Add Claude Code GitHub Workflow

[ascorbic]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[github-actions]

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.
Without this title format, a release will not be triggered

Details:

No release type found in pull request title "Add Claude Code GitHub Workflow". Add a prefix to indicate what kind of release this pull request corresponds to. For reference, see https://www.conventionalcommits.org/

Available types:
 - fix
 - feat
 - chore
 - docs
 - ci
 - test
 - revert

[claude]

Code Review Summary

I have reviewed this PR that adds Claude Code GitHub workflows. Overall, this is a well-structured addition. Here is my detailed feedback:

Strengths

1. Separation of Concerns: The PR correctly separates two distinct workflows (auto-review and interactive mentions)
2. Security: Appropriate use of secrets and read-only permissions for most operations
3. Improved claude.yml: Simplified configuration, better documentation, and stable action version

Critical Issue - Must Fix

Missing Write Permissions in claude-code-review.yml (Severity: High)

The workflow at line 52 instructs Claude to post comments using gh pr comment, but the permissions block (lines 22-26) only includes read permissions.

Problem: The workflow cannot post comments without pull-requests: write permission.

Fix Required: Add pull-requests: write to .github/workflows/claude-code-review.yml permissions block

Other Recommendations

Potential Workflow Conflict (Severity: Medium)
Both workflows will trigger on PRs. If someone mentions @claude in a review on a newly opened PR, both workflows could run simultaneously. Consider enabling the author filter on lines 15-19 of claude-code-review.yml.

Removed Allowed Tools (Severity: Low)
The old claude.yml included allowed tools for pnpm/npm commands. Was this intentional? If Claude needs to run tests or builds as mentioned in CLAUDE.md, consider adding allowed tools back.

Shallow Clone Depth (Severity: Low)
Both workflows use fetch-depth: 1 which may limit git history context.

Code Quality Assessment

• YAML syntax is correct and well-formatted
• Comments are helpful and properly placed
• Action versions are pinned appropriately
• Uses GitHub recommended practices for checkout

Security Assessment

Overall: Secure

• No hardcoded secrets
• Appropriate permission scoping
• Action sources are from official Anthropic repository

Final Recommendation

Approve with Required Changes

The PR is well-designed and adds valuable functionality. However, the missing pull-requests: write permission will prevent the auto-review workflow from functioning as intended. Once that is fixed, this is ready to merge.

Great work on adopting Claude Code!