diff --git a/.github/workflows/review-code.yml b/.github/workflows/review-code.yml index b49f5cec8f..83cbc3bb54 100644 --- a/.github/workflows/review-code.yml +++ b/.github/workflows/review-code.yml @@ -84,16 +84,18 @@ jobs: - name: Review with Claude Code if: steps.check_changes.outputs.vault_team_changes == 'true' - uses: anthropics/claude-code-action@a5528eec7426a4f0c9c1ac96018daa53ebd05bc4 # v1.0.7 + uses: anthropics/claude-code-action@ac1a3207f3f00b4a37e2f3a6f0935733c7c64651 # v1.0.11 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} track_progress: true + use_sticky_comment: true prompt: | REPO: ${{ github.repository }} PR NUMBER: ${{ github.event.pull_request.number }} TITLE: ${{ github.event.pull_request.title }} BODY: ${{ github.event.pull_request.body }} AUTHOR: ${{ github.event.pull_request.user.login }} + COMMIT: ${{ github.event.pull_request.head.sha }} Please review this pull request with a focus on: - Code quality and best practices @@ -103,7 +105,20 @@ jobs: Note: The PR branch is already checked out in the current working directory. - Provide detailed feedback using inline comments for specific issues. + Provide a comprehensive review including: + - Summary of changes since last review + - Critical issues found (be thorough) + - Suggested improvements (be thorough) + - Good practices observed (be concise - list only the most notable items without elaboration) + - Action items for the author + - Leverage collapsible
sections where appropriate for lengthy explanations or code snippets to enhance human readability + + When reviewing subsequent commits: + - Track status of previously identified issues (fixed/unfixed/reopened) + - Identify NEW problems introduced since last review + - Note if fixes introduced new issues + + IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note what was done well without explaining why or praising excessively. claude_args: | - --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" + --allowedTools "mcp__github_comment__update_claude_comment,mcp__github_inline_comment__create_inline_comment,Bash(gh pr diff:*),Bash(gh pr view:*)" diff --git a/CLAUDE.md b/CLAUDE.md index d07bd3f3e1..c1349e8c9d 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,24 +1,29 @@ # Bitwarden Server - Claude Code Configuration +## Project Context Files + +**Read these files before reviewing to ensure that you fully understand the project and contributing guidelines** + +1. @README.md +2. @CONTRIBUTING.md +3. @.github/PULL_REQUEST_TEMPLATE.md + ## Critical Rules -- **NEVER** edit: `/bin/`, `/obj/`, `/.git/`, `/.vs/`, `/packages/` which are generated files - **NEVER** use code regions: If complexity suggests regions, refactor for better readability + - **NEVER** compromise zero-knowledge principles: User vault data must remain encrypted and inaccessible to Bitwarden + - **NEVER** log or expose sensitive data: No PII, passwords, keys, or vault data in logs or error messages + - **ALWAYS** use secure communication channels: Enforce confidentiality, integrity, and authenticity + - **ALWAYS** encrypt sensitive data: All vault data must be encrypted at rest, in transit, and in use + - **ALWAYS** prioritize cryptographic integrity and data protection + - **ALWAYS** add unit tests (with mocking) for any new feature development -## Project Context - -- **Architecture**: Feature and team-based organization -- **Framework**: .NET 8.0, ASP.NET Core -- **Database**: SQL Server primary, EF Core supports PostgreSQL, MySQL/MariaDB, SQLite -- **Testing**: xUnit, NSubstitute -- **Container**: Docker, Docker Compose, Kubernetes/Helm deployable - ## Project Structure - **Source Code**: `/src/` - Services and core infrastructure @@ -42,7 +47,7 @@ - **Database update**: `pwsh dev/migrate.ps1` - **Generate OpenAPI**: `pwsh dev/generate_openapi_files.ps1` -## Code Review Checklist +## Development Workflow - Security impact assessed - xUnit tests added / updated