ci: NO-JIRA add Claude AI code review workflows

[belumontoya]

🛠️ Type Of Change

• CI

📖 Jira Ticket

N/A

📖 Description

Adds two GitHub Actions workflows for Claude AI-powered code reviews:

• claude-code-review.yml — Automatic inline code review on every PR (open / ready-for-review). Also supports manual trigger via workflow_dispatch.
• claude.yml — On-demand @claude mention bot for PRs, issues, and review comments.

💡 Context

Dialtone is a public design system consumed by all Dialpad products. Code review quality directly impacts downstream consumers. These workflows add an AI reviewer that enforces Dialtone-specific rules inline on the exact lines that need attention:

• Breaking change detection (props/tokens/classes removed without BREAKING CHANGE: footer)
• Design token usage (no raw hex/px/z-index — must use --dt-* tokens)
• Component API consistency (Dt prefix, boolean prop naming, typed props)
• Accessibility beyond automated axe (ARIA, focus management, keyboard nav)
• Storybook/docs parity, deprecation patterns, theme coverage, localization
• Cross-package impact, semantic versioning, bundle size, migration paths

The ANTHROPIC_API_KEY secret has already been added to the repo.

Reviews use the inline PR Review API — comments appear on the exact diff lines with severity levels (🔴 CRITICAL / 🟡 MAJOR / 🟢 MINOR). No summary comments.

📝 Checklist

• I have ensured no private Dialpad links or info are in the code or pull request description (Dialtone is a public repo!).
• I have reviewed my changes.

🔮 Next Steps

• Merge to staging so the workflows exist on the base branch (required for GitHub Actions pull_request triggers)
• Open a test PR to validate both workflows trigger and produce inline reviews
• Iterate on the review prompt based on real PR feedback

[wiz-inc-55b470eb7e]

Wiz Scan Summary

Scanner	Findings
Vulnerabilities	-
Sensitive Data	-
Secrets	-
IaC Misconfigurations	6  3
SAST Findings	-
Software Management Findings	-
Total	6  3

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0d3c4dcdf9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "codex (@codex) review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "codex (@codex) address that feedback".

[Ignacio Ropolo (iropolo)]

Why we have an automatic and a on-demand? it is because cost?

Could we add something like what we have for visual changes? I mean, a message on the PR that if you want a Claude review just mention @claude

[Ignacio Ropolo (iropolo)]

Seems to be a good start

[belumontoya]

Why we have an automatic and a on-demand? it is because cost?

Could we add something like what we have for visual changes? I mean, a message on the PR that if you want a Claude review just mention @claude

Yes, it only runs when someone tags Claude (@claude) in a comment. It does NOT run on every push. The if: condition checks for contains(github.event.comment.body, 'Claude (@claude)') on every trigger.

The claude-code-review.yml runs automatically on PR open and ready-for-review only, not on synchronise (pushes), so it won't fire on every push either. Codex does the same thing running on PR open, and on tag codex (@codex)