Skip to content

ci: auto-review every PR with Claude#297

Merged
gianalarcon merged 2 commits into
developfrom
ci/claude-pr-review
Jun 14, 2026
Merged

ci: auto-review every PR with Claude#297
gianalarcon merged 2 commits into
developfrom
ci/claude-pr-review

Conversation

@gianalarcon

@gianalarcon gianalarcon commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What

Adds .github/workflows/claude-review.yaml — a pull_request-triggered workflow that runs an automated Claude code review on every PR to main or develop and posts findings as PR comments (top-level summary + inline line notes).

Event-driven: fires the moment a PR is opened, updated, or reopened — no polling, no open session required.

Details

  • Triggers: opened, synchronize, reopened on PRs into main/develop.
  • Auth: claude_code_oauth_token — runs on the team's Claude Pro/Max subscription (no separate API billing).
  • Review focus: security-weighted for this payments / multisig / ZK codebase (signatures, key material, auth, fund movement, x402/EIP-3009), plus CLAUDE.md convention adherence and ordinary correctness bugs.
  • Tooling: scoped to gh pr comment/diff/view + inline-comment MCP only.
  • Concurrency: one review per PR; superseded runs cancel on new pushes.
  • Uses actions/checkout@v4 to match the existing workflows.

Required before this works (maintainer, one-time)

  1. Install the Claude GitHub App on Poly-pay/polypay_app: https://github.com/apps/claude(done)
  2. Generate a subscription token with claude setup-token and add it as the CLAUDE_CODE_OAUTH_TOKEN Actions secret (Settings → Secrets and variables → Actions).

Note: subscription-token usage counts against the account's Claude usage limits. For a high-PR repo, swapping back to an ANTHROPIC_API_KEY (API billing) avoids that.

🤖 Generated with Claude Code

gianalarcon and others added 2 commits June 14, 2026 13:09
@gianalarcon @claude
ci: auto-review every PR with Claude (claude-code-action)
322be49 
Adds a pull_request-triggered workflow that runs an automated Claude code
review on every PR to main/develop and posts findings as PR comments
(top-level summary + inline notes). Security-weighted prompt for this
payments/multisig/ZK codebase, scoped gh tooling, per-PR concurrency.

Requires a maintainer to install the Claude GitHub App and add the
ANTHROPIC_API_KEY Actions secret before the job can authenticate.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@gianalarcon @claude
ci: use Claude subscription token instead of API key
7b3a21f 
Switch the review workflow auth from anthropic_api_key to
claude_code_oauth_token so it runs on the team's Claude Pro/Max
subscription. Secret renamed to CLAUDE_CODE_OAUTH_TOKEN.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@gianalarcon gianalarcon changed the base branch from main to develop June 14, 2026 13:37
@gianalarcon gianalarcon merged commit 87dad50 into develop Jun 14, 2026
3 checks passed
@gianalarcon gianalarcon mentioned this pull request Jun 18, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gianalarcon