Skip to content

ci: harden Claude PR review workflow, mirroring agents-forge-frontend#164

Merged
MaryWylde merged 1 commit into
devfrom
chore/claude-pr-review
Jul 16, 2026
Merged

ci: harden Claude PR review workflow, mirroring agents-forge-frontend#164
MaryWylde merged 1 commit into
devfrom
chore/claude-pr-review

Conversation

@MaryWylde

Copy link
Copy Markdown
Contributor

Replace the stock code-review plugin config with a tailored setup: concurrency cancellation, draft/fork skip, scoped permissions, a 15m timeout, track_progress, and a KeepSimpleOSS-specific review prompt (Pages Router, SCSS tokens, no App Router/Tailwind, UX Core data guard). Lock --allowedTools to the inline-comment tool to resist prompt injection from untrusted PR content.

Replace the stock code-review plugin config with a tailored setup:
concurrency cancellation, draft/fork skip, scoped permissions, a 15m
timeout, track_progress, and a KeepSimpleOSS-specific review prompt
(Pages Router, SCSS tokens, no App Router/Tailwind, UX Core data guard).
Lock --allowedTools to the inline-comment tool to resist prompt injection
from untrusted PR content.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown

Claude finished @MaryWylde's task in 4m 3s —— View job


Review: harden Claude PR review workflow

  • Gather context (diff, AGENTS.md conventions)
  • Review workflow YAML for correctness & security
  • Post findings

This is a CI/CD-only change (.github/workflows/claude-code-review.yml), so the app-code checklist (React/TS/SCSS/a11y) in the review instructions doesn't apply — reviewed for GitHub Actions correctness and security instead.

Good improvements:

  • concurrency + cancel-in-progress avoids racing runs on the tracking comment — solid fix for rapid pushes.
  • Draft-skip + fork-skip if: condition is correct and matches its comment (fork PRs get a read-only token, so failing loudly there was the old behavior).
  • timeout-minutes: 15 is a sane guardrail.
  • Restricting --allowedTools to just the inline-comment tool is a reasonable prompt-injection mitigation, given the job now reads untrusted PR content.
  • Dropping id-token: write is fine — claude_code_oauth_token is a static secret, not OIDC-based, so that scope wasn't needed.

Flagged inline (1 likely bug, 1 to verify):

  1. issues: write was removed from permissions:, but the job now needs it. This PR switches comment-posting from the bundled Claude GitHub App to the workflow's own github_token: ${{ secrets.GITHUB_TOKEN }}, and track_progress: true relies on creating/updating the tracking comment. PR conversation comments go through the Issues Comments REST endpoint, which is gated by issues, not pull-requests. Without it, the tracking comment (and possibly this review itself, once this workflow becomes the active one on dev) will likely fail with a 403. The pre-PR version had issues: write for this exact reason — recommend restoring it alongside the new actions: read.
  2. actions/checkout@v6 — worth confirming this tag actually exists before merging; if not, the checkout step fails on every PR immediately. @v4 is the well-established stable major.

Worth a sanity check before relying on this in production: since --allowedTools is now locked to only mcp__github_inline_comment__create_inline_comment, it'd be good to confirm the action's own tracking-comment tool (mcp__github_comment__update_claude_comment) isn't itself subject to that allowlist — i.e., that it's wired in by the action regardless of claude_args. If it is subject to the allowlist, track_progress would have no way to write the comment, independent of the issues: write permission issue above. This is presumably fine (core action infrastructure is typically not user-restrictable), but since this is the mechanism review feedback ships through, a live test on a throwaway PR after merging would be the cheap way to confirm both this and finding #1 at once.
· branch chore/claude-pr-reviewdev

Comment on lines 24 to +27
permissions:
contents: read
pull-requests: write
issues: write
id-token: write

actions: read

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Likely bug: issues: write was dropped, but the job now needs it.

This PR switches the action from the bundled Claude GitHub App to the workflow's own github_token: ${{ secrets.GITHUB_TOKEN }} (line 44) for posting comments, and also turns on track_progress: true (line 47), which creates/updates the tracking comment on the PR.

That tracking-comment write goes through GitHub's Issues Comments REST endpoint (/repos/{owner}/{repo}/issues/{issue_number}/comments) — which is used for all PR conversation comments, not just issue comments. That endpoint is gated by the issues permission, not pull-requests. With only contents: read, pull-requests: write, actions: read, the GITHUB_TOKEN likely gets a 403 when the action tries to create/update the tracking comment, since there's no App-token fallback anymore.

The pre-PR version of this file had issues: write for exactly this reason. Recommend restoring it:

permissions:
  contents: read
  pull-requests: write
  issues: write
  actions: read

Fix this →

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v6

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please double-check that actions/checkout@v6 is an actually-published tag before merging. If it doesn't exist (or isn't out yet), this step — and therefore the whole job — fails immediately on every PR. @v4 is the long-standing stable major; if you specifically need something newer than what's currently pinned, confirm the tag exists first.

@MaryWylde MaryWylde merged commit 49cf16c into dev Jul 16, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant