From 9f79254b84402018cd211b5e33c7cde2aa1e3472 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 15:37:15 -0500 Subject: [PATCH 01/14] Rename workflow to Documentation Reviewer and update permissions --- .github/workflows/claude.yml | 49 -------------- .github/workflows/documentation_reviewer.yml | 69 ++++++++++++++++++++ 2 files changed, 69 insertions(+), 49 deletions(-) delete mode 100644 .github/workflows/claude.yml create mode 100644 .github/workflows/documentation_reviewer.yml diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml deleted file mode 100644 index 93907d37d4..0000000000 --- a/.github/workflows/claude.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Claude Code - -on: - issue_comment: - types: [created] - pull_request_review_comment: - types: [created] - issues: - types: [opened, assigned] - pull_request_review: - types: [submitted] - -jobs: - claude: - if: | - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || - (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: read - issues: read - id-token: write - actions: read # Required for Claude to read CI results on PRs - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run Claude Code - id: claude - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - - # This is an optional setting that allows Claude to read CI results on PRs - additional_permissions: | - actions: read - - # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it. - # prompt: 'Update the pull request description to include a summary of changes.' - - # Optional: Add claude_args to customize behavior and configuration - # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md - # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options - # claude_args: '--allowed-tools Bash(gh pr:*)' diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml new file mode 100644 index 0000000000..5bced6f6d5 --- /dev/null +++ b/.github/workflows/documentation_reviewer.yml @@ -0,0 +1,69 @@ +name: Documentation Reviewer + +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + issues: + types: [opened, assigned] + pull_request_review: + types: [submitted] + +jobs: + claude: + if: | + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || + (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || + (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + issues: write + id-token: write + actions: read # Required for Claude to read CI results on PRs + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + fetch-depth: 1 + + - name: Checkout system prompt repository + uses: actions/checkout@v5 + with: + repository: netwrix-eng/internal-agents + token: ${{ secrets.PRIVATE_REPO_TOKEN }} # PAT with repo access + path: system-prompt-repo + ref: main + sparse-checkout: | + agents/engineering/technical_writing/system.md + sparse-checkout-cone-mode: false + + - name: Read system prompt + id: read-prompt + run: | + { + echo "prompt<> $GITHUB_OUTPUT + + - name: Run Claude Code + id: claude + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + + # Optional: Customize the trigger phrase (default: @claude) + trigger_phrase: "/docs" + + # Optional: Trigger when specific user is assigned to an issue + # assignee_trigger: "claude-bot" + + # Optional: Configure Claude's behavior with CLI arguments + claude_args: | + --model claude-sonnet-4-5-20250929 + --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" + --system-prompt "${{ steps.read-prompt.outputs.prompt }}" From 4059630cf5e600a9fbc5f115ab24fb4659d46037 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 15:41:47 -0500 Subject: [PATCH 02/14] Comment out trigger_phrase in documentation reviewer workflow Commented out the trigger_phrase configuration for clarity. --- .github/workflows/documentation_reviewer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 5bced6f6d5..44348a0cde 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -57,7 +57,7 @@ jobs: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Optional: Customize the trigger phrase (default: @claude) - trigger_phrase: "/docs" + # trigger_phrase: "/docs" # Optional: Trigger when specific user is assigned to an issue # assignee_trigger: "claude-bot" From 03deb5a90963bd8f87d486c86ce3f80b039cc716 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 15:51:59 -0500 Subject: [PATCH 03/14] Delete .github/workflows/claude-code-review.yml --- .github/workflows/claude-code-review.yml | 57 ------------------------ 1 file changed, 57 deletions(-) delete mode 100644 .github/workflows/claude-code-review.yml diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml deleted file mode 100644 index 415b7b1d8e..0000000000 --- a/.github/workflows/claude-code-review.