Skip to content

Add Claude Code GitHub Workflow#117

Open
wehappyfew wants to merge 4 commits into
mainfrom
add-claude-github-actions-1770643559948
Open

Add Claude Code GitHub Workflow#117
wehappyfew wants to merge 4 commits into
mainfrom
add-claude-github-actions-1770643559948

Conversation

@wehappyfew

Copy link
Copy Markdown

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

  • Bug fixes and improvements
  • Documentation updates
  • Implementing new features
  • Code reviews and suggestions
  • Writing tests
  • And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

  • This workflow won't take effect until this PR is merged
  • @claude mentions won't work until after the merge is complete
  • The workflow runs automatically whenever Claude is mentioned in PR or issue comments
  • Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

  • Our Anthropic API key is securely stored as a GitHub Actions secret
  • Only users with write access to the repository can trigger the workflow
  • All Claude runs are stored in the GitHub Actions run history
  • Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
  • We can add more allowed tools by adding them to the workflow file like:
allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

@crucible-burnt crucible-burnt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review — Claude Code GitHub Workflow

Identical to xion#483. Same notes apply — looks good, no blockers.

@crucible-burnt crucible-burnt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Crucible Security Review

Summary

Adds Claude Code GitHub Actions for the contracts repo — same pattern as xion repo.

Security Assessment

  • Risk Level: Low ✅
  • Identical configuration to burnt-labs/xion PR #483
  • API key in secrets, appropriate permission scoping
  • No write access to repository content

Immunefi Pattern Check

  • N/A — CI/CD tooling

False Report Risk

  • None

Code Quality Notes

  • Consistent implementation across repos

Status

No security concerns. Standard AI-assisted review tooling.

@2xburnt
2xburnt self-requested a review March 6, 2026 00:53
@crucible-burnt
crucible-burnt force-pushed the add-claude-github-actions-1770643559948 branch from 3703b47 to a85f33b Compare March 6, 2026 01:47

@crucible-burnt crucible-burnt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Crucible Security Review

Summary

Adds two GitHub Actions workflows: Claude Code automated PR review and Claude Code interactive (via @claude mentions). CI/CD configuration only, no contract code changes.

Security Assessment

  • Risk Level: Low

Findings:

  1. Permissions scope (claude-code-review.yml): Uses id-token: write permission, which allows OIDC token generation. This is standard for Anthropic's action but worth noting — it means the workflow can request tokens that identify as the repo.

  2. No write permissions for PRs: Both workflows only have pull-requests: read and issues: read. This means Claude cannot post comments or modify PRs. If the intent is for Claude to post review comments, pull-requests: write would be needed. As-is, the review output might only appear in workflow logs.

  3. Secret exposure: CLAUDE_IN_GH_ACTIONS_API_TOKEN is properly stored as a GitHub secret. No hardcoded credentials.

  4. Trigger scope (claude.yml): The interactive workflow triggers on issue_comment, pull_request_review_comment, issues, and pull_request_review. The @claude filter is good, but any user who can comment on issues/PRs can trigger the workflow and consume API credits.

Immunefi Pattern Check

  • No contract code changes. No matches.

False Report Risk

  • None. CI/CD only.

Code Quality Notes

  • Consider adding pull-requests: write if Claude should actually post comments
  • Consider restricting the @claude trigger to org members to prevent API credit abuse
  • The plugin_marketplaces URL points to Anthropic's own repo — verify this is the intended source

Status

Low-risk CI addition. Minor suggestions on permissions and access control.

@crucible-burnt crucible-burnt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Crucible Security Review

Summary

Adds two GitHub Actions workflows for Claude Code integration — automated PR review and interactive @claude mentions. Low security surface.

