ci: add automated PR review workflow using Claude

[janhesters]

Summary

• Adds .github/workflows/aidd-review-claude.yml — a GitHub Actions workflow that automatically reviews non-draft PRs using Claude Code with the aidd-review skill
• Posts inline comments on specific files/lines and a full review summary comment
• Uploads the Claude execution log as a build artifact for debugging

Prerequisites

• The ANTHROPIC_API_KEY secret must be configured in the repo settings

Test plan

• Open a draft PR and verify the workflow does not run
• Mark the PR as ready for review and verify the workflow triggers
• Confirm inline comments appear on changed files
• Confirm a summary comment is posted on the PR
• Verify the claude-review-log artifact is uploaded

[ianwhitedeveloper]

🔬 Code Review — PR #154

Full review content for reference

ci: add automated PR review workflow using Claude

1. Churn Hotspot Cross-Reference

🎯 Cross-reference the PR diff against churn hotspots.
💡 The PR adds a single new file .github/workflows/aidd-review-claude.yml (105 lines).
🪞 None of the top-20 hotspot files are touched.
💬 Low risk from a churn perspective. The diff avoids all known hotspots.

---

2. Code Structure and Organization

🎯 Evaluate file placement and naming.
💡 A single workflow file placed in .github/workflows/ — the standard location.
🪞 Naming follows the existing convention (test.yml, release.yml → aidd-review-claude.yml). The -claude suffix is descriptive and leaves room for future review workflows using other models.
💬 Good. Structure and naming are clean.

---

3. Adherence to Coding Standards and Best Practices

3a. fetch-depth: 1 prevents churn analysis

        with:
          fetch-depth: 1

The aidd-review skill's step 1 is: "Use /aidd-churn to identify hotspot files in the diff." The churn skill requires git history (compatibility: Requires git history). A shallow clone with fetch-depth: 1 provides no meaningful history for churn scoring.

Recommendation: Use fetch-depth: 0 (full history) or at least a substantial depth like fetch-depth: 100.

3b. Claude cannot run npx aidd churn

          claude_args: |
            --model claude-sonnet-4-6 --max-turns 20 --allowedTools "Read,Glob,Grep,Bash(gh pr diff:*),Bash(gh pr view:*),Bash(echo:*),mcp__github_inline_comment__create_inline_comment" --disallowedTools "Task,Write,Edit"

The allowedTools whitelist restricts Bash to gh pr diff, gh pr view, and echo. The review skill instructs Claude to run npx aidd churn, but Claude physically cannot execute it. There's also no npm install step, so even if Bash(npx:*) were allowed, the CLI wouldn't be available.

Recommendation: Either add Bash(npx:*) to allowedTools and add a setup-node + npm install step (with fetch-depth: 0), or explicitly note in the prompt that churn analysis is unavailable in CI and should be skipped.

3c. Missing synchronize event type

on:
  pull_request:
    types: [opened, ready_for_review, reopened]

New pushes to an open PR won't trigger a re-review. After addressing review feedback and pushing fixes, the author gets no automated re-review. This may be intentional (cost control), but it's a significant UX gap.

Recommendation: If cost is a concern, consider adding synchronize but gating re-reviews behind a PR label (e.g., needs-review) rather than omitting the trigger entirely. Alternatively, document this as an intentional limitation.

3d. No job timeout-minutes

The job doesn't set a timeout-minutes. With --max-turns 20, Claude could take a long time. The default GitHub Actions timeout is 6 hours.

Recommendation: Add timeout-minutes: 15 (or similar) to the job to prevent runaway costs.

3e. Unnecessary permissions

permissions:
  contents: read
  pull-requests: write
  issues: write
  id-token: write

• issues: write — not used anywhere in the workflow. PR comments use pull-requests: write.
• id-token: write — used for OIDC federation with cloud providers, which this workflow doesn't do.

Recommendation: Remove issues: write and id-token: write to follow the principle of least privilege.

---

4. Test Coverage

🎯 Evaluate test coverage for the change.
💡 CI workflows aren't typically unit tested. The PR description includes a manual test plan with 5 verification steps.
🪞 The test plan is appropriate and covers the key scenarios (draft skip, trigger, inline comments, summary comment, artifact upload).
💬 Adequate. Manual testing is the right approach here.

---

5. Performance Considerations

🎯 Assess performance and cost implications.
💡 Concurrency group with cancel-in-progress: true prevents duplicate reviews — good. --max-turns 20 provides a ceiling. continue-on-error: true ensures post-processing always runs.
🪞 Missing timeout-minutes (covered above). No cost control mechanism — every non-draft PR open/reopen consumes API credits.
🔭 Consider adding a label-based gate (e.g., skip review if PR has a skip-review label) for trivial changes like documentation-only PRs.
💬 Mostly good, but add a timeout and consider a cost-control mechanism.

