claude-review.yml

# Copyright (c) Facebook, Inc. and its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Claude Assistant for PRs
#
# This workflow enables Claude-powered interactions on pull requests from forks.
# Since secrets are not available to workflows triggered by fork PRs (for security),
# this uses a comment-triggered approach where a maintainer must explicitly request
# assistance by commenting on the PR.
#
# Supported Commands:
# - /claude-review [additional context] : Perform a thorough code review of the PR.
#     Optionally provide additional context or instructions after the command.
#     Example: /claude-review Please focus on memory safety and thread safety.
# - /claude-query <question> : Ask Claude a question about the PR or codebase
#
# Security Model:
# - Only authorized users can trigger Claude (verified before any code access)
# - Code is fetched as text only (never executed)
# - Claude uses read-only tools (no Bash, no file writes)
# - All operations run in the context of the base repository

name: Claude Assistant

on:
  issue_comment:
    types: [created]

  # Manual trigger for testing - can be removed after validation
  workflow_dispatch:
    inputs:
      pr_number:
        description: PR number to review
        required: true
        type: number
      dry_run:
        description: Dry run (skip posting comment)
        required: false
        type: boolean
        default: true
      model:
        description: Claude model to use
        required: false
        type: choice
        options:
          - claude-opus-4-6
          - claude-opus-4-1-20250805
          - claude-sonnet-4-20250514
          - claude-4-0-sonnet-20250805
        default: claude-opus-4-6

# Restrict default permissions
permissions:
  contents: read

jobs:
  claude-assistant:
    name: Claude Assistant
    runs-on: ubuntu-latest

    # Job-level permissions - only what's needed for this job
    permissions:
      contents: read
      pull-requests: write
      issues: write

    # Run if:
    # A) workflow_dispatch: Manual trigger for testing
    # B) issue_comment: PR comment with /claude-review or /claude-query from authorized user
    if: >-
      github.event_name == 'workflow_dispatch' ||
      (
        github.event.issue.pull_request &&
        (contains(github.event.comment.body, '/claude-review') || contains(github.event.comment.body, '/claude-query')) &&
        contains(fromJSON('["kgpai", "mbasmanova", "pedroerp", "yuhta", "kagamiori", "bikramSingh91", "kevinwilfong", "xiaoxmeng", "kKPulla", "juwentus1234", "penescu", "srsuryadev", "jainxrohit"]'), github.event.comment.user.login)
      )

    steps:
      # Step 1: Acknowledge the request (skip for workflow_dispatch)
      - name: Add reaction to comment
        if: github.event_name == 'issue_comment'
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            await github.rest.reactions.createForIssueComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              comment_id: context.payload.comment.id,
              content: 'eyes'
            });

      # Step 2: Detect command type and extract query
      - name: Detect command type
        id: command
        if: github.event_name == 'issue_comment'
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            const body = context.payload.comment.body;

            if (body.includes('/claude-review')) {
              core.setOutput('type', 'review');
              // Extract optional additional context after /claude-review
              const reviewMatch = body.match(/\/claude-review\s+([\s\S]*)/);
              const additionalContext = reviewMatch ? reviewMatch[1].trim() : '';
              core.setOutput('query', additionalContext);
            } else if (body.includes('/claude-query')) {
              // Extract everything after /claude-query
              const match = body.match(/\/claude-query\s+([\s\S]*)/);
              const query = match ? match[1].trim() : '';
              if (!query) {
                core.setFailed('No query provided after /claude-query. Usage: /claude-query <your question>');
                return;
              }
              core.setOutput('type', 'query');
              core.setOutput('query', query);
            } else {
              core.setFailed('Unknown command');
            }

      # Step 3: Get PR information (set command type for workflow_dispatch)
      - name: Set command type for workflow_dispatch
        id: command_dispatch
        if: github.event_name == 'workflow_dispatch'
        run: |
          echo "type=review" >> "$GITHUB_OUTPUT"
          echo "query=" >> "$GITHUB_OUTPUT"

      # Step 4: Get PR information
      - name: Get PR details
        id: pr_info
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          # Pass input via env to avoid template injection
          INPUT_PR_NUMBER: ${{ inputs.pr_number }}
        with:
          script: |
            // Get PR number from either issue_comment or workflow_dispatch input
            const prNumber = context.eventName === 'workflow_dispatch'
              ? parseInt(process.env.INPUT_PR_NUMBER, 10)
              : context.issue.number;

            const pr = await github.rest.pulls.get({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: prNumber
            });

            core.setOutput('head_repo', pr.data.head.repo.clone_url);
            core.setOutput('head_ref', pr.data.head.ref);
            core.setOutput('head_sha', pr.data.head.sha);
            core.setOutput('base_sha', pr.data.base.sha);
            core.setOutput('base_ref', pr.data.base.ref);
            core.setOutput('pr_title', pr.data.title);
            core.setOutput('pr_body', pr.data.body || '');
            core.setOutput('pr_author', pr.data.user.login);

