Consolidate AI PR review into single Claude Code workflow#71
Conversation
Replace the per-persona curl pipeline (pr-review.yml + ai-persona-review.yml) with a single claude-review.yml built on anthropics/claude-code-action. An orchestrator (.github/claude-review-prompt.md) fans out to one isolated subagent per review lens (.claude/agents/review-*.md: extensibility, testing, security), then consolidates all findings into ONE sticky comment plus inline comments for important findings only. This ends the churn of a fresh top-level comment per persona on every push, and gives each lens a clean context. Cadence and cost controls: - Auto-review once when a PR opens non-draft or leaves draft; re-review on demand via an @claude comment. No per-push reviews. - concurrency group cancels an in-flight review when a new push/mention lands. - [skip-review] in the PR title (or a skip-review label) opts a PR out of both the Claude review and CodeRabbit; @claude still works as a manual override. - Reuses the ambient GITHUB_TOKEN and existing ANTHROPIC_API_KEY secret. Also fixes CodeRabbit's base_branches to cover the default branch (mainline, which the old config omitted) and quiets it (quiet profile, collapsed walkthrough, incremental reviews, same skip-review override). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_017RS1pjrpm7c5AdirmmAtwX
|
Claude finished @DiamondDagger590's task in 4m 11s —— View job McCore PR Review —
|
|
Warning Review limit reached
Next review available in: 50 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (9)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
| on-demand: | ||
| if: >- | ||
| (github.event_name == 'issue_comment' && | ||
| github.event.issue.pull_request != null && | ||
| contains(github.event.comment.body, '@claude')) || | ||
| (github.event_name == 'pull_request_review_comment' && | ||
| contains(github.event.comment.body, '@claude')) |
There was a problem hiding this comment.
IMPORTANT (security): on-demand has no fork/author gate, unlike auto-review which explicitly checks head.repo.full_name == github.repository (line 39).
issue_comment/pull_request_review_comment containing @claude can be posted by anyone who can comment on a public repo's PR — including on a PR opened from a fork. claude-code-action's tag mode checks out and operates on the PR's actual head commit, so this job would run Bash/Read/Grep against attacker-controlled code with ANTHROPIC_API_KEY in the environment and pull-requests: write / issues: write permissions available — a classic "pwn request" pattern. The deleted ai-persona-review.yml had explicit comments guarding against exactly this (never checking out PR-head code from untrusted sources); that protection wasn't carried over here.
Suggest gating on commenter trust, mirroring GitHub's own recommended pattern:
| on-demand: | |
| if: >- | |
| (github.event_name == 'issue_comment' && | |
| github.event.issue.pull_request != null && | |
| contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review_comment' && | |
| contains(github.event.comment.body, '@claude')) | |
| on-demand: | |
| if: >- | |
| ((github.event_name == 'issue_comment' && | |
| github.event.issue.pull_request != null && | |
| contains(github.event.comment.body, '@claude')) || | |
| (github.event_name == 'pull_request_review_comment' && | |
| contains(github.event.comment.body, '@claude'))) && | |
| contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association) |
Gate the on-demand @claude job to OWNER/MEMBER/COLLABORATOR only, preventing untrusted commenters from triggering reviews on fork PRs. Change skip label from skip-review to skip-claude-review for more targeted control (CodeRabbit keeps its own skip-review label). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_017RS1pjrpm7c5AdirmmAtwX
- Add fork-check pre-step to on-demand job that rejects @claude mentions on fork PRs (prevents attacker-controlled checkout with secrets in scope) - SHA-pin anthropics/claude-code-action to fffa3483 (v1) in both jobs, matching the existing checkout SHA-pin convention - Remove stale TODO comment about pinning claude-code-action Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_017RS1pjrpm7c5AdirmmAtwX
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_017RS1pjrpm7c5AdirmmAtwX
- Checkout PR head ref for on-demand reviews so Read/Grep/Glob see the PR code instead of the default branch - Remove Bash from testing agent tools (only needs Read/Grep/Glob) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_017RS1pjrpm7c5AdirmmAtwX
Summary
Replaces the two-stage AI PR review pipeline (
pr-review.yml+ai-persona-review.yml) with a unifiedclaude-review.ymlworkflow powered by the Anthropic Claude Code Action. The new workflow posts a single sticky comment per review instead of multiple top-level comments, reduces per-push review spam, and enables on-demand re-review via@claudementions.Key Changes
pr-review.yml(detect-changes + prepare-review jobs) andai-persona-review.yml(persona orchestration)claude-review.ymlwith two jobs:auto-review: runs once when a PR opens non-draft or leaves draft (no per-push reviews)on-demand: triggered by@claudementions in PR comments or review comments.github/claude-review-prompt.md— orchestration protocol defining how the review orchestrator routes to persona subagents, consolidates findings, and posts a single sticky comment with inline review comments for Important findings only.claude/agents/review-*.md— four isolated persona subagents (extensibility, security, testing, and a placeholder for future lenses) that return structured findings to the orchestrator instead of posting comments directly.coderabbit.yamlto:auto_incremental_reviewfor incremental feedback[skip-review]title keyword andskip-reviewlabel support (mirrors Claude workflow)mainline+develop(removerecode)CLAUDE.mdto document the new review workflow and persona agent definitionsNotable Implementation Details
<details>block. Inline review comments are created only for Important findings.@claudere-review, the orchestrator reads the previous sticky comment, passes previously-reported findings to each lens, and suppresses new nits to avoid review spirals on unchanged code.@claudementions on the same PR cancel in-flight reviews via a concurrency group.@claudemention.Rationale
The old pipeline posted a fresh top-level comment per persona on every push, creating review spam and making it hard to track which findings were resolved. The new workflow:
@claude)https://claude.ai/code/session_017RS1pjrpm7c5AdirmmAtwX