From 51af98b41112405387100b8d3c6d81f8305a8a80 Mon Sep 17 00:00:00 2001 From: Matthew Podwysocki Date: Thu, 12 Mar 2026 19:59:10 -0400 Subject: [PATCH] Add Claude automated code review workflow Triggers on PRs with >=300 changed lines and on @claude mentions. Uses ANTHROPIC_API_KEY repo secret (to be configured). Prompt tailored to this repo's conventions: BaseTool/BaseResource patterns, Zod schemas, injected httpRequest, vitest mocking rules. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/claude-review.yml | 56 +++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/claude-review.yml diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml new file mode 100644 index 0000000..fd0b336 --- /dev/null +++ b/.github/workflows/claude-review.yml @@ -0,0 +1,56 @@ +name: Claude Code Review + +on: + pull_request: + types: [opened, synchronize, reopened] + issue_comment: + types: [created] + +jobs: + claude-review: + if: > + (github.event_name == 'pull_request') || + (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '@claude')) + runs-on: ubuntu-latest + permissions: + id-token: write + actions: read + contents: read + pull-requests: write + issues: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check PR size + if: github.event_name == 'pull_request' + id: pr-size + run: | + CHANGED_LINES=$(git diff --stat origin/${{ github.event.pull_request.base.ref }}...origin/${{ github.event.pull_request.head.ref }} | tail -1 | awk '{gsub(/[^0-9]/, " "); print $1 + $2}') + CHANGED_LINES=${CHANGED_LINES:-0} + echo "changed_lines=$CHANGED_LINES" >> "$GITHUB_OUTPUT" + echo "PR has $CHANGED_LINES changed lines" + + - name: Claude Code Review + if: > + github.event_name == 'issue_comment' || + (github.event_name == 'pull_request' && fromJSON(steps.pr-size.outputs.changed_lines) >= 300) + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + trigger_phrase: "@claude" + track_progress: true + prompt: | + Review this PR focusing on: + 1. Security - no unbounded cache growth, response body size caps, no global fetch patching + 2. Correctness - BaseTool/BaseResource patterns followed, Zod schemas for all inputs/outputs, httpRequest injected not global fetch + 3. Conventions - tools registered in toolRegistry.ts, resources in resourceRegistry.ts, .js extensions on imports, no accessToken param on execute() + 4. Testing - new tools and resources need tests, all HTTP calls mocked with vi.fn(), no real network calls in tests + 5. Dependencies - avoid adding new dependencies without strong justification; prefer Node 22+ built-ins + + Do NOT suggest switching to Jest, express, axios, or node-fetch. + Do NOT suggest adding an accessToken or context parameter to execute(). + + Provide detailed inline comments for specific issues. + claude_args: '--model claude-opus-4-6 --allowedTools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),mcp__github_inline_comment__create_inline_comment,Read,Grep,Glob,Bash(git log:*),Bash(git diff:*),Bash(git show:*),Bash(git blame:*),Bash(git rev-parse:*),WebFetch(domain:github.com)"'