Claude PR Rule Review #3172

Workflow file for this run

.github/workflows/claude-pr-review.yml at b4ba725

	name: Claude PR Rule Review

	# Rule review: checks every PR against .claude/rules/ and posts findings
	# as a sticky comment. WARNING-level findings block merge via commit status.
	#
	# Enforcement layers (defense-in-depth):
	# 1. Agent rules (.claude/rules/testing.md) — make agents write better code
	# 2. Rule Lint (ci.yml grep) — hard-fail on banned patterns + missing tests
	# 3. This review — AI catches nuanced issues, WARNINGs block merge
	# 4. Human review — final backstop
	#
	# To bypass: add 'review-override' label (requires maintainer, logged).
	#
	# Triggers:
	# - pull_request_target: runs for all PRs (including forks) with base-repo
	# secrets available. Safe because we only read the diff — we never execute
	# fork code (no cargo build/test on the PR head).
	# - labeled: re-run when 'review-override' is added to update the commit
	# status, or when 'claude-review' is added to force a re-review.
	#
	# Fork PR security model:
	# - `allowed_non_write_users: '*'` lets the Claude action run on fork PRs
	# without the actor (PR author) needing write access. Without this, the
	# action exits with "Actor does not have write permissions" on every
	# first-party fork PR run (see freenet/freenet-core#4129).
	# - The threat is prompt injection: a fork PR controls the diff content,
	# and that content is fed to Claude. The defenses, in layers:
	#
	# (a) PRIMARY — no execution surface. Claude is granted ONLY the `Read`,
	# `Glob` and `Grep` tools via `settings` below — NO Bash. A
	# prompt-injected diff therefore cannot run ANY command: no shell,
	# no process spawn, no network request. (`Bash(prefix:*)`
	# allow-patterns are deliberately NOT used — they are not a sandbox;
	# a command starting with an allowed prefix can still chain
	# arbitrary shell via `;`, `&&`, `\|` or `$(...)`. Bash is denied
	# outright.)
	#
	# (b) The diff under review is precomputed by a TRUSTED plain-YAML step
	# ("Snapshot trusted rules and compute PR diff" below) into
	# `.pr-review-tmp/` in the workspace. Claude reads that file with
	# `Read`; it never runs `git diff`.
	#
	# (b2) RULE-INTEGRITY — the same trusted step also snapshots the
	# applicable `.claude/rules/` files from the BASE ref into
	# `.pr-review-tmp/rules/`, and the prompt directs Claude to review
	# against THOSE, not the rule files in the checked-out PR head. A
	# fork PR therefore cannot edit `.claude/rules/*.md` in the same
	# PR to weaken or disable the review that gates its own merge.
	#
	# (c) SECRET-EXFIL DEFENSE — even Read-only tools could otherwise be
	# turned into an exfil channel: an injected prompt could ask Claude
	# to `Read` a file holding this job's live tokens (notably
	# `/proc/<pid>/environ`, since the Claude process env carries
	# CLAUDE_CODE_OAUTH_TOKEN + GITHUB_TOKEN, or `~/.claude` on disk)
	# and echo it into the review text. The `settings.permissions.deny`
	# block adds `Read(...)` path rules — which Claude Code also
	# applies to the Grep and Glob file-reading tools — denying
	# `/proc`, `/sys`, `/dev`, `/etc`, `/root`, the runner's home
	# dotfiles and `$RUNNER_TEMP`, confining file access to the
	# checked-out repo and the precomputed diff. This is
	# defense-in-depth, not a perfect sandbox; the no-Bash lockdown in
	# (a) is the load-bearing control.
	#
	# (d) The job token has only `pull-requests: write` + `issues: write` +
	# `statuses: write` — no `contents: write`. Worst case is a
	# misleading sticky comment, which a human reviewer will catch.
	#
	# (e) The action scrubs Anthropic / cloud / GitHub Actions secrets from
	# subprocess env when `allowed_non_write_users` is set (this
	# covers Bash subprocesses; moot here since Bash is denied).
	#
	# (f) The checkout step sets `persist-credentials: false` so the job's
	# GITHUB_TOKEN is NOT written to .git/config.
	#
	# - Do NOT copy this `allowed_non_write_users: '*'` pattern to any workflow
	# that grants Claude write/edit tools, Bash, commit signing, or
	# contents:write.
	#
	# Complements (does not replace):
	# - ci.yml: cargo fmt, clippy, tests, conventional commits, rule lint
	# - claude.yml: interactive @claude mentions
	# - claude-ci-analysis (in ci.yml): failure debugging

	on:
	pull_request_target:
	types: [opened, synchronize, ready_for_review, reopened, labeled]
	paths-ignore:
	- 'docs/**'
	- '*.md'
	- 'LICENSE'
	- '.github/ISSUE_TEMPLATE/**'
	- '.github/FUNDING.yml'
	# Required by branch protection — merge queue expects this check to report.
	# The job skips the actual review in merge_group context (PR was already reviewed).
	merge_group:

	concurrency:
	group: claude-pr-review-${{ github.event.pull_request.number }}
	cancel-in-progress: true

	jobs:
	rule-review:
	name: Claude Rule Review
	runs-on: ubuntu-latest
	timeout-minutes: 15
	# In merge_group: run but skip all steps (PR was already reviewed).
	# Skip draft PRs, release branches, and dependabot.
	# For label events, only run when the 'claude-review' label was added.
	if: \|
	github.event_name == 'merge_group' \|\|
	(
	!github.event.pull_request.draft &&
	!startsWith(github.event.pull_request.head.ref, 'release/v') &&
	!startsWith(github.event.pull_request.head.ref, 'dependabot/') &&
	(github.event.action != 'labeled' \|\| github.event.label.name == 'claude-review' \|\| github.event.label.name == 'review-override')
	)

	permissions:
	contents: read
	pull-requests: write
	issues: write
	statuses: write

	steps:
	- name: Checkout repository
	if: github.event_name != 'merge_group'
	uses: actions/checkout@v6
	with:
	# Explicitly checkout the PR head so the trusted "Compute PR diff"
	# step sees the fork's changes. Safe: we only run git locally and
	# call the Claude API — we never execute the fork's code (no cargo
	# build/test).
	ref: ${{ github.event.pull_request.head.sha }}
	fetch-depth: 0
	# SECURITY: do not persist the job's GITHUB_TOKEN into .git/config.
	# With `allowed_non_write_users: '*'` below, a malicious fork PR can
	# prompt-inject Claude via the diff. Claude has no Bash, but the
	# `Read` tool could still surface a persisted token from
	# .git/config under prompt injection. The trusted git steps here
	# need no credentials, so persisting them buys nothing.
	persist-credentials: false

	- name: Check review-override label
	id: override
	run: \|
	LABELS="${{ join(github.event.pull_request.labels.*.name, ',') }}"
	if echo "$LABELS" \| grep -q 'review-override'; then
	echo "overridden=true" >> "$GITHUB_OUTPUT"
	else
	echo "overridden=false" >> "$GITHUB_OUTPUT"
	fi

	- name: Set status to success if overridden
	if: github.event_name != 'merge_group' && steps.override.outputs.overridden == 'true'
	uses: actions/github-script@v9
	with:
	script: \|
	await github.rest.repos.createCommitStatus({
	owner: context.repo.owner,
	repo: context.repo.repo,
	sha: '${{ github.event.pull_request.head.sha }}',
	state: 'success',
	context: 'rule-review/warnings',
	description: 'Overridden by review-override label',
	target_url: '${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
	});

	- name: Determine applicable rules
	if: github.event_name != 'merge_group' && steps.override.outputs.overridden != 'true'
	id: rules
	run: \|
	# Get changed files relative to the PR base
	CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD 2>/dev/null \|\| echo "")

	if [ -z "$CHANGED_FILES" ]; then
	echo "No changed files detected"
	echo "skip=true" >> "$GITHUB_OUTPUT"
	exit 0
	fi

	echo "skip=false" >> "$GITHUB_OUTPUT"

	# Always include git-workflow rules
	RULES="git-workflow.md"
	HAS_RUST=false
	HAS_CORE=false
	HAS_OPERATIONS=false
	HAS_TRANSPORT=false
	HAS_CONTRACTS=false
	HAS_RING=false

	while IFS= read -r file; do
	# Check for Rust files
	if echo "$file" \| grep -qE '\.rs$'; then
	HAS_RUST=true
	fi

