Update

Bump the npm_and_yarn group across 1 directory with 2 updates

.github/workflows/release.yml

@@ -9,6 +9,8 @@ on:
 jobs:
   release:
     runs-on: ubuntu-latest
+    permissions:
+     contents: write
     steps:
       - uses: actions/checkout@v4
       
@@ -23,6 +25,14 @@ jobs:
       - name: Build
         run: npm run build
 
+      - name: Commit built files
+        run: |
+          git config --global user.name 'claude-code-review[bot]'
+          git config --global user.email 'claude-code-review[bot]@users.noreply.github.com'
+          git add -f dist
+          git commit -m 'Add built files'
+          git push origin HEAD:main
+        
       - name: Create Release
         uses: softprops/action-gh-release@v1
         with:

README.md

@@ -1,6 +1,6 @@
 # Claude Code Review Action
 
-A GitHub Action that performs automated code reviews using Claude AI.
+A GitHub Action that performs automated code reviews using Claude Sonnet 3.5, an AI assistant from Anthropic.
 
 ## Features
 - Analyzes code changes in pull requests
@@ -13,29 +13,44 @@ A GitHub Action that performs automated code reviews using Claude AI.
 Add this to your GitHub workflow file (e.g. `.github/workflows/review.yml`):
 
 ```yaml
-name: Code Review
+name: Claude Code Review
+
+permissions:
+  contents: read
+  pull-requests: write
 
 on:
+  # Run on new/updated PRs
   pull_request:
     types: [opened, reopened, synchronize]
   
+  # Allow manual triggers for existing PRs
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'Pull Request Number'
+        required: true
+        type: string
+
 jobs:
-  review:
+  code-review:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
+    environment: development_environment
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           
-      - uses: your-username/claude-code-review-action@v1
+      - name: Run Claude Review
+        uses: pacnpal/claude-code-review@main
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           anthropic-key: ${{ secrets.ANTHROPIC_API_KEY }}
-          pr-number: ${{ github.event.pull_request.number }}
+          pr-number: ${{ github.event.pull_request.number || inputs.pr_number }}
 ```
+- Click on "Claude Code Review" Action under Actions tab. 
+- Click "Run Workflow"
+- Fill in branch and pull request ID and click "Run Workflow"
 
 ## Setup
 

action.js

@@ -3,17 +3,110 @@ const core = require('@actions/core');
 const github = require('@actions/github');
 const { exec } = require('@actions/exec');
 
-async function getPRDetails(octokit, context, prNumber) {
+// Constants for retry logic
+const MAX_RETRIES = 4;
+const INITIAL_BACKOFF_MS = 2000;
+const MAX_DIFF_SIZE = 100000; // ~100KB to stay well under API limits
+const API_TIMEOUT_MS = 120000; // 2 minutes
+
+/**
+ * Sleep for specified milliseconds
+ * @param {number} ms - Milliseconds to sleep
+ * @returns {Promise<void>}
+ */
+function sleep(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+/**
+ * Retry a function with exponential backoff
+ * @param {Function} fn - Async function to retry
+ * @param {string} operation - Description of operation for logging
+ * @param {number} maxRetries - Maximum number of retries
+ * @returns {Promise<any>} Result of the function
+ */
+async function retryWithBackoff(fn, operation, maxRetries = MAX_RETRIES) {
+  let lastError;
+
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
     try {
-    console.log(`Getting details for PR #${prNumber}`);
+      if (attempt > 0) {
+        const backoffMs = INITIAL_BACKOFF_MS * Math.pow(2, attempt - 1);
+        core.info(`Retry attempt ${attempt}/${maxRetries} for ${operation} after ${backoffMs}ms`);
+        await sleep(backoffMs);
+      }
 
