From fe781d31a809fd88c01e2fa61a71ae405227eadd Mon Sep 17 00:00:00 2001
From: Allison Durham <allison@humanlayer.dev>
Date: Tue, 20 May 2025 13:08:15 -0700
Subject: [PATCH 1/2] remove workflow (not real)

---
 .github/workflows/claude-code-review.yml      | 1 -
 .github/workflows/claude-comment-response.yml | 1 -
 .github/workflows/claude-pr-creation.yml      | 1 -
 3 files changed, 3 deletions(-)

diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
index ea30cb0..870f835 100644
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -14,7 +14,6 @@ jobs:
       discussions: write
       id-token: write
       statuses: write
-      workflow: write
       actions: write
     steps:
       # Check out the code to allow git diff operations
diff --git a/.github/workflows/claude-comment-response.yml b/.github/workflows/claude-comment-response.yml
index a390c45..1a74fd0 100644
--- a/.github/workflows/claude-comment-response.yml
+++ b/.github/workflows/claude-comment-response.yml
@@ -15,7 +15,6 @@ jobs:
       discussions: write
       id-token: write
       statuses: write
-      workflow: write
       actions: write
     steps:
       - name: Checkout code
diff --git a/.github/workflows/claude-pr-creation.yml b/.github/workflows/claude-pr-creation.yml
index d6f615b..cdb798c 100644
--- a/.github/workflows/claude-pr-creation.yml
+++ b/.github/workflows/claude-pr-creation.yml
@@ -20,7 +20,6 @@ jobs:
       discussions: write
       id-token: write
       statuses: write
-      workflow: write
       actions: write
     steps:
       - name: Checkout code

From 25130608645a4ff6bc9536377bf27170aa500bb4 Mon Sep 17 00:00:00 2001
From: Allison Durham <allison@humanlayer.dev>
Date: Tue, 20 May 2025 13:13:18 -0700
Subject: [PATCH 2/2] pushing

---
 .github/workflows/claude-code-review.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
index 870f835..d67c5a8 100644
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -1,7 +1,7 @@
 name: Claude Code Review
 
 on:
-  pull_request:
+  pull_request_target:  # Use pull_request_target instead of pull_request
     types: [opened, synchronize]  # Runs on new PRs and updates
 
 jobs:
@@ -21,17 +21,19 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Fetch full history for accurate diffs
+          # Important: For pull_request_target, ref needs to be explicitly set to PR head
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Run Code Review with Claude
         id: code-review
         uses: anthropics/claude-code-action@beta
         with:
-          # Your GitHub token for API operations
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          
           # Define the review focus areas
           direct_prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Pay special attention to Kubernetes operator patterns and Go best practices according to the CLAUDE.md file."
 
+          # Your GitHub token for API operations
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          
           # Limited tools for safer review operations
           allowed_tools: |-
             # Git inspection commands (read-only)