From fd53fe3148d7fa6a8f9aa9c4ded0bf2891e053ba Mon Sep 17 00:00:00 2001
From: gianalarcon <gian@quantum3labs.com>
Date: Thu, 18 Jun 2026 05:26:16 +0000
Subject: [PATCH] ci: add on-demand @claude workflow (subscription OAuth, no
 API billing)

Triggers only on @claude mentions in issues/PR comments, so nothing runs
automatically and usage stays within the Pro/Max subscription. Uses
CLAUDE_CODE_OAUTH_TOKEN; no anthropic_api_key to avoid extra API billing.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Mw3pbhjFTyknZVZWBfWP7Z
---
 .github/workflows/claude.yml | 46 ++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 .github/workflows/claude.yml

diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
new file mode 100644
index 00000000..b5dd7436
--- /dev/null
+++ b/.github/workflows/claude.yml
@@ -0,0 +1,46 @@
+name: Claude
+
+# On-demand assistant. Runs ONLY when someone writes "@claude" in an issue or PR
+# comment/review. Nothing runs automatically, so usage stays within the team's
+# Claude Pro/Max subscription (auth via CLAUDE_CODE_OAUTH_TOKEN — no API billing).
+#
+# Prerequisites (already in place):
+#   1. Claude GitHub App installed on Poly-pay/polypay_app (https://github.com/apps/claude)
+#   2. CLAUDE_CODE_OAUTH_TOKEN Actions secret (`claude setup-token`, Pro/Max subscription)
+#
+# Do NOT add `anthropic_api_key` here — that triggers pay-per-use API billing on
+# top of the subscription, which we explicitly do not want.
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  pull_request_review:
+    types: [submitted]
+  issues:
+    types: [opened, assigned]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+      id-token: write
+      actions: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}