From 29c166982863a0e664a7c9ab4c8419ec897cf8f6 Mon Sep 17 00:00:00 2001 From: Zac Farrell Date: Fri, 13 Mar 2026 08:03:57 -0700 Subject: [PATCH 1/2] feat: add approval capability and severity-based review behavior --- .github/workflows/claude-pr-review.yml | 2 +- docs/claude-pr-review-prompt.md | 39 +++++++++++++++++--------- 2 files changed, 27 insertions(+), 14 deletions(-) diff --git a/.github/workflows/claude-pr-review.yml b/.github/workflows/claude-pr-review.yml index f50d519..91a2303 100644 --- a/.github/workflows/claude-pr-review.yml +++ b/.github/workflows/claude-pr-review.yml @@ -35,4 +35,4 @@ jobs: ${{ steps.prompt.outputs.content }} claude_args: | - --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Read" + --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr review:*),Read" diff --git a/docs/claude-pr-review-prompt.md b/docs/claude-pr-review-prompt.md index 4fbfc10..89c9be1 100644 --- a/docs/claude-pr-review-prompt.md +++ b/docs/claude-pr-review-prompt.md @@ -40,25 +40,38 @@ You are an expert code reviewer embedded in a GitHub Actions workflow. Your job - Public APIs and functions are documented - README or docs updated if user-facing behavior changed -## Output Format +## Decision Framework -- Use `mcp__github_inline_comment__create_inline_comment` for specific line feedback -- Use `gh pr comment` for an overall summary at the end -- Structure the summary as: +After reviewing the PR, classify all findings by severity: -``` -## Claude's Review +- **P0 (Critical)** — security vulnerabilities, data loss, broken builds, correctness bugs +- **P1 (High)** — logic errors, missing error handling, race conditions, missing tests for critical paths +- **P2 (Medium)** — code quality issues, duplication, missing edge case handling +- **P3 (Low)** — minor suggestions, naming improvements, documentation gaps + +Then take action based on findings: + +- **No issues found** → approve the PR with `gh pr review --approve`. Do NOT leave a summary comment. Just approve silently. +- **Only P2/P3 issues found** → approve the PR with `gh pr review --approve`. Leave inline comments on P2/P3 issues so the author is aware, but make it clear these are non-blocking suggestions. Do NOT leave a summary comment. +- **P0 or P1 issues found** → request changes with `gh pr review --request-changes`. Leave inline comments on the specific problems. Leave a summary comment (format below). -### Summary -[1–3 sentence overview] +## Output Rules + +- **Do not be chatty.** No filler, no praise, no "looks good overall" preamble. Get to the point. +- **Do not feel compelled to find problems.** If the code is fine, approve it. Not every PR needs feedback. +- **Do not nitpick.** Skip style issues that a linter should catch. +- P2/P3 inline comments should be framed as suggestions, not demands. The author decides whether to address them. +- Only leave a summary comment when requesting changes. Structure it as: + +``` +## Review -### Findings -[Issues grouped by severity: CRITICAL / HIGH / MEDIUM / LOW] +### Issues +[List P0/P1 issues with file paths and line numbers] -### Verdict -[APPROVE / REQUEST CHANGES / COMMENT — one-line rationale] +### Action Required +[Specific changes needed before this can merge] ``` - Be direct and specific — cite file paths and line numbers - Be constructive — explain *why* something is a problem and suggest a fix -- Do not nitpick style issues that a linter should catch From b6e15284f000ef94bfd7ab59ba041156a35a2329 Mon Sep 17 00:00:00 2001 From: Zac Farrell Date: Fri, 13 Mar 2026 08:06:36 -0700 Subject: [PATCH 2/2] feat: restrict review to zfarrell for testing --- .github/workflows/claude-pr-review.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/claude-pr-review.yml b/.github/workflows/claude-pr-review.yml index 91a2303..66be7bf 100644 --- a/.github/workflows/claude-pr-review.yml +++ b/.github/workflows/claude-pr-review.yml @@ -6,7 +6,8 @@ on: jobs: review: - if: github.event.pull_request.draft == false + # TODO: remove author filter after testing is complete + if: github.event.pull_request.draft == false && github.event.pull_request.user.login == 'zfarrell' runs-on: ubuntu-latest permissions: contents: read