Add Claude Code GitHub Workflow

[oesteban]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 34acf9343b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Skip Claude review when PR secrets are unavailable

This workflow is triggered by pull_request events but unconditionally injects ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} into the action, and fork-origin PRs do not receive repository secrets in pull_request runs. For external contributors, that means the review step runs without credentials and will fail or no-op, creating broken/noisy checks for a common OSS contribution path unless the job is gated on secret presence (or moved to a trusted trigger model).

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Restrict @claude triggers to trusted collaborators

The job condition only checks whether the comment text contains @claude, so any user who can comment on issues or PRs can trigger this workflow. Since the run then invokes anthropics/claude-code-action with the repository OAuth secret, untrusted commenters can repeatedly consume CI/Claude quota and drive automation attempts; add an actor/association guard (for example MEMBER/OWNER/COLLABORATOR) in the if condition.

Useful? React with 👍 / 👎.