Add Claude Code GitHub Workflow

[todthomson]

🤖 Installing Claude Code GitHub App

This PR adds a GitHub Actions workflow that enables Claude Code integration in our repository.

What is Claude Code?

Claude Code is an AI coding agent that can help with:

• Bug fixes and improvements
• Documentation updates
• Implementing new features
• Code reviews and suggestions
• Writing tests
• And more!

How it works

Once this PR is merged, we'll be able to interact with Claude by mentioning @claude in a pull request or issue comment.
Once the workflow is triggered, Claude will analyze the comment and surrounding context, and execute on the request in a GitHub action.

Important Notes

• This workflow won't take effect until this PR is merged
• @claude mentions won't work until after the merge is complete
• The workflow runs automatically whenever Claude is mentioned in PR or issue comments
• Claude gets access to the entire PR or issue context including files, diffs, and previous comments

Security

• Our Anthropic API key is securely stored as a GitHub Actions secret
• Only users with write access to the repository can trigger the workflow
• All Claude runs are stored in the GitHub Actions run history
• Claude's default tools are limited to reading/writing files and interacting with our repo by creating comments, branches, and commits.
• We can add more allowed tools by adding them to the workflow file like:

allowed_tools: Bash(npm install),Bash(npm run build),Bash(npm run lint),Bash(npm run test)

There's more information in the Claude Code action repo.

After merging this PR, let's try mentioning @claude in a comment on any PR to get started!

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[todthomson]

@claude review once

[claude]

Straightforward addition of the standard Claude Code workflow following Anthropic's installation template.

Extended reasoning...

Overview

This PR adds a single new file, .github/workflows/claude.yml, which is the standard Claude Code GitHub Actions workflow generated by Anthropic's installation flow. It triggers on issue comments, PR review comments, issues, and PR reviews containing @claude and invokes anthropics/claude-code-action@v1.

Security risks

The workflow uses minimal read-only permissions (contents: read, pull-requests: read, issues: read, actions: read) plus id-token: write for OIDC. The Anthropic API key is sourced from a GitHub Actions secret. As noted in the PR body, GitHub already restricts the trigger so that only users with write access to the repo can fire it. No new code paths or production services are touched.

Level of scrutiny

This is a CI configuration change that introduces an external integration, which warrants a careful look — however, it is the canonical template generated by the Claude Code GitHub App installer, the action is pinned to a major version of an official Anthropic action, and the permissions block is the documented minimum set. The team has clearly been iterating on this setup intentionally (recent commits fe379de, 4026cb9, acffad5).

Other factors

No bugs were flagged by the bug hunting system. The author explicitly requested a Claude review ("@claude review once"). The diff is 50 lines of YAML with no behavioral changes to product code.

[gb-8]

✅ LGTM!