	# Check for crates/core/ changes
	if echo "$file" \| grep -q '^crates/core/'; then
	HAS_CORE=true
	fi

	# Check for operations module
	if echo "$file" \| grep -q '^crates/core/src/operations/'; then
	HAS_OPERATIONS=true
	fi

	# Check for transport module
	if echo "$file" \| grep -q '^crates/core/src/transport/'; then
	HAS_TRANSPORT=true
	fi

	# Check for contract/wasm_runtime module
	if echo "$file" \| grep -qE '^crates/core/src/(contract\|wasm_runtime)/'; then
	HAS_CONTRACTS=true
	fi

	# Check for ring module
	if echo "$file" \| grep -q '^crates/core/src/ring/'; then
	HAS_RING=true
	fi
	done <<< "$CHANGED_FILES"

	# Build rule list
	if [ "$HAS_RUST" = true ]; then
	RULES="$RULES code-style.md"
	fi
	if [ "$HAS_CORE" = true ]; then
	RULES="$RULES testing.md"
	fi
	if [ "$HAS_OPERATIONS" = true ]; then
	RULES="$RULES operations.md"
	fi
	if [ "$HAS_TRANSPORT" = true ]; then
	RULES="$RULES transport.md"
	fi
	if [ "$HAS_CONTRACTS" = true ]; then
	RULES="$RULES contracts.md"
	fi
	if [ "$HAS_RING" = true ]; then
	RULES="$RULES ring.md"
	fi

	echo "Applicable rules: $RULES"
	echo "rule_names=$RULES" >> "$GITHUB_OUTPUT"

	# NOTE: the rule FILE CONTENTS are deliberately NOT read here.
	# This step runs against the checked-out PR head, which a fork PR
	# controls. The "Snapshot trusted rules + compute PR diff" step
	# below extracts the rule files from the TRUSTED base ref instead,
	# so a fork PR cannot weaken the rules used to review itself.
	# Only the file-NAME logic above (which rules apply) runs here, and
	# that logic is hardcoded in this YAML — fork content can't change
	# which rules get selected, only nudge HAS_* flags via paths.

	echo "--- Relevant rules summary ---"
	echo "Rules: $RULES"
	echo "Has Rust: $HAS_RUST"
	echo "Has Core: $HAS_CORE"

	- name: Snapshot trusted rules and compute PR diff
	# TRUSTED step: runs in plain YAML, NOT controlled by Claude. It does
	# two things, both sourced only from trusted refs:
	#
	# 1. Snapshots the applicable `.claude/rules/` files from the BASE
	# ref (the base repo's branch — content a fork PR cannot alter)
	# into .pr-review-tmp/rules/. The Claude step reviews against
	# THESE, never the rule files in the checked-out PR head — so a
	# fork PR cannot edit `.claude/rules/*.md` in the same PR to
	# weaken or disable the review that gates its own merge.
	#
	# 2. Precomputes the PR diff so the Claude step needs no Bash.
	#
	# Output lives in the workspace (.pr-review-tmp/) on purpose: the
	# Claude step's read-only tools are confined to the repo tree, so
	# these files must live inside it. .pr-review-tmp/ is a fresh dir
	# created here, never committed, and contains only data this trusted
	# step produced (base-ref rule files + git diff/log output) — no
	# secrets, nothing from the untrusted PR head.
	id: diff
	if: github.event_name != 'merge_group' && steps.override.outputs.overridden != 'true' && steps.rules.outputs.skip != 'true'
	env:
	BASE_REF: ${{ github.event.pull_request.base.ref }}
	BASE_SHA: ${{ github.event.pull_request.base.sha }}
	HEAD_SHA: ${{ github.event.pull_request.head.sha }}
	RULE_NAMES: ${{ steps.rules.outputs.rule_names }}
	run: \|
	set -euo pipefail
	OUT_DIR="${GITHUB_WORKSPACE}/.pr-review-tmp"
	rm -rf "$OUT_DIR"
	mkdir -p "$OUT_DIR/rules"

	# --- 1. Snapshot rule files from the TRUSTED base ref ----------
	# `origin/$BASE_REF` is the base repo's branch tip — trusted, and
	# current (latest rules). Fork PR content cannot change it.
	BASE_RULE_REF="origin/${BASE_REF}"
	MISSING_RULES=""
	for rule in $RULE_NAMES; do
	# $rule is one of a fixed set chosen by hardcoded YAML logic.
	if git show "${BASE_RULE_REF}:.claude/rules/${rule}" \
	> "$OUT_DIR/rules/${rule}" 2>/dev/null; then
	echo "Snapshotted trusted rule: ${rule}"
	else
	rm -f "$OUT_DIR/rules/${rule}"
	MISSING_RULES="${MISSING_RULES} ${rule}"
	echo "WARNING: rule ${rule} not found on ${BASE_RULE_REF}" >&2
	fi
	done
	if [ -n "$MISSING_RULES" ]; then
	echo "rules_missing=${MISSING_RULES# }" >> "$GITHUB_OUTPUT"
	fi