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Claude Code Review - -on: - pull_request: - types: [opened, synchronize] - # Optional: Only run on specific file changes - # paths: - # - "src/**/*.ts" - # - "src/**/*.tsx" - # - "src/**/*.js" - # - "src/**/*.jsx" - -jobs: - claude-review: - # Optional: Filter by PR author - # if: | - # github.event.pull_request.user.login == 'external-contributor' || - # github.event.pull_request.user.login == 'new-developer' || - # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' - - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - issues: read - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run Claude Code Review - id: claude-review - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - prompt: | - REPO: ${{ github.repository }} - PR NUMBER: ${{ github.event.pull_request.number }} - - Please review this pull request and provide feedback on: - - Code quality and best practices - - Potential bugs or issues - - Performance considerations - - Security concerns - - Test coverage - - Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback. - - Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. - - # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md - # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options - claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"' From cb53cce068e2c76365bcc2d7fc2f86cd50780ec9 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:22:37 -0500 Subject: [PATCH 04/14] Update documentation reviewer workflow triggers --- .github/workflows/documentation_reviewer.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 44348a0cde..684c2c4f75 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -1,14 +1,8 @@ name: Documentation Reviewer on: - issue_comment: - types: [created] - pull_request_review_comment: - types: [created] - issues: - types: [opened, assigned] - pull_request_review: - types: [submitted] + pull_request: + types: [opened, edited, reopened, synchronize] jobs: claude: @@ -57,7 +51,7 @@ jobs: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Optional: Customize the trigger phrase (default: @claude) - # trigger_phrase: "/docs" + trigger_phrase: "/docs" # Optional: Trigger when specific user is assigned to an issue # assignee_trigger: "claude-bot" From 44082e2e26fa4163660d3e902f734a0a83b0968e Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:30:10 -0500 Subject: [PATCH 05/14] Enhance documentation reviewer workflow for Claude Updated workflow to allow Claude to trigger on '/docs' commands and modified checkout actions for stability. --- .github/workflows/documentation_reviewer.yml | 44 +++++++++++--------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 684c2c4f75..235ae61986 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -3,32 +3,38 @@ name: Documentation Reviewer on: pull_request: types: [opened, edited, reopened, synchronize] + # Allows Claude to trigger on PR or Issue comments + issue_comment: + types: [created] + # Allows Claude to trigger on specific line-level review comments + pull_request_review_comment: + types: [created] jobs: claude: + # Updated logic to detect your custom "/docs" trigger across all events if: | - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || - (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) + (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/docs')) || + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) || + (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs')) runs-on: ubuntu-latest permissions: - contents: write - pull-requests: write - issues: write + contents: write # Required to modify repository files + pull-requests: write # Required to create/modify PRs + issues: write # Required to respond to issues id-token: write - actions: read # Required for Claude to read CI results on PRs + actions: read steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v4 # Updated to v4 for stability with: fetch-depth: 1 - name: Checkout system prompt repository - uses: actions/checkout@v5 + uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_REPO_TOKEN }} # PAT with repo access + token: ${{ secrets.PRIVATE_REPO_TOKEN }} path: system-prompt-repo ref: main sparse-checkout: | @@ -46,18 +52,16 @@ jobs: - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@v1 + uses: anthropics/claude-code-action@v1 # GA version with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - - # Optional: Customize the trigger phrase (default: @claude) + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Required secret + + # Claude will now only respond to "/docs" trigger_phrase: "/docs" - # Optional: Trigger when specific user is assigned to an issue - # assignee_trigger: "claude-bot" - - # Optional: Configure Claude's behavior with CLI arguments + # CLI arguments passed directly to the Claude engine claude_args: | --model claude-sonnet-4-5-20250929 + --max-turns 10 + --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" - --system-prompt "${{ steps.read-prompt.outputs.prompt }}" From fd6b6324e16a33cd4417195da28ad54f09974b6a Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:37:44 -0500 Subject: [PATCH 06/14] Refine Claude GitHub Actions workflow comments Updated comments and logic for Claude integration in GitHub Actions. --- .github/workflows/documentation_reviewer.yml | 33 ++++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 235ae61986..9127bfd88b 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -3,31 +3,33 @@ name: Documentation Reviewer on: pull_request: types: [opened, edited, reopened, synchronize] - # Allows Claude to trigger on PR or Issue comments + # CRITICAL: Allows Claude to trigger on PR comments made days later issue_comment: types: [created] - # Allows Claude to trigger on specific line-level review comments + # Allows