atlanhq
diff --git a/‎.claude/commands/review.md‎
Lines changed: 191 additions & 0 deletions b/‎.claude/commands/review.md‎
Lines changed: 191 additions & 0 deletions
diff --git a/‎.github/actions/globalprotect-connect/action.yml‎
Lines changed: 88 additions & 0 deletions b/‎.github/actions/globalprotect-connect/action.yml‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎.github/workflows/claude.yml‎
Lines changed: 53 additions & 0 deletions b/‎.github/workflows/claude.yml‎
Lines changed: 53 additions & 0 deletions
@@ -0,0 +1,191 @@
+---
+description: Structured code review for pull requests with confidence scoring and inline comments
+allowed-tools: Read, Grep, Glob, Bash(gh pr diff:*), Bash(gh pr view:*), Bash(gh api:*), Bash(git log:*), Bash(git diff:*), Bash(git show:*), Bash(git blame:*), Bash(gh pr comment:*), mcp__github_inline_comment__create_inline_comment
+---
+
+You are a senior code reviewer for the pyatlan SDK (Atlan Python Client). Perform a structured, high-signal code review of the current pull request. No emojis. Professional tone. Only flag issues you are confident about.
+
+## Step 1: Load repository context
+
+Read the following files to understand the project's standards and structure. These are your evaluation criteria — do not review without them:
+
+- `CLAUDE.md` (if it exists — root project guidelines)
+- `pyproject.toml` (project config, dependencies, tooling: ruff, mypy)
+- `.github/PULL_REQUEST_TEMPLATE.md` (PR checklist expectations)
+- `README.md` (project overview)
+
+Also use Glob to find any additional guideline files:
+- `.cursor/rules/*.mdc` or `.cursor/*.md` (coding standards, review checklists)
+- Any `CLAUDE.md` files in subdirectories relevant to the changed files
+- `CONTRIBUTING.md` if it exists
+
+## Step 2: Gather PR data
+
+Run these commands in parallel:
+
+- `gh pr view --json number,title,body,state,isDraft,baseRefName,headRefName,additions,deletions,changedFiles,commits,labels`
+- `gh pr diff --name-only` (list of changed files)
+- `gh pr diff` (full unified diff)
+- `git log --oneline -30 $(gh pr view --json baseRefName -q .baseRefName)..HEAD` (branch commit history)
+
+## Step 3: Determine review scale
+
+Count the number of changed files from step 2.
+
+**If fewer than 100 files changed:**
+Review all changed files directly. Read each changed file using the Read tool to understand surrounding context beyond the diff.
+
+**If 100 or more files changed:**
+This is a large PR. Deploy parallel sub-agents to gather context efficiently:
+1. Partition changed files by top-level directory (e.g. `pyatlan/`, `tests/`, `docs/`)
+2. Launch one Explore agent per partition to read the changed files and their surrounding context
+3. Consolidate findings from all agents before proceeding to review passes
+
+## Step 4: Four review passes
+
+Execute four independent review passes. For PRs with fewer than 100 files, do these sequentially. For large PRs, launch agents in parallel.
+
+### Pass 1 + 2: Code standards and style compliance
+
+Audit the changes against the project's conventions. Specifically check:
+
+- Type hints: all function parameters and return values must have type annotations
+- Pydantic models: proper usage for data structures crossing boundaries
+- Naming: snake_case for functions/variables, PascalCase for classes, UPPER_SNAKE_CASE for constants
+- Import organization: stdlib -> third-party -> local, no unused imports
+- Ruff/mypy compliance: patterns that would fail ruff or mypy checks
+- Docstrings: public APIs should have clear documentation
+- Test coverage: new functionality should have corresponding tests
+- PR checklist: verify claims in the PR template (tests added, docs updated, etc.)
+
+For each violation, be specific about what rule is being broken and where.
+
+### Pass 3: Bug and security scan
+
+Focus only on the diff — do not flag pre-existing issues. Check:
+
+- Security: hardcoded secrets/tokens, SQL injection, missing input validation, sensitive data in logs, unsafe deserialization
+- Correctness: logic errors, off-by-one errors, incorrect exception handling, wrong return types
+- Resource management: unclosed files/connections, missing timeouts on HTTP calls, resource leaks
+- Python anti-patterns: mutable default arguments, blocking calls in async contexts, bare `except:` clauses, unreachable code
+- Pydantic: incorrect model definitions, missing validators, wrong field types
+- HTTP client patterns: missing error handling on httpx calls, missing retries for transient failures
+
+Only flag significant issues. Ignore nitpicks and anything you cannot validate from the diff alone.
