netwrix · jtviolet · Jan 27, 2026 · Jan 27, 2026 · Jan 27, 2026 · Jan 27, 2026
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
@@ -0,0 +1,57 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Please review this pull request and provide feedback on:
+            - Code quality and best practices
+            - Potential bugs or issues
+            - Performance considerations
+            - Security concerns
+            - Test coverage
+
+            Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
+
+            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
+
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
+          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml
@@ -3,38 +3,37 @@
 on:
   pull_request:
     types: [opened, edited, reopened, synchronize]
-  # Allows Claude to trigger on PR or Issue comments
   issue_comment:
     types: [created]
-  # Allows Claude to trigger on specific line-level review comments
   pull_request_review_comment:
     types: [created]
+  issues:
+    types: [opened, assigned, labeled]
+  pull_request_review:
+    types: [submitted]
 
 jobs:
-  claude:
-    # Updated logic to detect your custom "/docs" trigger across all events
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/docs')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) ||
-      (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs'))
+  claude-response:
     runs-on: ubuntu-latest
     permissions:
-      contents: write # Required to modify repository files
+      contents: write # Required to read/modify repository files
       pull-requests: write # Required to create/modify PRs
-      issues: write # Required to respond to issues
+      issues: write # Required to respond to issues and comments
       id-token: write
-      actions: read 
+      actions: read # Required for Claude to read CI results
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4 # Updated to v4 for stability
+        uses: actions/checkout@v4
         with:
+          # Ensures the action checks out the PR branch instead of main
+          ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
           fetch-depth: 1
 
       - name: Checkout system prompt repository
         uses: actions/checkout@v4
         with:
           repository: netwrix-eng/internal-agents
-          token: ${{ secrets.PRIVATE_REPO_TOKEN }}
+          token: ${{ secrets.PRIVATE_AGENTS_REPO }} # Ensure this secret is in Settings > Secrets
           path: system-prompt-repo
           ref: main
           sparse-checkout: |
@@ -47,21 +46,20 @@
           {
             echo "prompt<<EOF"
             cat system-prompt-repo/agents/engineering/technical_writing/system.md
+            echo "" # Forces a newline to prevent EOF delimiter errors
             echo "EOF"
-          } >> $GITHUB_OUTPUT
+          } >> "$GITHUB_OUTPUT"
 
-      - name: Run Claude Code
-        id: claude
-        uses: anthropics/claude-code-action@v1 # GA version
+      - uses: anthropics/claude-code-action@v1
         with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Required secret
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} #
+          github_token: ${{ secrets.GITHUB_TOKEN }} # Required for Claude to interact with GitHub
 
-          # Claude will now only respond to "/docs"
-          trigger_phrase: "/docs"
+          # Automated mode: Claude triggers on every PR event with this instruction
+          prompt: "/review"
 
-          # CLI arguments passed directly to the Claude engine
+          # CLI arguments to configure the engine
           claude_args: |
             --model claude-sonnet-4-5-20250929
-            --max-turns 10
             --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}"
             --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"
@@ -9,7 +9,7 @@ sidebar_position: 1
 ## Users depend on passwords
 
 Passwords are used constantly and everywhere,
-and they need to be professionally managed. Passwords should be safe, have at least 12 characters,
+and should be professionally managed. Passwords should be safe, have at least 12 characters,
 including uppercase and lowercase as well as special characters. In the best case, a separate access
 password should be used for each account. It should be changed regularly. It is hard enough to meet
 this challenge in private settings. In a large corporate environment, you wouldn’t be able to