-    // Get PR info
-    const { data: pr } = await octokit.rest.pulls.get({
+      return await fn();
+    } catch (error) {
+      lastError = error;
+
+      // Don't retry on authentication or validation errors
+      if (error.status === 401 || error.status === 403 || error.status === 400) {
+        core.error(`${operation} failed with non-retryable error: ${error.message}`);
+        throw error;
+      }
+
+      if (attempt < maxRetries) {
+        core.warning(`${operation} failed (attempt ${attempt + 1}/${maxRetries + 1}): ${error.message}`);
+      } else {
+        core.error(`${operation} failed after ${maxRetries + 1} attempts`);
+      }
+    }
+  }
+
+  throw lastError;
+}
+
+/**
+ * Validate input parameters
+ * @param {string} token - GitHub token
+ * @param {string} anthropicKey - Anthropic API key
+ * @param {string|number} prNumber - PR number
+ */
+function validateInputs(token, anthropicKey, prNumber) {
+  if (!token || token.trim() === '') {
+    throw new Error('github-token is required and cannot be empty');
+  }
+
+  if (!anthropicKey || anthropicKey.trim() === '') {
+    throw new Error('anthropic-key is required and cannot be empty');
+  }
+
+  if (!anthropicKey.startsWith('sk-ant-')) {
+    core.warning('anthropic-key does not match expected format (should start with sk-ant-)');
+  }
+
+  const prNum = parseInt(prNumber);
+  if (isNaN(prNum) || prNum <= 0) {
+    throw new Error(`Invalid PR number: ${prNumber}. Must be a positive integer.`);
+  }
+
+  core.info('✓ Input validation passed');
+  return prNum;
+}
+
+/**
+ * Get PR details from GitHub API with retry logic
+ * @param {Object} octokit - GitHub API client
+ * @param {Object} context - GitHub context
+ * @param {number} prNumber - PR number
+ * @returns {Promise<Object>} PR details
+ */
+async function getPRDetails(octokit, context, prNumber) {
+  core.startGroup('Fetching PR details');
+
+  try {
+    core.info(`Getting details for PR #${prNumber}`);
+
+    const { data: pr } = await retryWithBackoff(
+      async () => await octokit.rest.pulls.get({
         ...context.repo,
-      pull_number: parseInt(prNumber)
-    });
+        pull_number: prNumber
+      }),
+      'Get PR details'
+    );
 
-    return {
+    const result = {
       number: pr.number,
       base: {
         sha: pr.base.sha,
@@ -22,59 +115,154 @@ async function getPRDetails(octokit, context, prNumber) {
       head: {
         sha: pr.head.sha,
         ref: pr.head.ref
-      }
+      },
+      title: pr.title,
+      state: pr.state
     };
+
+    core.info(`✓ Retrieved PR #${result.number}: "${result.title}"`);
+    core.info(`  Base: ${result.base.ref} (${result.base.sha.substring(0, 7)})`);
+    core.info(`  Head: ${result.head.ref} (${result.head.sha.substring(0, 7)})`);
+    core.debug(`PR state: ${result.state}`);
+
+    return result;
   } catch (error) {
-    throw new Error(`Failed to get PR details: ${error.message}`);
+    core.error(`Failed to get PR details: ${error.message}`);
+    throw new Error(`Failed to get PR details for #${prNumber}: ${error.message}`);
+  } finally {
+    core.endGroup();
   }
 }
 
+/**
+ * Setup git configuration with retry logic
+ * @returns {Promise<void>}
+ */
 async function setupGitConfig() {
-  // Configure git to fetch PR refs
-  await exec('git', ['config', '--local', '--add', 'remote.origin.fetch', '+refs/pull/*/head:refs/remotes/origin/pr/*']);
-  await exec('git', ['fetch', 'origin']);
-}
-
-async function getDiff(baseSha, headSha) {
-  let diffContent = '';
+  core.startGroup('Setting up Git configuration');
 
   try {
+    core.info('Configuring git to fetch PR refs...');
+    await retryWithBackoff(
+      async () => await exec('git', ['config', '--local', '--add', 'remote.origin.fetch', '+refs/pull/*/head:refs/remotes/origin/pr/*']),
+      'Git config fetch refs'
+    );
+
+    core.info('Fetching from origin...');
+    await retryWithBackoff(
+      async () => await exec('git', ['fetch', 'origin']),
+      'Git fetch origin'
+    );
+
+    core.info('Setting git user identity...');
+    await exec('git', ['config', '--global', 'user.name', 'claude-code-review[bot]']);
+    await exec('git', ['config', '--global', 'user.email', 'claude-code-review[bot]@users.noreply.github.com']);
+
+    core.info('✓ Git configuration completed');
+  } catch (error) {
+    core.error(`Git configuration failed: ${error.message}`);
+    throw new Error(`Failed to configure git: ${error.message}`);
+  } finally {
+    core.endGroup();
+  }
+}
+
+/**
+ * Generate diff between two commits with size validation
+ * @param {string} baseSha - Base commit SHA
+ * @param {string} headSha - Head commit SHA
+ * @returns {Promise<string>} Diff content
+ */
+async function getDiff(baseSha, headSha) {
+  core.startGroup('Generating diff');
+
+  let diffContent = '';
+  let stderr = '';
+
+  try {
+    core.info(`Generating diff between ${baseSha.substring(0, 7)} and ${headSha.substring(0, 7)}`);
+
     // Get the full diff with context
     await exec('git', ['diff', '-U10', baseSha, headSha], {
       listeners: {
         stdout: (data) => {
           diffContent += data.toString();
+        },
+        stderr: (data) => {
+          stderr += data.toString();
         }
       }
     });
 
