-
Notifications
You must be signed in to change notification settings - Fork 10
111 lines (98 loc) · 4.24 KB
/
claude-code-review.yml
File metadata and controls
111 lines (98 loc) · 4.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Claude Code
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened, assigned]
pull_request_review:
types: [submitted]
jobs:
claude:
# Only allow repo members (admin/write/maintain permissions) to trigger
if: |
(
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
)
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
issues: write
id-token: write
actions: read
steps:
- name: Check user permissions
id: check
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Get the username of the user who triggered the action
if [ "${{ github.event_name }}" == "issue_comment" ] || [ "${{ github.event_name }}" == "pull_request_review_comment" ]; then
ACTOR="${{ github.event.comment.user.login }}"
elif [ "${{ github.event_name }}" == "pull_request_review" ]; then
ACTOR="${{ github.event.review.user.login }}"
elif [ "${{ github.event_name }}" == "issues" ]; then
ACTOR="${{ github.event.issue.user.login }}"
else
ACTOR="${{ github.actor }}"
fi
echo "Checking permissions for: $ACTOR"
# Check user permission level
PERMISSION=$(gh api repos/${{ github.repository }}/collaborators/$ACTOR/permission --jq '.permission' 2>/dev/null || echo "none")
echo "Permission level: $PERMISSION"
# Only allow admin, write, maintain
if [[ "$PERMISSION" == "admin" || "$PERMISSION" == "write" || "$PERMISSION" == "maintain" ]]; then
echo "✅ Permission granted"
else
echo "❌ Permission denied - only repo members can use @claude"
exit 1
fi
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
submodules: recursive
- name: Run Claude Code
uses: anthropics/claude-code-action@v1
env:
CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
claude_args: |
--model claude-sonnet-4-5-20250929
--max-turns 40
--allowedTools "Bash(*)"
--system-prompt "You are a code review expert for the 0G Compute Network SDK project.
Project Background:
- This is a TypeScript/JavaScript SDK and CLI for the 0G Compute Network
- Provides client-side tools for AI inference, fine-tuning, and account management
- Built with TypeScript, Node.js 22+, ethers.js for blockchain interaction
- Includes Web UI, CLI tools, and SDK library
Follow the CLAUDE.md standards in the project root when reviewing. Focus on:
1. TypeScript best practices and type safety
2. API design and developer experience
3. Blockchain wallet security and transaction handling
4. Error handling and user-friendly error messages
5. CLI UX and Web UI usability
6. SDK documentation and examples
In code reviews:
- Mark security issues (private key handling, signature validation) as [CRITICAL]
- Provide specific suggestions for API improvements
- Mark code style issues as [nit]
- Give positive feedback for good patterns
When fixing code:
- Only use allowed tools (pnpm, tsc, eslint, etc.)
- Run type checking before and after changes
- Verify CLI commands still work after modifications
- Run linters before committing"
settings: |
{
"env": {
"NODE_ENV": "development"
}
}