tools: claude: remove restriction for draft PRs

[pzmarzly]

I took this github.event.pull_request.draft check from the AI review workflow we were using before (/code-review:code-review).

But it may be useful to iterate on your PR with the help of Claude review bot, while keeping it hidden from review queue at the same time. AI review can easily add a few iteration loops when making a PR.

Let's remove this one line.

[github-actions]

Claude: Looks good. Clean one-line change, rationale is sound -- allowing Claude to review draft PRs enables faster iteration without cluttering the human review queue.

One optional consideration: you may want to add ready_for_review to the pull_request_target event types. Currently, if an author opens a draft (Claude reviews), iterates, then marks the PR ready-for-review without pushing a new commit, Claude won't produce a fresh review for the final state. Adding ready_for_review would cover that edge case. Not blocking since this was already the pre-existing behavior for non-draft PRs.

[qdeslandes]

I'm concerned this could lead to abuse. Open PR with numerous changes to trigger Claude can be found easily, draft PR not so much?

[pzmarzly]

I converted this PR to draft, can you still see it?

[pzmarzly]

Claude, can you advise us here?
EDIT: apparently the GH Action cannot :/
EDIT2: I ran the question locally:

A few things to consider:
  1. The concurrency group with cancel-in-progress: true already limits cost — only one review runs per PR at a time. Rapid pushes just cancel previous runs.
  2. The real abuse vector is external contributors, not project members. But the workflow already checks out upstream code (not the PR branch), so the security model is fine. The
  cost is just API credits for Claude reviews on junk PRs.
  3. Practical mitigations if abuse becomes a problem:
    - Add a label-based gate (e.g., only review if a needs-review label is present)
    - Restrict to known collaborators with if: github.event.pull_request.author_association != 'NONE'
    - Rate-limit per author

[github-actions]

Claude: review of facebook/bpfilter #441 (663b755)

No issues found. Clean single-line removal of the draft PR guard from the Claude review workflow.

• Commit message follows project conventions (tools: claude: remove restriction for draft PRs)
• No security regression: the workflow's security model (checking out upstream, not the PR branch) already handles untrusted PRs regardless of draft status
• Cost of running on draft PRs is mitigated by cancel-in-progress: true on the concurrency group
• YAML formatting remains consistent after the removal
• No documentation updates needed