-    // Filter for relevant files
-    const lines = diffContent.split('\n');
-    let filtered = '';
-    let keep = false;
-
-    for (const line of lines) {
-      if (line.startsWith('diff --git')) {
-        keep = false;
-        // Check if file type should be included
-        if (line.match(/\.(js|ts|py|cpp|h|java|cs)$/) && 
-            !line.match(/(package-lock\.json|yarn\.lock|\.md|\.json)/)) {
-          keep = true;
-        }
-      }
-      if (keep) {
-        filtered += line + '\n';
-      }
+    if (stderr) {
+      core.debug(`Git diff stderr: ${stderr}`);
     }
 
-    return filtered;
+    const diffSize = Buffer.byteLength(diffContent, 'utf8');
+    core.info(`✓ Diff generated: ${diffSize} bytes`);
+
+    if (diffSize === 0) {
+      core.warning('Diff is empty - no changes found');
+      return '';
+    }
+
+    if (diffSize > MAX_DIFF_SIZE) {
+      core.warning(`Diff size (${diffSize} bytes) exceeds maximum (${MAX_DIFF_SIZE} bytes)`);
+      const truncated = diffContent.substring(0, MAX_DIFF_SIZE);
+      const lines = truncated.split('\n').length;
+      core.warning(`Diff truncated to ${MAX_DIFF_SIZE} bytes (~${lines} lines)`);
+      return truncated + '\n\n[... diff truncated due to size ...]';
+    }
+
+    const lines = diffContent.split('\n').length;
+    core.info(`Diff contains ${lines} lines`);
+
+    return diffContent;
   } catch (error) {
+    core.error(`Failed to generate diff: ${error.message}`);
+    if (stderr) {
+      core.error(`Git stderr: ${stderr}`);
+    }
     throw new Error(`Failed to generate diff: ${error.message}`);
+  } finally {
+    core.endGroup();
   }
 }
 
+/**
+ * Create fetch with timeout
+ * @param {string} url - URL to fetch
+ * @param {Object} options - Fetch options
+ * @param {number} timeout - Timeout in milliseconds
+ * @returns {Promise<Response>} Fetch response
+ */
+async function fetchWithTimeout(url, options, timeout = API_TIMEOUT_MS) {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+
+  try {
+    const response = await fetch(url, {
+      ...options,
+      signal: controller.signal
+    });
+    return response;
+  } finally {
+    clearTimeout(timeoutId);
+  }
+}
+
+/**
+ * Analyze code diff with Claude API including retry logic and proper error handling
+ * @param {string} diffContent - Code diff to analyze
+ * @param {string} anthropicKey - Anthropic API key
+ * @returns {Promise<string|null>} Code review text
+ */
 async function analyzeWithClaude(diffContent, anthropicKey) {
-  if (!diffContent.trim()) {
+  core.startGroup('Analyzing with Claude AI');
+
+  if (!diffContent || !diffContent.trim()) {
+    core.warning('Diff content is empty, skipping analysis');
+    core.endGroup();
     return null;
   }
 
@@ -94,7 +282,9 @@ For each issue found:
 - Provide specific recommendations for fixes
 - Include code examples where helpful
 
-If no issues are found in a particular area, explicitly state that.
+- If no issues are found in a particular area, explicitly state that.
+- If it's a dependency update, evaluate with strict scrutiny the implications of the change.
+- No matter your findings, give a summary of the pull request.
 
 Here is the code diff to review:
 
@@ -103,7 +293,11 @@ ${diffContent}
 \`\`\``;
 
