ci: add AI code review workflow

[emilioacc]

Summary

• Adds self-contained AI code review workflow using anthropics/claude-code-action@v1
• Claude reviews PR changes and posts structured feedback on open/sync/ready_for_review events
• Self-contained (not a reusable workflow caller) since this repo is in atxp-dev org

Part of ATXP-1602

Test plan

• This PR should trigger the AI review workflow
• Verify Claude posts a review comment

🤖 Generated with Claude Code

[github-actions]

AI Code Review

Recommendation: COMMENT

Summary

This PR adds a self-contained GitHub Actions workflow that automatically runs Claude Code to review pull requests and post structured feedback as sticky comments on open, sync, and ready_for_review events.

Actionable Feedback (2 items)

• .github/workflows/ai-review.yml:20 - Pin anthropics/claude-code-action@v1 to a specific commit SHA rather than the mutable v1 tag. Mutable tags are a supply-chain risk — a compromised or force-pushed tag could silently introduce malicious code that runs with write access to your PRs. See GitHub's action-pinning guidance in their security hardening docs.
• General: Consider adding a concurrency group to avoid overlapping runs when commits are pushed in quick succession:

  concurrency:
    group: ai-review-${{ github.event.pull_request.number }}
    cancel-in-progress: true

  Without this, rapid pushes could queue multiple review jobs, wasting API credits and producing confusing interleaved comments.

Detailed Review

Code Quality

The workflow is well-structured and readable. Permissions are correctly scoped to the minimum required (contents: read, pull-requests: write). The use_sticky_comment: "true" option is the right choice — it prevents a flood of new comments on every push. The claude_args allowlist is a good practice, constraining Claude to a narrow set of safe read-only tools plus the single gh pr review write command. The draft-filtering condition (if: github.event.pull_request.draft == false) correctly prevents unnecessary API usage on WIP PRs. fetch-depth: 0 is appropriate so git diff and gh pr diff have full history context.

Security

• Secrets handling: ANTHROPIC_API_KEY and GITHUB_TOKEN are referenced via secrets — no hardcoded credentials.
• Action pinning: As noted above, @v1 is mutable. Pinning to a full commit SHA is the recommended mitigation for supply-chain attacks.
• Tool allowlist: Restricting Claude to specific Bash sub-commands (gh pr diff, gh pr view, gh pr review, git diff, git log) is good defense-in-depth and limits blast radius if the action behaves unexpectedly.
• The github.event.pull_request.number interpolation in the prompt is safe — it will always be an integer and is not user-controlled text, so there is no injection risk.

Suggestions

• Add the concurrency block as described above to prevent overlapping runs.
• Optionally add timeout-minutes: 10 to the job so a hung Claude run does not consume runner minutes indefinitely.

Positive Notes

• Clean, minimal workflow with no unnecessary steps.
• Prompt structure is clear and consistently guides Claude to produce well-formatted reviews.
• Sticky comments keep PR threads tidy across multiple pushes.
• Draft PR filtering avoids wasteful API calls on WIP branches.