Add Claude Code GitHub Workflow

[Nickalus12]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

---

Note

Medium Risk
Introduces new GitHub Actions workflows that run a third-party action with repository/PR context and an OAuth secret; misconfiguration could lead to unintended automation runs or expanded access via action permissions.

Overview
Adds two new GitHub Actions workflows to integrate anthropics/claude-code-action@v1.

claude.yml runs when comments/reviews/issues include @claude, granting read access plus actions: read and passing CLAUDE_CODE_OAUTH_TOKEN (with optional additional_permissions). claude-code-review.yml automatically runs a code-review plugin on PR open/update events using a fixed /code-review:code-review prompt.

^{Written by Cursor Bugbot for commit 93df877. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Insufficient write permissions prevent posting review comments

High Severity

The pull-requests permission is set to read, but the code review workflow needs write permission to post review comments on pull requests. According to the official anthropics/claude-code-action documentation, the action requires read & write access for pull requests. With only read, the action will fail to post any review feedback, making the entire workflow non-functional.

 

[cursor]

Read-only permissions prevent Claude from responding to mentions

High Severity

Both pull-requests and issues permissions are set to read, but Claude needs write access to respond to @claude mentions by posting comments on PRs and issues. The official documentation specifies read & write access for both. With only read, the workflow triggers correctly but Claude cannot post any responses, rendering the integration non-functional.

 

[cursor]

Read-only contents permission prevents creating branches and commits

High Severity

The contents permission is set to read, but the official claude-code-action documentation requires contents: write to modify repository files and create branches for commits. The claude_code_oauth_token only authenticates with Anthropic's API, while GITHUB_TOKEN (governed by the permissions block) handles all GitHub API operations. This prevents Claude from implementing any code changes when mentioned in issues or PRs.