	# --- 2. Compute the PR diff -----------------------------------
	# Three-dot diff: changes on the PR head relative to the merge base
	# with the target branch. base.sha/head.sha come from the trusted
	# pull_request event payload, not from anything a fork can control.
	DIFF_FILE="$OUT_DIR/diff.patch"
	NAMES_FILE="$OUT_DIR/files.txt"
	LOG_FILE="$OUT_DIR/commits.txt"

	git diff "${BASE_SHA}...${HEAD_SHA}" > "$DIFF_FILE" \|\| {
	echo "git diff failed" >&2
	exit 1
	}
	git diff --name-only "${BASE_SHA}...${HEAD_SHA}" > "$NAMES_FILE" \|\| true
	git log --no-merges --pretty='- %h %s' "${BASE_SHA}..${HEAD_SHA}" > "$LOG_FILE" \|\| true

	# Cap very large diffs so the prompt stays within model limits.
	MAX_BYTES=1500000
	DIFF_BYTES=$(wc -c < "$DIFF_FILE")
	if [ "$DIFF_BYTES" -gt "$MAX_BYTES" ]; then
	head -c "$MAX_BYTES" "$DIFF_FILE" > "$DIFF_FILE.tmp"
	printf '\n\n[... diff truncated at %s bytes of %s total — review the largest changes; use Read/Glob/Grep on the checked-out tree for full context ...]\n' \
	"$MAX_BYTES" "$DIFF_BYTES" >> "$DIFF_FILE.tmp"
	mv "$DIFF_FILE.tmp" "$DIFF_FILE"
	echo "truncated=true" >> "$GITHUB_OUTPUT"
	else
	echo "truncated=false" >> "$GITHUB_OUTPUT"
	fi

	# Path is relative to the workspace (Claude's working directory).
	echo "dir=.pr-review-tmp" >> "$GITHUB_OUTPUT"
	echo "Diff: $DIFF_BYTES bytes; files: $(wc -l < "$NAMES_FILE"); commits: $(wc -l < "$LOG_FILE")"