Claude to trigger on specific code-line comments pull_request_review_comment: types: [created] jobs: claude: - # Updated logic to detect your custom "/docs" trigger across all events + # Bulletproof IF logic: Checks every possible text body for "/docs" if: | + (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs')) || (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/docs')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) || - (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs')) + (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) runs-on: ubuntu-latest permissions: - contents: write # Required to modify repository files - pull-requests: write # Required to create/modify PRs - issues: write # Required to respond to issues + contents: write # To modify repository files + pull-requests: write # To create/modify PRs + issues: write # To respond to comments id-token: write actions: read steps: - name: Checkout repository - uses: actions/checkout@v4 # Updated to v4 for stability + uses: actions/checkout@v4 with: + # FIX: Ensures the action checks out the PR code, not 'main', during comments + ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} fetch-depth: 1 - name: Checkout system prompt repository @@ -52,16 +54,13 @@ jobs: - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@v1 # GA version + uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # Required secret - - # Claude will now only respond to "/docs" - trigger_phrase: "/docs" - - # CLI arguments passed directly to the Claude engine + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # + # Explicitly provide the token to ensure Claude can write back to the PR + github_token: ${{ secrets.GITHUB_TOKEN }} + trigger_phrase: "/docs" # Custom trigger claude_args: | --model claude-sonnet-4-5-20250929 - --max-turns 10 --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" --allowedTools "Bash(npm install),Bash(npm run build),Bash(npm run test:*),Bash(npm run lint:*),Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)" From 3461456588ec0010853efee984bc3bb2d708ce06 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:49:20 -0500 Subject: [PATCH 07/14] Refine triggers and permissions in workflow --- .github/workflows/documentation_reviewer.yml | 25 +++++++------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 9127bfd88b..688d98afe7 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -2,33 +2,27 @@ name: Documentation Reviewer on: pull_request: - types: [opened, edited, reopened, synchronize] - # CRITICAL: Allows Claude to trigger on PR comments made days later + types: [opened, synchronize] + # Basic example triggers for "live" comments issue_comment: types: [created] - # Allows Claude to trigger on specific code-line comments pull_request_review_comment: types: [created] jobs: claude: - # Bulletproof IF logic: Checks every possible text body for "/docs" - if: | - (github.event_name == 'pull_request' && contains(github.event.pull_request.body, '/docs')) || - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/docs')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/docs')) runs-on: ubuntu-latest permissions: - contents: write # To modify repository files - pull-requests: write # To create/modify PRs - issues: write # To respond to comments + contents: write + pull-requests: write + issues: write id-token: write actions: read steps: - name: Checkout repository uses: actions/checkout@v4 with: - # FIX: Ensures the action checks out the PR code, not 'main', during comments + # Still necessary to ensure Claude sees the PR code, not main ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} fetch-depth: 1 @@ -53,13 +47,12 @@ jobs: } >> $GITHUB_OUTPUT - name: Run Claude Code - id: claude uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # - # Explicitly provide the token to ensure Claude can write back to the PR + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} github_token: ${{ secrets.GITHUB_TOKEN }} - trigger_phrase: "/docs" # Custom trigger + # The action will ONLY trigger its logic if it sees this phrase + trigger_phrase: "/docs" claude_args: | --model claude-sonnet-4-5-20250929 --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" From 8f19ab979ca54d80677c0d53dd7c8d35a5c8edfb Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 22:52:33 -0500 Subject: [PATCH 08/14] Update token secret for checkout action --- .github/workflows/documentation_reviewer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 688d98afe7..00904b1704 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_REPO_TOKEN }} + token: ${{ secrets.PRIVATE_AGENTS_REPO }} path: system-prompt-repo ref: main sparse-checkout: | From b8bed98baeb8d204e6516e06ad9b562869ef75c6 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 23:05:38 -0500 Subject: [PATCH 09/14] Update documentation reviewer workflow triggers and permissions --- .github/workflows/documentation_reviewer.yml | 38 +++++++++++--------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index 00904b1704..a989e9c28e 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -2,27 +2,30 @@ name: Documentation Reviewer on: pull_request: - types: [opened, synchronize] - # Basic example triggers for "live" comments + types: [opened, edited, reopened, synchronize] issue_comment: types: [created] pull_request_review_comment: types: [created] + issues: + types: [opened, assigned, labeled] + pull_request_review: + types: [submitted] jobs: - claude: + claude-response: runs-on: ubuntu-latest permissions: - contents: write - pull-requests: write - issues: write + contents: write # Required to read/modify repository files + pull-requests: write # Required to create/modify PRs + issues: write # Required to respond to issues and comments id-token: write - actions: read + actions: read # Required for Claude to read CI results steps: - name: Checkout repository uses: actions/checkout@v4 with: - # Still necessary to ensure Claude sees the PR code, not main + # Ensures the action checks out the PR branch instead of main ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} fetch-depth: 1 @@ -30,7 +33,7 @@ jobs: uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_AGENTS_REPO }} + token: ${{ secrets.PRIVATE_REPO_TOKEN }} # Ensure this secret is in Settings > Secrets path: system-prompt-repo ref: main sparse-checkout: | @@ -43,16 +46,19 @@ jobs: { echo "prompt<> $GITHUB_OUTPUT + } >> "$GITHUB_OUTPUT" - - name: Run Claude Code - uses: anthropics/claude-code-action@v1 + - uses: anthropics/claude-code-action@v1 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - # The action will ONLY trigger its logic if it sees this phrase - trigger_phrase: "/docs" + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # + github_token: ${{ secrets.GITHUB_TOKEN }} # Required for Claude to interact with GitHub + + # Automated mode: Claude triggers on every PR event with this instruction + prompt: "/review" + + # CLI arguments to configure the engine claude_args: | --model claude-sonnet-4-5-20250929 --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" From 82ea9cf804a9bfd8a1096fac288c2aa88851bb2b Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 23:09:38 -0500 Subject: [PATCH 10/14] Update token secret for repository checkout --- .github/workflows/documentation_reviewer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index a989e9c28e..ef80f8811e 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -33,7 +33,7 @@ jobs: uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_REPO_TOKEN }} # Ensure this secret is in Settings > Secrets + token: ${{ secrets.PRIVATE_AGENTS_REPO }} # Ensure this secret is in Settings > Secrets path: system-prompt-repo ref: main sparse-checkout: | From befe5c757e50d1a9d6a35e99cb801e81e3c661ae Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Mon, 26 Jan 2026 23:22:02 -0500 Subject: [PATCH 11/14] Create claude-code-review.yml --- .github/workflows/claude-code-review.yml | 57 ++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/claude-code-review.yml diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml new file mode 100644 index 0000000000..415b7b1d8e --- /dev/null +++ b/.github/workflows/claude-code-review.yml @@ -0,0 +1,57 @@ +name: Claude Code Review + +on: + pull_request: + types: [opened, synchronize] + # Optional: Only run on specific file changes + # paths: + # - "src/**/*.ts" + # - "src/**/*.tsx" + # - "src/**/*.js" + # - "src/**/*.jsx" + +jobs: + claude-review: + # Optional: Filter by PR author + # if: | + # github.event.pull_request.user.login == 'external-contributor' || + # github.event.pull_request.user.login == 'new-developer' || + # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' + + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + issues: read + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Run Claude Code Review + id: claude-review + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ secrets.GITHUB_TOKEN }} + prompt: | + REPO: ${{ github.repository }} + PR NUMBER: ${{ github.event.pull_request.number }} + + Please review this pull request and provide feedback on: + - Code quality and best practices + - Potential bugs or issues + - Performance considerations + - Security concerns + - Test coverage + + Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback. + + Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR. + + # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md + # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options + claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"' From ff708a76fcb19e1c07a4bc40ffa9e3ce99060f86 Mon Sep 17 00:00:00 2001 From: Jordan Violet <8886650+jtviolet@users.noreply.github.com> Date: Tue, 27 Jan 2026 10:07:49 -0500 Subject: [PATCH 12/14] Update documentation reviewer workflow for markdown files --- .github/workflows/documentation_reviewer.yml | 49 +++++++++++++++----- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/.github/workflows/documentation_reviewer.yml b/.github/workflows/documentation_reviewer.yml index ef80f8811e..09e5970f01 100644 --- a/.github/workflows/documentation_reviewer.yml +++ b/.github/workflows/documentation_reviewer.yml @@ -3,6 +3,8 @@ name: Documentation Reviewer on: pull_request: types: [opened, edited, reopened, synchronize] + paths: + - '**.md' issue_comment: types: [created] pull_request_review_comment: @@ -16,24 +18,47 @@ jobs: claude-response: runs-on: ubuntu-latest permissions: - contents: write # Required to read/modify repository files - pull-requests: write # Required to create/modify PRs - issues: write # Required to respond to issues and comments + contents: write + pull-requests: write + issues: write id-token: write - actions: read # Required for Claude to read CI results + actions: read steps: - name: Checkout repository uses: actions/checkout@v4 with: # Ensures the action checks out the PR branch instead of main ref: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }} - fetch-depth: 1 + fetch-depth: 0 # Need full history to compare with base branch + + - name: Get changed markdown files + id: changed-files + run: | + # Get the base branch + BASE_SHA="${{ github.event.pull_request.base.sha }}" + HEAD_SHA="${{ github.event.pull_request.head.sha }}" + + # Get only changed .md files + CHANGED_MD_FILES=$(git diff --name-only --diff-filter=ACMRT $BASE_SHA $HEAD_SHA | grep '\.md$' || true) + + if [ -z "$CHANGED_MD_FILES" ]; then + echo "No markdown files changed" + echo "files=" >> "$GITHUB_OUTPUT" + echo "count=0" >> "$GITHUB_OUTPUT" + else + echo "Changed markdown files:" + echo "$CHANGED_MD_FILES" + # Create a comma-separated list for the prompt + FILES_LIST=$(echo "$CHANGED_MD_FILES" | tr '\n' ',' | sed 's/,$//') + echo "files=$FILES_LIST" >> "$GITHUB_OUTPUT" + echo "count=$(echo "$CHANGED_MD_FILES" | wc -l | tr -d ' ')" >> "$GITHUB_OUTPUT" + fi - name: Checkout system prompt repository uses: actions/checkout@v4 with: repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_AGENTS_REPO }} # Ensure this secret is in Settings > Secrets + token: ${{ secrets.PRIVATE_AGENTS_REPO }} path: system-prompt-repo ref: main sparse-checkout: | @@ -51,14 +76,16 @@ jobs: } >> "$GITHUB_OUTPUT" - uses: anthropics/claude-code-action@v1 + if: steps.changed-files.outputs.count > 0 with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} # - github_token: ${{ secrets.GITHUB_TOKEN }} # Required for Claude to interact with GitHub + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ secrets.GITHUB_TOKEN }} - # Automated mode: Claude triggers on every PR event with this instruction - prompt: "/review" + prompt: | + Review ONLY the following markdown files that were changed in this PR: ${{ steps.changed-files.outputs.files }} + + Do not review or comment on any other files (e.g., .js, .ts, .json, etc.). Focus exclusively on the documentation changes in the markdown files listed above. - # CLI arguments to configure the engine claude_args: | --model claude-sonnet-4-5-20250929 --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" From 1894138b32e88131bc6f652751f56e7ac8327850 Mon Sep 17 00:00:00 2001 From: brandonwest-netwrix Date: Fri, 30 Jan 2026 10:11:59 -0500 Subject: [PATCH 13/14] Clarify user permissions for access report Added note about user permissions assignment for 11.6 report visibility. --- .../11.6/resourceaudit/user/permissions.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/accessinformationcenter/11.6/resourceaudit/user/permissions.md b/docs/accessinformationcenter/11.6/resourceaudit/user/permissions.md index fec1d9d17a..1ecd2804f5 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/user/permissions.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/user/permissions.md @@ -13,6 +13,10 @@ Information Center user. See the [Results Pane](/docs/accessinformationcenter/11.6/resourceaudit/navigate/overview.md#results-pane) topic for information on filter options. +:::note +Users must be assigned permissions directly to an object to appear in this report. Users who receive access as part of an AD group membership will only be reflected in the ![Effective Access Report](docs\accessinformationcenter\11.6\resourceaudit\user\effectiveaccess.md) +::: + ![Permissions report](/images/accessinformationcenter/11.6/resourceaudit/user/permissions.webp) This report is comprised of the following columns: From 6b1abf7a29723378922d747cbefa7bceb262dca4 Mon Sep 17 00:00:00 2001 From: brandonwest-netwrix Date: Tue, 3 Feb 2026 16:45:00 -0500 Subject: [PATCH 14/14] Fix link format in permissions documentation Fix link format in permissions documentation --- .../11.6/resourceaudit/user/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/accessinformationcenter/11.6/resourceaudit/user/permissions.md b/docs/accessinformationcenter/11.6/resourceaudit/user/permissions.md index 1ecd2804f5..660ca6dd99 100644 --- a/docs/accessinformationcenter/11.6/resourceaudit/user/permissions.md +++ b/docs/accessinformationcenter/11.6/resourceaudit/user/permissions.md @@ -14,7 +14,7 @@ Information Center user. See the topic for information on filter options. :::note -Users must be assigned permissions directly to an object to appear in this report. Users who receive access as part of an AD group membership will only be reflected in the ![Effective Access Report](docs\accessinformationcenter\11.6\resourceaudit\user\effectiveaccess.md) +Users must be assigned permissions directly to an object to appear in this report. Users who receive access as part of an AD group membership will only be reflected in the ![Effective Access Report](/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess.md) ::: ![Permissions report](/images/accessinformationcenter/11.6/resourceaudit/user/permissions.webp)