🌚 [claude] Add Claude Code GitHub Workflow (#24)

* "Claude PR Assistant workflow"

* "Claude Code Review workflow"

* better security

* add /CLAUDE.md

* add .claude/settings.local.json from www-chicks-net repo

Author: chicks-net

.claude/settings.local.json

@@ -0,0 +1,19 @@
+{
+  "permissions": {
+    "allow": [
+      "WebFetch(domain:www.chicks.net)",
+      "WebFetch(domain:developers.facebook.com)",
+      "WebFetch(domain:github.com)",
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "WebFetch(domain:en.wikipedia.org)",
+      "Bash(gh pr view:*)",
+      "Bash(gh pr diff:*)",
+      "Bash(git log:*)",
+      "WebSearch",
+      "Bash(markdownlint-cli2:*)",
+      "Bash(identify:*)"
+    ],
+    "deny": [],
+    "ask": []
+  }
+}

.github/workflows/claude-code-review.yml

@@ -0,0 +1,60 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+# global permissions
+permissions: {}
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+    
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Please review this pull request and provide feedback on:
+            - Code quality and best practices
+            - Potential bugs or issues
+            - Performance considerations
+            - Security concerns
+            - Test coverage
+            
+            Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
+
+            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
+          
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/sdk#command-line for available options
+          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
+

.github/workflows/claude.yml

@@ -0,0 +1,53 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+# global permissions
+permissions: {}
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/sdk#command-line for available options
+          # claude_args: '--model claude-opus-4-1-20250805 --allowed-tools Bash(gh pr:*)'
+

CLAUDE.md

@@ -0,0 +1,76 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Repository Purpose
+
+This is a GitHub repository template that implements best practices for open source projects. It's designed to be cloned and customized for new repositories. The template includes GitHub community standards compliance, automated workflows, and a command-line driven development process.
+
+## Development Workflow
+
+This repo uses `just` (command runner) for all development tasks. The workflow is entirely command-line based using `just` and the GitHub CLI (`gh`).
+
+### Standard development cycle
+
+1. `just branch <name>` - Create a new feature branch (format: `$USER/YYYY-MM-DD-<name>`)
+2. Make changes and commit (last commit message becomes PR title)
+3. `just pr` - Create PR, push changes, and watch checks (waits 10s for GitHub API)
+4. `just merge` - Squash merge PR, delete branch, return to main, and pull latest
+5. `just sync` - Return to main branch and pull latest (escape hatch)
+
+### Additional commands
+
+- `just` or `just list` - Show all available recipes
+- `just prweb` - Open current PR in browser
+- `just release <version>` - Create a GitHub release with auto-generated notes
+- `just clean_readme` - Generate a clean README from template (strips template documentation)
+- `just compliance_check` - Run custom repo compliance checks
+- `just utcdate` - Print UTC date in ISO format (used in branch names)
+
+### Git aliases used
+
+The justfile assumes these git aliases exist:
+
+- `git stp` - Show status (likely `status --short` or similar)
+- `git pushup` - Push and set upstream tracking
+- `git co` - Checkout
+
+## Architecture
+
+### Modular justfile structure
+
+The main `justfile` imports two modules:
+
+- `.just/compliance.just` - Custom compliance checks for repo health
+- `.just/gh-process.just` - Git/GitHub workflow automation
+
+### GitHub Actions
+
+Four workflows run on PRs and pushes to main:
+
+- **markdownlint** - Enforces markdown standards using `markdownlint-cli2`
+- **checkov** - Security scanning for GitHub Actions
+- **actionlint** - Lints GitHub Actions workflow files
+- **auto-assign** - Automatically assigns issues
+
+### Markdown linting
+
+Configuration in `.markdownlint.yml`:
+
+- MD013 (line length) is disabled
+- MD041 (first line h1) is disabled
+- MD042 (no empty links) is disabled
+- MD004 (list style) enforces dashes
+- MD010 (tabs) ignores code blocks
+
+Run locally: `markdownlint-cli2 **/*.md`
+
+## Template customization
+
+When using this template for a new project, search and replace:
+
+- `fini-net` → your GitHub org
+- `template-repo` → your repo name
+- `chicks-net` → your references
+
+Run `just clean_readme` to strip template documentation from README.