Skip to content

Refactor Claude Code Review workflow #1257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sbryngelson merged 1 commit into from
Feb 24, 2026
+11 −24
Merged

Refactor Claude Code Review workflow #1257

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 11 additions & 24 deletions .github/workflows/claude-code-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,7 @@ jobs:
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 1

- name: Remove prior Claude review comment (so review runs again)
env:
GH_TOKEN: ${{ github.token }}
run: |
pr=${{ github.event.pull_request.number }}
repo=${{ github.repository }}

# Find first issue comment whose body starts with "## Claude Code Review"
comment_id=$(gh api repos/$repo/issues/$pr/comments \
--jq '.[] | select(.body | startswith("## Claude Code Review")) | .id' | head -n 1)

if [ -n "$comment_id" ]; then
echo "Deleting prior Claude review comment id=$comment_id"
gh api -X DELETE repos/$repo/issues/comments/$comment_id
else
echo "No prior Claude review comment found."
fi


- name: Run Claude Code Review
Comment on lines 20 to 24
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This removes the prior idempotency step that deleted the existing 'Claude Code Review' comment before running. That can lead to clutter across reruns (multiple top-level reviews) and makes the workflow behavior dependent on how the action posts comments. Consider restoring idempotent behavior by updating/editing an existing comment (preferred) or deleting the prior one before posting a new single top-level review.

Copilot uses AI. Check for mistakes.
id: claude-review
uses: anthropics/claude-code-action@v1
Expand All @@ -50,22 +32,26 @@ jobs:
plugins: 'code-review@claude-code-plugins'

claude_args: >
--dangerouslyDisableSandbox
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using --dangerouslyDisableSandbox meaningfully increases the blast radius if the model is ever tricked into executing unsafe operations (especially with Bash(...) tools enabled). Prefer keeping the sandbox enabled; if disabling is truly required, add compensating controls (e.g., restrict workflow execution to trusted actors/branches, minimize GITHUB_TOKEN permissions, and further constrain allowed tools/commands) and document why sandboxing can’t be used here.

Suggested change
--dangerouslyDisableSandbox

Copilot uses AI. Check for mistakes.
--max-turns 10
--allowedTools
"Bash(gh pr view:*)"
"Bash(gh pr diff:*)"
"Bash(gh pr comment:*)"
"Bash(gh api:*)"
"Bash(gh search code:*)"
"Bash(gh api repos/*/pulls/*:*)"
"Bash(gh api repos/*/issues/*/comments:*)"
Comment on lines +41 to +42
Copy link
Contributor

@coderabbitai coderabbitai bot Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's find and examine the workflow file
fd "claude-code-review.yml" --type f

Repository: MFlowCode/MFC

Length of output: 39

🏁 Script executed:

#!/bin/bash
# Examine the workflow file around lines 41-42
cat -n ".github/workflows/claude-code-review.yml" | sed -n '30,55p'

Repository: MFlowCode/MFC

Length of output: 1296

🏁 Script executed:

#!/bin/bash
# Search for information about claude-code-action and how allowed-tool patterns work
rg -i "allowedTools|allowed-tool|gh api" --type yaml -A 2 -B 2

Repository: MFlowCode/MFC

Length of output: 39

🏁 Script executed:

#!/bin/bash
# Check if there's documentation or configuration for the claude-code-action
fd "claude-code-action" -o -name "action.yml" -o -name "action.yaml" | head -20

Repository: MFlowCode/MFC

Length of output: 287

🌐 Web query:

claude-code-action allowed-tool gh api syntax :*

💡 Result:

In Claude Code Action, allowed_tools uses Claude Code’s --allowedTools pattern syntax: for Bash commands you generally want the colon + wildcard form Bash(<prefix>:*) (not Bash(<prefix> *)). (skills.sh)

So to allow GitHub CLI gh api calls, use e.g.:

- uses: anthropics/claude-code-action@beta
  with:
    allowed_tools: |
      Bash(gh api:*)

(github.com)

If you want to be more restrictive (recommended), allow only specific methods/flags, for example:

allowed_tools: |
  Bash(gh api --method GET:*)
  Bash(gh api --method POST:*)

(Example of this same pattern style for gh api appears in real-world configs/documentation.) (docs.rs)

Citations:

🏁 Script executed:

#!/bin/bash
# Search for any documentation or README in the repo that might explain the allowed-tool syntax
fd -e md -e txt | xargs rg -l "allowedTools|allowed-tool|gh api" 2>/dev/null || true

Repository: MFlowCode/MFC

Length of output: 39

🏁 Script executed:

#!/bin/bash
# Check if there are any comments in the workflow file explaining the syntax
cat -n ".github/workflows/claude-code-review.yml" | head -60

Repository: MFlowCode/MFC

Length of output: 2566

Overly broad gh api tool patterns could permit write operations on arbitrary issue comments.

"Bash(gh api repos/*/issues/*/comments:*)" allows Claude to call any gh api method on issue comments across all repos accessible by the token. This is broader than needed for posting a single PR comment.

The gh pr comment tool (line 40) already covers posting PR comments. If the gh api endpoint is still needed for specific cases, the patterns can be tightened to restrict both the scope and methods:

🔒 Restrict the API tool patterns to specific methods 
-            "Bash(gh api repos/*/pulls/*:*)"
-            "Bash(gh api repos/*/issues/*/comments:*)"
+            "Bash(gh api --method GET repos/*/pulls/*:*)"
+            "Bash(gh api --method POST repos/*/issues/*/comments:*)"

This limits operations to GET on pull requests and POST on issue comments, reducing the blast radius from prompt injection.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"Bash(gh api repos/*/pulls/*:*)"
"Bash(gh api repos/*/issues/*/comments:*)"
"Bash(gh api --method GET repos/*/pulls/*:*)"
"Bash(gh api --method POST repos/*/issues/*/comments:*)"
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/claude-code-review.yml around lines 41 - 42, The workflow
exposes an overly broad gh api pattern "Bash(gh api
repos/*/issues/*/comments:*)" which permits arbitrary writes to issue comments;
tighten or remove it—either delete that pattern (since the existing "gh pr
comment" tool already handles posting PR comments) or replace it with a method-
and scope-restricted pattern that only allows POST to issue comments for the
specific repo, and likewise restrict "Bash(gh api repos/*/pulls/*:*)" to only
allow GET on pull requests (or target the specific :owner/:repo) so the tools
only permit the minimal required API verbs and repository scope.

Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The gh api ...:* patterns still allow arbitrary arguments/methods against these endpoints (including destructive methods like DELETE where applicable, and broad query construction). To reduce risk, constrain these to the minimal set of operations needed (e.g., only GET for reading PR metadata/diff, and only the specific POST needed for commenting), or remove gh api entirely if gh pr comment/view/diff cover the required behavior.

Suggested change
"Bash(gh api repos/*/issues/*/comments:*)"

Copilot uses AI. Check for mistakes.
"Bash(cat:*)"
"Bash(ls:*)"
"Bash(grep:*)"
"Bash(python3:*)"
"Bash(git:*)"
"Bash(find:*)"

prompt: |
/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}

Post the results as ONE top-level PR comment titled "Claude Code Review".
Always use the numeric PR form with --repo, e.g.:
- gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...
- gh pr diff ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...
- gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...

Output requirements (even if no issues):
- Start with: files changed count + list up to 15 changed file paths
Expand All @@ -74,6 +60,7 @@ jobs:
- If issues: list them with file path + line numbers when possible
- If no issues: list at least 3 concrete "improvement opportunities" with file paths

Post the results as ONE top-level PR comment titled "Claude Code Review".
If you cannot access the diff/files, say exactly what is blocked.
If posting a PR comment is blocked, write the full review to the GitHub Actions job summary instead.

Expand Down
Loading