From b758f63d7f4892296f9e899de26408bc60bd7f73 Mon Sep 17 00:00:00 2001 From: "dayuan.jiang" Date: Sat, 29 Nov 2025 11:09:51 +0900 Subject: [PATCH 1/2] feat: use pull_request_target to support fork PR reviews --- .github/workflows/claude-code.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/claude-code.yml b/.github/workflows/claude-code.yml index 67e1683..42e8fc2 100644 --- a/.github/workflows/claude-code.yml +++ b/.github/workflows/claude-code.yml @@ -9,7 +9,7 @@ on: types: [opened, assigned] pull_request_review: types: [submitted] - pull_request: + pull_request_target: types: [opened, synchronize, reopened] jobs: @@ -44,7 +44,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} pr-review: - if: github.event_name == 'pull_request' + if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest permissions: contents: read @@ -67,6 +67,7 @@ jobs: with: use_bedrock: "true" github_token: ${{ secrets.GITHUB_TOKEN }} + allowed_non_write_users: "*" prompt: | REPO: ${{ github.repository }} PR NUMBER: ${{ github.event.pull_request.number }} From 78d9229ca38c7bb1f52236d75012fcf5a667e955 Mon Sep 17 00:00:00 2001 From: "dayuan.jiang" Date: Sat, 29 Nov 2025 12:36:35 +0900 Subject: [PATCH 2/2] fix: remove gh pr comment from allowed tools to force inline comments only --- .github/workflows/claude-code.yml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/claude-code.yml b/.github/workflows/claude-code.yml index 42e8fc2..14549cb 100644 --- a/.github/workflows/claude-code.yml +++ b/.github/workflows/claude-code.yml @@ -86,7 +86,7 @@ jobs: Then review the current diff for NEW issues only: - Review this PR for ONLY these issues: + Review this PR for these issues (report ALL that apply): 1. Bugs that would cause runtime errors or broken functionality 2. Security issues (exposed secrets, API key leaks) 3. AI SDK misuse - specifically check for: @@ -96,18 +96,21 @@ jobs: - Tool definitions: Must use Zod schemas for inputSchema - Status handling: Check status (submitted/streaming/ready/error) before actions - Stream cleanup: Call stop() when aborting streams + 4. Unrelated changes that should be in separate PRs (scope creep) + 5. Suspicious .gitignore additions or accidentally committed files + 6. UI/UX inconsistencies (e.g., alignment issues) When reviewing AI SDK usage, fetch https://ai-sdk.dev/docs/ to verify correct patterns. Key doc pages: /docs/ai-sdk-ui/chatbot, /docs/ai-sdk-core/generating-text, /docs/ai-sdk-core/tools-and-tool-calling DO NOT comment on: - - Performance optimizations - - Code style or formatting - - "Best practices" that don't affect functionality - - Type safety improvements - - Error handling additions + - Minor performance optimizations + - Code style preferences (unless clearly wrong) + - Type annotations that don't affect functionality - Use `mcp__github_inline_comment__create_inline_comment` for inline comments. - Be very selective - if there are no real bugs, just say "LGTM" in a PR comment. + IMPORTANT: + - For EACH issue, use `mcp__github_inline_comment__create_inline_comment` to comment on the specific line + - Do NOT dismiss issues as "minor" or "harmless" - if you notice something, report it + - Only say "LGTM" if there are truly ZERO issues claude_args: | - --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api:*),WebFetch(domain:ai-sdk.dev)" + --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh api:*),WebFetch(domain:ai-sdk.dev)"