feat: add AWS Secrets Manager Integration

pr_agent/settings/.secrets_template.toml

@@ -121,4 +121,18 @@ api_base = ""
 [aws]
 AWS_ACCESS_KEY_ID = ""
 AWS_SECRET_ACCESS_KEY = ""
-AWS_REGION_NAME = ""
+AWS_REGION_NAME = ""
+
+# AWS Secrets Manager (for secure secret management in Lambda environments)
+[aws_secrets_manager]
+secret_arn = ""         # The ARN of the AWS Secrets Manager secret containing PR-Agent configuration
+region_name = ""        # Optional: specific AWS region (defaults to AWS_REGION_NAME or Lambda region)
+
+# AWS Secrets Manager secret should contain JSON with configuration overrides:
+# Example secret value:
+# {
+#   "openai.key": "sk-...",
+#   "github.webhook_secret": "your-webhook-secret",
+#   "github.user_token": "ghp_...",
+#   "gitlab.personal_access_token": "glpat-..."
+# }

pr_agent/settings/configuration.toml

@@ -39,7 +39,7 @@ allow_dynamic_context=true
 max_extra_lines_before_dynamic_context = 10 # will try to include up to 10 extra lines before the hunk in the patch, until we reach an enclosing function or class
 patch_extra_lines_before = 5 # Number of extra lines (+3 default ones) to include before each hunk in the patch
 patch_extra_lines_after = 1 # Number of extra lines (+3 default ones) to include after each hunk in the patch
-secret_provider=""
+secret_provider="" # "" (disabled), "google_cloud_storage", or "aws_secrets_manager" for secure secret management
 cli_mode=false
 ai_disclaimer_title=""  # Pro feature, title for a collapsible disclaimer to AI outputs
 ai_disclaimer=""  # Pro feature, full text for the AI disclaimer