilege**, segmentation, encryption, MFA, and tested backups\n- Reassess regularly to confirm fixes and prevent regression",
+      "Url": "https://hub.prowler.com/check/trustedadvisor_errors_and_warnings"
     }
   },
   "Categories": [],

prowler/providers/aws/services/trustedadvisor/trustedadvisor_premium_support_plan_subscribed/trustedadvisor_premium_support_plan_subscribed.metadata.json

@@ -1,29 +1,37 @@
 {
   "Provider": "aws",
   "CheckID": "trustedadvisor_premium_support_plan_subscribed",
-  "CheckTitle": "Check if a Premium support plan is subscribed",
-  "CheckType": [],
+  "CheckTitle": "AWS account is subscribed to an AWS Premium Support plan",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices"
+  ],
   "ServiceName": "trustedadvisor",
   "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:iam::AWS_ACCOUNT_NUMBER:root",
+  "ResourceIdTemplate": "",
   "Severity": "low",
   "ResourceType": "Other",
-  "Description": "Check if a Premium support plan is subscribed.",
-  "Risk": "Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business.",
-  "RelatedUrl": "https://aws.amazon.com/premiumsupport/plans/",
+  "Description": "**AWS account** is subscribed to an **AWS Premium Support plan** (e.g., Business or Enterprise)",
+  "Risk": "Without **Premium Support**, critical incidents face slower response, reducing **availability** and delaying containment of security events. Limited Trusted Advisor coverage lets **misconfigurations** persist, risking **data exposure** and **privilege misuse**. Lack of expert guidance increases change risk during production impacts.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html",
+    "https://aws.amazon.com/premiumsupport/plans/"
+  ],
   "Remediation": {
     "Code": {
       "CLI": "",
       "NativeIaC": "",
-      "Other": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html",
+      "Other": "1. Sign in to the AWS Management Console as the account root user\n2. Open https://console.aws.amazon.com/support/home#/plans\n3. Click \"Change plan\"\n4. Select \"Business Support\" (or higher) and click \"Continue\"\n5. Review and confirm the upgrade",
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "It is recommended that you subscribe to the AWS Business Support tier or higher for all of your AWS production accounts. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster.",
-      "Url": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Support/support-plan.html"
+      "Text": "Adopt **Business** or higher for production and mission-critical accounts.\n- Integrate Support into IR with defined contacts/severity\n- Enforce **least privilege** for case access\n- Use Trusted Advisor for proactive hardening\n- If opting out, ensure an equivalent 24/7 support and escalation path",
+      "Url": "https://hub.prowler.com/check/trustedadvisor_premium_support_plan_subscribed"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "resilience"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

scripts/gga-review.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# Gentleman Guardian Angel (gga) - AI Code Review Hook
+# This script is called by pre-commit after all formatters/linters have run
+
+set -e
+
+# Colors
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+# Check if AI code review is enabled
+if [ "${CODE_REVIEW_ENABLED:-false}" != "true" ]; then
+    echo -e "${YELLOW}⏭️  AI code review disabled (CODE_REVIEW_ENABLED!=true)${NC}"
+    exit 0
+fi
+
+# Check if AGENTS-CODE-REVIEW.md exists
+if [ ! -f "AGENTS-CODE-REVIEW.md" ]; then
+    echo -e "${YELLOW}⏭️  AI code review skipped (AGENTS-CODE-REVIEW.md not found)${NC}"
+    exit 0
+fi
+
+# Install gga if not present
+if ! command -v gga &> /dev/null; then
+    echo -e "${BLUE}📦 Installing Gentleman Guardian Angel (gga)...${NC}"
+    if command -v brew &> /dev/null; then
+        brew tap gentleman-programming/tap 2>/dev/null || true
+        brew install gga
+    else
+        # Fallback: install from source for Linux/CI environments
+        GGA_TMP_DIR=$(mktemp -d)
+        git clone --depth 1 https://github.com/Gentleman-Programming/gentleman-guardian-angel.git "$GGA_TMP_DIR"
+        chmod +x "$GGA_TMP_DIR/install.sh"
+        "$GGA_TMP_DIR/install.sh"
+        rm -rf "$GGA_TMP_DIR"
+    fi
+fi
+
+# Verify gga is available
+if ! command -v gga &> /dev/null; then
+    echo "❌ Failed to install gga"
+    echo "Please install manually: https://github.com/Gentleman-Programming/gentleman-guardian-angel"
+    exit 1
+fi
+
+# Run gga code review
+# Exclusions are configured in .gga file (EXCLUDE_PATTERNS)
+exec gga run

