feat: add srtd doctor command for setup diagnostics #115
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code | |
| on: | |
| issue_comment: | |
| types: [created] | |
| pull_request_review_comment: | |
| types: [created] | |
| pull_request_review: | |
| types: [submitted] | |
| issues: | |
| types: [opened] | |
| jobs: | |
| claude: | |
| # Security: Only allow users with write access, prevent bot loops | |
| if: | | |
| github.event.sender.type != 'Bot' && | |
| github.actor != 'claude[bot]' && | |
| github.actor != 'github-actions[bot]' && | |
| ( | |
| (github.event_name == 'issue_comment' && startsWith(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review_comment' && startsWith(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review' && startsWith(github.event.review.body, '@claude')) || | |
| (github.event_name == 'issues' && startsWith(github.event.issue.body, '@claude')) | |
| ) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| id-token: write | |
| actions: read | |
| steps: | |
| # Security: Verify actor has write permission before proceeding | |
| - name: Check write permission | |
| id: check_permission | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { data: permissionLevel } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| username: context.actor | |
| }); | |
| const hasWriteAccess = ['admin', 'write'].includes(permissionLevel.permission); | |
| if (!hasWriteAccess) { | |
| core.setFailed(`User ${context.actor} does not have write access (has: ${permissionLevel.permission})`); | |
| return; | |
| } | |
| core.info(`User ${context.actor} has ${permissionLevel.permission} access - proceeding`); | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Run Claude Code | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| # Enable progress tracking and sticky comments for better UX | |
| track_progress: true | |
| use_sticky_comment: true | |
| # Allow Claude to read CI results | |
| additional_permissions: | | |
| actions: read | |
| # Custom prompt that loads project context and review skills | |
| prompt: | | |
| # SRTD Development Context | |
| You are Claude, assisting with the SRTD (Supabase Repeatable Template Definitions) project. | |
| ## First Steps (REQUIRED) | |
| 1. **Read project context**: `Read('CLAUDE.md')` - Contains commands, architecture, key paths | |
| 2. **Load relevant skills**: | |
| - [ ] `Skill('srtd-dev')` - For development work (bugs, features, architecture) | |
| - [ ] `Skill('requesting-code-review')` - For PR reviews | |
| **Do not proceed until you have read CLAUDE.md and loaded relevant skills.** | |
| ## Your Task | |
| Respond to the user's request: | |
| - **Review code**: Use `.claude/skills/requesting-code-review/code-reviewer.md` template | |
| - **Fix a bug**: Write regression test first, then fix | |
| - **Add a feature**: Check architecture in srtd-dev skill, follow service boundaries | |
| - **Answer a question**: Reference the codebase, be specific with file:line | |
| Always verify with `npm test && npm run typecheck && npm run lint` before completing. | |
| --- | |
| **User Request:** | |
| ${{ github.event.comment.body || github.event.review.body || github.event.issue.body }} | |
| # Audit logging: Record what Claude did with GitHub Actions summary | |
| - name: Audit log | |
| if: always() | |
| run: | | |
| TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ) | |
| echo "=== Claude Code Audit Log ===" | |
| echo "Timestamp: $TIMESTAMP" | |
| echo "Actor: ${{ github.actor }}" | |
| echo "Event: ${{ github.event_name }}" | |
| echo "Repository: ${{ github.repository }}" | |
| echo "Run ID: ${{ github.run_id }}" | |
| echo "==============================" | |
| # Write to GitHub Actions Job Summary | |
| cat >> $GITHUB_STEP_SUMMARY << EOF | |
| ## Claude Code Execution Summary | |
| | Field | Value | | |
| |-------|-------| | |
| | **Timestamp** | $TIMESTAMP | | |
| | **Actor** | @${{ github.actor }} | | |
| | **Event** | \`${{ github.event_name }}\` | | |
| | **Repository** | ${{ github.repository }} | | |
| | **Run ID** | [${{ github.run_id }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) | | |
| EOF |