+
+### Pass 4: Context and history analysis
+
+Use git blame and git log on the changed files to understand:
+
+- Is this a workaround or a root cause fix?
+- Does the change fit the existing codebase architecture?
+- Are there test coverage gaps for new/changed code?
+- Is the change backward compatible? (pyatlan supports Python 3.9+)
+- Are there breaking changes to the public API?
+- Do any dependency changes introduce security or compatibility risks?
+
+## Step 5: Score and validate findings
+
+For each issue found across all passes, assign a confidence score from 0 to 100:
+- **0**: Not confident, likely false positive
+- **25**: Somewhat confident, might be real
+- **50**: Moderately confident, real but minor
+- **75**: Highly confident, real and important
+- **100**: Absolutely certain, definitely real
+
+**Validation**: For each finding scored 50 or above, verify it by:
+- Re-reading the relevant code in full context (not just the diff)
+- Checking if the pattern is intentionally used elsewhere in the codebase
+- For style violations: confirming the project actually enforces this rule
+
+**Filter**: Discard all findings below confidence 80.
+
+**Always discard (false positives):**
+- Pre-existing issues not introduced in this PR
+- Code that appears buggy but is actually correct in context
+- Pedantic nitpicks a senior engineer would not flag
+- Issues that linters (ruff, mypy) will catch — do not run the linter to verify
+- General code quality concerns not explicitly required by project conventions
+- Issues silenced in code via lint-ignore comments
+
+## Step 6: Post summary comment
+
+Use `gh pr comment` to post a single comment with this exact structure. Use a HEREDOC for the body. Do not use emojis anywhere.
+
+```
+## Code Review
+
+<2-3 sentence summary of what this PR does and its approach. Be specific about the technical change.>
+
+### Confidence Score: X/5
+
+- <Bullet explaining what the score means for this specific PR>
+- <Bullet listing what was checked: bugs, security, standards compliance, test coverage>
+- <If points were deducted, explain specifically why>
+
+<details>
+<summary>Important Files Changed</summary>
+
+| File | Change | Risk |
+|------|--------|------|
+| <path> | Added/Modified/Deleted | Low/Medium/High |
+
+</details>
+
+### Change Flow
+
+```mermaid
+sequenceDiagram
+    participant A as <Component>
+    participant B as <Component>
+    <interactions showing the primary flow affected by this PR>
+```
+
+<Generate a Mermaid sequence diagram that shows the key interaction flow introduced or modified by this PR. Rules:>
+<- Maximum 8 participants>
+<- Maximum 15 interactions>
+<- For refactors: show before/after with labeled boxes>
+<- For new features: show the end-to-end flow>
+<- For bug fixes: show the incorrect flow crossed out and the corrected flow>
+<- Use descriptive labels on arrows>
+
+### Findings
+
+<If findings exist above threshold:>
+
+| # | Severity | File | Issue |
+|---|----------|------|-------|
+| 1 | Critical/Warning/Info | `path/to/file.py:L42` | Brief description |
+
+<If no findings:>
+
+No issues found. Checked for bugs, security, and code standards compliance.
+```
+
+**Confidence Score Rubric:**
+- **5/5**: Safe to merge — no issues, follows all standards, well-tested
+- **4/5**: Minor observations only — style/documentation nits, no functional risk
+- **3/5**: Needs attention — moderate issues that should be addressed before merge
+- **2/5**: Significant concerns — security, performance, or correctness issues found
+- **1/5**: Do not merge — critical problems requiring substantial rework
+
+## Step 7: Post inline comments
+
+For each finding in the Findings table, post an inline comment using `mcp__github_inline_comment__create_inline_comment`.
+
+Rules for inline comments:
+- Maximum 10 inline comments total (prioritize by severity)
+- Each comment includes: severity tag, issue description, why it matters, and the suggested fix
+- For small, self-contained fixes (< 6 lines): include a committable suggestion block
+- For larger fixes: describe the issue and suggested approach without a suggestion block
+- Never post a committable suggestion unless committing it fully fixes the issue
+- Post exactly ONE comment per unique issue — no duplicates
+- Link format for code references: `https://github.com/<owner>/<repo>/blob/<full-sha>/path/to/file.ext#L<start>-L<end>` — always use the full SHA, never abbreviated
+
+## Constraints
+
+- Use `gh` CLI for all GitHub interactions. Do not use web fetch.
