Skip to content

docs: update Claude Auto Review README with action version and clarify review triggers #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bkrem merged 1 commit into from
Aug 15, 2025
Merged

docs: update Claude Auto Review README with action version and clarify review triggers #30

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions claude/auto-review/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:
fetch-depth: 0

- name: Claude Review
uses: your-org/your-repo/.github/actions/claude-auto-review@main
uses: WalletConnect/actions/claude/auto-review@2b2c5b87b4375cddade164ca0c78d6faae417256
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
Expand Down Expand Up @@ -184,7 +184,7 @@ jobs:

### Incremental Reviews

For PR updates (`synchronize` events), Claude:
For PR updates (`synchronize` events) or manual `@claude review` triggers after the initial review, Claude:

- ✅ Checks existing review comments
- ✅ Only flags **new** issues in latest commits
Expand Down Expand Up @@ -284,17 +284,21 @@ jobs:
## Security Considerations

### Access Control

- Only users with repository write access can trigger the Claude Code Action
- GitHub Apps and bots are blocked by default for additional security
- Authentication tokens are short-lived and scoped to the specific repository

### Required GitHub App Permissions

The Claude GitHub App requires these specific permissions:

- **Pull Requests**: Read/write access to create and update pull request reviews
- **Issues**: Read/write access to respond to issue comments
- **Issues**: Read/write access to respond to issue comments
- **Contents**: Read/write access to analyze and modify repository files

### Credential Security

⚠️ **CRITICAL**: Never hardcode your Anthropic API key or OAuth token in workflow files!

- ✅ **Correct**: Always store credentials in GitHub Secrets: `${{ secrets.ANTHROPIC_API_KEY }}`
Expand All @@ -303,12 +307,14 @@ The Claude GitHub App requires these specific permissions:
- All communication between the action and Anthropic's API uses HTTPS

### Additional Security Features

- All commits made by Claude are automatically signed for authenticity verification
- The action only has read access to code and write access to PR comments
- No code or sensitive data is stored by the action beyond the GitHub workflow execution
- Short-lived tokens ensure minimal security exposure window

### For Complete Security Details

For comprehensive security information and best practices, see the [official Claude Code Action security documentation](https://github.com/anthropics/claude-code-action/blob/main/docs/security.md).

## Support
Expand All @@ -318,4 +324,3 @@ For issues with the action itself, please check:
1. GitHub Actions logs for detailed error messages
2. Anthropic API status and quotas
3. Repository permissions and secrets configuration