feat(ci): sha-anchored review verification + drop /pr-status#16
Merged
Conversation
Replaces the brittle "wait after CI completion" timestamp-poll protocol with a direct SHA-match check between the latest sticky review comment and the PR head. Drops the /pr-status slash command — the verification ops are now native gh commands inlined where used. Workflow (.github/workflows/claude-code-review.yml): - Add concurrency block with cancel-in-progress; older in-flight reviews die when newer pushes arrive (saves Anthropic tokens + Actions minutes) - Pin checkout to pull_request.head.sha (with || github.sha fallback). Default is the synthetic merge ref — would have the model reviewing merged state while the stamp says head - New "Compute short SHA" step writes the 7-char sha to GITHUB_OUTPUT; the prompt references it as a literal (LLM string slicing is unreliable) - Prompt instructs Claude to start the comment with **Reviewed commit:** <sha> - Drop Bash(gh pr comment:*) from allowedTools (unused — App posts via its own credentials) Drop /pr-status: - Delete commands/pr-status.md (the timestamp-poll command). Same reasoning that previously dropped /pr-create and /pr-merge: Claude already knows how to do these, slash commands wrapping native ops rot - Update skills/plan-execution/SKILL.md FINAL section to inline the verification protocol (gh pr checks --watch + SHA-anchored sticky-comment check with null handling and replication-lag retry) instead of calling /pr-status - Update Integration section to reference the inline ops + per-project memory CLAUDE.md cleanup: - Drop "readiness checks via /pr-status" from Overview - Drop pr-status.md from Plugin Structure; fill in the agents list that was missing implementer, quality-reviewer, quick-reviewer, spec-reviewer - Replace "The PR Readiness Check (Why This Matters)" section with a SHA-anchored protocol summary that points at consuming projects for the project-specific bits Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Claude finished @tombakerjr's task in 1m 48s —— View job Reviewed commit: d48106d CONSIDER: CONSIDER: CONSIDER: |
4 tasks
tombakerjr
added a commit
that referenced
this pull request
May 23, 2026
* chore(docs): scrub /pr-status references from hook + README Follow-up to PR #16 (which dropped /pr-status). Two surfaces still referenced the removed command: the git-guard.py PreToolUse hook (which warned globally on every `gh pr merge`, telling Claude to run /pr-status first — a command that no longer exists) and the README (workflow tables, command list, "The PR Readiness Check" section). git-guard.py: - Rewrite the `gh pr merge` warning text to point at the SHA-anchored verification protocol instead of /pr-status. New message lists the inline steps (gh pr checks --watch, parse Reviewed commit sha, compare to headRefOid) and refers to project CLAUDE.md / memory for the full protocol - Update module docstring to match README.md: - Drop /pr-status from the Slash Commands table (only context-recovery remains) - Update Feature Development Path and Bug Fix Path tables to reference native gh ops instead of /pr-status - Update mermaid flowchart's merge subgraph - Update Git Guards table for the new `gh pr merge` warning text - Rewrite "The PR Readiness Check" section into "PR Review Verification" with the SHA-anchored protocol (matching CLAUDE.md and plan-execution SKILL) - Update Usage Examples to describe the inline flow - Fix Installation Options to use the new repo name `claude-code-workflows` (was `claude-code-pr-workflow`; GitHub redirects but canonical URL is the rename) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(hooks): anchor merge-warning regex to avoid heredoc false-positives The git-guard hook's warning trigger was matching the literal substring anywhere in the command, including inside HEREDOC bodies of unrelated commands (e.g., a git-commit whose message body happens to mention the merge command verbatim). False warnings on `git commit` are noisy and misleading. Mirror the anchor pattern already used by the on-main commit-block check: require start-of-command or a shell-operator boundary (&&, ;, |) before the match. Common invocations still warn; commit messages and other quoted strings don't trigger. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the brittle "wait after CI completion" timestamp-poll protocol with a direct SHA-match check between the latest sticky review comment and the PR head. Drops the
/pr-statusslash command — verification ops are now nativeghcommands inlined where used.Supersedes #15 (closed — branched off stale main; this one starts from current main with broader scope including
plan-executionskill updates).Workflow changes (
.github/workflows/claude-code-review.yml)concurrencyblock withcancel-in-progress: true— older in-flight reviews die when newer pushes arrive. Saves Anthropic tokens and Actions minutes on rapid-push iteration.pull_request.head.sha(with|| github.shafallback). Default is the synthetic merge ref — would have the model reviewing merged state while the stamp says head.Compute short SHAstep writes the 7-char SHA toGITHUB_OUTPUT. The prompt references it as a literal — LLM string-slicing of a 40-char hex is unreliable.**Reviewed commit:** <short-sha>— the anchor downstream verification keys off.Bash(gh pr comment:*)fromallowedTools— unused; the Claude GitHub App posts via its own credentials.Drop
/pr-statuscommands/pr-status.md. Same reasoning that previously dropped/pr-createand/pr-merge: Claude already knows how to do these, and slash commands wrapping native ops rot.skills/plan-execution/SKILL.mdFINAL section to inline the verification protocol (gh pr checks --watch+ SHA-anchored sticky-comment check with null handling and 3× / 5s retry for replication lag) instead of calling/pr-statusin its loop.CLAUDE.md cleanup
pr-status.mdfrom Plugin Structure; fill in the agents list (was missingimplementer,quality-reviewer,quick-reviewer,spec-reviewer).Why
The prior protocol anchored on timestamp comparisons (
comment.created_at > push_timeorcomment.updated_at >= ci.completed_at), which:SHA match is direct, unambiguous, and resilient. Once the workflow stamp lands on main, downstream verification is a few lines of native
gh.Test plan
**Reviewed commit:** <short-sha>headergh pr view --json headRefOid -q .headRefOidNote
README likely has similar staleness around
/pr-statusreferences — out of scope for this PR; separate cleanup.🤖 Generated with Claude Code