ci: add Claude auto-review workflow for PRs

.claude/review-guidelines.md

@@ -1,4 +1,4 @@
-# PTD Code Review Guidelines
+# Team Operator Code Review Guidelines
 
 ## Core Principles
 
@@ -25,35 +25,32 @@ These changes require extra review attention:
 
 ## Review Checklist by Area
 
-### Team Operator (`team-operator/`)
-
-#### API Changes (`api/`)
+### API Changes (`api/`)
 - [ ] Kubebuilder annotations are correct
 - [ ] New fields have sensible defaults
 - [ ] Validation rules are present
 - [ ] Breaking changes have migration strategy
 
-#### Controller Changes (`internal/controller/`)
+### Controller Changes (`internal/controller/`)
 - [ ] Reconciliation is idempotent
 - [ ] Error handling reports status correctly
 - [ ] Config flows from Site -> Product correctly
 - [ ] Both unit and integration tests exist
 
-### PTD CLI (`cmd/`)
-- [ ] Commands support `--verbose` flag
-- [ ] Cloud operations use Target interface
-- [ ] Auto-completion works for new arguments
-- [ ] Error messages are actionable
+### Helm Chart (`dist/chart/`)
+- [ ] Values have sensible defaults
+- [ ] Templates render correctly
+- [ ] RBAC permissions are minimal
+- [ ] CRDs are up to date
 
-### Python/Pulumi (`python-pulumi/`)
-- [ ] Configuration uses dataclasses
-- [ ] Pulumi resources have proper typing
-- [ ] Cloud provider abstraction is maintained
-- [ ] No hardcoded credentials or regions
+### Flightdeck (`flightdeck/`)
+- [ ] Go templates render correctly
+- [ ] Static assets are properly served
+- [ ] Configuration options are documented
 
 ## What NOT to Comment On
 
-- Style issues handled by formatters (run `just format`)
+- Style issues handled by formatters (run `make fmt`)
 - Personal preferences without clear benefit
 - Theoretical concerns without concrete impact
 

.github/workflows/claude-auto-review.yml

@@ -0,0 +1,57 @@
+name: Claude Auto Review
+
+on:
+  pull_request:
+    types: [opened]
+
+env:
+  PTD_AWS_ACCOUNT: ${{ secrets.PTD_AWS_ACCOUNT }}
+
+jobs:
+  auto-review:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ env.PTD_AWS_ACCOUNT }}:role/claude-code
+          role-session-name: gha-claude-code-action
+          aws-region: us-east-2
+
+      - name: Automatic PR Review
+        uses: anthropics/claude-code-action@beta
+        if: github.event.pull_request.user.login != 'posit-team-dedicated[bot]'
+        with:
+          allowed_tools: "mcp__github__create_pull_request,mcp__github__create_issue,mcp__github__search_issues,mcp__github__update_issue,mcp__github__create_pending_pull_request_review,mcp__github__add_pull_request_review_comment_to_pending_review,mcp__github__submit_pending_pull_request_review,mcp__github__get_pull_request_diff"
+          use_bedrock: true
+          model: "us.anthropic.claude-opus-4-5-20251101-v1:0"
+          fallback_model: "us.anthropic.claude-3-7-sonnet-20250219-v1:0"
+          timeout_minutes: "60"
+          direct_prompt: |
+            Please review this PR following the guidelines in `.claude/review-guidelines.md`. Use the GitHub review system:
+
+            1. **Start a review**: Use `mcp__github__create_pending_pull_request_review` to begin a pending review
+            2. **Get diff information**: Use `mcp__github__get_pull_request_diff` to understand the code changes and line numbers
+            3. **Add inline comments**: Use `mcp__github__add_pull_request_review_comment_to_pending_review` for each specific piece of feedback on particular lines
+            4. **Submit the review**: Use `mcp__github__submit_pending_pull_request_review` with event type "COMMENT" (not "REQUEST_CHANGES") to publish all comments as a non-blocking review
+
+            Review priorities from guidelines:
+            - **Simplicity**: Code should be explicit, not clever. Functions do one thing. Names reveal intent.
+            - **Maintainability**: Follow existing patterns. New code should look like it belongs.
+            - **Security (elevated scrutiny)**: Extra attention for file system, network, credentials, RBAC, and IAM changes.
+
+            Use the area-specific checklists from the guidelines for API changes, Controller changes, Helm chart, and Flightdeck.
+
+            Provide constructive feedback with specific suggestions for improvement.
+            Don't be overly complimentary; focus on actionable insights and keep your comments concise.
+            Use inline comments to highlight specific areas of concern.
+
+            IMPORTANT: Do NOT post any additional comments after submitting the review. The GitHub review itself is sufficient and any additional summary comments will be redundant.