ui/.husky/pre-commit

@@ -1,15 +1,14 @@
 #!/bin/bash
 
 # Prowler UI - Pre-Commit Hook
-# Optionally validates ONLY staged files against AGENTS.md standards using Claude Code
-# Controlled by CODE_REVIEW_ENABLED in .env
+# Runs healthcheck (typecheck + lint) and build for UI changes
+# AI code review is handled by gga in .pre-commit-config.yaml
 
 set -e
 
 # Colors
 RED='\033[0;31m'
 GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color
 
@@ -19,127 +18,14 @@ echo "🚀 Prowler UI - Pre-Commit Hook"
 echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 echo ""
 
-# Load .env file (look in git root directory)
+# Get git root and navigate to ui directory
 GIT_ROOT=$(git rev-parse --show-toplevel)
-if [ -f "$GIT_ROOT/ui/.env" ]; then
-  CODE_REVIEW_ENABLED=$(grep "^CODE_REVIEW_ENABLED" "$GIT_ROOT/ui/.env" | cut -d'=' -f2 | tr -d ' ')
-elif [ -f "$GIT_ROOT/.env" ]; then
-  CODE_REVIEW_ENABLED=$(grep "^CODE_REVIEW_ENABLED" "$GIT_ROOT/.env" | cut -d'=' -f2 | tr -d ' ')
-elif [ -f ".env" ]; then
-  CODE_REVIEW_ENABLED=$(grep "^CODE_REVIEW_ENABLED" .env | cut -d'=' -f2 | tr -d ' ')
-else
-  CODE_REVIEW_ENABLED="false"
-fi
-
-# Normalize the value to lowercase
-CODE_REVIEW_ENABLED=$(echo "$CODE_REVIEW_ENABLED" | tr '[:upper:]' '[:lower:]')
-
-echo -e "${BLUE}ℹ️  Code Review Status: ${CODE_REVIEW_ENABLED}${NC}"
-echo ""
-
-# Get staged files (what will be committed)
-STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(tsx?|jsx?)$' || true)
-
-if [ "$CODE_REVIEW_ENABLED" = "true" ]; then
-  if [ -z "$STAGED_FILES" ]; then
-    echo -e "${YELLOW}⚠️  No TypeScript/JavaScript files staged to validate${NC}"
-    echo ""
-  else
-    echo -e "${YELLOW}🔍 Running Claude Code standards validation...${NC}"
-    echo ""
-    echo -e "${BLUE}📋 Files to validate:${NC}"
-    echo "$STAGED_FILES" | while IFS= read -r file; do echo "  - $file"; done
-    echo ""
-
-    echo -e "${BLUE}📤 Sending to Claude Code for validation...${NC}"
-    echo ""
-
-    # Build prompt with full file contents
-    VALIDATION_PROMPT=$(
-      cat <<'PROMPT_EOF'
-You are a code reviewer for the Prowler UI project. Analyze the full file contents of changed files below and validate they comply with AGENTS.md standards.
-
-**RULES TO CHECK:**
-1. React Imports: NO `import * as React` or `import React, {` → Use `import { useState }`
-2. TypeScript: NO union types like `type X = "a" | "b"` → Use const-based: `const X = {...} as const`
-3. Tailwind: NO `var()` or hex colors in className → Use Tailwind utilities and semantic color classes. Exception: `var()` is allowed when passing colors to chart/graph components that require CSS color strings (not Tailwind classes) for their APIs.
-4. cn(): Use for merging multiple classes or for conditionals (handles Tailwind conflicts with twMerge) → `cn(BUTTON_STYLES.base, BUTTON_STYLES.active, isLoading && "opacity-50")`
-5. React 19: NO `useMemo`/`useCallback` without reason
-6. Zod v4: Use `.min(1)` not `.nonempty()`, `z.email()` not `z.string().email()`. All inputs must be validated with Zod.
-7. File Org: 1 feature = local, 2+ features = shared
-8. Directives: Server Actions need "use server", clients need "use client"
-9. Implement DRY, KISS principles. (example: reusable components, avoid repetition)
-10. Layout must work for all the responsive breakpoints (mobile, tablet, desktop)
-11. ANY types cannot be used - CRITICAL: Check for `: any` in all visible lines
-12. Use the components inside components/shadcn if possible
-13. Check Accessibility best practices (like alt tags in images, semantic HTML, Aria labels, etc.)
-
-=== FILES TO REVIEW ===
-PROMPT_EOF
-    )
-
-    # Add full file contents for each staged file
-    for file in $STAGED_FILES; do
-      VALIDATION_PROMPT="$VALIDATION_PROMPT
-
-=== FILE: $file ===
-$(cat "$file" 2>/dev/null || echo "Error reading file")"
-    done
-
-    VALIDATION_PROMPT="$VALIDATION_PROMPT
-
-=== END FILES ===
-
-**IMPORTANT: Your response MUST start with exactly one of these lines:**
-STATUS: PASSED
-STATUS: FAILED
-
-**If FAILED:** List each violation with File, Line Number, Rule Number, and Issue.
-**If PASSED:** Confirm all files comply with AGENTS.md standards.
-
-**Start your response now with STATUS:**"
-
-    # Send to Claude Code
-    if VALIDATION_OUTPUT=$(echo "$VALIDATION_PROMPT" | claude 2>&1); then
-      echo "$VALIDATION_OUTPUT"
-      echo ""
-
-      # Check result - STRICT MODE: fail if status unclear
-      if echo "$VALIDATION_OUTPUT" | grep -q "^STATUS: PASSED"; then
-        echo ""
-        echo -e "${GREEN}✅ VALIDATION PASSED${NC}"
-        echo ""
-      elif echo "$VALIDATION_OUTPUT" | grep -q "^STATUS: FAILED"; then
-        echo ""
-        echo -e "${RED}❌ VALIDATION FAILED${NC}"
-        echo -e "${RED}Fix violations before committing${NC}"
-        echo ""
-        exit 1
-      else
-        echo ""
-        echo -e "${RED}❌ VALIDATION ERROR${NC}"
-        echo -e "${RED}Could not determine validation status from Claude Code response${NC}"
-        echo -e "${YELLOW}Response must start with 'STATUS: PASSED' or 'STATUS: FAILED'${NC}"
-        echo ""
-        echo -e "${YELLOW}To bypass validation temporarily, set CODE_REVIEW_ENABLED=false in .env${NC}"
-        echo ""
-        exit 1
-      fi
-    else
-      echo -e "${YELLOW}⚠️  Claude Code not available${NC}"
-    fi
-    echo ""
-  fi
-else
-  echo -e "${YELLOW}⏭️  Code review disabled (CODE_REVIEW_ENABLED=false)${NC}"
-  echo ""
-fi
+cd "$GIT_ROOT/ui" || exit 1
 