---

6. Security Deep Scan (OWASP Top 10 2021)

#	Category	Status	Notes
A01	Broken Access Control	Pass	pull_request trigger runs in restricted fork context; secrets unavailable to forks
A02	Cryptographic Failures	N/A	No crypto operations
A03	Injection	Pass	$BODY is double-quoted in the gh pr comment call; Bash variable expansion inside double quotes does not interpret command substitution
A04	Insecure Design	Pass	Reasonable error handling with continue-on-error and fallbacks
A05	Security Misconfiguration	Warning	Excess permissions (issues: write, id-token: write) — see 3e
A06	Vulnerable & Outdated Components	Info	Actions use major version tags (@v4, @v1) rather than SHA pins. Consistent with existing workflows, but a supply-chain risk
A07	Identification & Auth Failures	N/A
A08	Software & Data Integrity	Info	Same as A06 — unpinned action tags
A09	Security Logging & Monitoring	Pass	Claude execution log uploaded as artifact
A10	SSRF	N/A

Key finding: The ANTHROPIC_API_KEY is properly stored as a GitHub secret — no visible keys or tokens in the workflow file.

---

7. UI/UX Implementation

N/A — this is a CI workflow, no UI components.

---

8. Architectural Patterns and Design Decisions

🎯 Evaluate the approach of using Claude Code for automated PR review.
💡 The design cleverly reuses the existing aidd-review skill, posts inline comments for file-specific findings, and extracts the final message as a summary comment. The "Quick fix prompt" section is excellent developer experience.
🪞 The contradiction in the prompt is intentionally designed (Claude doesn't post the summary; the workflow does), but the wording could confuse Claude:

            Constraints {
              Post inline comments only — do NOT post a summary comment.
              Do NOT emit review text as plain messages between tool calls.
              A post-processing step extracts your final message as the summary comment.
            }

Recommendation: Rephrase to reduce ambiguity: "Your inline comments will be posted directly. Your FINAL message will be extracted and posted as the summary comment by the workflow — do not use gh pr comment yourself."

🔭 The hardcoded path /home/runner/work/_temp/claude-execution-output.json couples to the internal behavior of anthropics/claude-code-action@v1. If the action changes this path in a future version, the summary step breaks silently (falling back to "No execution log found").

Recommendation: Check if claude-code-action exposes an output variable for the log path, and use that instead.

---

9. Commit Message Quality

The commit message ci: add automated PR review workflow using Claude follows conventional commit format with the ci: prefix. The body provides adequate context. Good.

10. Summary of Findings

Must Fix (blocking)

#	Finding	Severity
1	Excess permissions: remove issues: write and id-token: write	Medium
2	Add timeout-minutes to prevent runaway execution	Medium

Should Fix (recommended)

#	Finding	Severity
3	fetch-depth: 1 prevents churn analysis — use fetch-depth: 0	Medium
4	Claude's allowedTools don't include npx; churn analysis is impossible — either enable it or document the limitation in the prompt	Medium
5	Clarify the prompt wording around summary comment posting to reduce ambiguity	Low

Consider (nice to have)

#	Finding	Severity
6	Add synchronize trigger (or document why it's excluded)	Low
7	Add a label-based opt-out mechanism for cost control	Low
8	Avoid hardcoding the Claude execution log path if the action exposes an output	Low
9	Pin actions to commit SHAs for supply-chain security (project-wide decision)	Info

---

Quick fix prompt

Fix the following review findings in PR #154:
1. .github/workflows/aidd-review-claude.yml:10-11 — Remove `issues: write` and `id-token: write` permissions (unnecessary, violates least privilege)
2. .github/workflows/aidd-review-claude.yml:19 — Add `timeout-minutes: 15` to the `aidd-review` job
3. .github/workflows/aidd-review-claude.yml:25 — Change `fetch-depth: 1` to `fetch-depth: 0` to enable churn analysis
4. .github/workflows/aidd-review-claude.yml:70 — Add `Bash(npx:*)` to allowedTools, and add a setup-node + npm install step before the Claude step (or add a prompt note that churn is unavailable in CI)
5. .github/workflows/aidd-review-claude.yml:37-40 — Rephrase the Constraints block to clarify that the workflow (not Claude) posts the summary comment

[janhesters]

@ianwhitedeveloper Thanks for the thorough review! A few responses on some of the findings:

#1 (permissions): Both issues: write and id-token: write are actually required by claude-code-action — the action's own example workflow includes them. Removing them breaks the action.

#5 (prompt wording): The current wording is intentional and working as designed. Claude writes the summary as its final message (plain text), then the post-processing step extracts and posts it. The "do NOT post a summary comment" means don't use gh pr comment directly.

#6 (synchronize trigger): Intentionally excluded for cost control — we only want one review per PR open/reopen, not on every push.

Addressing the rest (#2, #3, #4, #7, #8, #9) in the next commit.

[ianwhitedeveloper]

Approved.

Great iteration on the requested feedback. The remaining items are recommended enhancements (non-blocking):

1. Scope Bash(npx:*) more tightly (or run churn in a fixed workflow step) to reduce prompt-injection blast radius from arbitrary npx execution in model-controlled commands.
2. Pin GitHub Actions to full commit SHAs (checkout, setup-node, claude-code-action, upload-artifact) for stronger supply-chain integrity; major tags are still mutable.
3. Optionally add a short note in docs/PR template clarifying that these are hardening follow-ups, not merge blockers.

Current implementation is solid and ready to merge from my side.

[janhesters]

@ianwhitedeveloper Thanks for the approval!

#1 (scope npx): Agreed, tightening to Bash(npx aidd:*) — applying now.

#2 (SHA pinning): Going to skip this for now. All our existing workflows use version tags, and SHA pinning makes version bumps a manual chore. If we adopt it, it should be a project-wide decision rather than one-off in this workflow.

#3 (docs note): Skipping — the PR description and commit messages provide enough context.