sigp · dknopik · Feb 19, 2026 · Feb 11, 2026 · Feb 11, 2026 · Feb 12, 2026
diff --git a/.github/workflows/claude-mentions.yml b/.github/workflows/claude-mentions.yml
@@ -1,6 +1,6 @@
 name: Claude Mentions
 
-# Scenario 1: @claude mentions on issues and PR comments
+# @claude mentions on issues and PR comments
 # See: https://github.com/anthropics/claude-code-action/pull/614
 
 on:
@@ -78,10 +78,37 @@ jobs:
             - name: Run Claude Code Action
               if: steps.check.outputs.is_member == 'true'
               timeout-minutes: 15
-              uses: anthropics/claude-code-action@v1
+              uses: anthropics/claude-code-action@v1.0.52
               with:
                   github_token: ${{ steps.app-token.outputs.token }}
                   use_bedrock: "true"
+                  prompt: |
+                      REPO: ${{ github.repository }}
+
+                      Be precise and concise. No praise. Focus on actionable issues only.
+                      Review ONLY the PR diff. Do not flag pre-existing issues.
+                      If no significant issues are found, say so briefly and move on.
+
+                      When reviewing PRs, focus on these areas in priority order:
+
+                      1. **Security** — vulnerabilities, unsafe code, input validation, auth logic
+                      2. **Correctness** — logic errors, race conditions, edge cases, off-by-one errors
+                      3. **Performance** — bottlenecks, unnecessary allocations, resource leaks
+                      4. **Error Handling** — missing error paths, unwrap/expect in non-test code, silent failures
+                      5. **Rust Idioms** — non-idiomatic patterns, unnecessary clones, misuse of ownership/borrowing
+                      6. **Design** — incorrect abstractions, module boundary violations, missing trait bounds
+                      7. **Testing** — missing coverage for new code paths, untested edge cases
+
+                      Do NOT comment on:
+                      - Style or formatting (handled by rustfmt/clippy)
+                      - Minor naming preferences
+                      - TODOs, FIXMEs, or documentation formatting
+                      - Code with lint suppression comments (already acknowledged)
+                      - Pre-existing issues not introduced by this PR
+                      - Suggestions that are nice-to-have but not required for correctness
+
+                      Use inline comments for specific issues with concrete suggestions.
+                      Use a single top-level comment for summary only if there are findings.
                   claude_args: |
                       --max-turns 50
-                      --model us.anthropic.claude-sonnet-4-5-20250929-v1:0
+                      --model us.anthropic.claude-opus-4-6-v1
diff --git a/.github/workflows/claude-pr-review.yml b/.github/workflows/claude-pr-review.yml
@@ -1,7 +1,7 @@
 name: Claude PR Review
 
-# Scenario 2: Automated reviews on PR open/update
-# See: https://github.com/anthropics/claude-code-action/pull/614
+# Automated review on PR open, a silent watchdog that only comments when
+# it finds actionable issues.  On-demand help lives in claude-mentions.yml.
 
 on:
     pull_request_target:
@@ -60,14 +60,12 @@ jobs:
                     exit 0
                   fi
 
-            - name: Checkout repository
-              if: steps.check.outputs.is_member == 'true'
-              uses: actions/checkout@v4
-              with:
-                  repository: ${{ github.event.pull_request.head.repo.full_name }}
-                  ref: ${{ github.event.pull_request.head.ref }}
-                  fetch-depth: 0
-
+            # Generate the app token before checkout so it can be used for
+            # git operations. claude-code-action calls setupBranch() (which
+            # fetches PR refs via `git fetch origin pull/N/head:...`) before
+            # configureGitAuth(), so the token embedded in origin by
+            # actions/checkout must already have permission to fetch fork
+            # PR refs.
             - name: Generate GitHub App token
               if: steps.check.outputs.is_member == 'true'
               id: app-token
@@ -76,6 +74,12 @@ jobs:
                   app-id: ${{ vars.APP_ID }}
                   private-key: ${{ secrets.APP_PRIVATE_KEY }}
 
