chore: Cherry-picked changes from upstream #16

	name: Claude Code Review

	on:
	pull_request:
	types: [opened, synchronize, labeled]

	permissions: {}

	jobs:

	claude-review:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	pull-requests: read
	issues: read
	id-token: write

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@88d305a3530acfa6d1939000baaa571e520df9c8 # rc
	with:
	egress-policy: audit
	allowed-endpoints: >
	api.anthropic.com:443
	github.com:443

	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 1

	- name: Run Claude Code Review
	# Optional: Filter by PR author
	if: contains(join(github.event.pull_request.labels.*.name, ','), 'review required')
	id: claude-review
	uses: anthropics/claude-code-action@ebbd9e9be4686249a2952e1a558bbaba07524380 # beta
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

	# Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4)
	# model: "claude-opus-4-20250514"

	# Direct prompt for automated review (no @claude mention needed)
	direct_prompt: \|
	Please review this pull request on the basis of CLAUDE.md file.

	Use WebFetch to access GitHub web pages for upstream comparison as specified in CLAUDE.md.

Provide feedback