 # Run healthcheck (typecheck and lint check)
 echo -e "${BLUE}🏥 Running healthcheck...${NC}"
 echo ""
 
-cd ui || cd .
 if pnpm run healthcheck; then
   echo ""
   echo -e "${GREEN}✅ Healthcheck passed${NC}"

ui/CHANGELOG.md

@@ -11,6 +11,8 @@ All notable changes to the **Prowler UI** are documented in this file.
 
 ### 🔄 Changed
 
+- Replace custom Claude pre-commit validation with Gentleman Guardian Angel (gga) for provider-agnostic, monorepo-aware AI code reviews [(#9571)](https://github.com/prowler-cloud/prowler/pull/9571)
+
 ### 🐞 Fixed
 
 ---

ui/README.md

@@ -2,10 +2,12 @@
 
 This repository hosts the UI component for Prowler, providing a user-friendly web interface to interact seamlessly with Prowler's features.
 
-
 ## 🚀 Production deployment
+
 ### Docker deployment
+
 #### Clone the repository
+
 ```console
 # HTTPS
 git clone https://github.com/prowler-cloud/ui.git
@@ -14,16 +16,21 @@ git clone https://github.com/prowler-cloud/ui.git
 git clone git@github.com:prowler-cloud/ui.git
 
 ```
+
 #### Build the Docker image
+
 ```bash
 docker build -t prowler-cloud/ui . --target prod
 ```
+
 #### Run the Docker container
+
 ```bash
 docker run -p 3000:3000 prowler-cloud/ui
 ```
 
 ### Local deployment
+
 #### Clone the repository
 
 ```console
@@ -48,8 +55,11 @@ pnpm start
 ```
 
 ## 🧪 Development deployment
+
 ### Docker deployment
+
 #### Clone the repository
+
 ```console
 # HTTPS
 git clone https://github.com/prowler-cloud/ui.git
@@ -58,16 +68,21 @@ git clone https://github.com/prowler-cloud/ui.git
 git clone git@github.com:prowler-cloud/ui.git
 
