From 40dfbf8add45678dbd639a5c3b9c8629aadd5b3a Mon Sep 17 00:00:00 2001
From: Nathan Heskew <nathan@harperdb.io>
Date: Tue, 19 May 2026 07:54:38 -0700
Subject: [PATCH] ci(claude-review): bump pin to f22bf7d + label-gated review +
 scoped caller permissions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Catches up oauth's claude-review.yml from `128656e4` to `f22bf7d`, picking up
three ai-review-prompts changes:

  - #37: harper/common.md gains "Meta-checks" section + reuse /
    CI hygiene / lockfile drift bullets.
  - #38: label-gated review for bot-authored PRs (`claude-review`
    label as opt-in gesture). Claude-only.
  - #40: the revert of #39's broken workflow-level `permissions: {}`
    (the reusable side is back to a verified-working state).

Caller changes:

  - Pin bumped to `f22bf7d`.
  - `pull_request: types:` adds `labeled` for the bot-PR gesture.
  - Caller-side `permissions:` block at the calling-job level:

      permissions:
        contents: read
        pull-requests: write
        id-token: write

    Union of what the reusable's `authorize` and `review` jobs
    need. Placement at the calling-job level — NOT workflow-level —
    is the documented canonical pattern; workflow-level placement
    caps the reusable's per-job grants below what they need
    (the ai-review-prompts#39 → #40 incident showed this empirically).
    Reference: https://docs.github.com/en/actions/reference/workflows-and-actions/reusing-workflow-configurations

Empirical verification:
  - The same caller-side pattern was tried earlier today on
    HarperFast/oauth#84 (now superseded by this PR). CI showed
    `review / authorize` passing in ~10s and `review / review`
    starting cleanly and running for 34s before bailing on the
    upstream OIDC ref-validation gotcha (documented behavior for
    PRs that modify claude-review.yml itself — harmless). That's
    proof the permissions pattern gets the workflow past startup
    and into the reusable's jobs.

NOT in this PR (superseding HarperFast/oauth#84's broader scope):

  - gemini-review.yml pin bump — Gemini reviewer has ongoing
    reliability issues being worked separately; no value in
    dragging its pin along.
  - gemini-review-debug.yml — diagnostic workflow from earlier
    Gemini iteration sessions; lives in branch history but not
    on main, not part of this PR.

Repo-side prerequisite (already applied via `gh label create`):

  - `claude-review` label exists on this repo.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
---
 .github/workflows/claude-review.yml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index ce6f4a7..1f9aa04 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -16,7 +16,9 @@ name: Claude PR Review
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened]
+    # `labeled` admits the `claude-review` label gesture for
+    # bot-authored PRs (renovate, dependabot). See ai-review-prompts#38.
+    types: [opened, synchronize, reopened, labeled]
 
 concurrency:
   group: claude-review-${{ github.event.pull_request.number }}
@@ -24,7 +26,21 @@ concurrency:
 
 jobs:
   review:
-    uses: HarperFast/ai-review-prompts/.github/workflows/_claude-review.yml@128656e40c87c0e1293c542a5500df4f68dbff85 # main 2026-05-12 (post #25 — symmetric pin with gemini-review.yml; picks up shared-script refactor and authorize-ai-workflow.sh rename)
+    uses: HarperFast/ai-review-prompts/.github/workflows/_claude-review.yml@f22bf7dcb7d22d5de94c938daa9d790f2b5c776b # main 2026-05-18 (post #37 + #38 + #40 — calibration layer update + label-gated bot-PR review; gemini-review.yml pin intentionally NOT in lockstep here — Gemini reviewer has known issues being worked separately, no need to drag it along)
+    # Caller-side permissions, scoped at the calling-job level (NOT
+    # workflow-level — that placement caps the reusable's per-job
+    # grants below what they need and breaks the workflow at startup;
+    # see ai-review-prompts#39/#40 for the incident). Union of what
+    # the reusable's `authorize` (`contents: read`) and `review`
+    # (`contents: read + pull-requests: write + id-token: write`)
+    # jobs declare. GitHub's rule: caller's GITHUB_TOKEN permissions
+    # can only be DOWNGRADED (not elevated) by the called workflow,
+    # so the caller must grant at least the union the reusable needs.
+    # Reference: https://docs.github.com/en/actions/reference/workflows-and-actions/reusing-workflow-configurations
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
     with:
       # Same SHA as the `uses:` ref above. The reusable uses this to
       # check out HarperFast/ai-review-prompts (layer files + bash
@@ -35,7 +51,7 @@ jobs:
       # introspect their own ref (`github.workflow_ref` resolves to the
       # CALLER's ref in `workflow_call` context), and `uses: …@<ref>`
       # is parsed literally so we can't interpolate a variable.
-      ai-review-prompts-ref: 128656e40c87c0e1293c542a5500df4f68dbff85
+      ai-review-prompts-ref: f22bf7dcb7d22d5de94c938daa9d790f2b5c776b
       review-layers: |
         universal
         harper/common