      # Step 3: Checkout base repository (safe - this is our own code)
      - name: Checkout base repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          ref: ${{ steps.pr_info.outputs.base_ref }}
          fetch-depth: 0
          persist-credentials: false

      # Step 4: Fetch PR branch and generate diff (read-only, no execution)
      - name: Generate PR diff
        id: generate_diff
        env:
          HEAD_REPO: ${{ steps.pr_info.outputs.head_repo }}
          HEAD_REF: ${{ steps.pr_info.outputs.head_ref }}
          HEAD_SHA: ${{ steps.pr_info.outputs.head_sha }}
          BASE_SHA: ${{ steps.pr_info.outputs.base_sha }}
        run: |
          # Fetch the PR branch from the fork (read-only)
          git remote add fork "${HEAD_REPO}" || true
          git fetch fork "${HEAD_REF}" --depth=100

          # Generate the diff as text
          git diff "${BASE_SHA}...${HEAD_SHA}" > /tmp/pr.diff

          # Get diff stats for context
          DIFF_STATS=$(git diff --stat "${BASE_SHA}...${HEAD_SHA}" | tail -1)
          echo "diff_stats=${DIFF_STATS}" >> "$GITHUB_OUTPUT"

          # Check diff size (limit to ~100KB to avoid token limits)
          DIFF_SIZE=$(wc -c < /tmp/pr.diff)
          echo "diff_size=${DIFF_SIZE}" >> "$GITHUB_OUTPUT"

          if [ "$DIFF_SIZE" -gt 100000 ]; then
            echo "⚠️ Diff is large (${DIFF_SIZE} bytes). Review may be truncated."
            # Truncate to first 100KB
            head -c 100000 /tmp/pr.diff > /tmp/pr_truncated.diff
            mv /tmp/pr_truncated.diff /tmp/pr.diff
            echo "is_truncated=true" >> "$GITHUB_OUTPUT"
          else
            echo "is_truncated=false" >> "$GITHUB_OUTPUT"
          fi

      # Step 7: Create the prompt (review or query)
      - name: Create review prompt
        if: steps.command.outputs.type == 'review' || github.event_name == 'workflow_dispatch'
        env:
          PR_TITLE: ${{ steps.pr_info.outputs.pr_title }}
          PR_BODY: ${{ steps.pr_info.outputs.pr_body }}
          PR_AUTHOR: ${{ steps.pr_info.outputs.pr_author }}
          DIFF_STATS: ${{ steps.generate_diff.outputs.diff_stats }}
          IS_TRUNCATED: ${{ steps.generate_diff.outputs.is_truncated }}
          ADDITIONAL_CONTEXT: ${{ steps.command.outputs.query }}
        run: |
          # Create system context first (no variable expansion needed)
          cat > /tmp/prompt.txt << 'PROMPT_EOF'
          You are an expert C++ code reviewer for the Velox project. Your role is to perform
          a thorough, rigorous code review that catches issues before they reach production.

          **IMPORTANT**: First, read the CLAUDE.md file in the repository root. It contains:
          - Project overview and architecture
          - Build commands and environment setup
          - Code style and naming conventions
          - PR title format requirements
          - Testing guidelines
          - Function addition requirements

          Use CLAUDE.md as your primary reference for project-specific standards.

          Key things to know about Velox:
          - Uses C++20 standard
          - Heavy use of templates and SFINAE
          - Custom memory management with MemoryPool
          - Vectorized execution with custom Vector types
          - Follows Google C++ style with some modifications

          ## Review Approach

          **Think deeply and carefully about this code.** Take your time to:
          - Trace through the logic step by step
          - Consider what happens at boundary conditions (empty inputs, null values, max sizes)
          - Think about concurrency issues if multiple threads could access this code
          - Consider memory safety: ownership, lifetimes, dangling references
          - Look for off-by-one errors, integer overflow, and other subtle bugs
          - Examine error handling paths - what happens when things fail?
          - Consider how this code interacts with existing code in the codebase

          **Be thorough and strict.** This is a high-performance database engine where bugs can
          cause data corruption, crashes, or security vulnerabilities. It's better to flag a
          potential issue that turns out to be fine than to miss a real bug.

