This directory contains automated workflows and configuration for the ScopeShield project.
Automated AI code reviews using Claude to enforce our constitutional principles.
# Run the automated setup script
./scripts/setup-claude-review.shOr manually follow the detailed setup guide.
Claude automatically reviews every pull request for:
- ✅ Privacy-First - No data transmission
- ✅ Simplicity-First - Vanilla JS only
- ✅ Real-Time Performance - <500ms latency
- ✅ Zero Infrastructure - No servers
- ✅ User Value - Solves real problems
- ✅ Chrome Web Store Compliance - Manifest V3
- ✅ Measurable Success - Accuracy metrics
- ✅ Graceful Degradation - Fallback selectors
- Security vulnerabilities (XSS, injection attacks)
- Performance regressions
- Memory leaks
- Missing error handling
- Unclear naming
- Missing tests
- Manifest V3 compliance
- Minimal permissions
- Content Security Policy
- Message passing patterns
- Background worker usage
- Selector fallback chains
- SPA navigation handling
- Multiple view compatibility
| File | Purpose |
|---|---|
workflows/claude-review.yml |
GitHub Actions workflow definition |
claude-review-config.yml |
Project-specific review rules |
pull_request_template.md |
PR checklist template |
SETUP_CLAUDE_REVIEW.md |
Detailed setup instructions |
- 🚨 CRITICAL - Blocks merge (security, privacy violations)
⚠️ HIGH - Should fix before merge (performance, breaking changes)- 💡 MEDIUM - Should address (code quality, missing tests)
- ℹ️ LOW - Optional (style, minor improvements)
- ✨ SUGGESTION - Nice to have (optimizations)
Edit claude-review-config.yml to adjust:
# Make reviews stricter
accuracy:
detection_rate: "≥80%" # Increase threshold
# Add custom checks
custom_checks:
- name: "Your Custom Check"
file_patterns: ["src/**/*.js"]
# Auto-approve certain changes
automation:
auto_approve:
- "Documentation updates"Typical costs per PR:
- Small (1-5 files): ~$0.01-0.05
- Medium (6-15 files): ~$0.06-0.15
- Large (16-20 files): ~$0.16-0.30
Reduce costs by:
- Limiting files:
max_files_per_review: 10 - Excluding patterns: Add to
exclude_patterns - Using Sonnet model: Fast and affordable
Review doesn't run:
- Check Actions permissions (Settings → Actions → General)
- Verify ANTHROPIC_API_KEY secret exists
- Check workflow YAML syntax
Too many comments:
- Increase:
max_comments_per_file: 5 - Enable:
aggregate_reviews: true
Review too slow:
- Reduce:
max_files_per_review: 10 - Focus:
review_scope: "changed_files"
See SETUP_CLAUDE_REVIEW.md for detailed troubleshooting.
The pull request template provides:
- Constitutional compliance checklist
- Test coverage requirements
- Performance metrics validation
- Security checklist
- Breaking change documentation
Fill out all sections for faster reviews!
| Secret | Purpose | Setup |
|---|---|---|
ANTHROPIC_API_KEY |
Claude API access | Setup Guide |
GITHUB_TOKEN |
Automatic (no setup needed) | Created by GitHub |
Check workflow runs:
# List recent runs
gh run list --workflow=claude-review.yml
# View specific run
gh run view <run-id> --log
# Re-run failed workflow
gh run rerun <run-id>- ✅ Read memory/constitution.md
- ✅ Run tests:
npm test - ✅ Build:
npm run build - ✅ Fill out PR template completely
- ✅ Keep PRs focused (one feature per PR)
- ✅ Add JSDoc for new public functions
- ✅ Address CRITICAL and HIGH issues first
- ✅ Respond to Claude's questions
- ✅ Update tests if detector changes
- ✅ Verify accuracy metrics
- ✅ Check constitutional compliance
- ✅ Squash commits if requested
- ✅ Update CHANGELOG.md
- ✅ Verify CI passes
- ✅ Merge when ready
- Setup Issues: See SETUP_CLAUDE_REVIEW.md
- Review Questions: Check workflow logs
- API Issues: https://support.anthropic.com/
- GitHub Actions: https://docs.github.com/actions
Questions? Open an issue or check the setup guide.