ci: Claude multi-agent PR review workflow#1
Merged
Conversation
Adds a swarm of five specialist Claude review agents that run in parallel on each PR, one per concern (PostgreSQL, TypeScript, Docker, security, docs). Each agent loads a domain-specific skill from `.claude/skills/` and posts inline + summary comments scoped to its lane. All agents run on `claude-haiku-4-5` to keep cost low. Security model is borrowed from stellar/actions PR #103, but uses `pull_request` (not `_target`) since this repo doesn't accept fork contributions. The five skills are vendored under `.claude/skills/` so the CI runner can load them without external dependencies.
Addresses two issues Copilot caught on the PR:
1. The workflow-level concurrency.group used ${{ github.job }}, which
resolves to the constant job id "review" for every matrix entry.
All five agents shared one group and would have cancelled each
other. Workflow-level concurrency can't reference matrix.*, so the
group moves to the job level and keys on matrix.id.
2. Pin anthropics/claude-code-action to a commit SHA (matching the
existing convention for third-party actions in this repo) to reduce
supply-chain risk. SHA is the current v1 tag.
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow that runs five parallel Claude “specialist” review jobs on each non-draft PR, backed by vendored skill prompts in .claude/skills/ to standardize each agent’s review focus.
Changes:
- Added
.github/workflows/claude-review.ymlto run a matrix of 5 review aspects (postgres/typescript/docker/security/docs) with per-aspect concurrency. - Vendored multiple Claude skill packs under
.claude/skills/(andproductionalize-nodereference docs) for consistent agent behavior. - Pinned
anthropics/claude-code-actionto a specific commit SHA.
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/claude-review.yml | New multi-agent PR review workflow with matrix, concurrency, and Claude Code action invocation. |
| .claude/skills/verification-before-completion/SKILL.md | Adds a verification discipline skill prompt for agents. |
| .claude/skills/productionalize-node/SKILL.md | Adds a production-hardening Node/TypeScript skill prompt. |
| .claude/skills/productionalize-node/references/tooling-defaults.md | Reference doc listing default tooling choices used by the skill. |
| .claude/skills/productionalize-node/references/phase-8-final-review.md | Reference doc for the skill’s final review phase and completion criteria. |
| .claude/skills/productionalize-node/references/phase-7-documentation.md | Reference doc for documentation updates/verification in the skill. |
| .claude/skills/productionalize-node/references/phase-6-ci.md | Reference doc for CI workflow guidance used by the skill. |
| .claude/skills/productionalize-node/references/phase-5-testing.md | Reference doc for Vitest setup and coverage workflow in the skill. |
| .claude/skills/productionalize-node/references/phase-4-dependencies.md | Reference doc for dependency audit/upgrades and “freshness” gate guidance. |
| .claude/skills/productionalize-node/references/phase-3-hardening/phase-3.5-cors-evaluation.md | Reference doc for optional CORS evaluation/config guidance. |
| .claude/skills/productionalize-node/references/phase-3-hardening/phase-3.4-env-validation.md | Reference doc for env validation via t3-env. |
| .claude/skills/productionalize-node/references/phase-3-hardening/phase-3.3-security.md | Reference doc for helmet/rate-limit/secrets audit guidance. |
| .claude/skills/productionalize-node/references/phase-3-hardening/phase-3.2-input-validation.md | Reference doc for Zod boundary validation guidance. |
| .claude/skills/productionalize-node/references/phase-3-hardening/phase-3.1-error-handling.md | Reference doc for error hierarchy and Express error handling guidance. |
| .claude/skills/productionalize-node/references/phase-3-hardening/phase-3-hardening.md | Reference doc tying together hardening sub-phases and verification. |
| .claude/skills/productionalize-node/references/phase-2-quality-infra.md | Reference doc for ESLint/Prettier and logger setup guidance. |
| .claude/skills/productionalize-node/references/phase-1-foundation.md | Reference doc for TS strict migration, scripts/Makefile, and repo hygiene. |
| .claude/skills/productionalize-node/references/assessment-checklist.md | Reference assessment checklist used by the skill to evaluate a codebase. |
| .claude/skills/postgres-optimization/SKILL.md | Adds a PostgreSQL optimization skill prompt. |
| .claude/skills/docker-patterns/SKILL.md | Adds a Docker patterns skill prompt. |
| .claude/skills/database-migrations/SKILL.md | Adds a DB migration best-practices skill prompt. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| claude_args: | | ||
| --model claude-haiku-4-5 | ||
| --max-turns 25 | ||
| --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment ${{ github.event.pull_request.number }}:*),Bash(gh pr diff ${{ github.event.pull_request.number }}:*),Bash(gh pr view ${{ github.event.pull_request.number }}:*),Bash(git log:*),Bash(git blame:*),Bash(git show:*),Bash(rg:*),Bash(cat:*),Bash(ls:*),Bash(find:*)" |
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| id-token: write |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Forked from stellar#67 to test on this fork before promoting upstream.
Summary
Adds
.github/workflows/claude-review.yml— a swarm of five specialist Claude review agents that run in parallel on every PR, all onclaude-haiku-4-5:postgrespostgres-optimization,database-migrationstypescriptproductionalize-nodedockerdocker-patternssecuritysecurity-auditdocs.env.example/ docs driftSkills are vendored under
.claude/skills/so the CI runner can load them.Bugs fixed during review
Copilot caught two real bugs on stellar#67 before merge:
concurrency.groupused${{ github.job }}(constantreviewacross all matrix entries) → would collapse all five agents into one group and cancel them. Moved to job-level concurrency keyed onmatrix.id.anthropics/claude-code-actionfrom@v1tag to commit SHA20c8abf...to match the repo convention for third-party actions.Plan
Test plan
ANTHROPIC_API_KEYis configured as a repo secret on this fork.