feat(rules): add AWS discovery rules for edge and cost services

[axonstone]

Summary

• What changed?
  • Added discovery-only AWS rules for API Gateway, CloudFront, Cost Explorer, DynamoDB, Route 53, and Secrets Manager.
  • Added the supporting SDK dataset loaders, AWS clients, discovery registry wiring, exports, and documentation updates.
• Why was this needed?
  • CloudBurn needed coverage for these AWS cost and optimization checks in live discovery mode, with rule-facing datasets wired through the existing sdk -> rules discovery pipeline.

Diagram

graph TD
  A["Discovery Rules"] --> B["Discovery Dependencies"]
  B --> C["AWS Discovery Registry"]
  C --> D["Resource Explorer Seeds or Account-Scoped Loaders"]
  D --> E["SDK Hydrators"]
  E --> F["LiveResourceBag Datasets"]
  F --> G["Rule evaluateLive() Findings"]

Loading

Scope

• cloudburn (cli)
• @cloudburn/sdk
• @cloudburn/rules
• docs/community files

Release Notes

• Added a .changeset/*.md file for published package changes
• No published package changes in this PR

Verification

• pnpm lint
• pnpm typecheck
• pnpm test
• pnpm build
• pnpm verify

Boundary Checks

• No engine/parser/provider logic added to @cloudburn/rules
• CLI delegates scan logic to SDK
• README/CONTRIBUTING/docs updated when behavior changed

---

[axonstone]

roborev: Combined Review (1c8dd0e)

Verdict: No High or Critical findings across the combined reviews.

All reviewers agreed there are no blocking issues at high severity or above.

Medium/Low findings were reported in some reviews, but omitted here per the requested threshold.

---

Synthesized from 4 reviews (agents: claude-code, codex | types: default, security)

[axonstone]

Re: comment 4117014426

Already reviewed. This summary does not include any actionable findings, so no code change was needed.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.