Add expense tracker app for Claude and OpenAI review demo #35

	name: Claude Code Review

	on:
	pull_request:
	types: [opened, synchronize, reopened]
	issue_comment:
	types: [created]

	jobs:
	claude-review:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: write
	issues: write
	id-token: write # ← was missing, required by the action
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Claude Code Review
	uses: anthropics/claude-code-action@beta
	with:
	anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
	github_token: ${{ secrets.GITHUB_TOKEN }} # ← was missing
	direct_prompt: \|
	Please review this entire PR for bugs. Focus on SQL injection and auth vulnerabilities,
	logic errors, performance issues and memory leaks, and UI/UX accessibility violations.
	Flag every issue with file, line number, severity, and explanation.
	trigger_phrase: "@claude"
	custom_instructions: \|
	You are reviewing a TypeScript expense tracker app (Node/Express + React + SQLite).
	Focus on:
	1. SQL injection and authentication vulnerabilities
	2. Logic errors and off-by-one bugs
	3. Performance issues and memory leaks
	4. UI/UX and accessibility violations
	Be thorough — flag every issue you find with file, line, severity, and explanation.

Provide feedback