	- name: Claude rule review
	id: review
	if: github.event_name != 'merge_group' && steps.override.outputs.overridden != 'true' && steps.rules.outputs.skip != 'true'
	continue-on-error: true
	uses: anthropics/claude-code-action@v1
	with:
	claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
	github_token: ${{ secrets.GITHUB_TOKEN }}
	# Allow fork PRs through. See the "Fork PR security model" block at
	# the top of this file. Only safe in combination with the read-only
	# `settings.permissions` lockdown below.
	allowed_non_write_users: '*'
	# Lock Claude to read-only file inspection, scoped to the repo tree.
	#
	# `allow` grants ONLY Read/Glob/Grep — no Bash. With no Bash granted
	# and no permissive defaultMode, Bash is denied entirely, so a
	# prompt-injected fork PR diff has NO command-execution surface.
	# `Bash(prefix:*)` allow-patterns are deliberately NOT used: they
	# are not a sandbox (a command can chain arbitrary shell after an
	# allowed prefix via `;`, `&&`, `\|`, `$(...)`).
	#
	# `deny` does two things:
	# 1. Belt-and-suspenders denial of every non-read tool (already
	# denied by absence from `allow`, but explicit so a future edit
	# adding a permissive default can't silently re-enable them).
	# 2. SECRET-EXFIL DEFENSE: even with only Read/Glob/Grep, an
	# injected prompt could otherwise ask Claude to read files that
	# hold the live tokens this job runs with and echo them into the
	# review text (which the trusted "Post review comment" step then
	# publishes). The concrete vectors and their denials:
	# - `/proc/<pid>/environ` — the Claude process env carries
	# CLAUDE_CODE_OAUTH_TOKEN + GITHUB_TOKEN. The action's env
	# scrub only covers subprocess env, not the in-process
	# Read tool. Denied via `/proc`, `/sys`, `/dev`.
	# - `~/.claude/`, `~/.config/`, `~/.netrc`, `~/.ssh/**`,
	# `~/.git-credentials` — OAuth creds / tokens on disk.
	# - `~/work/_temp/**` ($RUNNER_TEMP) — the GitHub event
	# payload and other steps' scratch files.
	# - `/etc`, `/root` — host config.
	# The precomputed diff lives INSIDE the workspace
	# (`.pr-review-tmp/`), and the repo's own `.claude/` rules and
	# `.github/` are part of the review, so the deny list targets
	# only paths OUTSIDE the repo tree.
	#
	# PATH SYNTAX (Claude Code permission rules, gitignore-based):
	# `//abs/**` = absolute path from filesystem root;
	# `~/p/**` = path under the runner's home dir;
	# a SINGLE leading slash (`/proc/**`) would mean
	# "<project root>/proc" — NOT the real /proc — so the
	# double-slash form below is REQUIRED. Do not "simplify" it.
	# Claude Code applies `Read(...)` rules to the Grep and Glob
	# file-reading tools too, so only `Read(...)` path rules are
	# needed (there is no `Grep(path)` / `Glob(path)` rule form).
	# deny takes precedence over allow. NOTE: this is
	# defense-in-depth, not a perfect sandbox — the no-Bash lockdown
	# is the primary control; see the "Fork PR security model" header.
	settings: \|
	{
	"permissions": {
	"allow": [
	"Read",
	"Glob",
	"Grep"
	],
	"deny": [
	"Write",
	"Edit",
	"MultiEdit",
	"NotebookEdit",
	"WebFetch",
	"WebSearch",
	"Task",
	"Bash",
	"Read(//proc/**)",
	"Read(//sys/**)",
	"Read(//dev/**)",
	"Read(//etc/**)",
	"Read(//root/**)",
	"Read(~/.claude/**)",
	"Read(~/.config/**)",
	"Read(~/.netrc)",
	"Read(~/.ssh/**)",
	"Read(~/.git-credentials)",
	"Read(~/work/_temp/**)"
	]
	}
	}
	claude_args: '--model sonnet --max-turns 25 --effort high'
	prompt: \|
	You are reviewing PR #${{ github.event.pull_request.number }}: "${{ github.event.pull_request.title }}"

	## Your Task

	Review the diff of this PR against the project's coding rules listed below.
	Only check rules that are relevant to the actual changes — do not report on
	files or patterns that were not modified in this PR.

	Focus on the DIFF only. Do not review unchanged code.

	NOTE: Critical patterns (banned APIs like Instant::now(), rand::thread_rng(),
	tokio::net::UdpSocket in crates/core/) are already enforced by the "Rule Lint"
	CI job via grep. Do NOT report those here — focus on nuanced issues that
	require judgment.

	## Available Tools

	You have ONLY the `Read`, `Glob`, and `Grep` tools — no Bash, no shell.
	The PR diff has already been computed for you by a trusted CI step. Use
	`Read` to open the diff and rule files, and `Glob`/`Grep` to search the
	checked-out source tree for additional context.

	## Precomputed Inputs

	A trusted CI step has written everything you need under
	`${{ steps.diff.outputs.dir }}`:

	- `${{ steps.diff.outputs.dir }}/diff.patch` — the full unified diff
	(changes on the PR head vs. the merge base with the target branch).
	- `${{ steps.diff.outputs.dir }}/files.txt` — the list of changed file paths.
	- `${{ steps.diff.outputs.dir }}/commits.txt` — the PR's commit summaries.
	- `${{ steps.diff.outputs.dir }}/rules/` — the applicable coding-rule
	files, snapshotted from the project's trusted base branch.

	Read `diff.patch` first. It is the authoritative source of what changed.
	(If it ends with a "diff truncated" marker, the diff was very large — use
	`Read`/`Glob`/`Grep` on the checked-out tree for the parts not shown.)

	## Applicable Rules

	The following rules apply to this PR based on the changed file paths:
	${{ steps.rules.outputs.rule_names }}

	The rule files have been snapshotted from the project's TRUSTED base
	branch into `${{ steps.diff.outputs.dir }}/rules/` — one file per
	rule name above. Read the rule files ONLY from that directory.

	IMPORTANT: do NOT read rule files from `.claude/rules/` in the
	checked-out tree. That tree is the PR's own (possibly fork-authored)
	content; a PR could weaken the rules there. The authoritative rules
	for this review are the trusted snapshots in
	`${{ steps.diff.outputs.dir }}/rules/`. If a rule named above is
	absent from that directory, skip it (it does not exist on the base
	branch) — do not substitute the PR's copy.