          **Explore edge cases exhaustively:**
          - What if the input is empty? Null? Maximum size?
          - What if allocation fails? What if an exception is thrown?
          - What happens on the first iteration? The last iteration?
          - Are there race conditions if called concurrently?
          - What assumptions does this code make? Are they documented and validated?

          Provide actionable, specific feedback. Reference exact file paths and line numbers.
          Be constructive and educational in your feedback.
          If the diff looks good after thorough analysis, say so - but only after genuinely
          examining edge cases and potential issues.

          ---

          PROMPT_EOF

          # Note: Using unquoted PROMPT_EOF to enable variable expansion
          cat >> /tmp/prompt.txt << PROMPT_EOF
          Please review the following pull request for the Velox project.

          ## Pull Request Information
          - **Title:** ${PR_TITLE}
          - **Author:** ${PR_AUTHOR}
          - **Changes:** ${DIFF_STATS}
          PROMPT_EOF

          if [ "${IS_TRUNCATED}" = "true" ]; then
            echo "- **Note:** This diff was truncated due to size. Focus on the visible changes." >> /tmp/prompt.txt
          fi

          # Using quoted 'PROMPT_EOF' here since this section has no variables to expand
          cat >> /tmp/prompt.txt << 'PROMPT_EOF'

          ## PR Description
          PROMPT_EOF

          # PR body may contain special characters, write it safely
          printf '%s\n' "${PR_BODY}" >> /tmp/prompt.txt

          # Add additional context/instructions if provided via /claude-review <context>
          if [ -n "${ADDITIONAL_CONTEXT}" ]; then
            cat >> /tmp/prompt.txt << 'PROMPT_EOF'

          ## Additional Instructions from Reviewer

          PROMPT_EOF
            printf '%s\n' "${ADDITIONAL_CONTEXT}" >> /tmp/prompt.txt
          fi

          cat >> /tmp/prompt.txt << 'PROMPT_EOF'

          ## Review Guidelines

          Velox is a C++ execution engine library for analytical data processing. This is
          performance-critical code that must be correct, efficient, and robust.

          **Analyze each of these areas thoroughly:**

          1. **Correctness & Edge Cases**
             - Logic errors, off-by-one bugs, incorrect conditions
             - Null/empty input handling
             - Boundary conditions (first element, last element, single element, max size)
             - Integer overflow/underflow
             - Floating point edge cases (NaN, Inf, negative zero)

          2. **Memory Safety**
             - Use-after-free, double-free, memory leaks
             - Dangling pointers/references
             - Buffer overflows/underflows
             - Ownership and lifetime issues
             - Exception safety (what happens if an exception is thrown mid-operation?)

          3. **Concurrency**
             - Race conditions, data races
             - Deadlocks, lock ordering
             - Thread-safety of shared state

          4. **Performance**
             - Unnecessary copies (should use move semantics?)
             - Inefficient algorithms (O(n²) when O(n) is possible?)
             - Cache-unfriendly access patterns
             - Excessive allocations in hot paths

          5. **Error Handling**
             - Are all error paths handled?
             - Are exceptions caught appropriately?
             - Are error messages informative?

          6. **Code Quality**
             - RAII, const-correctness, proper use of smart pointers
             - Following Velox naming conventions (PascalCase for types, camelCase for functions)
             - Clear, maintainable code structure

          7. **Testing**
             - Are there sufficient tests for the new/changed code?
             - Are edge cases covered in tests?
             - Are error paths tested?

          ## Format Your Review As

          ### Summary
          Brief overall assessment (1-2 sentences)

          ### Issues Found
          List any problems, categorized by severity:
          - 🔴 **Critical**: Must fix before merge
          - 🟡 **Suggestion**: Should consider
          - 🟢 **Nitpick**: Minor style issues

          For each issue, include:
          - File and line reference
          - Description of the issue
          - Suggested fix if applicable

          ### Positive Observations
          Note any particularly good patterns or improvements.

          ---

          ## Diff to Review

          PROMPT_EOF

          cat /tmp/pr.diff >> /tmp/prompt.txt

      # Step 8: Create query prompt (for /claude-query)
      - name: Create query prompt
        if: steps.command.outputs.type == 'query'
        env:
          PR_TITLE: ${{ steps.pr_info.outputs.pr_title }}
          PR_BODY: ${{ steps.pr_info.outputs.pr_body }}
          PR_AUTHOR: ${{ steps.pr_info.outputs.pr_author }}
          DIFF_STATS: ${{ steps.generate_diff.outputs.diff_stats }}
          USER_QUERY: ${{ steps.command.outputs.query }}
        run: |
          cat > /tmp/prompt.txt << 'PROMPT_EOF'
          You are an expert C++ engineer helping with questions about the Velox project.

          **IMPORTANT**: First, read the CLAUDE.md file in the repository root for project context.

          Key things to know about Velox:
          - Velox is a C++ execution engine library for analytical data processing
          - Uses C++20 standard with heavy use of templates and SFINAE
          - Custom memory management with MemoryPool
          - Vectorized execution with custom Vector types
          - Follows Google C++ style with some modifications

          You have access to:
          - The PR diff (changes being proposed)
          - The full codebase via View, GlobTool, and GrepTool
          - The CLAUDE.md file with project guidelines

          Answer the user's question thoroughly and accurately. If the question is about
          the PR changes, analyze them carefully. If it's about the codebase, explore
          relevant files to provide a complete answer.

          Be specific and reference exact file paths and line numbers when relevant.

          ---

          PROMPT_EOF

          cat >> /tmp/prompt.txt << PROMPT_EOF
          ## Pull Request Context
          - **Title:** ${PR_TITLE}
          - **Author:** ${PR_AUTHOR}
          - **Changes:** ${DIFF_STATS}

          ## PR Description
          PROMPT_EOF

          printf '%s\n' "${PR_BODY}" >> /tmp/prompt.txt

          cat >> /tmp/prompt.txt << 'PROMPT_EOF'

          ## User Question

          PROMPT_EOF

          printf '%s\n' "${USER_QUERY}" >> /tmp/prompt.txt

          cat >> /tmp/prompt.txt << 'PROMPT_EOF'

          ---

          ## PR Diff (for reference)

          PROMPT_EOF

          cat /tmp/pr.diff >> /tmp/prompt.txt

      # Step 9: Run Claude
      - name: Run Claude
        id: claude_review
        uses: anthropics/claude-code-base-action@e8132bc5e637a42c27763fc757faa37e1ee43b34 # beta
        env:
          CLAUDE_MODEL: ${{ github.event_name == 'workflow_dispatch' && inputs.model || 'claude-opus-4-6' }}
        with:
          prompt_file: /tmp/prompt.txt
          # Use configurable model for thorough analysis, with read-only tools
          claude_args: >-
            --model ${{ github.event_name == 'workflow_dispatch' && inputs.model || 'claude-opus-4-6' }}
            --max-turns 25
            --allowedTools View,GlobTool,GrepTool
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

      # Step 7: Save execution log as artifact for debugging
      - name: Upload execution log
        if: always()
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: claude-execution-log-${{ github.event_name == 'workflow_dispatch' && inputs.pr_number || github.event.issue.number }}
          path: ${{ steps.claude_review.outputs.execution_file }}
          retention-days: 7
          if-no-files-found: warn

      # Step 11: Post response as PR comment (skip if dry_run)
      - name: Post Claude response
        if: ${{ !(github.event_name == 'workflow_dispatch' && inputs.dry_run) }}
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          EXECUTION_FILE: ${{ steps.claude_review.outputs.execution_file }}
          CONCLUSION: ${{ steps.claude_review.outputs.conclusion }}
          REVIEWER: ${{ github.event_name == 'workflow_dispatch' && github.actor || github.event.comment.user.login }}
          PR_NUMBER: ${{ github.event_name == 'workflow_dispatch' && inputs.pr_number || github.event.issue.number }}
          COMMAND_TYPE: ${{ steps.command.outputs.type || 'review' }}
        with:
          script: |
            const fs = require('fs');

            let responseBody = '';
            const commandType = process.env.COMMAND_TYPE;
            const isReview = commandType === 'review';

            try {
              // Read the execution log (array of messages from claude-code-base-action)
              const executionLog = JSON.parse(fs.readFileSync(process.env.EXECUTION_FILE, 'utf8'));

              if (!Array.isArray(executionLog)) {
                throw new Error('Expected array format from claude-code-base-action');
              }

              // Find the "result" message which contains the final response
              const resultMessage = executionLog.find(m => m.type === 'result');

              if (!resultMessage) {
                responseBody = '⚠️ No result message found in execution log.';
              } else if (resultMessage.subtype === 'success' && resultMessage.result) {
                responseBody = resultMessage.result;
              } else if (resultMessage.is_error || resultMessage.subtype === 'error') {
                const errorInfo = resultMessage.result || resultMessage.error || 'Unknown error';
                responseBody = `❌ **Claude encountered an error:**\n\n${errorInfo}`;
              } else if (resultMessage.result) {
                responseBody = `⚠️ **Completed with status: ${resultMessage.subtype}**\n\n${resultMessage.result}`;
              } else {
                responseBody = '⚠️ Claude completed but produced no output.';
              }
            } catch (error) {
              console.error('Error parsing execution log:', error);
              responseBody = '❌ Error parsing Claude response. Please check the workflow logs.';
            }

            // Add header and footer based on command type
            const conclusion = process.env.CONCLUSION === 'success' ? '✅' : '⚠️';
            const headerTitle = isReview ? 'Claude Code Review' : 'Claude Response';
            const aboutText = isReview
              ? 'This review was generated by [Claude Code](https://github.com/anthropics/claude-code-action). It analyzed the PR diff and codebase to provide feedback.'
              : 'This response was generated by [Claude Code](https://github.com/anthropics/claude-code-action). It analyzed the PR and codebase to answer your question.';

            const fullComment = `## ${conclusion} ${headerTitle}

            *Requested by @${process.env.REVIEWER}*

            ---

            ${responseBody}

            ---

            <details>
            <summary>ℹ️ About this response</summary>

            ${aboutText}

            **Limitations:**
            - Claude may miss context from files not in the diff
            - Large PRs may be truncated
            - Always apply human judgment to AI suggestions

            **Available commands:**
            - \`/claude-review [additional context]\` - Request a code review. Optionally provide additional instructions (e.g., \`/claude-review Please focus on memory safety\`)
            - \`/claude-query <question>\` - Ask a question about the PR or codebase
            </details>`;

            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: parseInt(process.env.PR_NUMBER),
              body: fullComment
            });

      # Step 8b: Print review to logs if dry_run
      - name: Print review to logs (dry run)
        if: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run }}
        env:
          EXECUTION_FILE: ${{ steps.claude_review.outputs.execution_file }}
        run: |
          echo "=== DRY RUN - Review would be posted as comment ==="
          echo ""
          echo "=== Extracting review from result message ==="
          # Find the "result" message and extract based on subtype
          RESULT_MSG=$(jq '[.[] | select(.type == "result")] | .[0]' "$EXECUTION_FILE" 2>/dev/null)
          if [ "$RESULT_MSG" = "null" ] || [ -z "$RESULT_MSG" ]; then
            echo "⚠️ No result message found"
          else
            SUBTYPE=$(echo "$RESULT_MSG" | jq -r '.subtype // "unknown"')
            echo "Status: $SUBTYPE"
            echo ""
            if [ "$SUBTYPE" = "success" ]; then
              echo "$RESULT_MSG" | jq -r '.result // "No result field"'
            elif [ "$SUBTYPE" = "error" ]; then
              echo "❌ Error:"
              echo "$RESULT_MSG" | jq -r '.result // .error // "Unknown error"'
            else
              echo "⚠️ Status: $SUBTYPE"
              echo "$RESULT_MSG" | jq -r '.result // "No result"'
            fi
          fi
          echo ""
          echo "=== End of review ==="

      # Step 9: Update reaction on completion (only for issue_comment trigger)
      - name: Update reaction on success
        if: success() && github.event_name == 'issue_comment'
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            await github.rest.reactions.createForIssueComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              comment_id: context.payload.comment.id,
              content: 'rocket'
            });

      - name: Update reaction on failure
        if: failure() && github.event_name == 'issue_comment'
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            await github.rest.reactions.createForIssueComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              comment_id: context.payload.comment.id,
              content: 'confused'
            });

  # Job to handle unauthorized users attempting to trigger Claude (issue_comment only)
  unauthorized-notice:
    name: Unauthorized Notice
    runs-on: ubuntu-latest

    # Job-level permissions
    permissions:
      issues: write
      pull-requests: write

    if: >-
      github.event_name == 'issue_comment' &&
      github.event.issue.pull_request &&
      (contains(github.event.comment.body, '/claude-review') || contains(github.event.comment.body, '/claude-query')) &&
      !contains(fromJSON('["kgpai", "mbasmanova", "pedroerp", "yuhta", "kagamiori", "bikramSingh91", "kevinwilfong", "xiaoxmeng", "kKPulla", "juwentus1234", "penescu", "srsuryadev", "jainxrohit"]'), github.event.comment.user.login)

    steps:
      - name: Post unauthorized notice
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: `👋 @${context.payload.comment.user.login}, the \`/claude-review\` and \`/claude-query\` commands are currently restricted to a small group of users during this initial rollout.

            If you'd like a Claude review, please ask a maintainer to run this command.`
            });