From 10510dff2348676f9349f893937cbd0d5662d9d0 Mon Sep 17 00:00:00 2001
From: Quanyi Ma <eli@patch.sh>
Date: Wed, 14 Jan 2026 00:19:57 +0800
Subject: [PATCH 1/2] Add Claude review action

Signed-off-by: Quanyi Ma <eli@patch.sh>
---
 .github/workflows/claude-review.yml | 59 +++++++++++++++++++++++------
 1 file changed, 48 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index 3dea45a..e667677 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -1,45 +1,82 @@
-name: Claude Code
+name: Claude Code Review with Progress Tracking
 
 on:
   issue_comment:
     types: [created]
   pull_request_review_comment:
-    types: [created, synchronize, ready_for_review, reopened]
+    types: [created, edited, deleted]
   issues:
     types: [opened, assigned]
   pull_request_review:
     types: [submitted]
+  pull_request_target:
+    types: [opened, synchronize, reopened]
 
 permissions:
   contents: read
   pull-requests: write
-  issues: read
+  issues: write
+  actions: write
 
 jobs:
   claude-review-with-tracking:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
-      id-token: write
+
+    if: |
+          (
+            github.event_name == 'pull_request_target' &&
+            (
+              github.event.pull_request.author_association == 'OWNER' ||
+              github.event.pull_request.author_association == 'MEMBER' ||
+              github.event.pull_request.author_association == 'COLLABORATOR'
+            )
+          ) ||
+          (
+            (github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment') &&
+            contains(github.event.comment.body, '@claude') &&
+            (
+              github.event.comment.author_association == 'OWNER' ||
+              github.event.comment.author_association == 'MEMBER' ||
+              github.event.comment.author_association == 'COLLABORATOR'
+            )
+          ) ||
+          (
+            github.event_name == 'pull_request_review' &&
+            contains(github.event.review.body, '@claude') &&
+            (
+              github.event.review.author_association == 'OWNER' ||
+              github.event.review.author_association == 'MEMBER' ||
+              github.event.review.author_association == 'COLLABORATOR'
+            )
+          )
+
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
-          fetch-depth: 1
+          fetch-depth: 0
+          ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
+
+      - name: Checkout PR Branch (for comments)
+        if: ${{ github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr checkout ${{ github.event.issue.number || github.event.pull_request.number }}
 
       - name: PR Review with Progress Tracking
         uses: anthropics/claude-code-action@v1
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
 
           # Enable progress tracking
           track_progress: true
+          show_full_output: true
 
           # Your custom review instructions
           prompt: |
             REPO: ${{ github.repository }}
-            PR NUMBER: ${{ github.event.pull_request.number }}
 
             Perform a comprehensive code review with the following focus areas:
 
@@ -73,4 +110,4 @@ jobs:
 
           # Tools for comprehensive PR review
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"
\ No newline at end of file
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"

From d24f5ad60bb26cf2e58c87279503736f77e4369d Mon Sep 17 00:00:00 2001
From: Quanyi Ma <eli@patch.sh>
Date: Wed, 14 Jan 2026 00:29:37 +0800
Subject: [PATCH 2/2] Update claude review

Signed-off-by: Quanyi Ma <eli@patch.sh>
---
 .github/workflows/claude-review.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index e667677..b6643b6 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -10,7 +10,7 @@ on:
   pull_request_review:
     types: [submitted]
   pull_request_target:
-    types: [opened, synchronize, reopened]
+    types: [opened, synchronize, closed]
 
 permissions:
   contents: read
@@ -21,7 +21,11 @@ permissions:
 jobs:
   claude-review-with-tracking:
     runs-on: ubuntu-latest
-
+    
+    # Only run for:
+    # 1. PRs from trusted users (OWNER/MEMBER/COLLABORATOR)
+    # 2. Comments mentioning @claude from trusted users
+    # 3. PR reviews mentioning @claude from trusted users
     if: |
           (
             github.event_name == 'pull_request_target' &&
@@ -54,11 +58,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0
+          fetch-depth: 1
           ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
 
       - name: Checkout PR Branch (for comments)
-        if: ${{ github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' }}
+        if: ${{ github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment' || github.event_name == 'pull_request_review' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |