SgtSwagrid · SgtSwagrid · Apr 3, 2026 · Apr 3, 2026
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,15 @@
+# IDE configuration for consistent code formatting across different editors.
+
+root = true
+
+# Set default charset, line endings, and whitespace handling for all files.
+[*]
+charset                  = utf-8
+end_of_line              = lf
+insert_final_newline     = true
+trim_trailing_whitespace = true
+
+# Always use an indentation of 2 spaces.
+[*.{scala,java,kt,sbt,conf,json,md,yml,yaml,htm,html,xml,js,ts,py}]
+indent_style = space
+indent_size  = 2
diff --git a/.github/rulesets/build-integrity.json b/.github/rulesets/build-integrity.json
@@ -0,0 +1,51 @@
+{
+  "name": "build-integrity",
+  "target": "branch",
+  "enforcement": "active",
+  "conditions": {
+    "ref_name": {
+      "exclude": [],
+      "include": [
+        "~DEFAULT_BRANCH"
+      ]
+    }
+  },
+  "rules": [
+    {
+      "type": "deletion"
+    },
+    {
+      "type": "required_status_checks",
+      "parameters": {
+        "strict_required_status_checks_policy": true,
+        "do_not_enforce_on_create": false,
+        "required_status_checks": [
+          {
+            "context": "Build Integrity"
+          }
+        ]
+      }
+    },
+    {
+      "type": "pull_request",
+      "parameters": {
+        "required_approving_review_count": 0,
+        "dismiss_stale_reviews_on_push": false,
+        "required_reviewers": [],
+        "require_code_owner_review": true,
+        "require_last_push_approval": false,
+        "required_review_thread_resolution": false,
+        "allowed_merge_methods": [
+          "squash"
+        ]
+      }
+    }
+  ],
+  "bypass_actors": [
+    {
+      "actor_id": 5,
+      "actor_type": "RepositoryRole",
+      "bypass_mode": "always"
+    }
+  ]
+}
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
@@ -0,0 +1,44 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review, reopened]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
+          plugins: 'code-review@claude-code-plugins'
+          prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+
diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
@@ -0,0 +1,49 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
diff --git a/.github/workflows/export-rulesets.yml b/.github/workflows/export-rulesets.yml
@@ -1,63 +1,8 @@
-# =================================================================================================
-# Exports rules from GitHub's internal configuration into '.github/rulesets'.
-# Only triggered manually, which should be done following every manual configuration change.
-# =================================================================================================
-
 name: Export Rulesets
-
 on:
   workflow_dispatch:
-  workflow_call:
-
-# Cancel in-progress runs when starting a new one.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
 
 jobs:
-  run:
-    runs-on: ubuntu-latest
-    env:
-      REPO_DIR: repo
-      RULESETS_DIR: repo/.github/rulesets
-
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Check requirements
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: |
-          if [ -z "$GH_TOKEN" ]; then
-            echo "::error::GH_TOKEN secret is not set." \
-              "Create a GitHub Personal Access Token with sufficient access" \
-              "and add it as a repository secret named GH_TOKEN."
-            exit 1
-          fi
-
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: repo
-
-      - name: Checkout github-rules
-        uses: actions/checkout@v4
-        with:
-          repository: SgtSwagrid/github-rules
-          path: github-rules
-
-      - name: Sync
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: bash github-rules/scripts/export-rulesets.sh
-
-      - name: Publish
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-          BASE_BRANCH: ${{ github.ref_name }}
-          UPDATE_BRANCH: ci/export-rulesets
-          PR_TITLE: "[ci] Exported GitHub rulesets to source."
-          PR_BODY_FILE: github-rules/templates/pull-request-body.md
-        run: bash github-rules/scripts/publish.sh
+  export:
+    uses: SgtSwagrid/github-rules/.github/workflows/export-rulesets.yml@main
+    secrets: inherit
diff --git a/.github/workflows/import-rulesets.yml b/.github/workflows/import-rulesets.yml
@@ -1,63 +1,11 @@
-# =================================================================================================
-# Imports rules from '.github/rulesets' into GitHub's internal configuration.
-# Triggered by modifications to this directory on the default branch, or manually.
-# =================================================================================================
-
 name: Import Rulesets
-
 on:
   push:
     paths:
       - .github/rulesets/**
   workflow_dispatch:
-  workflow_call:
-
-# Cancel in-progress runs when starting a new one.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
 
 jobs:
-  run:
-    runs-on: ubuntu-latest
-    # Only respond to changes on the default branch.
-    if: >
-      github.event_name == 'workflow_dispatch' ||
-      github.event_name == 'workflow_call' ||
-      github.ref_name == github.event.repository.default_branch
-    env:
-      REPO_DIR: repo
-      RULESETS_DIR: repo/.github/rulesets
-
-    steps:
-      - name: Check requirements
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: |
-          if [ -z "$GH_TOKEN" ]; then
-            echo "::error::GH_TOKEN secret is not set." \
-              "Create a GitHub Personal Access Token with sufficient access" \
-              "and add it as a repository secret named GH_TOKEN."
-            exit 1
-          fi
-
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: repo
-
-      - name: Checkout github-rules
-        uses: actions/checkout@v4
-        with:
-          repository: SgtSwagrid/github-rules
-          path: github-rules
-
-      - name: Clear
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: bash github-rules/scripts/clear-rulesets.sh
-
-      - name: Sync
-        env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
-        run: bash github-rules/scripts/import-rulesets.sh
+  import:
+    uses: SgtSwagrid/github-rules/.github/workflows/import-rulesets.yml@main
+    secrets: inherit