+            - name: Checkout repository
+              if: steps.check.outputs.is_member == 'true'
+              uses: actions/checkout@v4
+              with:
+                  token: ${{ steps.app-token.outputs.token }}
+
             - name: Configure AWS Credentials (OIDC)
               if: steps.check.outputs.is_member == 'true'
               uses: aws-actions/configure-aws-credentials@v4
@@ -88,50 +92,47 @@ jobs:
               timeout-minutes: 15
               env:
                   ACTIONS_STEP_DEBUG: true
-              uses: anthropics/claude-code-action@v1
+              uses: anthropics/claude-code-action@v1.0.52
               with:
                   github_token: ${{ steps.app-token.outputs.token }}
                   use_bedrock: "true"
-                  track_progress: true
                   prompt: |
                       REPO: ${{ github.repository }}
                       PR NUMBER: ${{ github.event.pull_request.number }}
 
-                      Be precise and concise in your language. Avoid overly praising the PR.
-                      Focus on actionable feedback and specific issues.
-
-                      Perform a comprehensive code review with the following focus areas:
-
-                      1. **Code Quality**
-                         - Clean code principles and best practices
-                         - Proper error handling and edge cases
-                         - Code readability and maintainability
-
-                      2. **Security**
-                         - Check for potential security vulnerabilities
-                         - Validate input sanitization
-                         - Review authentication/authorization logic
-
-                      3. **Performance**
-                         - Identify potential performance bottlenecks
-                         - Review for efficiency issues
-                         - Check for memory leaks or resource issues
-
-                      4. **Testing**
-                         - Verify adequate test coverage
-                         - Review test quality and edge cases
-                         - Check for missing test scenarios
-
-                      5. **Documentation**
-                         - Ensure code is properly documented
-                         - Verify README updates for new features
-                         - Check for clear comments on complex logic
-
-                      Provide detailed feedback using inline comments for specific issues.
-                      Use top-level comments for general observations or praise.
+                      You are an automated silent watchdog reviewer. Your job is to catch
+                      real problems — NOT to provide a comprehensive review or commentary.
+
+                      CRITICAL RULE: If you find NO actionable issues, do NOT post any
+                      PR comments or inline comments. Simply respond with:
+                      "No actionable issues found."
+                      and stop. Do not elaborate, summarize, or praise.
+
+                      Only comment on issues you are CONFIDENT are real problems:
+
+                      1. **Security** — vulnerabilities, unsafe code, input validation, auth logic
+                      2. **Correctness** — logic errors, race conditions, edge cases, off-by-one errors
+                      3. **Performance** — bottlenecks, unnecessary allocations, resource leaks
+                      4. **Error Handling** — missing error paths, unwrap/expect in non-test code, silent failures
+                      5. **Rust Idioms** — non-idiomatic patterns, unnecessary clones, misuse of ownership/borrowing
+                      6. **Design** — incorrect abstractions, module boundary violations, missing trait bounds
+                      7. **Testing** — missing coverage for new code paths, untested edge cases
+
+                      Do NOT comment on:
+                      - Style, formatting, naming (handled by rustfmt/clippy)
+                      - Documentation, TODOs, FIXMEs
+                      - Pre-existing issues not introduced by this PR
+                      - Nice-to-have suggestions or minor improvements
+                      - Rust idiom preferences that don't affect correctness
+                      - Code with lint suppression comments (already acknowledged)
+
+                      When you DO find issues:
+                      - Use inline comments with concrete fix suggestions
+                      - Post a brief summary comment ONLY listing the issues found
+                      - No preamble, no praise, no filler
                   claude_args: |
-                      --model us.anthropic.claude-sonnet-4-5-20250929-v1:0
                       --max-turns 50
+                      --model us.anthropic.claude-opus-4-6-v1
                       --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Read,Grep"
 
             - name: Remove claude-recheck label if present