bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-10 13:23:27 +00:00
Code Issues Releases Wiki Activity

PM-26727 - First iteration of Claude Code Review tuning (#6435)

Browse Source 
* Sticky comments + pre-load specific project files + align prompts with clients repo
This commit is contained in:
Mick Letofsky
2025-10-09 18:54:14 +02:00
committed by GitHub
parent a6726d2e04
commit 712926996e
2 changed files with 33 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/review-code.yml vendored
View File

@@ -84,16 +84,18 @@ jobs:
- name: Review with Claude Code - name: Review with Claude Code
if: steps.check_changes.outputs.vault_team_changes == 'true' if: steps.check_changes.outputs.vault_team_changes == 'true'
uses: anthropics/claude-code-action@a5528eec7426a4f0c9c1ac96018daa53ebd05bc4 # v1.0.7 uses: anthropics/claude-code-action@ac1a3207f3f00b4a37e2f3a6f0935733c7c64651 # v1.0.11
with: with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
track_progress: true track_progress: true
use_sticky_comment: true
prompt: | prompt: |
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }} PR NUMBER: ${{ github.event.pull_request.number }}
TITLE: ${{ github.event.pull_request.title }} TITLE: ${{ github.event.pull_request.title }}
BODY: ${{ github.event.pull_request.body }} BODY: ${{ github.event.pull_request.body }}
AUTHOR: ${{ github.event.pull_request.user.login }} AUTHOR: ${{ github.event.pull_request.user.login }}
COMMIT: ${{ github.event.pull_request.head.sha }}
Please review this pull request with a focus on: Please review this pull request with a focus on:
- Code quality and best practices - Code quality and best practices
@@ -103,7 +105,20 @@ jobs:
Note: The PR branch is already checked out in the current working directory. Note: The PR branch is already checked out in the current working directory.
Provide detailed feedback using inline comments for specific issues. Provide a comprehensive review including:
- Summary of changes since last review
- Critical issues found (be thorough)
- Suggested improvements (be thorough)
- Good practices observed (be concise - list only the most notable items without elaboration)
- Action items for the author
- Leverage collapsible <details> sections where appropriate for lengthy explanations or code snippets to enhance human readability
When reviewing subsequent commits:
- Track status of previously identified issues (fixed/unfixed/reopened)
- Identify NEW problems introduced since last review
- Note if fixes introduced new issues
IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note what was done well without explaining why or praising excessively.
claude_args: | claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" --allowedTools "mcp__github_comment__update_claude_comment,mcp__github_inline_comment__create_inline_comment,Bash(gh pr diff:*),Bash(gh pr view:*)"

25
CLAUDE.md
View File

@@ -1,24 +1,29 @@
# Bitwarden Server - Claude Code Configuration # Bitwarden Server - Claude Code Configuration
## Project Context Files
**Read these files before reviewing to ensure that you fully understand the project and contributing guidelines**
1. @README.md
2. @CONTRIBUTING.md
3. @.github/PULL_REQUEST_TEMPLATE.md
## Critical Rules ## Critical Rules
- **NEVER** edit: `/bin/`, `/obj/`, `/.git/`, `/.vs/`, `/packages/` which are generated files
- **NEVER** use code regions: If complexity suggests regions, refactor for better readability - **NEVER** use code regions: If complexity suggests regions, refactor for better readability
- **NEVER** compromise zero-knowledge principles: User vault data must remain encrypted and inaccessible to Bitwarden - **NEVER** compromise zero-knowledge principles: User vault data must remain encrypted and inaccessible to Bitwarden
- **NEVER** log or expose sensitive data: No PII, passwords, keys, or vault data in logs or error messages - **NEVER** log or expose sensitive data: No PII, passwords, keys, or vault data in logs or error messages
- **ALWAYS** use secure communication channels: Enforce confidentiality, integrity, and authenticity - **ALWAYS** use secure communication channels: Enforce confidentiality, integrity, and authenticity
- **ALWAYS** encrypt sensitive data: All vault data must be encrypted at rest, in transit, and in use - **ALWAYS** encrypt sensitive data: All vault data must be encrypted at rest, in transit, and in use
- **ALWAYS** prioritize cryptographic integrity and data protection - **ALWAYS** prioritize cryptographic integrity and data protection
- **ALWAYS** add unit tests (with mocking) for any new feature development - **ALWAYS** add unit tests (with mocking) for any new feature development
## Project Context
- **Architecture**: Feature and team-based organization
- **Framework**: .NET 8.0, ASP.NET Core
- **Database**: SQL Server primary, EF Core supports PostgreSQL, MySQL/MariaDB, SQLite
- **Testing**: xUnit, NSubstitute
- **Container**: Docker, Docker Compose, Kubernetes/Helm deployable
## Project Structure ## Project Structure
- **Source Code**: `/src/` - Services and core infrastructure - **Source Code**: `/src/` - Services and core infrastructure
@@ -42,7 +47,7 @@
- **Database update**: `pwsh dev/migrate.ps1` - **Database update**: `pwsh dev/migrate.ps1`
- **Generate OpenAPI**: `pwsh dev/generate_openapi_files.ps1` - **Generate OpenAPI**: `pwsh dev/generate_openapi_files.ps1`
## Code Review Checklist ## Development Workflow
- Security impact assessed - Security impact assessed
- xUnit tests added / updated - xUnit tests added / updated