d68f003000
CI / Change detection (push) Has been cancelled
CI / Version drift (push) Has been cancelled
CI / Lint (push) Has been cancelled
CI / Workflow RLM cache (push) Has been cancelled
CI / Test (macos-latest) (push) Has been cancelled
CI / Test (ubuntu-latest) (push) Has been cancelled
CI / Test (windows-latest) (push) Has been cancelled
CI / npm wrapper smoke (push) Has been cancelled
CI / Mobile runtime smoke (push) Has been cancelled
CI / Workflow lint (push) Has been cancelled
CI / Documentation (push) Has been cancelled
Web Frontend / Lint & Type Check (push) Failing after 1s
Auto-close harvested PRs / close (push) Failing after 1s
cargo-deny / cargo-deny (bans licenses sources) (push) Failing after 1s
Security audit / cargo-audit (push) Failing after 1s
Sync to CNB / sync (push) Failing after 1s
Web Frontend / Deploy to Cloudflare (push) Waiting to run
cargo-deny / cargo-deny (advisories) (push) Failing after 3s
82 lines
3.6 KiB
YAML
82 lines
3.6 KiB
YAML
name: Claude PR Review
|
|
|
|
# Advisory AI code review by Claude (anthropics/claude-code-action) on every
|
|
# non-draft PR. CODEOWNERS (@Hmbown) stays the human owner — this review posts
|
|
# alongside it, it does not replace approval.
|
|
#
|
|
# Setup: add a CLAUDE_CODE_OAUTH_TOKEN repository secret
|
|
# 1. Run `claude setup-token` locally (Pro/Max subscription) to mint a token.
|
|
# 2. Settings -> Secrets and variables -> Actions -> New repository secret.
|
|
# Until the secret exists the job no-ops with a notice (stays green), so this
|
|
# workflow is safe to merge before the token is configured.
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, ready_for_review]
|
|
branches: [master, main]
|
|
|
|
concurrency:
|
|
group: claude-review-${{ github.event.pull_request.number }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
claude-review:
|
|
name: Claude review
|
|
if: github.event.pull_request.draft == false
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
HAS_OAUTH: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN != '' }}
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
id-token: write
|
|
steps:
|
|
- name: Skip when token is unset
|
|
if: env.HAS_OAUTH != 'true'
|
|
run: echo "::notice::CLAUDE_CODE_OAUTH_TOKEN is not set — skipping Claude review. Add the secret to enable it."
|
|
|
|
- name: Checkout repository
|
|
if: env.HAS_OAUTH == 'true'
|
|
uses: actions/checkout@v7
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Claude code review
|
|
if: env.HAS_OAUTH == 'true'
|
|
uses: anthropics/claude-code-action@v1
|
|
with:
|
|
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
|
|
track_progress: true
|
|
prompt: |
|
|
REPO: ${{ github.repository }}
|
|
PR NUMBER: ${{ github.event.pull_request.number }}
|
|
|
|
You are reviewing a pull request against CodeWhale, a Rust workspace
|
|
(an agentic coding TUI/runtime). The PR branch is already checked out
|
|
in the current working directory.
|
|
|
|
Review the diff and report findings in this priority order:
|
|
1. Correctness bugs: logic errors, panics, unwrap/expect on fallible
|
|
paths, race conditions, incorrect error handling, off-by-one, and
|
|
non-exhaustive matches that could break compilation.
|
|
2. Provider/model/route safety (v0.8.65 EPIC #2608 invariant): a
|
|
provider-prefixed model string (e.g. `deepseek-ai/`, `deepseek/`,
|
|
`anthropic/`, `openai/`, `qwen/`) is a wire id or namespace hint,
|
|
never proof of provider selection. Flag any code that infers a
|
|
provider/model switch from such a prefix or from freeform prompt
|
|
text rather than from explicit user choice, config, Fleet policy,
|
|
capability requirements, or fallback policy.
|
|
3. Reuse and simplification: duplicated logic, dead code, needless
|
|
allocation/cloning, or reimplementing something the workspace
|
|
already provides.
|
|
4. Tests: missing coverage for new behavior and edge cases.
|
|
5. Security: secret handling, shell/exec policy, input validation.
|
|
|
|
Be specific and concise. Use inline comments for line-specific issues
|
|
and one top-level comment for the summary. Note genuinely good choices
|
|
briefly. Do not nitpick style that `cargo fmt` / `clippy` already
|
|
enforce.
|
|
|
|
claude_args: |
|
|
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(git log:*),Bash(git diff:*)"
|