Add Claude Code GitHub Workflow

[hanwencheng]

🤖 Installing Claude Code GitHub App — with agentkeys review context

This PR adds two GitHub Actions workflows that enable Claude Code integration, plus a .github/REVIEW_GUIDELINES.md that captures review patterns extracted from 15+ recent PR cycles so the Action produces findings consistent with what codex has been flagging, not generic Rust advice.

What's in the workflows

.github/workflows/claude-code-review.yml — runs on every PR open/sync:

• Path-scoped to crates/**, docs/**, wiki/**, workflows, Cargo.toml, CLAUDE.md, harness/ (skips Cargo.lock-only churn)
• fetch-depth: 0 so Claude can use git log / git blame during review
• dtolnay/rust-toolchain@stable + Swatinem/rust-cache@v2 for fast in-session cargo check / cargo test -p <crate>
• Custom prompt injects: crate names, CLAUDE.md + REVIEW_GUIDELINES.md pointers, --test-threads=1 requirement, 8-pattern review checklist
• --allowed-tools whitelist for cargo, git, gh commands

.github/workflows/claude.yml — @claude mention handler:

• Same Rust toolchain + cache + full fetch-depth setup
• --allowed-tools whitelist including gh pr comment:* / gh pr edit:* so @claude can update PR bodies and post findings back

.github/REVIEW_GUIDELINES.md

Single source of truth for agentkeys review patterns. Documents:

• Test constraints — --test-threads=1 mandatory; per-crate targeting
• 10 canonical bug patterns that codex has flagged repeatedly across PRs fix(cli): #17 revoke command — self-revoke + revoke-by-wallet #18–fix(cli): #37 — real macOS LAContext biometric gate via objc2 FFI #38:
  1. Cross-wallet credential leak on namespace collisions
  2. Nondeterministic daemon session selection
  3. URL encoding via reqwest .query(), never raw interpolation
  4. Session-token redaction in prompts / logs
  5. Case-insensitive wallet comparison
  6. 30-day session TTL uniformly
  7. Synchronous keychain ops (no fire-and-forget delete)
  8. Path traversal guards on user-supplied identifiers
  9. Audit log DENIED rows for every cross-agent probing path
  10. Mock server design principles (typed params, shared resolve_identity, modular handlers)
• Architectural invariants — master→agent single-hop; no users yet (pre-launch)
• Scope control — no speculative refactors, no backwards-compat shims
• Codex-vs-Claude disagreement policy

Each pattern references the PR / issue where it was first established so reviewers can trace why the rule exists.

Security

• Our Claude Code OAuth token is stored as a GitHub Actions secret (CLAUDE_CODE_OAUTH_TOKEN)
• Only users with write access can trigger the workflow
• All Claude runs are in the Actions run history
• claude_args --allowed-tools whitelist restricts Bash to cargo/git/gh subcommands needed for review; no arbitrary shell execution

Important notes

• Workflow won't take effect until this PR is merged
• @claude mentions won't work until after merge
• After merge: mention @claude in a PR comment or issue to invoke it

[hanwencheng]

Updated (537ab46)

Added agentkeys-specific context so the Action's review output is useful on day one instead of generic Rust advice.

Both workflows now:

• Install Rust toolchain + cache so cargo test -p <crate> runs fast in-session
• Use fetch-depth: 0 for git history tools
• Whitelist cargo/git/gh commands via --allowed-tools

claude-code-review.yml prompt now injects the crate list, test constraints (--test-threads=1), and an 8-point review checklist derived from codex findings on PRs #18–#38.

New .github/REVIEW_GUIDELINES.md documents the 10 canonical bug patterns (URL encoding via reqwest .query(), audit-log DENIED rows, session-token redaction, etc.) with PR/issue cross-references so reviewers can see why each rule exists. The review workflow reads this file as a pointer in the prompt, so updates here automatically flow into future reviews.

Also documented: master→agent single-hop invariant (closes the recurring "transitive ownership" critique) and the pre-launch "no users yet" stance that dismisses legacy-migration findings.