From d17fa04b7aaf321ab80f0f90177bda8f35d6448c Mon Sep 17 00:00:00 2001
From: Mick Letofsky <mletofsky@bitwarden.com>
Date: Thu, 9 Oct 2025 16:25:22 +0200
Subject: [PATCH] PM-26727 - First iteration of Claude Code Review tuning
 (#16803)

* First iteration of Claude Code Review tuning
---
 .github/workflows/review-code.yml | 21 ++++++++++++++++++---
 CLAUDE.md                         | 10 +++++++++-
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/review-code.yml b/.github/workflows/review-code.yml
index b49f5cec8f0..83cbc3bb547 100644
--- a/.github/workflows/review-code.yml
+++ b/.github/workflows/review-code.yml
@@ -84,16 +84,18 @@ jobs:
 
       - name: Review with Claude Code
         if: steps.check_changes.outputs.vault_team_changes == 'true'
-        uses: anthropics/claude-code-action@a5528eec7426a4f0c9c1ac96018daa53ebd05bc4 # v1.0.7
+        uses: anthropics/claude-code-action@ac1a3207f3f00b4a37e2f3a6f0935733c7c64651 # v1.0.11
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           track_progress: true
+          use_sticky_comment: true
           prompt: |
             REPO: ${{ github.repository }}
             PR NUMBER: ${{ github.event.pull_request.number }}
             TITLE: ${{ github.event.pull_request.title }}
             BODY: ${{ github.event.pull_request.body }}
             AUTHOR: ${{ github.event.pull_request.user.login }}
+            COMMIT: ${{ github.event.pull_request.head.sha }}
 
             Please review this pull request with a focus on:
             - Code quality and best practices
@@ -103,7 +105,20 @@ jobs:
 
             Note: The PR branch is already checked out in the current working directory.
 
-            Provide detailed feedback using inline comments for specific issues.
+            Provide a comprehensive review including:
+            - Summary of changes since last review
+            - Critical issues found (be thorough)
+            - Suggested improvements (be thorough)
+            - Good practices observed (be concise - list only the most notable items without elaboration)
+            - Action items for the author
+            - Leverage collapsible <details> sections where appropriate for lengthy explanations or code snippets to enhance human readability
+
+            When reviewing subsequent commits:
+            - Track status of previously identified issues (fixed/unfixed/reopened)
+            - Identify NEW problems introduced since last review
+            - Note if fixes introduced new issues
+
+            IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note what was done well without explaining why or praising excessively.
 
           claude_args: |
-            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"
+            --allowedTools "mcp__github_comment__update_claude_comment,mcp__github_inline_comment__create_inline_comment,Bash(gh pr diff:*),Bash(gh pr view:*)"
diff --git a/CLAUDE.md b/CLAUDE.md
index 0870553f8d3..9739288aac8 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1,5 +1,13 @@
 # Bitwarden Clients - Claude Code Configuration
 
+## Project Context Files
+
+**Read these files before reviewing to ensure that you fully understand the project and contributing guidelines**
+
+1. @README.md
+2. @CONTRIBUTING.md
+3. @.github/PULL_REQUEST_TEMPLATE.md
+
 ## Critical Rules
 
 - **NEVER** use code regions: If complexity suggests regions, refactor for better readability
@@ -8,7 +16,7 @@
 
 - **NEVER** send unencrypted vault data to API services
 
-- **NEVER** commit secrets, credentials, or sensitive information. Follow the guidelines in `SECURITY.md`.
+- **NEVER** commit secrets, credentials, or sensitive information.
 
 - **NEVER** log decrypted data, encryption keys, or PII
   - No vault data in error messages or console logs