chore: Add Claude Code GitHub Workflow

[rekmarks]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

---

Note

Introduces automated AI assistance via GitHub Actions.

• Adds claude-code-review.yml to auto-run Claude on PR open/update, posting review feedback using a guided prompt; minimal read permissions with id-token: write
• Adds claude.yml to respond to @claude mentions in issues/PR comments and reviews; includes optional actions: read permission to access CI results
• Both workflows use anthropics/claude-code-action@v1, check out repo with shallow clone, and restrict execution to specific gh/yarn commands via claude_args

^{Written by Cursor Bugbot for commit f6fedd8. This will update automatically on new commits. Configure here.}

[cursor]

Insufficient permissions to post PR comments

High Severity

The workflow grants pull-requests: read permission but instructs Claude to use gh pr comment to post review comments. The gh CLI requires pull-requests: write permission to post comments. With only read access, the comment operation will fail at runtime. The same issue exists in both workflow files where pull-requests: read is configured but Bash(gh pr comment:*) is included in allowed tools.

Additional Locations (1)

• .github/workflows/claude.yml#L21-L22

 

[cursor]

Workflow triggers on issues but cannot respond

Medium Severity

The workflow triggers on issue_comment events and issues: [opened, assigned] with @claude mentions, but Claude cannot respond to comments on regular issues (non-PRs). The issues: read permission prevents writing, and no gh issue comment tool is included in allowed_tools. The workflow will run and consume API resources but produce no visible response to users who mention @claude on issues.

 

[cursor]

Assigned event causes duplicate runs on same issue

Medium Severity

The issues trigger includes both opened and assigned event types, but the condition only checks if the issue contains @claude in its body or title. When an issue with @claude is opened, Claude runs. Later, when that same issue is assigned to someone, the assigned event fires and the condition passes again because @claude is still in the content, causing Claude to run a second time on the same mention.