Add Claude Code GitHub Workflow

[Zochory]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[Copilot]

Pull request overview

This PR adds GitHub Actions workflows to integrate Claude Code, an AI coding agent, into the repository. The integration provides both interactive assistance (via @claude mentions) and automatic code review capabilities.

Changes:

• Added .github/workflows/claude.yml for interactive Claude agent triggered by @claude mentions in issues and PR comments
• Added .github/workflows/claude-code-review.yml for automatic code reviews on pull request events

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File	Description
.github/workflows/claude.yml	Workflow that triggers Claude agent when @claude is mentioned in issues, PR comments, or reviews
.github/workflows/claude-code-review.yml	Workflow that automatically runs Claude code reviews on PR events (currently with restrictive permissions)

[Copilot]

The automatic code review workflow lacks access control. It will run on every PR from any contributor, including external users, which could lead to excessive API usage and cost. The commented-out filter examples (lines 16-19) suggest this was considered but not implemented.

Consider uncommenting and configuring the conditional filter to limit automatic reviews to specific scenarios, such as:

• First-time contributors only
• External contributors
• Specific bot accounts
• PRs that meet certain criteria

This prevents unnecessary API calls on every PR from trusted team members while still providing value for contributions that need extra review.

[Copilot]

This workflow lacks access control restrictions. According to GitHub Actions security best practices, workflows triggered by issue comments can be executed by any user who can create comments (including external contributors on public repositories). This means anyone could potentially trigger this workflow and consume API credits from the ANTHROPIC_API_KEY secret.

Consider adding a conditional check to restrict execution to repository members or collaborators. For example, you could add a permission check at the job level to verify that the actor has write access to the repository using the actor's association.

Suggested change

	(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
	(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
	(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
	(
	github.event_name == 'issue_comment' &&
	contains(github.event.comment.body, '@claude') &&
	(
	github.event.comment.author_association == 'OWNER' ||
	github.event.comment.author_association == 'MEMBER' ||
	github.event.comment.author_association == 'COLLABORATOR'
	)
	) ||
	(
	github.event_name == 'pull_request_review_comment' &&
	contains(github.event.comment.body, '@claude') &&
	(
	github.event.comment.author_association == 'OWNER' ||
	github.event.comment.author_association == 'MEMBER' ||
	github.event.comment.author_association == 'COLLABORATOR'
	)
	) ||
	(
	github.event_name == 'pull_request_review' &&
	contains(github.event.review.body, '@claude') &&
	(
	github.event.review.author_association == 'OWNER' ||
	github.event.review.author_association == 'MEMBER' ||
	github.event.review.author_association == 'COLLABORATOR'
	)
	) ||
	(
	github.event_name == 'issues' &&
	(
	contains(github.event.issue.body, '@claude') ||
	contains(github.event.issue.title, '@claude')
	) &&
	(
	github.event.issue.author_association == 'OWNER' ||
	github.event.issue.author_association == 'MEMBER' ||
	github.event.issue.author_association == 'COLLABORATOR'
	)
	)