Add Claude Code GitHub Workflow

[Radix-Obsidian]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[qodo-code-review]

Review Summary by Qodo

Add Claude Code GitHub Actions workflows for automated reviews

✨ Enhancement

Walkthroughs

Description

• Adds two GitHub Actions workflows for Claude Code integration
• Enables automated code reviews on pull request events
• Allows Claude AI assistance via @claude mentions in comments
• Configures secure OAuth token authentication with GitHub Actions

Diagram

flowchart LR
  A["GitHub Events"] -->|PR opened/updated| B["claude-code-review.yml"]
  A -->|@claude mention| C["claude.yml"]
  B -->|triggers| D["Claude Code Review"]
  C -->|triggers| E["Claude Code Assistant"]
  D -->|creates comments| F["Pull Request"]
  E -->|creates comments| F

Loading

File Changes

1. .github/workflows/claude-code-review.yml ⚙️ Configuration changes +44/-0

Automated Claude code review workflow

• Creates automated code review workflow triggered on PR events
• Configures Claude Code action with code-review plugin
• Sets up required GitHub permissions for PR and content access
• Includes optional filters for file paths and PR authors

.github/workflows/claude-code-review.yml

---

2. .github/workflows/claude.yml ⚙️ Configuration changes +50/-0

Claude Code assistant workflow with mention triggers

• Implements Claude Code assistant triggered by @claude mentions
• Listens to issue comments, PR review comments, and issue events
• Configures OAuth token authentication and CI result permissions
• Includes optional custom prompt and allowed tools configuration

.github/workflows/claude.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (5) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Untrusted triggers expose secret 🐞 Bug ⛨ Security

Description

claude.yml runs whenever @claude appears in an issue/PR comment or issue body/title, without
checking author trust/association. Because it injects secrets.CLAUDE_CODE_OAUTH_TOKEN into a
third-party action, any external user who can comment/open issues can trigger billable runs and
potentially exfiltrate the token via the bot’s response.

Code

.github/workflows/claude.yml[R3-37]

+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Evidence

The job gate only checks for the string @claude and does not validate the sender’s permission
level/association; meanwhile the workflow passes a repository secret into the action, so an
untrusted sender can cause the secret-backed action to execute.

.github/workflows/claude.yml[3-19]
.github/workflows/claude.yml[33-37]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`claude.yml` can be triggered by any commenter/issue author who includes `@claude`, but the workflow passes a sensitive secret (`CLAUDE_CODE_OAUTH_TOKEN`) into the action. This enables untrusted triggering (potential token exfiltration + cost abuse).

### Issue Context
The current `if:` only checks for `contains(..., '@claude')`. Add an allowlist check using `author_association` fields (e.g., `OWNER|MEMBER|COLLABORATOR`) for each event type, and/or require org/repo permission checks.

### Fix Focus Areas
- .github/workflows/claude.yml[14-19]
- .github/workflows/claude.yml[21-26]
- .github/workflows/claude.yml[33-37]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Fork PRs will fail 🐞 Bug ⛯ Reliability

Description

claude-code-review.yml runs on every pull_request open/sync event but requires
secrets.CLAUDE_CODE_OAUTH_TOKEN. For fork-based PRs (explicitly encouraged by this repo’s
CONTRIBUTING guide), secrets won’t be available, so this check is likely to fail/noise for external
contributors unless you skip fork PRs.

Code

.github/workflows/claude-code-review.yml[R3-41]

+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review, reopened]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'
+          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'

Evidence

The workflow is unconditional for PR events and requires a secret token. The repository explicitly
instructs contributors to fork the repo, which increases the likelihood of fork PRs encountering
missing secrets.

.github/workflows/claude-code-review.yml[3-6]
.github/workflows/claude-code-review.yml[34-41]
CONTRIBUTING.md[7-12]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`claude-code-review.yml` triggers for all PRs but depends on a repository secret, which will not be available for fork PRs. This likely causes failing/noisy checks for external contributors.

### Issue Context
Contributors are guided to fork the repo, so fork PRs are expected.

### Fix Focus Areas
- .github/workflows/claude-code-review.yml[3-6]
- .github/workflows/claude-code-review.yml[34-41]
- CONTRIBUTING.md[7-12]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Unpinned actions/plugins 🐞 Bug ⛨ Security

Description

Both workflows execute third-party code referenced by mutable tags (@v1, @v4) and also load a
remote plugin marketplace. This increases supply-chain risk because future upstream changes could
run with access to repo data and (in claude.yml) secrets.

Code

.github/workflows/claude.yml[R28-37]

+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

Evidence

The workflows use tag-based action references instead of immutable commit SHAs, and the review
workflow pulls plugins from a remote marketplace URL. This combination increases the chance that
upstream changes alter what code runs in CI.

.github/workflows/claude.yml[28-36]
.github/workflows/claude-code-review.yml[29-41]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
Workflows reference third-party actions via mutable tags and load remote plugins from a marketplace URL. This increases supply-chain risk.

### Issue Context
Pinning to commit SHAs makes workflow execution deterministic and reduces the risk of tag hijacking.

### Fix Focus Areas
- .github/workflows/claude.yml[28-36]
- .github/workflows/claude-code-review.yml[29-41]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

4. Likely insufficient write perms 🐞 Bug ⛯ Reliability

Description

Both workflows set issues/pull-requests to read. If the intended behavior is to respond to
mentions with comments or open PRs/commits (as described in the PR), the action may be unable to
post results back to GitHub without write permissions.

Code

.github/workflows/claude.yml[R21-26]

+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs

Evidence

The permissions are explicitly read-only for issues and PRs, while the workflow is designed to be
invoked by @mentions; read-only scopes commonly prevent posting comments/updates back to GitHub, so
this may not work as intended without adjusting permissions.

.github/workflows/claude.yml[21-26]
.github/workflows/claude-code-review.yml[22-26]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The workflows are intended to be interactive (triggered by `@claude`), but they only grant read permissions for issues/PRs. If the action needs to post comments/status updates, it may fail or be silent.

### Issue Context
Use least-privilege: add only the exact write scopes needed for the intended behavior.

### Fix Focus Areas
- .github/workflows/claude.yml[21-26]
- .github/workflows/claude-code-review.yml[22-27]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

5. OIDC token permission risk 🐞 Bug ⛨ Security

Description

Both workflows grant id-token: write, enabling OIDC token minting. If Claude’s action does not
require OIDC in your setup, removing it reduces blast radius if the workflow is triggered
unexpectedly or an upstream dependency is compromised.

Code

.github/workflows/claude.yml[R21-26]

+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs

Evidence

The workflows explicitly enable OIDC (id-token: write). This is a powerful permission and should
be justified/verified as required for the action’s auth flow.

.github/workflows/claude.yml[21-26]
.github/workflows/claude-code-review.yml[22-27]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The workflows request `id-token: write` (OIDC). If unused, it expands the token/identity attack surface.

### Issue Context
Because the workflows already pass an OAuth token secret, OIDC may be unnecessary, but verify against your actual action configuration.

### Fix Focus Areas
- .github/workflows/claude.yml[21-26]
- .github/workflows/claude-code-review.yml[22-27]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[qodo-code-review]

1. Untrusted triggers expose secret 🐞 Bug ⛨ Security

claude.yml runs whenever @claude appears in an issue/PR comment or issue body/title, without
checking author trust/association. Because it injects secrets.CLAUDE_CODE_OAUTH_TOKEN into a
third-party action, any external user who can comment/open issues can trigger billable runs and
potentially exfiltrate the token via the bot’s response.

Agent Prompt

### Issue description
`claude.yml` can be triggered by any commenter/issue author who includes `@claude`, but the workflow passes a sensitive secret (`CLAUDE_CODE_OAUTH_TOKEN`) into the action. This enables untrusted triggering (potential token exfiltration + cost abuse).

### Issue Context
The current `if:` only checks for `contains(..., '@claude')`. Add an allowlist check using `author_association` fields (e.g., `OWNER|MEMBER|COLLABORATOR`) for each event type, and/or require org/repo permission checks.

### Fix Focus Areas
- .github/workflows/claude.yml[14-19]
- .github/workflows/claude.yml[21-26]
- .github/workflows/claude.yml[33-37]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools