feat(bridge): vendor smux tmux-bridge as layer-2 agent comms #487
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review, reopened] | |
| issue_comment: | |
| types: [created] | |
| pull_request_review_comment: | |
| types: [created] | |
| issues: | |
| types: [opened, assigned, labeled] | |
| pull_request_review: | |
| types: [submitted] | |
| workflow_dispatch: | |
| concurrency: | |
| group: claude-${{ github.event.pull_request.number || github.event.issue.number || github.run_id }} | |
| cancel-in-progress: false | |
| jobs: | |
| claude: | |
| if: | | |
| github.event_name == 'pull_request' || | |
| github.event_name == 'workflow_dispatch' || | |
| (contains(github.event.comment.body || github.event.review.body || github.event.issue.body || github.event.issue.title || '', '@claude') && | |
| contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association || github.event.review.author_association || github.event.issue.author_association || 'OWNER')) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| steps: | |
| - uses: actions/create-github-app-token@v2 | |
| id: token | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ steps.token.outputs.token }} | |
| fetch-depth: 0 | |
| - name: Prepare Claude prompt | |
| id: prepare_claude_prompt | |
| shell: bash | |
| run: | | |
| if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then | |
| PR_NUMBER="$(jq -r '.pull_request.number' "${GITHUB_EVENT_PATH}")" | |
| { | |
| printf 'prompt<<PROMPT\n' | |
| printf 'REPO: %s\n' "${GITHUB_REPOSITORY}" | |
| printf 'PR NUMBER: %s\n' "${PR_NUMBER}" | |
| printf '\n' | |
| printf '%s\n' "Perform a paranoid security audit of this pull request. Focus on container boundaries, authentication flows, shell entrypoints, privilege escalation, and permission bypasses. Enumerate blocking issues, high-risk findings, and required tests before merge." | |
| printf 'PROMPT\n' | |
| } >> "${GITHUB_OUTPUT}" | |
| else | |
| echo "prompt=" >> "${GITHUB_OUTPUT}" | |
| fi | |
| - uses: anthropics/claude-code-action@v1 | |
| if: github.event_name != 'pull_request' || (!contains(github.event.pull_request.title, '[skip-review]') && !contains(github.event.pull_request.title, '[WIP]')) | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| github_token: ${{ steps.token.outputs.token }} | |
| track_progress: ${{ github.event_name == 'pull_request' && 'true' || 'false' }} | |
| prompt: ${{ steps.prepare_claude_prompt.outputs.prompt }} | |
| claude_args: | | |
| --model claude-sonnet-4-20250514 | |
| --system-prompt "Security-focused systems engineer for deva. Core expertise: container security, auth vectors, shell injection, privilege boundaries, and multi-agent launcher behavior across Codex, Claude Code, and Gemini. Bark when necessary. PR reviews: paranoia to surface vulnerabilities before ship. Issues/comments: collaborative systems help. Philosophy: minimal comments; code + --help are docs; Linux-style bluntness; fail fast and loud; security first; test auth and mount paths; follow @workflows/ templates for git/gh ops." | |
| --allowedTools Bash(gh:*),Bash(git:*),Bash(docker:*),Bash(make:*),Bash(./deva.sh:*),Bash(./claude.sh:*),Bash(./claudeb.sh:*),Bash(shellcheck:*),mcp__barkme__notify | |
| --mcp-config '{ | |
| "mcpServers": { | |
| "barkme": { | |
| "command": "npx", | |
| "args": ["@vibeworks/barkme-mcp-server"], | |
| "env": { | |
| "LOG_LEVEL": "debug", | |
| "BARK_DEVICES": "${{ secrets.BARK_DEVICES }}", | |
| "BARK_SERVER": "${{ secrets.BARK_SERVER }}", | |
| "BARK_GROUP": "deva", | |
| "BARK_ICON": "https://avatars.githubusercontent.com/in/1452392", | |
| "BARK_RETRY": "3", | |
| "BARK_ASYNC": "false" | |
| } | |
| } | |
| } | |
| }' |