Security Assessment

  • Risk Level: Low

  • Permissions are appropriately scoped: contents: read, pull-requests: read, issues: read, id-token: write (for OIDC)

  • No write permissions to contents or pull-requests — Claude cannot modify code or approve PRs

  • API key stored in secrets.CLAUDE_IN_GH_ACTIONS_API_TOKEN — standard GitHub secrets management

  • The claude.yml workflow triggers on @claude mentions in issue/PR comments — this is public-facing and could be triggered by any commenter. Ensure the API key has appropriate rate limits/budgets to prevent cost abuse from external contributors spamming @claude

Immunefi Pattern Check

  • N/A — CI/CD workflow only, no on-chain code changes

False Report Risk

  • None

Code Quality Notes

  • claude-code-review.yml uses fetch-depth: 1 — this is fine for review context but may limit Claude's ability to see full file history
  • Consider adding a condition to claude.yml to restrict @claude to org members only (e.g., github.event.comment.author_association check) to prevent external abuse

Status

Clean from a security perspective. Minor recommendation to add author-association filtering on the interactive workflow.

@crucible-burnt crucible-burnt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Crucible Security Review

Summary

CI workflow addition for Claude Code automated reviews. No application code changes — purely DevOps/CI configuration.

Security Assessment

  • Risk Level: Low
  • Workflow permissions: Both workflows request contents: read, pull-requests: read, issues: read, id-token: write. The id-token: write permission is required by the Anthropic action for OIDC token exchange — standard pattern, not a concern.
  • Secret exposure: Uses secrets.CLAUDE_IN_GH_ACTIONS_API_TOKEN — ensure this is a dedicated API key with appropriate rate limits, not a shared org-wide key.
  • Trigger scope: claude.yml triggers on @claude mentions in comments/issues/reviews. This is open to any commenter — verify the Anthropic action itself gates who can invoke it (e.g., org membership check), otherwise any GitHub user could trigger API calls by commenting @claude on public issues.
  • actions: read in additional_permissions: Low risk, allows Claude to read CI results.

Immunefi Pattern Check

  • No matches — this is CI configuration only, no smart contract or chain logic changes.

False Report Risk

  • None — no application code involved.

Code Quality Notes

  • Consider adding path filters to claude-code-review.yml to avoid triggering on docs-only PRs (commented out currently).
  • The claude.yml workflow has no author filtering enabled (all commented out). For a public repo, this means anyone can trigger Claude by commenting. Recommend enabling the author_association filter or a team-based allowlist.
  • Both workflows use fetch-depth: 1 which is fine for review context.

Status

Low-risk CI addition. Main recommendation: enable author filtering on claude.yml to prevent abuse on public repos. No security blockers.

@crucible-burnt crucible-burnt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Crucible Security Review

Summary

Adds two GitHub Actions workflows: Claude Code Review (auto-triggered on PRs) and Claude Code (triggered by @claude mentions in issues/PRs). CI config only.

Security Assessment

  • Risk Level: Low
  • Permissions scoping is appropriately minimal: contents: read, pull-requests: read, issues: read, id-token: write. No write permissions to contents or PRs — Claude cannot merge or modify code.
  • Secret reference: ${{ secrets.CLAUDE_IN_GH_ACTIONS_API_TOKEN }} — ensure this secret is scoped to this repo only and rotated periodically.
  • id-token: write: Required for OIDC authentication by the action. Standard for Anthropic's action.
  • actions: read in claude.yml as additional permission — allows Claude to read CI results. Acceptable.
  • Third-party action: anthropics/claude-code-action@v1 — pinned to v1 tag (major version). Consider pinning to a specific SHA for supply chain security: anthropics/claude-code-action@<sha>.
  • Plugin marketplace: claude-code-review.yml uses plugin_marketplaces and plugins — the marketplace URL points to the official anthropic repo, which is fine, but plugins could be a vector if the marketplace is compromised.

Immunefi Pattern Check

  • Not applicable — CI config only.

False Report Risk

  • None.

Code Quality Notes

  • Clean workflow configuration.
  • Good separation: one workflow for automated review on all PRs, another for interactive Claude usage via @mentions.
  • Consider adding path filters to claude-code-review.yml to avoid running on docs-only PRs.

Status

Clean. Minor recommendation to pin the action to a commit SHA for supply chain hardening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants