chore: less claude more code

Author: elibosley

.github/workflows/claude-code-review.yml

@@ -3,20 +3,30 @@ name: Claude Code Review
 on:
   pull_request:
     types: [opened, synchronize]
-    # Optional: Only run on specific file changes
-    # paths:
-    #   - "src/**/*.ts"
-    #   - "src/**/*.tsx"
-    #   - "src/**/*.js"
-    #   - "src/**/*.jsx"
+    # Skip reviews for non-code changes
+    paths-ignore:
+      - "**/*.md"
+      - "**/package-lock.json"
+      - "**/pnpm-lock.yaml"
+      - "**/.gitignore"
+      - "**/LICENSE"
+      - "**/*.config.js"
+      - "**/*.config.ts"
+      - "**/tsconfig.json"
+      - "**/.github/workflows/*.yml"
+      - "**/docs/**"
 
 jobs:
   claude-review:
-    # Optional: Filter by PR author
-    # if: |
-    #   github.event.pull_request.user.login == 'external-contributor' ||
-    #   github.event.pull_request.user.login == 'new-developer' ||
-    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+    # Skip review for bot PRs and WIP/skip-review PRs
+    # Only run if changes are significant (>10 lines)
+    if: |
+      (github.event.pull_request.additions > 10 || github.event.pull_request.deletions > 10) &&
+      !contains(github.event.pull_request.title, '[skip-review]') &&
+      !contains(github.event.pull_request.title, '[WIP]') &&
+      !endsWith(github.event.pull_request.user.login, '[bot]') &&
+      github.event.pull_request.user.login != 'dependabot' &&
+      github.event.pull_request.user.login != 'renovate'
     
     runs-on: ubuntu-latest
     permissions:
@@ -42,31 +52,46 @@ jobs:
 
           # Direct prompt for automated review (no @claude mention needed)
           direct_prompt: |
-            Please review this pull request and provide feedback on:
-            - Code quality and best practices
-            - Potential bugs or issues
-            - Performance considerations
-            - Security concerns
-            - Test coverage
+            IMPORTANT: Review ONLY the DIFF/CHANGESET - the actual lines that were added or modified in this PR.
+            DO NOT review the entire file context, only analyze the specific changes being made.
             
-            Be constructive and helpful in your feedback.
+            Look for HIGH-PRIORITY issues in the CHANGED LINES ONLY:
+            
+            1. CRITICAL BUGS: Logic errors, null pointer issues, infinite loops, race conditions
+            2. SECURITY: SQL injection, XSS, authentication bypass, exposed secrets, unsafe operations
+            3. BREAKING CHANGES: API contract violations, removed exports, changed function signatures
+            4. DATA LOSS RISKS: Destructive operations without safeguards, missing data validation
+            
+            DO NOT comment on:
+            - Code that wasn't changed in this PR
+            - Style, formatting, or documentation
+            - Test coverage (unless tests are broken by the changes)
+            - Minor optimizations or best practices
+            - Existing code issues that weren't introduced by this PR
+            
+            If you find no critical issues in the DIFF, respond with: "✅ No critical issues found in changes"
+            
+            Keep response under 10 lines. Reference specific line numbers from the diff when reporting issues.
 
           # Optional: Use sticky comments to make Claude reuse the same comment on subsequent pushes to the same PR
-          # use_sticky_comment: true
-          
-          # Optional: Customize review based on file types
-          # direct_prompt: |
-          #   Review this PR focusing on:
-          #   - For TypeScript files: Type safety and proper interface usage
-          #   - For API endpoints: Security, input validation, and error handling
-          #   - For React components: Performance, accessibility, and best practices
-          #   - For tests: Coverage, edge cases, and test quality
+          use_sticky_comment: true
 
-          # Optional: Different prompts for different authors
+          # Context-aware review based on PR characteristics
+          # Uncomment to enable different review strategies based on context
           # direct_prompt: |
-          #   ${{ github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' && 
-          #   'Welcome! Please review this PR from a first-time contributor. Be encouraging and provide detailed explanations for any suggestions.' ||
-          #   'Please provide a thorough code review focusing on our coding standards and best practices.' }}
+          #   ${{ 
+          #   (github.event.pull_request.additions > 500) && 
+          #   'Large PR detected. Focus only on architectural issues and breaking changes. Skip minor issues.' ||
+          #   contains(github.event.pull_request.title, 'fix') && 
+          #   'Bug fix PR: Verify the fix addresses the root cause and check for regression risks.' ||
+          #   contains(github.event.pull_request.title, 'deps') && 
+          #   'Dependency update: Check for breaking changes and security advisories only.' ||
+          #   contains(github.event.pull_request.title, 'refactor') && 
+          #   'Refactor PR: Verify no behavior changes and check for performance regressions.' ||
+          #   contains(github.event.pull_request.title, 'feat') && 
+          #   'New feature: Check for security issues, edge cases, and integration problems only.' ||
+          #   'Standard review: Check for critical bugs, security issues, and breaking changes only.'
+          #   }}
 
           # Optional: Add specific tools for running tests or linting
           # allowed_tools: "Bash(npm run test),Bash(npm run lint),Bash(npm run typecheck)"