From 8d608aa2a88d0de55dfa56144faf6da7ed577c60 Mon Sep 17 00:00:00 2001 From: c11 Date: Fri, 5 Jun 2026 14:48:23 +0800 Subject: [PATCH 1/3] Restore Claude Assistant workflow --- .github/workflows/claude.yaml | 103 ++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 .github/workflows/claude.yaml diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml new file mode 100644 index 000000000..e12e53435 --- /dev/null +++ b/.github/workflows/claude.yaml @@ -0,0 +1,103 @@ +name: Claude Assistant + +env: + CLAUDE_REVIEW_STANDARDS: >- + 你在 lexmount/agent-starter-react 仓库中工作,项目是基于 Next.js、React 和 LiveKit 的浏览器端 agent starter。任何 code review 必须基于当前 PR diff 和仓库现有代码;如存在 README.md、package.json、Makefile 或相关源码约定,先读取后再判断。 + review 输出必须使用中文;代码标识符、命令、第三方专有名词保留英文。 + review 必须简洁清晰,只输出结论、问题、建议、优先级和必要文件行号。 + 不要输出英文模板、冗长摘要、完整检查清单、执行过程或大段规则复述。 + 重点检查 LiveKit room/track 生命周期、浏览器媒体权限失败路径、React hook 清理、Next.js 客户端/服务端边界、环境变量和 secret 泄露、TypeScript 类型、可访问性、验证完整性和无关改动。 + +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + issues: + types: [opened, assigned] + pull_request_review: + types: [submitted] + pull_request: + types: [opened, synchronize, ready_for_review, reopened] + +jobs: + claude: + if: | + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || + (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) || + (github.event_name == 'pull_request' && github.event.pull_request.draft == false && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review' || github.event.action == 'reopened')) + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + issues: write + actions: read + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + # Interactive @claude requests must not set `prompt`; the action uses the + # user's comment as the task. In this repository, a bare @claude or most + # @claude PR interactions are treated as review requests, so the same + # review standards still apply through `claude_args`. + - name: Run Claude Interactive + if: github.event_name != 'pull_request' + id: claude + uses: anthropics/claude-code-action@v1 + with: + claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + # This is an optional setting that allows Claude to read CI results on PRs + additional_permissions: | + actions: read + + claude_args: >- + --system-prompt "${{ env.CLAUDE_REVIEW_STANDARDS }}" + + # Pull request events have no user comment, so this step supplies the + # review task while reusing the same standards as interactive requests. + - name: Run Claude PR Review + if: github.event_name == 'pull_request' + id: claude_review + uses: anthropics/claude-code-action@v1 + with: + claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + github_token: ${{ secrets.GITHUB_TOKEN }} + track_progress: true + + additional_permissions: | + actions: read + + prompt: | + REPO: ${{ github.repository }} + PR NUMBER: ${{ github.event.pull_request.number }} + + 请审查当前 PR 的 diff。 + + 统一审查标准: + ${{ env.CLAUDE_REVIEW_STANDARDS }} + + 输出要求: + - 最多列 8 条发现;只报告会影响合并判断的问题。 + - 每条发现必须包含优先级、文件行号、问题、建议。 + - 优先级使用 P0/P1/P2:P0 阻塞合并,P1 合并前建议修,P2 可后续优化。 + - Only post GitHub comments - don't submit review text as messages. + + 输出格式: + ## Review 结论 + 通过 / 有条件通过 / 不通过 + + ## 问题及建议 + - [P?] `path:line`:问题。建议:... + + 如果没有发现影响合并的问题,`## 问题及建议` 只写: + 未发现需要阻塞合并的问题。残余风险:... + + claude_args: | + --system-prompt "${{ env.CLAUDE_REVIEW_STANDARDS }}" + --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" From a24b7987095eb2372aa531000ef9f078041501c9 Mon Sep 17 00:00:00 2001 From: c11 Date: Fri, 5 Jun 2026 14:52:32 +0800 Subject: [PATCH 2/3] Tighten Claude workflow permissions --- .github/workflows/claude.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml index e12e53435..4e4c9da26 100644 --- a/.github/workflows/claude.yaml +++ b/.github/workflows/claude.yaml @@ -20,6 +20,10 @@ on: pull_request: types: [opened, synchronize, ready_for_review, reopened] +concurrency: + group: claude-${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.run_id }} + cancel-in-progress: true + jobs: claude: if: | @@ -30,7 +34,7 @@ jobs: (github.event_name == 'pull_request' && github.event.pull_request.draft == false && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review' || github.event.action == 'reopened')) runs-on: ubuntu-latest permissions: - contents: write + contents: read pull-requests: write issues: write actions: read @@ -58,6 +62,7 @@ jobs: claude_args: >- --system-prompt "${{ env.CLAUDE_REVIEW_STANDARDS }}" + --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh issue comment:*),Bash(gh issue view:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" # Pull request events have no user comment, so this step supplies the # review task while reusing the same standards as interactive requests. @@ -79,9 +84,6 @@ jobs: 请审查当前 PR 的 diff。 - 统一审查标准: - ${{ env.CLAUDE_REVIEW_STANDARDS }} - 输出要求: - 最多列 8 条发现;只报告会影响合并判断的问题。 - 每条发现必须包含优先级、文件行号、问题、建议。 @@ -98,6 +100,6 @@ jobs: 如果没有发现影响合并的问题,`## 问题及建议` 只写: 未发现需要阻塞合并的问题。残余风险:... - claude_args: | + claude_args: >- --system-prompt "${{ env.CLAUDE_REVIEW_STANDARDS }}" --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" From 678651161924b3a4fd6f6b71cfacc14d965cac05 Mon Sep 17 00:00:00 2001 From: c11 Date: Fri, 5 Jun 2026 14:58:24 +0800 Subject: [PATCH 3/3] Clarify Claude review arguments --- .github/workflows/claude.yaml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml index 4e4c9da26..d26b6add6 100644 --- a/.github/workflows/claude.yaml +++ b/.github/workflows/claude.yaml @@ -42,12 +42,13 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 with: - fetch-depth: 1 + fetch-depth: 0 # Interactive @claude requests must not set `prompt`; the action uses the # user's comment as the task. In this repository, a bare @claude or most # @claude PR interactions are treated as review requests, so the same # review standards still apply through `claude_args`. + # Non-PR interactions are intentionally scoped to review/comment commands. - name: Run Claude Interactive if: github.event_name != 'pull_request' id: claude @@ -56,10 +57,6 @@ jobs: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} - # This is an optional setting that allows Claude to read CI results on PRs - additional_permissions: | - actions: read - claude_args: >- --system-prompt "${{ env.CLAUDE_REVIEW_STANDARDS }}" --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh issue comment:*),Bash(gh issue view:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" @@ -75,15 +72,15 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} track_progress: true - additional_permissions: | - actions: read - prompt: | REPO: ${{ github.repository }} PR NUMBER: ${{ github.event.pull_request.number }} 请审查当前 PR 的 diff。 + 统一审查标准: + ${{ env.CLAUDE_REVIEW_STANDARDS }} + 输出要求: - 最多列 8 条发现;只报告会影响合并判断的问题。 - 每条发现必须包含优先级、文件行号、问题、建议。 @@ -101,5 +98,4 @@ jobs: 未发现需要阻塞合并的问题。残余风险:... claude_args: >- - --system-prompt "${{ env.CLAUDE_REVIEW_STANDARDS }}" --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"