 ```
+
 #### Build the Docker image
+
 ```bash
 docker build -t prowler-cloud/ui . --target dev
 ```
+
 #### Run the Docker container
+
 ```bash
 docker run -p 3000:3000 prowler-cloud/ui
 ```
 
 ### Local deployment
+
 #### Clone the repository
 
 ```console
@@ -109,45 +124,74 @@ pnpm run dev
 
 ## Git Hooks & Code Review
 
-This project uses Git hooks to maintain code quality. When you commit changes to TypeScript/JavaScript files, the pre-commit hook can optionally validate them against our coding standards using Claude Code.
+This project uses Git hooks to maintain code quality:
 
-### Enabling Code Review
+1. **UI Pre-commit Hook** (`ui/.husky/pre-commit`): Runs healthcheck (typecheck + lint) and build for UI changes
+2. **AI Code Review** (`.pre-commit-config.yaml`): Uses [Gentleman Guardian Angel (gga)](https://github.com/Gentleman-Programming/gentleman-guardian-angel) to validate code against `AGENTS-CODE-REVIEW.md` standards
 
-To enable automatic code review on commits, add this to your `.env` file in the project root:
+### Enabling AI Code Review
+
+The AI code review runs **after** all formatters and linters have processed the code. To enable it, set in your environment or `.env` file:
 
 ```bash
-CODE_REVIEW_ENABLED=true
+export CODE_REVIEW_ENABLED=true
 ```
 
-When enabled, the hook will:
-- ✅ Validate your staged changes against `AGENTS.md` standards
-- ✅ Check for common issues (any types, incorrect imports, styling violations, etc.)
-- ✅ Block commits that don't comply with the standards
-- ✅ Provide helpful feedback on how to fix issues
+When enabled:
 
-### Disabling Code Review
+- ✅ Validates staged changes against `AGENTS-CODE-REVIEW.md` standards
+- ✅ Reviews both TypeScript (UI) and Python (SDK, API, MCP) files
+- ✅ Runs last, after black/isort/prettier have formatted the code
+- ✅ Smart caching: skips unchanged files for faster reviews
+- ✅ Blocks commits that don't comply with standards
 
-To disable code review (faster commits, useful for quick iterations):
+### Disabling AI Code Review
 
 ```bash
-CODE_REVIEW_ENABLED=false
+export CODE_REVIEW_ENABLED=false
 ```
 
-Or remove the variable from your `.env` file.
+Or simply don't set the variable (disabled by default).
 
 ### Requirements
 
-- [Claude Code CLI](https://github.com/anthropics/claude-code) installed and authenticated
-- `.env` file in the project root with `CODE_REVIEW_ENABLED` set
+- **AI CLI**: One of the following must be installed and authenticated:
+  - [Claude Code CLI](https://claude.ai/code) (default, recommended)
+  - [Gemini CLI](https://github.com/google-gemini/gemini-cli)
+  - [Codex CLI](https://www.npmjs.com/package/@openai/codex)
+  - [Ollama](https://ollama.ai) (local models)
+
+**Note:** `gga` will be installed automatically on first commit if not present.
+
+### Configuration
+
+The AI code review is configured via `.gga` in the **repository root**:
+
+```bash
+PROVIDER="claude"                    # AI provider
+FILE_PATTERNS="*.ts,*.tsx,*.js,*.jsx,*.py"
+EXCLUDE_PATTERNS="*.test.ts,*.spec.ts,*_test.py,test_*.py,conftest.py,*.d.ts"
+RULES_FILE="AGENTS-CODE-REVIEW.md"   # Centralized review rules
+STRICT_MODE="true"
+```
+
+Available providers: `claude`, `gemini`, `codex`, `ollama:<model>`
 
 ### Troubleshooting
 
-If hooks aren't running after commits:
+If gga installation fails:
 
 ```bash
-# Verify hooks are configured
-git config --get core.hooksPath  # Should output: ui/.husky
+# Homebrew (macOS)
+brew install gentleman-programming/tap/gga
 
-# Reconfigure if needed
-git config core.hooksPath "ui/.husky"
+# From source (Linux/macOS)
+git clone https://github.com/Gentleman-Programming/gentleman-guardian-angel.git /tmp/gga
+cd /tmp/gga && ./install.sh
+```
+
+To clear the gga cache:
+
+```bash
+gga cache clear
 ```