   try {
-    const response = await fetch('https://api.anthropic.com/v1/messages', {
+    core.info('Sending request to Claude API...');
+    core.debug(`Prompt length: ${prompt.length} characters`);
+
+    const review = await retryWithBackoff(async () => {
+      const response = await fetchWithTimeout('https://api.anthropic.com/v1/messages', {
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
@@ -111,7 +305,7 @@ ${diffContent}
           'anthropic-version': '2023-06-01'
         },
         body: JSON.stringify({
-        model: 'claude-3-sonnet-20240229',
+          model: 'claude-sonnet-4-5',
           max_tokens: 4096,
           temperature: 0.7,
           messages: [{
@@ -119,93 +313,207 @@ ${diffContent}
             content: prompt
           }]
         })
-    });
+      }, API_TIMEOUT_MS);
+
+      // Check HTTP status
+      if (!response.ok) {
+        const errorText = await response.text();
+        let errorMessage;
+
+        try {
+          const errorData = JSON.parse(errorText);
+          errorMessage = errorData.error?.message || errorData.message || errorText;
+        } catch {
+          errorMessage = errorText;
+        }
+
+        // Create error with status for retry logic
+        const error = new Error(`API returned ${response.status}: ${errorMessage}`);
+        error.status = response.status;
+
+        // Handle rate limiting
+        if (response.status === 429) {
+          const retryAfter = response.headers.get('retry-after');
+          if (retryAfter) {
+            core.warning(`Rate limited. Retry after ${retryAfter} seconds`);
+            error.retryAfter = parseInt(retryAfter) * 1000;
+          }
+        }
+
+        throw error;
+      }
 
       const data = await response.json();
+
       if (!data.content?.[0]?.text) {
-      throw new Error(`API Error: ${JSON.stringify(data)}`);
+        throw new Error(`Invalid API response: missing content. Response: ${JSON.stringify(data).substring(0, 200)}`);
       }
 
       return data.content[0].text;
+    }, 'Claude API request', 3); // Use fewer retries for API calls
+
+    const reviewLength = review.length;
+    core.info(`✓ Received review from Claude: ${reviewLength} characters`);
+
+    return review;
   } catch (error) {
-    throw new Error(`Claude API error: ${error.message}`);
+    if (error.name === 'AbortError') {
+      core.error(`Claude API request timed out after ${API_TIMEOUT_MS}ms`);
+      throw new Error(`Claude API request timed out after ${API_TIMEOUT_MS / 1000} seconds`);
+    }
+
+    core.error(`Claude API error: ${error.message}`);
+    throw new Error(`Failed to analyze with Claude: ${error.message}`);
+  } finally {
+    core.endGroup();
   }
 }
 
+/**
+ * Post code review as a comment on the PR with retry logic
+ * @param {Object} octokit - GitHub API client
+ * @param {Object} context - GitHub context
+ * @param {string} review - Review text
+ * @param {number} prNumber - PR number
+ * @returns {Promise<void>}
+ */
 async function postReview(octokit, context, review, prNumber) {
-  try {
-    // Escape special characters for proper formatting
-    const escapedReview = review
-      .replace(/(?<=[\s\n])`([^`]+)`(?=[\s\n])/g, '\\`$1\\`')
-      .replace(/```/g, '\\`\\`\\`')
-      .replace(/\${/g, '\\${');
+  core.startGroup('Posting review comment');
 
-    await octokit.rest.issues.createComment({
+  try {
+    core.info(`Posting review to PR #${prNumber}...`);
+    core.debug(`Review length: ${review.length} characters`);
+
+    // GitHub markdown handles most content correctly without escaping
+    // Only ensure the review doesn't break the comment
+    const body = `# 🤖 Claude Code Review\n\n${review}`;
+
+    const comment = await retryWithBackoff(
+      async () => await octokit.rest.issues.createComment({
         ...context.repo,
         issue_number: prNumber,
-      body: `# Claude Code Review\n\n${escapedReview}`
-    });
+        body: body
+      }),
+      'Post review comment'
+    );
+
+    core.info(`✓ Review posted successfully`);
+    core.debug(`Comment ID: ${comment.data.id}`);
+    core.debug(`Comment URL: ${comment.data.html_url}`);
+
   } catch (error) {
+    core.error(`Failed to post review comment: ${error.message}`);
     throw new Error(`Failed to post review: ${error.message}`);
+  } finally {
+    core.endGroup();
   }
 }
 
+/**
+ * Main execution function
+ */
 async function run() {
+  const startTime = Date.now();
+
   try {
+    core.info('🚀 Starting Claude Code Review Action');
+    core.info(`Node version: ${process.version}`);
+    core.info(`Platform: ${process.platform}`);
+
     // Get inputs
     const token = core.getInput('github-token', { required: true });
     const anthropicKey = core.getInput('anthropic-key', { required: true });
+    let prNumber = core.getInput('pr-number');
+
+    // Get PR number from event if not provided
+    const context = github.context;
+    if (!prNumber && context.eventName === 'pull_request') {
+      prNumber = context.payload.pull_request?.number;
+    }
+
+    // Validate inputs
+    const validatedPrNumber = validateInputs(token, anthropicKey, prNumber);
+
+    // Mask sensitive data in logs
+    core.setSecret(anthropicKey);
 