	## Review Instructions

	1. Read the relevant rule files from `${{ steps.diff.outputs.dir }}/rules/`
	2. Read `${{ steps.diff.outputs.dir }}/diff.patch` to see the full diff
	(and `files.txt` / `commits.txt` for the file list and commit summaries)
	3. Check each changed file against the applicable rules; use `Read`/`Glob`/
	`Grep` on the checked-out tree when you need surrounding context
	4. Report findings grouped by severity

	## Severity Levels

	WARNING — Issues that BLOCK merge (must fix or get review-override label):
	- `.unwrap()` in new production code (not tests)
	- Fire-and-forget spawns without BackgroundTaskMonitor
	- Retry loops without jitter
	- Missing PR description sections
	- Cleanup exemptions without TTL or age threshold
	- Unguarded `biased;` in tokio::select!
	- Network send before `op_manager.push()` (push-before-send violation)
	- Missing edge-case tests: if tests only cover the happy path and obvious
	boundary conditions are untested (zero, overflow, error paths, concurrent
	scenarios), flag as WARNING
	- fix: PR without regression test: if a fix: PR doesn't include a test
	that would catch the specific bug being fixed, flag as WARNING
	- Stale documentation: if code changes invalidate existing docs/rules
	in .claude/rules/ or AGENTS.md, flag as WARNING

	INFO — Style suggestions and minor improvements:
	- Missing doc comments on new public APIs
	- Catch-all `_ =>` in exhaustive matches

	## Output Format

	Return your findings as markdown. If there are NO findings, say so briefly.

	Use this format:

	### Rule Review: [summary]

	Rules checked: [list of rule files checked]
	Files reviewed: [count]

	#### Warnings
	- `file:line` — description (rule: X)

	#### Info
	- `file:line` — description (rule: X)

	If there are no findings at any severity level, output:

	### Rule Review: No issues found

	Rules checked: [list]
	Files reviewed: [count]

	No rule violations detected.

	## CRITICAL: Structured Warning Count

	At the very end of your response, you MUST output exactly this HTML comment
	with the count of WARNING-level findings (not INFO). This is machine-parsed
	to determine whether to block merge:

	<!-- warning-count: N -->

	where N is the integer count of warnings (0 if none). This line must appear
	exactly once, at the end, with no extra whitespace inside the comment.

	- name: Post review comment and set commit status
	if: github.event_name != 'merge_group' && steps.override.outputs.overridden != 'true' && steps.rules.outputs.skip != 'true'
	uses: actions/github-script@v9
	with:
	script: \|
	const fs = require('fs');
	const marker = '<!-- claude-rule-review -->';
	const reviewOutcome = '${{ steps.review.outcome }}';

	// If Claude step failed, post a warning instead of silently doing nothing
	if (reviewOutcome === 'failure') {
	const warningBody = marker + '\n' +
	'### Claude Rule Review: Failed to run\n\n' +
	'The Claude rule review step failed (likely an authentication or API issue). ' +
	'Check the [workflow logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.\n\n' +
	'---\nAdvisory review against `.claude/rules/`. Critical patterns are enforced by the Rule Lint CI job.';

	const { data: comments } = await github.rest.issues.listComments({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: context.issue.number,
	per_page: 100,
	});

	const existing = comments.find(c => c.body.includes(marker));
	if (existing) {
	await github.rest.issues.updateComment({
	owner: context.repo.owner,
	repo: context.repo.repo,
	comment_id: existing.id,
	body: warningBody,
	});
	} else {
	await github.rest.issues.createComment({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: context.issue.number,
	body: warningBody,
	});
	}
	// Don't block merge because the review tool broke — set success
	await github.rest.repos.createCommitStatus({
	owner: context.repo.owner,
	repo: context.repo.repo,
	sha: '${{ github.event.pull_request.head.sha }}',
	state: 'success',
	context: 'rule-review/warnings',
	description: 'Review failed to run — not blocking merge',
	target_url: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
	});
	core.warning('Claude rule review failed — warning comment posted on PR');
	return;
	}

	const execFile = '${{ steps.review.outputs.execution_file }}' \|\| '/home/runner/work/_temp/claude-execution-output.json';

	// Read Claude's output — the file is a JSON array of Turn objects
	let report = '';
	try {
	const raw = fs.readFileSync(execFile, 'utf8');
	const turns = JSON.parse(raw);

