From 9979307d0062ff8b6c951a539fc2ab73bb4c674e Mon Sep 17 00:00:00 2001
From: Lukasz Klimek <842586+lklimek@users.noreply.github.com>
Date: Mon, 16 Mar 2026 10:16:55 +0100
Subject: [PATCH 1/5] ci: add Claudius PR Review workflow

Adds GitHub Actions workflow that triggers claudius-review-action
on `claudius-review` label or `/claudius:review` PR comment.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/claudius-review.yml | 34 +++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 .github/workflows/claudius-review.yml

diff --git a/.github/workflows/claudius-review.yml b/.github/workflows/claudius-review.yml
new file mode 100644
index 00000000000..96789388a78
--- /dev/null
+++ b/.github/workflows/claudius-review.yml
@@ -0,0 +1,34 @@
+name: "Claudius PR Review"
+
+on:
+  pull_request_target:
+    types:
+      - labeled
+      - synchronize
+  issue_comment:
+    types:
+      - created
+
+concurrency:
+  group: claudius-review-${{ github.event.pull_request.number || github.event.issue.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
+jobs:
+  claudius-review:
+    name: Claudius PR Review
+    runs-on: ubuntu-24.04
+    if: |
+      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'claudius-review')) ||
+      (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/claudius:review'))
+    steps:
+      - uses: lklimek/claudius-review-action@main
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          claude_model: "opus"
+          trigger_label: "claudius-review"

From 242ef6d07760bf67a8fc5950b81841449e51f0b9 Mon Sep 17 00:00:00 2001
From: Lukasz Klimek <842586+lklimek@users.noreply.github.com>
Date: Mon, 16 Mar 2026 10:27:53 +0100
Subject: [PATCH 2/5] ci: switch to OAuth token and skip draft PRs

- Use claude_code_oauth_token instead of anthropic_api_key
- Skip label/synchronize triggers on draft PRs
- Comment trigger (/claudius:review) still works on drafts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/claudius-review.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/claudius-review.yml b/.github/workflows/claudius-review.yml
index 96789388a78..236fff9a65c 100644
--- a/.github/workflows/claudius-review.yml
+++ b/.github/workflows/claudius-review.yml
@@ -23,12 +23,12 @@ jobs:
     name: Claudius PR Review
     runs-on: ubuntu-24.04
     if: |
-      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'claudius-review')) ||
+      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'claudius-review') && github.event.pull_request.draft == false) ||
       (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/claudius:review'))
     steps:
       - uses: lklimek/claudius-review-action@main
         with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
           claude_model: "opus"
           trigger_label: "claudius-review"

From e8443b53c2b406039337fa514b962d8319da7261 Mon Sep 17 00:00:00 2001
From: Lukasz Klimek <842586+lklimek@users.noreply.github.com>
Date: Mon, 16 Mar 2026 10:29:14 +0100
Subject: [PATCH 3/5] ci: restrict /claudius:review to trusted commenters

Only OWNER, MEMBER, and COLLABORATOR can trigger review via comment.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/claudius-review.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/claudius-review.yml b/.github/workflows/claudius-review.yml
index 236fff9a65c..724e539ba8a 100644
--- a/.github/workflows/claudius-review.yml
+++ b/.github/workflows/claudius-review.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-24.04
     if: |
       (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'claudius-review') && github.event.pull_request.draft == false) ||
-      (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/claudius:review'))
+      (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/claudius:review') && contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association))
     steps:
       - uses: lklimek/claudius-review-action@main
         with:

From ae8808d858c133b2f7462e5a6eec0c4417b728e3 Mon Sep 17 00:00:00 2001
From: Lukasz Klimek <842586+lklimek@users.noreply.github.com>
Date: Mon, 16 Mar 2026 10:33:49 +0100
Subject: [PATCH 4/5] ci: change comment trigger to /review

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/claudius-review.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/claudius-review.yml b/.github/workflows/claudius-review.yml
index 724e539ba8a..fb6dbd608d4 100644
--- a/.github/workflows/claudius-review.yml
+++ b/.github/workflows/claudius-review.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-24.04
     if: |
       (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'claudius-review') && github.event.pull_request.draft == false) ||
-      (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/claudius:review') && contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association))
+      (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/review') && contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association))
     steps:
       - uses: lklimek/claudius-review-action@main
         with:

From e77497f2206e43c7dbc4af05a1b39b2e759dbb23 Mon Sep 17 00:00:00 2001
From: Lukasz Klimek <842586+lklimek@users.noreply.github.com>
Date: Mon, 16 Mar 2026 11:18:56 +0100
Subject: [PATCH 5/5] ci: set CLAUDE_CODE_EFFORT_LEVEL=max for review workflow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/claudius-review.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/claudius-review.yml b/.github/workflows/claudius-review.yml
index fb6dbd608d4..8de02bceb00 100644
--- a/.github/workflows/claudius-review.yml
+++ b/.github/workflows/claudius-review.yml
@@ -22,6 +22,8 @@ jobs:
   claudius-review:
     name: Claudius PR Review
     runs-on: ubuntu-24.04
+    env:
+      CLAUDE_CODE_EFFORT_LEVEL: max
     if: |
       (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'claudius-review') && github.event.pull_request.draft == false) ||
       (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/review') && contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association))