Add Claude Code GitHub Workflow

[whyuan-cc]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[claude]

Critical: The flag name is incorrect. Should be --allowedTools (camelCase), not --allowed-tools (kebab-case).

This will cause the tool restrictions to be ignored, potentially allowing Claude to use unintended tools or preventing it from using necessary ones.

Suggested change

	claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
	claude_args: '--allowedTools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'

See docs/usage.md and docs/configuration.md for correct syntax.

[claude]

Important: The prompt instructs Claude to use gh pr comment (line 52), which requires write permissions. Currently only read is granted.

While this may work if the action uses the Claude GitHub App token, it could fail with confusing errors if it uses the workflow token.

Consider either:

1. Adding write permission: pull-requests: write
2. Or adding a comment explaining the reliance on Claude App authentication

[claude]

Performance concern: This workflow runs unconditionally on every PR opened/updated, which could result in high costs in active repositories.

Consider adding path filters or conditional logic:

on:
  pull_request:
    types: [opened, synchronize]
    paths:  # Only run on source code changes
      - "src/**/*.ts"
      - "src/**/*.tsx"
      - "src/**/*.js"
      - "src/**/*.jsx"

Or add a job-level condition:

jobs:
  claude-review:
    if: |
      github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' ||
      github.event.pull_request.draft == false

Also consider adding concurrency controls to cancel older runs:

concurrency:
  group: claude-review-${{ github.event.pull_request.number }}
  cancel-in-progress: true

[claude]

Consider updating the documentation references to point to action-specific docs first:

Suggested change

	# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
	# or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
	# See https://github.com/anthropics/claude-code-action/blob/main/docs/configuration.md
	# and https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md for available options

The current link to docs.claude.com may be less specific for GitHub Action usage.

[claude]

Consistency issue: The example uses the same incorrect flag name (--allowed-tools instead of --allowedTools).

Suggested change

	# claude_args: '--allowed-tools Bash(gh pr:*)'
	# claude_args: '--allowedTools Bash(gh pr:*)'

This ensures developers copying this example use the correct syntax.

[claude]

Code Review Summary

I have completed a comprehensive review of this PR using specialized analysis agents. Here are the key findings:

Critical Issues

1. Incorrect CLI flag syntax at line 56: Uses --allowed-tools instead of --allowedTools. This will cause the tool restrictions to be ignored.

2. Missing write permissions at line 24: The prompt instructs Claude to use gh pr comment, but only read permissions are granted. This may cause silent failures.

3. Unconditional workflow execution at line 5: The workflow runs on every PR event without filters, potentially causing high costs in active repositories.

Recommendations

Must Fix:

• Change --allowed-tools to --allowedTools in both workflow files
• Add pull-requests write permission or document the authentication strategy

Should Consider:

• Add path filters or conditional logic to control when the automated review runs
• Add concurrency controls to cancel redundant runs
• Update documentation references to point to action-specific docs

Positive Aspects

• Clear inline documentation with helpful optional configuration examples
• Comprehensive review criteria in the prompt
• Proper OIDC authentication setup with id-token write
• Well-structured workflow with appropriate checkout configuration

Test Coverage

The underlying action has excellent test coverage with 26+ test files. GitHub Actions workflows typically do not require unit tests, which is standard practice.

See inline comments for specific fixes and suggestions.