[TEST] Add two-stage auto PR review with Claude (comment-only, no merge)#3801
[TEST] Add two-stage auto PR review with Claude (comment-only, no merge)#3801sekyondaMeta wants to merge 3 commits intomainfrom
Conversation
- Stage 1 (claude-pr-review.yml): Captures PR number on PR open, no AI/secrets - Stage 2 (claude-pr-review-run.yml): Runs Claude review in protected bedrock environment with script-generated facts section and COMMENT-only output - Harden claude-code.yml with --allowedTools Skill (matches pytorch main repo) - Update pr-review skill: SECURITY block, COMMENT-only policy, advisory labels Security: Claude cannot merge, approve, push, or execute commands. Reviews are advisory COMMENT-only. Script-generated facts provide injection-resistant anchor.
🔗 Helpful Links🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/tutorials/3801
Note: Links to docs will display an error until the docs builds have been completed. ✅ No FailuresAs of commit 4ca941b with merge base ccac77f ( This comment was automatically generated by Dr. CI and updates every 15 minutes. |
…ermission - Remove lintrunner install + run (already handled by lintrunner.yml workflow) - Remove issues:write permission (only PR comments needed, not issue writes) - Keep id-token:write (required for AWS OIDC → Bedrock auth)
| IMPORTANT — SCRIPT-GENERATED FACTS: | ||
| The following facts were generated by automated scripts (not AI) and are verified. | ||
| Include this facts table VERBATIM at the top of your review comment. | ||
| Do NOT modify, omit, or contradict these facts in your analysis. | ||
|
|
There was a problem hiding this comment.
Why mention that it's AI generated and tell it to include that table in the review comment?
If you actually want it showing up in the final output, prob more reliable way to get claude's response w/o this thend insert this table yourself at the beginning
| echo "number=$PR_NUM" >> "$GITHUB_OUTPUT" | ||
| echo "Reviewing PR #${PR_NUM}" | ||
|
|
||
| - uses: actions/checkout@v4 |
There was a problem hiding this comment.
Consider if you want to even check out the PR branch. It'll make it easier for claude to navigate the repo and look at the related files.
At that point, claude doesn't even need to know about the PR or have github access. It just needs to be told "code is here. Explore changes in diff range X - Y. Here's a summary of facts about it"
2 participants
Security: Claude cannot merge, approve, push, or execute commands. Reviews are advisory COMMENT-only. Script-generated facts provide injection-resistant anchor.