From 0b2f08f4c5af1bbd3970b261de80d7110e325628 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:30:49 -0500 Subject: [PATCH 1/7] Fix formatting issue in password management guidelines --- docs/passwordsecure/9.3/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/passwordsecure/9.3/index.md b/docs/passwordsecure/9.3/index.md index 7bfafea9c1..89881184ad 100644 --- a/docs/passwordsecure/9.3/index.md +++ b/docs/passwordsecure/9.3/index.md @@ -9,7 +9,7 @@ sidebar_position: 1 ## Users depend on passwords Passwords are used constantly and everywhere, -and they need to be professionally managed. Passwords should be safe, have at least 12 characters, +and should be professionally managed. Passwords should be safe, have at least 12 characters, including uppercase and lowercase as well as special characters. In the best case, a separate access password should be used for each account. It should be changed regularly. It is hard enough to meet this challenge in private settings. In a large corporate environment, you wouldn’t be able to From e6fe21b214b790648feae873aaef9d799920e97b Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:37:59 -0500 Subject: [PATCH 2/7] Refine Claude trigger logic and comments in workflow Updated comments and logic for Claude integration in GitHub Actions. --- .github/workflows/documentation_reviewer.yml | 33 ++++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 235ae61986..9127bfd88b 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -3,31 +3,33 @@ name: Documentation Reviewer on: pull_request: types: [opened, edited, reopened, synchronize] - # Allows Claude to trigger on PR or Issue comments + # CRITICAL: Allows Claude to trigger on PR comments made days later issue_comment: types: [created] - # Allows Claude to trigger on specific line-level review comments + # Allows Claude to trigger on specific code-line comments pull_request_review_comment: types: [created] jobs: claude: - # Updated logic to detect your custom "/docs" trigger across all events + # Bulletproof IF logic: Checks every possible text body for "/docs" if: | + (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs')) || (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/docs')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) || - (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs')) + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) runs-on: ubuntu-latest permissions: - contents: write # Required to modify repository files - pull-requests: write # Required to create/modify PRs - issues: write # Required to respond to issues + contents: write # To modify repository files + pull-requests: write # To create/modify PRs + issues: write # To respond to comments id-token: write actions: read steps: - name: Checkout repository - uses: actions/checkout@v4 # Updated to v4 for stability + uses: actions/checkout@v4 with: + # FIX: Ensures the action checks out the PR code, not 'main', during comments + ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} fetch-depth: 1 - name: Checkout system prompt repository @@ -52,16 +54,13 @@ jobs: - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@v1 # GA version + uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Required secret - - # Claude will now only respond to "/docs" - trigger_phrase: "/docs" - - # CLI arguments passed directly to the Claude engine + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # + # Explicitly provide the token to ensure Claude can write back to the PR + github_token: ${{ secrets.GITHUB_TOKEN }} + trigger_phrase: "/docs" # Custom trigger claude_args: | --model claude-sonnet-4-5-20250929 - --max-turns 10 --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" From 144aedd54611654346ba9b822d57e98fde3896c1 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:49:30 -0500 Subject: [PATCH 3/7] Refactor documentation reviewer workflow triggers and logic --- .github/workflows/documentation_reviewer.yml | 25 +++++++------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 9127bfd88b..688d98afe7 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -2,33 +2,27 @@ name: Documentation Reviewer on: pull_request: - types: [opened, edited, reopened, synchronize] - # CRITICAL: Allows Claude to trigger on PR comments made days later + types: [opened, synchronize] + # Basic example triggers for "live" comments issue_comment: types: [created] - # Allows Claude to trigger on specific code-line comments pull_request_review_comment: types: [created] jobs: claude: - # Bulletproof IF logic: Checks every possible text body for "/docs" - if: | - (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs')) || - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/docs')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) runs-on: ubuntu-latest permissions: - contents: write # To modify repository files - pull-requests: write # To create/modify PRs - issues: write # To respond to comments + contents: write + pull-requests: write + issues: write id-token: write actions: read steps: - name: Checkout repository uses: actions/checkout@v4 with: - # FIX: Ensures the action checks out the PR code, not 'main', during comments + # Still necessary to ensure Claude sees the PR code, not main ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} fetch-depth: 1 @@ -53,13 +47,12 @@ jobs: } >> $GITHUB_OUTPUT - name: Run Claude Code - id: claude uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # - # Explicitly provide the token to ensure Claude can write back to the PR + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} github_token: ${{ secrets.GITHUB_TOKEN }} - trigger_phrase: "/docs" # Custom trigger + # The action will ONLY trigger its logic if it sees this phrase + trigger_phrase: "/docs" claude_args: | --model claude-sonnet-4-5-20250929 --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" From 2dcd85dfdb04fe4eba3f9db6a5c4b7a4a9c151fc Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:52:45 -0500 Subject: [PATCH 4/7] Update token secret for checkout action --- .github/workflows/documentation_reviewer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 688d98afe7..00904b1704 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_REPO_TOKEN }} + token: ${{ secrets.PRIVATE_AGENTS_REPO }} path: system-prompt-repo ref: main sparse-checkout: | From 704b9762b27e694a7b499a6d294a223714da5810 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 23:05:51 -0500 Subject: [PATCH 5/7] Update documentation reviewer workflow triggers and permissions --- .github/workflows/documentation_reviewer.yml | 38 +++++++++++--------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 00904b1704..a989e9c28e 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -2,27 +2,30 @@ name: Documentation Reviewer on: pull_request: - types: [opened, synchronize] - # Basic example triggers for "live" comments + types: [opened, edited, reopened, synchronize] issue_comment: types: [created] pull_request_review_comment: types: [created] + issues: + types: [opened, assigned, labeled] + pull_request_review: + types: [submitted] jobs: - claude: + claude-response: runs-on: ubuntu-latest permissions: - contents: write - pull-requests: write - issues: write + contents: write # Required to read/modify repository files + pull-requests: write # Required to create/modify PRs + issues: write # Required to respond to issues and comments id-token: write - actions: read + actions: read # Required for Claude to read CI results steps: - name: Checkout repository uses: actions/checkout@v4 with: - # Still necessary to ensure Claude sees the PR code, not main + # Ensures the action checks out the PR branch instead of main ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} fetch-depth: 1 @@ -30,7 +33,7 @@ jobs: uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_AGENTS_REPO }} + token: ${{ secrets.PRIVATE_REPO_TOKEN }} # Ensure this secret is in Settings > Secrets path: system-prompt-repo ref: main sparse-checkout: | @@ -43,16 +46,19 @@ jobs: { echo "prompt<> $GITHUB_OUTPUT + } >> "$GITHUB_OUTPUT" - - name: Run Claude Code - uses: anthropics/claude-code-action@v1 + - uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - # The action will ONLY trigger its logic if it sees this phrase - trigger_phrase: "/docs" + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # + github_token: ${{ secrets.GITHUB_TOKEN }} # Required for Claude to interact with GitHub + + # Automated mode: Claude triggers on every PR event with this instruction + prompt: "/review" + + # CLI arguments to configure the engine claude_args: | --model claude-sonnet-4-5-20250929 --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" From 3a0f5db55951867914bb8de53a28968d0d0d7974 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 23:09:52 -0500 Subject: [PATCH 6/7] Update token secret for checkout action --- .github/workflows/documentation_reviewer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index a989e9c28e..ef80f8811e 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -33,7 +33,7 @@ jobs: uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_REPO_TOKEN }} # Ensure this secret is in Settings > Secrets + token: ${{ secrets.PRIVATE_AGENTS_REPO }} # Ensure this secret is in Settings > Secrets path: system-prompt-repo ref: main sparse-checkout: | From ec5def4f069e66fe8ff96b76ab1854aa2a4f4ca8 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 23:22:30 -0500 Subject: [PATCH 7/7] Add Claude Code Review workflow --- .github/workflows/claude-code-review.yml | 57 ++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/claude-code-review.yml diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml new file mode 100644 index 0000000000..415b7b1d8e --- /dev/null +++ b/.github/workflows/claude-code-review.yml @@ -0,0 +1,57 @@ +name: Claude Code Review + +on: + pull_request: + types: [opened, synchronize] + # Optional: Only run on specific file changes + # paths: + # - "src/**/*.ts" + # - "src/**/*.tsx" + # - "src/**/*.js" + # - "src/**/*.jsx" + +jobs: + claude-review: + # Optional: Filter by PR author + # if: | + # github.event.pull_request.user.login == 'external-contributor' || + # github.event.pull_request.user.login == 'new-developer' || + # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' + + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + issues: read + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Run Claude Code Review + id: claude-review + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ secrets.GITHUB_TOKEN }} + prompt: | + REPO: ${{ github.repository }} + PR NUMBER: ${{ github.event.pull_request.number }} + + Please review this pull request and provide feedback on: + - Code quality and best practices + - Potential bugs or issues + - Performance considerations + - Security concerns + - Test coverage + + Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback. + + Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. + + # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md + # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options + claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'