+- Never use emojis in any output.
+- Do not flag issues you cannot verify from the code. When in doubt, leave it out.
+- Do not suggest changes that would require reading code outside of the changed files and their immediate context.
+- Prioritize signal over completeness. A review with 3 real issues is better than one with 15 questionable ones.
@@ -0,0 +1,88 @@
+name: "GlobalProtect VPN Connect"
+description: "Connect to GlobalProtect VPN using OpenConnect"
+author: "Atlan"
+
+inputs:
+  portal-url:
+    description: "GlobalProtect portal URL"
+    required: true
+  username:
+    description: "GlobalProtect username"
+    required: true
+  password:
+    description: "GlobalProtect password"
+    required: true
+  max-attempts:
+    description: "Maximum number of connection attempts"
+    required: false
+    default: "3"
+
+outputs:
+  vpn-connected:
+    description: "Whether VPN connection was successful"
+    value: ${{ steps.openconnect-connection.outputs.connected }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Connect via OpenConnect
+      uses: nick-fields/retry@v3
+      id: openconnect-connection
+      with:
+        max_attempts: ${{ fromJSON(inputs.max-attempts) }}
+        timeout_minutes: 10
+        shell: bash
+        command: |
+          echo "Connecting to GlobalProtect VPN using OpenConnect..."
+
+          # Install OpenConnect
+          echo "Installing OpenConnect..."
+          sudo apt-get update
+          sudo apt-get install -y openconnect
+
+          # Check required inputs
+          if [ -z "${{ inputs.portal-url }}" ]; then
+            echo "portal-url input not provided"
+            exit 1
+          fi
+
+          if [ -z "${{ inputs.username }}" ]; then
+            echo "username input not provided"
+            exit 1
+          fi
+
+          if [ -z "${{ inputs.password }}" ]; then
+            echo "password input not provided"
+            exit 1
+          fi
+
+          echo "Attempting OpenConnect to: ${{ inputs.portal-url }}"
+
+          # Create credentials file for OpenConnect
+          echo "${{ inputs.password }}" | sudo openconnect \
+            --protocol=gp \
+            --user="${{ inputs.username }}" \
+            --passwd-on-stdin \
+            --background \
+            "${{ inputs.portal-url }}" || {
+            echo "OpenConnect connection failed"
+            exit 1
+          }
+
+          # Wait a moment for connection to establish
+          sleep 10
+
+          # Initial connectivity test
+          echo "Testing initial connectivity to Phoenix AI..."
+          time curl -k -sS https://phoenix-ai.atlan.com -o /dev/null
+
+          if [ $? -eq 0 ]; then
+            echo "Initial connectivity test successful"
+          else
+            echo "Initial connectivity test failed"
+            exit 1
+          fi
+
+          # Set output to indicate successful connection
+          echo "connected=true" >> $GITHUB_OUTPUT
+          echo "VPN connection established successfully"
@@ -0,0 +1,53 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+
+permissions:
+  id-token: write
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
+    timeout-minutes: 15
+    env:
+      ANTHROPIC_BASE_URL: https://llmproxy.atlan.dev
+      CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS: '1'
+    concurrency:
+      group: claude-${{ github.event.issue.number || github.event.pull_request.number }}
+      cancel-in-progress: true
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Connect to VPN
+        uses: ./.github/actions/globalprotect-connect
+        with:
+          portal-url: vpn2.atlan.app
+          username: ${{ secrets.GLOBALPROTECT_USERNAME }}
+          password: ${{ secrets.GLOBALPROTECT_PASSWORD }}
+
+      - uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.LITELLM_API_KEY }}
+          claude_args: |
+            --model claude-sonnet-4
+            --allowedTools "mcp__github_inline_comment__create_inline_comment"
+            --append-system-prompt "CRITICAL INSTRUCTION: When a user asks you to review a pull request (e.g. @claude review, @claude review this PR, @claude please review), you MUST execute the /review slash command. Do NOT attempt a freeform review. Always use the /review skill — no exceptions."