From 16691607fcc207b0429730d6699bf6d731654d4b Mon Sep 17 00:00:00 2001
From: "paperclip-resolver[bot]"
 <paperclip-resolver[bot]@users.noreply.github.com>
Date: Fri, 5 Jun 2026 16:32:13 -0400
Subject: [PATCH] ci: add Claude Code PR reviewer (comment-only)

Adds .github/workflows/claude-review.yml + REVIEW.md. Auto-reviews PRs via
anthropics/claude-code-action@v1 using the CLAUDE_CODE_OAUTH_TOKEN secret.
Comment-only (inline + summary), non-blocking; skips drafts/forks/dependabot
and the skip-claude-review label.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .github/workflows/claude-review.yml | 69 +++++++++++++++++++++++++++++
 REVIEW.md                           | 18 ++++++++
 2 files changed, 87 insertions(+)
 create mode 100644 .github/workflows/claude-review.yml
 create mode 100644 REVIEW.md

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
new file mode 100644
index 0000000..7b89728
--- /dev/null
+++ b/.github/workflows/claude-review.yml
@@ -0,0 +1,69 @@
+name: Claude PR Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review]
+
+concurrency:
+  group: claude-review-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  pull-requests: write
+  id-token: write
+
+jobs:
+  review:
+    if: >-
+      github.event.pull_request.draft == false &&
+      github.event.pull_request.head.repo.full_name == github.repository &&
+      github.actor != 'dependabot[bot]' &&
+      !contains(github.event.pull_request.labels.*.name, 'skip-claude-review')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - run: npm ci
+
+      - uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          prompt: |
+            You are an expert reviewer for ${{ github.repository }}, the official SharpAPI
+            TypeScript/JS SDK (published to npm), reviewing PR
+            #${{ github.event.pull_request.number }}: "${{ github.event.pull_request.title }}".
+
+            First read ./REVIEW.md (and ./CLAUDE.md if present) for review rules. Honor them.
+
+            Scope: review ONLY the changes this PR introduces
+            (`gh pr diff ${{ github.event.pull_request.number }}`). Read surrounding code for
+            context; do NOT comment on pre-existing code the PR does not touch.
+
+            For each genuine problem, post an inline comment on the exact line via the
+            mcp__github_inline_comment__create_inline_comment tool (confirmed: true), prefixed:
+              [Critical]  bug, BACKWARD-INCOMPATIBLE public API change, or a type-soundness hole
+              [Important] a real problem worth fixing before merge
+              [Nit]       minor/style; skip what ESLint already enforces
+
+            You MAY run `npx tsc --noEmit` and `npm run lint` to CONFIRM a type/lint suspicion
+            before flagging it. Cite file:line; never speculate — if you cannot verify, omit it.
+
+            Focus: backward compatibility of the public API (npm is immutable — flag any breaking
+            change to exported types/functions/options), TypeScript type soundness (no `any`
+            leakage in public types, correct generics), ESM correctness (import/export shape,
+            `package.json` exports map), and parity with the documented SharpAPI surface.
+
+            Finish with ONE concise summary comment (`gh pr comment`): overall verdict, counts by
+            severity, top 1-3 items. Be terse. If clean, say so — do not invent issues.
+          claude_args: |
+            --model claude-sonnet-4-6
+            --max-turns 15
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr diff:*),Bash(gh pr view:*),Bash(npx tsc --noEmit:*),Bash(npm run lint:*),Read,Grep"
+            --disallowedTools "WebSearch,Write,Edit"
diff --git a/REVIEW.md b/REVIEW.md
new file mode 100644
index 0000000..cb06c76
--- /dev/null
+++ b/REVIEW.md
@@ -0,0 +1,18 @@
+# Review rules — sharpapi-ts (official TypeScript SDK)
+
+Guidance for the automated Claude PR reviewer (`.github/workflows/claude-review.yml`).
+
+## Severity
+- **[Critical]** — bug, a backward-incompatible change to the public API, or a type-soundness hole.
+- **[Important]** — a real problem to fix before merge.
+- **[Nit]** — minor/style. Skip what ESLint already enforces.
+
+## Always check
+- **Backward compatibility** — exported types/functions/options are a published contract (npm is immutable). Flag any breaking change.
+- **Type soundness** — passes `tsc --noEmit`; no `any` leakage in public types; correct generics.
+- **ESM correctness** — import/export shape, `package.json` exports map, no CJS/ESM hazards.
+- **API parity** — the SDK matches the documented SharpAPI surface.
+
+## Don't
+- Don't flag pre-existing code this PR didn't touch.
+- You MAY run `npx tsc --noEmit` / `npm run lint` to confirm a concern; otherwise don't speculate — cite `file:line` or omit. "LGTM" is valid.