     // Initialize GitHub client
+    core.info('Initializing GitHub client...');
     const octokit = github.getOctokit(token);
-    const context = github.context;
-
-    // Get PR number from event or input
-    let prNumber;
-    if (context.eventName === 'pull_request') {
-      prNumber = context.payload.pull_request.number;
-    } else {
-      prNumber = core.getInput('pr-number', { required: true });
-    }
+    core.info(`Repository: ${context.repo.owner}/${context.repo.repo}`);
+    core.info(`Event: ${context.eventName}`);
 
     // Set up git configuration
     await setupGitConfig();
 
     // Get PR details
-    const pr = await getPRDetails(octokit, context, prNumber);
-    console.log(`Retrieved details for PR #${pr.number}`);
+    const pr = await getPRDetails(octokit, context, validatedPrNumber);
+
+    // Validate PR state
+    if (pr.state === 'closed') {
+      core.warning(`PR #${pr.number} is closed. Review will still be posted.`);
+    }
 
     // Generate diff
-    console.log('Generating diff...');
     const diff = await getDiff(pr.base.sha, pr.head.sha);
 
-    if (!diff) {
-      console.log('No relevant changes found');
+    if (!diff || diff.trim() === '') {
+      core.warning('No changes found in diff');
       core.setOutput('diff_size', '0');
+      core.setOutput('review', 'No changes to review');
+      core.info('✓ Action completed (no changes to review)');
       return;
     }
 
-    core.setOutput('diff_size', diff.length.toString());
+    const diffSize = Buffer.byteLength(diff, 'utf8');
+    core.setOutput('diff_size', diffSize.toString());
 
     // Analyze with Claude
-    console.log('Analyzing with Claude...');
     const review = await analyzeWithClaude(diff, anthropicKey);
 
     if (!review) {
-      console.log('No review generated');
+      core.warning('No review generated by Claude');
+      core.setOutput('review', '');
+      core.info('✓ Action completed (no review generated)');
       return;
     }
 
     // Post review
-    console.log('Posting review...');
     await postReview(octokit, context, review, pr.number);
 
     // Set outputs
     core.setOutput('review', review);
 
+    const duration = ((Date.now() - startTime) / 1000).toFixed(2);
+    core.info(`✓ Claude Code Review completed successfully in ${duration}s`);
+
   } catch (error) {
+    const duration = ((Date.now() - startTime) / 1000).toFixed(2);
+    core.error(`✗ Action failed after ${duration}s`);
+    core.error(`Error: ${error.message}`);
+
+    if (error.stack) {
+      core.debug(`Stack trace: ${error.stack}`);
+    }
+
     core.setFailed(error.message);
+    process.exit(1);
   }
 }
 
+// Handle unhandled rejections
+process.on('unhandledRejection', (reason, promise) => {
+  core.error('Unhandled Rejection at:', promise);
+  core.error('Reason:', reason);
+  core.setFailed(`Unhandled rejection: ${reason}`);
+  process.exit(1);
+});
+
+// Handle uncaught exceptions
+process.on('uncaughtException', (error) => {
+  core.error('Uncaught Exception:', error);
+  core.setFailed(`Uncaught exception: ${error.message}`);
+  process.exit(1);
+});
+
 run();

action.yml

@@ -18,4 +18,4 @@ outputs:
     description: 'Generated code review'
 runs:
   using: 'node20'
-  main: 'action.js'
+  main: 'dist/index.js'

package.json

@@ -7,17 +7,25 @@
     "test": "jest",
     "build": "ncc build action.js -o dist"
   },
-  "keywords": ["github", "action", "code-review", "claude"],
+  "keywords": [
+    "github",
+    "action",
+    "code-review",
+    "claude"
+  ],
   "author": "PacNPal",
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.10.1",
-    "@actions/github": "^6.0.0",
+    "@actions/core": "^1.11.1",
     "@actions/exec": "^1.1.1",
-    "node-fetch": "^3.3.2"
+    "@actions/github": "^6.0.1",
+    "glob": "^11.0.3",
+    "node-fetch": "^3.3.2",
+    "js-yaml": "^4.1.1"
   },
   "devDependencies": {
-    "@vercel/ncc": "^0.38.3",
-    "jest": "^29.7.0"
+    "@vercel/ncc": "^0.38.4",
+    "jest": "^30.2.0",
+    "js-yaml": "^4.1.1"
   }
 }