This is based on version 1.0.93 plus these commits:
0ca689a fix: fetch base branch to ensure correct PR-only diffs
b7d533d fix: handle fork PRs by fetching via pull/N/head
Link: https://github.com/openwrt/openwrt/pull/22897
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
track_progress: true makes Claude post an initial comment immediately
when triggered and update it with a checklist as it works, so reviewers
can see what Claude is doing rather than waiting for a silent delay.
It also forces tag mode on PR/issue comment events, which is the
correct mode for interactive code review.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Link: https://github.com/openwrt/openwrt/pull/22897
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Allow Bash(grep:*) so Claude can search the codebase for context
during PR reviews. Without this, grep calls using shell glob patterns
were denied even though plain directory greps were allowed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Link: https://github.com/openwrt/openwrt/pull/22897
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The workflow already uses contents: read which prevents GitHub from
accepting any push. The --disallowedTools setting adds a second layer
by stopping Claude from even attempting git write operations.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Link: https://github.com/openwrt/openwrt/pull/22897
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Use a patched fork while waiting for
https://github.com/anthropics/claude-code-action/pull/963 to be
merged and released upstream.
Version v1.0.77 contains many improvments over 1.0.49 which was used
before. It uses Sonnet 4.6 instead of Sonnet 4.5.
Fixes: c0e75c9de6 ("github: add Claude code review workflow triggered by /claude comment")
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Without a prompt the action auto-detected mode: tag instead of agent
when triggered via issue_comment, resulting in no review being posted.
Remove the prompt so the action can correctly use its built-in agent
mode with full PR context.
Fixes: c0e75c9de6 ("github: add Claude code review workflow triggered by /claude comment")
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The claude-code-action uses mcp__github_ci__get_ci_status and related
tools to check workflow run status as part of the review. Without
actions: read the GitHub API calls for CI status are rejected.
Fixes: c0e75c9de6 ("github: add Claude code review workflow triggered by /claude comment")
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The whitelist was too restrictive, causing permission denials when
Claude tried to use basic tools like Read or Grep to analyse the diff.
Remove it and let the action use its default toolset.
Fixes: c0e75c9de6 ("github: add Claude code review workflow triggered by /claude comment")
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add claude-code-review.yml using anthropics/claude-code-action@v1.
The review runs when a PR comment containing "/claude" is posted,
avoiding unnecessary API usage on every push.
Uses issue_comment trigger restricted to PR comments only. Only
triggers for users with write access (OWNER, MEMBER, COLLABORATOR)
and when the comment body contains "/claude", preventing any runner
from being allocated for unrelated comments. A short domain hint
steers the review toward OpenWrt embedded Linux conventions.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Link: https://github.com/openwrt/openwrt/pull/22556
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens