-
Notifications
You must be signed in to change notification settings - Fork 8
214 lines (190 loc) · 10.4 KB
/
claude.yml
File metadata and controls
214 lines (190 loc) · 10.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
name: Claude Code
on:
pull_request:
types: [opened]
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened, assigned]
pull_request_review:
types: [submitted]
jobs:
automated-review:
if: github.event_name == 'pull_request' && github.event.pull_request.user.type != 'Bot'
runs-on: ubuntu-latest
concurrency:
group: claude-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
steps:
- name: Verify PR branch is fetchable
env:
GH_TOKEN: ${{ github.token }}
HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
HEAD_REF: ${{ github.event.pull_request.head.ref }}
run: |
for i in 1 2 3; do
if git ls-remote --exit-code "https://github.com/${HEAD_REPO}.git" "refs/heads/${HEAD_REF}" >/dev/null 2>&1; then
echo "Branch ${HEAD_REPO}:${HEAD_REF} verified on attempt ${i}"
exit 0
fi
echo "::warning::Branch not reachable (attempt ${i}/3), retrying in 10s..."
if [ "${i}" -lt 3 ]; then sleep 10; fi
done
echo "::error::PR branch ${HEAD_REPO}:${HEAD_REF} not reachable after 3 attempts — fork may be deleted or branch in transient state"
exit 1
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Run Automated AI Review
id: automated-review
uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
direct_prompt: |
## Review this pull request
You are reviewing a PR for **codegraph** — a local code dependency graph CLI that parses
codebases with tree-sitter (WASM), builds function-level dependency graphs in SQLite, and
supports semantic search with local embeddings.
### Phase 1: Root Cause Analysis
Before reviewing code, determine:
- **What problem is this PR solving?** Is it fixing a real issue or hiding symptoms?
- **Is the approach justified?** Are configuration/linting changes relaxing rules to silence errors?
- ⚠️ REJECT if changes silence warnings without fixing underlying issues
- ⚠️ REJECT if test expectations are lowered to make tests pass
- If you cannot determine the root cause, REQUEST MORE INFORMATION
### Phase 2: Configuration Change Detection (HIGH SCRUTINY)
Check for HIGH-RISK changes:
- Biome/linting rules disabled or relaxed
- Test timeouts increased or coverage thresholds lowered
- Build configuration or module resolution modified
- TypeScript strict mode flags disabled
- **If >3 rules are relaxed → REQUEST justification for each**
### Phase 3: Test Integrity
Watch for RED FLAGS:
- Removed or weakened assertions
- Tests made less strict (conditional assertions, skipped validation)
- Test files modified alongside the code they test without clear reason
- `eslint-disable` or workaround comments without justification
- Large PRs (>20 files) mixing unrelated concerns
### Phase 4: Code Quality
Only after passing Phases 1-3:
- Code quality and best practices
- Potential bugs (especially in tree-sitter extractors, import resolution, SQLite operations)
- Security concerns (command injection in CLI, SQL injection in queries)
- Performance (unnecessary full rebuilds, missing incremental hash checks)
- Test coverage for new functionality
### Phase 5: Backlog Compliance (grade the feature like BACKLOG.md)
Rate the functionality this PR implements on the same axes used in `docs/roadmap/BACKLOG.md`:
**Zero-dep** — Does this PR add new runtime dependencies (`dependencies` in package.json)?
- ✓ = no new deps, builds on tree-sitter/SQLite/existing AST
- ✗ = adds a new npm runtime package → flag it, require strong justification
- Git CLI usage is acceptable (already assumed)
**Foundation-aligned** — Does it comply with FOUNDATION.md core principles?
Red flags that indicate misalignment:
- Adds cloud API calls to the core pipeline → violates P1 (always-current) and P4 (zero-cost core)
- Requires Docker, external DB, or non-npm toolchain → violates zero-infrastructure goal
- Generates code, edits files, or makes decisions → violates P8 (we are not an agent)
- Primarily optimizes for CI/CD or linting → deprioritized by P8
- Breaks programmatic API contract → check against P5 (embeddable-first)
- ✓ = fully aligned, ✗ = conflicts with at least one principle
**Problem-fit (1-5)** — How directly does this address the core problem:
*AI coding assistants waste tokens re-orienting in large codebases, hallucinate dependencies, and miss blast radius.*
- 5 = directly reduces token waste, prevents hallucinated deps, or catches blast-radius breakage
- 4 = improves agent accuracy or reduces round-trips for common tasks
- 3 = useful but doesn't address the core "lost AI" problem
- 2 = nice-to-have, tangential to the stated problem
- 1 = cool feature, doesn't help AI agents navigate codebases
**Breaking** — Does this PR change existing behavior incompatibly?
- Check: CLI output format changes, API signature changes, DB schema changes,
MCP tool contract changes (renamed/removed tools, changed parameter schemas)
- Breaking = Yes → requires major version bump justification
- Breaking = No → purely additive, no concern
**Tier classification and blocking rules:**
- **Tier 1** (zero-dep ✓ + foundation-aligned ✓): No objection on these axes.
- **Tier 2** (foundation-aligned ✓ + zero-dep ✗): ⚠️ REQUEST justification for the new dependency — what does it enable that existing deps cannot?
- **Tier 3** (foundation-aligned ✗): ⚠️ REQUEST CHANGES — needs a deliberate exception with written justification for which principle is being violated and why it's worth it.
- **Problem-fit ≤ 2**: ⚠️ Flag as low-priority / tangential — recommend deferring unless bundled with higher-fit work.
- **Breaking = Yes without major version bump plan**: ⚠️ REQUEST CHANGES — breaking changes must be tracked and versioned.
### Rating (STRICT — default to 2-3 stars)
- ⭐ Critical issues, REJECT
- ⭐⭐ Significant concerns, REQUEST CHANGES
- ⭐⭐⭐ Acceptable with minor concerns, APPROVE with conditions
- ⭐⭐⭐⭐ Good quality, well-tested, APPROVE
- ⭐⭐⭐⭐⭐ Exceptional (< 5% of PRs)
### Final Assessment (MANDATORY)
```
## Root Cause Analysis
**Problem Being Solved**: [...]
**Why This Approach**: [...]
**Risk Assessment**: [...]
## Backlog Compliance
- Zero-dep: [✓ | ✗ — reason]
- Foundation-aligned: [✓ | ✗ — which principle violated]
- Problem-fit: [1-5] — [reason]
- Breaking: [Yes — what breaks | No]
- Tier: [1 | 2 | 3]
## Critical Concerns (if any)
[...]
## Final Recommendation
- Rating: ⭐⭐☆☆☆ (X/5)
- Action: [REJECT | REQUEST CHANGES | APPROVE WITH CONDITIONS | APPROVE]
- Reasoning: [...]
```
Be skeptical but fair. Reference exact line numbers. Explain WHY something is problematic.
NEVER default to approval — require the PR to prove its value.
interactive-claude:
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
runs-on: ubuntu-latest
concurrency:
group: claude-interactive-${{ github.event.issue.number || github.event.pull_request.number }}
cancel-in-progress: true
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
actions: read
steps:
- name: Verify PR branch is fetchable
if: github.event.issue.pull_request
env:
GH_TOKEN: ${{ github.token }}
PR_NUMBER: ${{ github.event.issue.number }}
REPO_FULL_NAME: ${{ github.repository }}
run: |
PR_DATA=$(gh pr view "${PR_NUMBER}" --repo "${REPO_FULL_NAME}" --json headRefName,headRepository,headRepositoryOwner)
HEAD_REPO=$(echo "${PR_DATA}" | jq -r '.headRepositoryOwner.login + "/" + .headRepository.name')
HEAD_REF=$(echo "${PR_DATA}" | jq -r '.headRefName')
for i in 1 2 3; do
if git ls-remote --exit-code "https://github.com/${HEAD_REPO}.git" "refs/heads/${HEAD_REF}" >/dev/null 2>&1; then
echo "Branch ${HEAD_REPO}:${HEAD_REF} verified on attempt ${i}"
exit 0
fi
echo "::warning::Branch not reachable (attempt ${i}/3), retrying in 10s..."
if [ "${i}" -lt 3 ]; then sleep 10; fi
done
echo "::error::PR branch ${HEAD_REPO}:${HEAD_REF} not reachable after 3 attempts — fork may be deleted or branch in transient state"
exit 1
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Run Interactive AI Assistant
id: interactive-claude
uses: anthropics/claude-code-action@beta
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
additional_permissions: |
actions: read