55 types : [created]
66 pull_request :
77 types : [labeled, synchronize]
8+ pull_request_target :
9+ types : [labeled, synchronize]
810
911jobs :
1012 claude-review :
4648 - Security concerns
4749 - Test coverage
4850
49- Use the repository's CLAUDE .md for guidance on style and conventions. Be constructive and helpful in your feedback.
51+ Use the repository's AGENTS .md for guidance on style and conventions. Be constructive and helpful in your feedback.
5052
5153 Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
5254
5658
5759 claude-approve :
5860 if : |
59- github.event_name == 'pull_request ' &&
61+ github.event_name == 'pull_request_target ' &&
6062 contains(github.event.pull_request.labels.*.name, 'low-risk') &&
6163 (github.event.action == 'labeled' || github.event.action == 'synchronize')
6264runs-on : ubuntu-latest
@@ -88,13 +90,40 @@ jobs:
8890 - Security concerns
8991 - Test coverage
9092
91- Use the repository's CLAUDE.md for guidance on style and conventions.
92-
93- If you find NO significant issues, approve the PR using:
94- gh pr review ${{ github.event.pull_request.number }} --approve --body "Your approval message"
95-
96- If you find ANY significant issues, do NOT approve. Instead, leave a
97- comment explaining the problems using:
98- gh pr comment ${{ github.event.pull_request.number }} --body "Your review findings"
99-
100- claude_args : ' --allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),Bash(gh pr review:*)"'
93+ Use the repository's AGENTS.md for guidance on style and conventions.
94+
95+ Classify the PR's intrinsic risk severity using one of:
96+ - critical: must block merge
97+ - high: large blast radius or very sensitive code paths
98+ - medium: meaningful production or maintainability risk
99+ - low: constrained blast radius and straightforward rollback
100+
101+ Intrinsic risk is about the impact and sensitivity of changed code,
102+ even when no concrete bug is found.
103+ Any changes touching fund movement, signing/sweeping, swap state
104+ transitions, security/authz/authn logic, secrets handling, or DB
105+ schema/migrations are at least medium risk.
106+
107+ Also classify each finding using one of:
108+ - critical
109+ - high
110+ - medium
111+ - low
112+ - nit
113+
114+ Decision rule:
115+ - Approve ONLY if intrinsic PR risk is low AND highest finding
116+ severity is low or nit.
117+ - If intrinsic PR risk is medium/high/critical, DO NOT approve and
118+ submit a changes-requested review.
119+ - If any finding is medium/high/critical, DO NOT approve and submit
120+ a changes-requested review.
121+ - If uncertain, treat as medium risk.
122+
123+ If approving:
124+ gh pr review ${{ github.event.pull_request.number }} --approve --body "Claude review: intrinsic PR risk low and findings low/nit; safe for low-risk path."
125+
126+ If NOT approving:
127+ gh pr review ${{ github.event.pull_request.number }} --request-changes --body "Claude review: not eligible for low-risk auto-approval. Include intrinsic PR risk and findings with severities."
128+
129+ claude_args : ' --allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),Bash(gh pr review:*)"'
0 commit comments