Files
hmbown--codewhale/.github/workflows/claude-review.yml
T
wehub-resource-sync d68f003000
CI / Change detection (push) Has been cancelled
CI / Version drift (push) Has been cancelled
CI / Lint (push) Has been cancelled
CI / Workflow RLM cache (push) Has been cancelled
CI / Test (macos-latest) (push) Has been cancelled
CI / Test (ubuntu-latest) (push) Has been cancelled
CI / Test (windows-latest) (push) Has been cancelled
CI / npm wrapper smoke (push) Has been cancelled
CI / Mobile runtime smoke (push) Has been cancelled
CI / Workflow lint (push) Has been cancelled
CI / Documentation (push) Has been cancelled
Web Frontend / Lint & Type Check (push) Failing after 1s
Auto-close harvested PRs / close (push) Failing after 1s
cargo-deny / cargo-deny (bans licenses sources) (push) Failing after 1s
Security audit / cargo-audit (push) Failing after 1s
Sync to CNB / sync (push) Failing after 1s
Web Frontend / Deploy to Cloudflare (push) Waiting to run
cargo-deny / cargo-deny (advisories) (push) Failing after 3s
chore: import upstream snapshot with attribution
2026-07-13 12:08:23 +08:00

82 lines
3.6 KiB
YAML

name: Claude PR Review
# Advisory AI code review by Claude (anthropics/claude-code-action) on every
# non-draft PR. CODEOWNERS (@Hmbown) stays the human owner — this review posts
# alongside it, it does not replace approval.
#
# Setup: add a CLAUDE_CODE_OAUTH_TOKEN repository secret
# 1. Run `claude setup-token` locally (Pro/Max subscription) to mint a token.
# 2. Settings -> Secrets and variables -> Actions -> New repository secret.
# Until the secret exists the job no-ops with a notice (stays green), so this
# workflow is safe to merge before the token is configured.
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [master, main]
concurrency:
group: claude-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
claude-review:
name: Claude review
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
env:
HAS_OAUTH: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN != '' }}
permissions:
contents: read
pull-requests: write
id-token: write
steps:
- name: Skip when token is unset
if: env.HAS_OAUTH != 'true'
run: echo "::notice::CLAUDE_CODE_OAUTH_TOKEN is not set — skipping Claude review. Add the secret to enable it."
- name: Checkout repository
if: env.HAS_OAUTH == 'true'
uses: actions/checkout@v7
with:
fetch-depth: 1
- name: Claude code review
if: env.HAS_OAUTH == 'true'
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
track_progress: true
prompt: |
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
You are reviewing a pull request against CodeWhale, a Rust workspace
(an agentic coding TUI/runtime). The PR branch is already checked out
in the current working directory.
Review the diff and report findings in this priority order:
1. Correctness bugs: logic errors, panics, unwrap/expect on fallible
paths, race conditions, incorrect error handling, off-by-one, and
non-exhaustive matches that could break compilation.
2. Provider/model/route safety (v0.8.65 EPIC #2608 invariant): a
provider-prefixed model string (e.g. `deepseek-ai/`, `deepseek/`,
`anthropic/`, `openai/`, `qwen/`) is a wire id or namespace hint,
never proof of provider selection. Flag any code that infers a
provider/model switch from such a prefix or from freeform prompt
text rather than from explicit user choice, config, Fleet policy,
capability requirements, or fallback policy.
3. Reuse and simplification: duplicated logic, dead code, needless
allocation/cloning, or reimplementing something the workspace
already provides.
4. Tests: missing coverage for new behavior and edge cases.
5. Security: secret handling, shell/exec policy, input validation.
Be specific and concise. Use inline comments for line-specific issues
and one top-level comment for the summary. Note genuinely good choices
briefly. Do not nitpick style that `cargo fmt` / `clippy` already
enforce.
claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(git log:*),Bash(git diff:*)"