	// Find the last assistant turn with text content
	if (Array.isArray(turns)) {
	const assistantTurns = turns.filter(t => t.type === 'assistant' && t.message?.content);
	if (assistantTurns.length > 0) {
	const last = assistantTurns[assistantTurns.length - 1];
	const textParts = last.message.content
	.filter(c => c.type === 'text')
	.map(c => c.text);
	report = textParts.join('\n');
	}
	}
	} catch (e) {
	console.log(`Could not parse execution file: ${e.message}`);
	// Set success so we don't block merge on parse failure
	await github.rest.repos.createCommitStatus({
	owner: context.repo.owner,
	repo: context.repo.repo,
	sha: '${{ github.event.pull_request.head.sha }}',
	state: 'success',
	context: 'rule-review/warnings',
	description: 'Parse error — not blocking merge',
	});
	return;
	}

	if (!report \|\| report.trim().length === 0) {
	console.log('No report content found');
	// Set success so we don't block merge
	await github.rest.repos.createCommitStatus({
	owner: context.repo.owner,
	repo: context.repo.repo,
	sha: '${{ github.event.pull_request.head.sha }}',
	state: 'success',
	context: 'rule-review/warnings',
	description: 'No report content — not blocking merge',
	});
	return;
	}

	// Count WARNING-level findings using structured marker (reliable)
	// with regex fallback (best-effort if LLM doesn't emit marker)
	const noIssues = /no\s+(issues?\|rule\s+violations?)\s+(found\|detected)/i.test(report);
	let warningCount = 0;

	// Primary: parse structured marker <!-- warning-count: N -->
	const markerMatch = report.match(/<!--\swarning-count:\s(\d+)\s*-->/);
	if (markerMatch) {
	warningCount = parseInt(markerMatch[1], 10);
	} else if (!noIssues) {
	// Fallback: count bullet items in the Warnings section only
	const warningSection = report.match(/####\s+Warning[s]?\s\n([\s\S]?)(?=####\|$)/i);
	if (warningSection) {
	// Count any markdown list items (flexible: handles em-dash, hyphen, etc.)
	warningCount = (warningSection[1].match(/^-\s+/gm) \|\| []).length;
	}
	}
	const hasWarnings = warningCount > 0;

	const statusSuffix = hasWarnings
	? ` ⚠️ ${warningCount} warning(s) — fix or add \`review-override\` label`
	: '';
	const body = report + '\n\n---\nRule review against `.claude/rules/`. WARNING findings block merge.' + statusSuffix + '';

	// Find and update existing sticky comment, or create new one
	const { data: comments } = await github.rest.issues.listComments({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: context.issue.number,
	per_page: 100,
	});

	const existing = comments.find(c => c.body.includes(marker));
	const fullBody = marker + '\n' + body;

	if (existing) {
	await github.rest.issues.updateComment({
	owner: context.repo.owner,
	repo: context.repo.repo,
	comment_id: existing.id,
	body: fullBody,
	});
	console.log(`Updated existing comment ${existing.id}`);
	} else {
	await github.rest.issues.createComment({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: context.issue.number,
	body: fullBody,
	});
	console.log('Created new review comment');
	}

	// Set commit status based on warnings
	const state = hasWarnings ? 'failure' : 'success';
	const description = hasWarnings
	? `${warningCount} warning(s) found — fix or add review-override label`
	: 'No warnings found';

	await github.rest.repos.createCommitStatus({
	owner: context.repo.owner,
	repo: context.repo.repo,
	sha: '${{ github.event.pull_request.head.sha }}',
	state,
	context: 'rule-review/warnings',
	description,
	target_url: `${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.pull_request.number }}`
	});
	console.log(`Set commit status: ${state} (${description})`);

	- name: Set status to success if skipped
	if: github.event_name != 'merge_group' && steps.override.outputs.overridden != 'true' && steps.rules.outputs.skip == 'true'
	uses: actions/github-script@v9
	with:
	script: \|
	await github.rest.repos.createCommitStatus({
	owner: context.repo.owner,
	repo: context.repo.repo,
	sha: '${{ github.event.pull_request.head.sha }}',
	state: 'success',
	context: 'rule-review/warnings',
	description: 'No relevant files changed',
	});

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Claude PR Rule Review #3172

Workflow file

Claude PR Rule Review #3172

Uh oh!

Workflow file for this run