refactor: 重构 Claude Code workflows 为细粒度独立功能

## 主要变更

### 新增 17 个细粒度 workflows
- Issue 管理: triage, duplicate-check, stale-cleanup, oncall-triage, auto-response
- PR 管理: review, label, size-check, changelog, description
- 交互响应: mention-responder, review-responder
- CI/安全: ci-autofix, security-scan, dependency-review
- 文档/发布: docs-review, release-notes

### 删除
- claude-assistant.yml (合并 workflow 已拆分)

### 改进
- 支持 Fork PR: 使用 pull_request_target + allowed_non_write_users
- 分支策略: 默认从 origin/dev 创建分支，PR 指向 dev
- 响应类型: 区分 HELP vs CODE FIX，不自动修复
- Bot 过滤: 所有 PR workflows 添加 bot 过滤
- Concurrency: 防止竞态条件
- Action 版本: 升级 setup-bun@v2, build-push@v6, gh-release@v2
- 安全修复: review-responder 使用 SHA 而非 ref

.github/workflows/claude-assistant.yml

@@ -1,195 +0,0 @@
-name: Claude AI Assistant
-
-# 监听所有相关的 GitHub 事件
-on:
-  # PR 事件：创建、更新、编辑、标签、分配、关闭、重新打开
-  pull_request:
-    types: [opened, synchronize, labeled, reopened, ready_for_review]
-
-  # PR 审查事件
-  pull_request_review:
-    types: [submitted, edited]
-
-  # PR 审查评论
-  pull_request_review_comment:
-    types: [created, edited]
-
-  # Issue 事件：创建、编辑、标签、分配、关闭、重新打开
-  issues:
-    types: [labeled]
-
-  # Issue 和 PR 评论
-  issue_comment:
-    types: [created, edited]
-
-jobs:
-  claude-assistant:
-    # 智能触发条件：状态变动自动触发 OR @ 提及触发
-    # 禁止所有 bot 触发，防止无限循环
-    if: |
-      !endsWith(github.actor, '[bot]') && (
-        github.event_name == 'pull_request' ||
-        github.event_name == 'pull_request_review' ||
-        github.event_name == 'issues' ||
-        (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-        (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))
-      )
-
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-
-    # 完整权限配置
-    permissions:
-      contents: write # 代码读写、分支创建、提交
-      pull-requests: write # PR 全功能操作
-      issues: write # Issue 全功能操作
-      actions: read # 读取 CI 状态
-      id-token: write # OIDC 认证
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-        with:
-          fetch-depth: 0 # 完整历史，便于分析
-
-      - name: Run Claude Code Assistant
-        uses: anthropics/claude-code-action@v1
-        env:
-          # 支持自定义 Base URL（代理服务）
-          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
-        with:
-          # API 认证
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-
-          # 触发配置
-          trigger_phrase: "@claude"
-
-          # 智能提示：根据事件类型自动调整行为
-          prompt: |
-            REPO: ${{ github.repository }}
-            EVENT: ${{ github.event_name }}
-            ${{ github.event.pull_request.number && format('PR NUMBER: {0}', github.event.pull_request.number) || '' }}
-            ${{ github.event.issue.number && format('ISSUE NUMBER: {0}', github.event.issue.number) || '' }}
-            ACTOR: ${{ github.actor }}
-
-            你是一个全能的 GitHub 助手。根据当前事件类型，执行相应的操作：
-
-            ## 铁律（违反即失败）：
-            1. **永远不要直接提交代码到 main 分支** - main 是生产分支，任何直接提交都是严重违规（除非 PR 的发起分支是 dev）
-            2. **永远不要创建指向 main 的 PR** - 所有 PR 必须指向 dev 分支（除非 PR 的发起分支是 dev）
-            3. **永远不要绕过 dev 分支** - 代码必须先进入 dev，经过测试后才能合并到 main
-            4. **所有代码变更必须遵循标准工作流**：创建新分支 → 提交 → 推送 → PR 到 dev
-
-            ## 标准 Git 工作流：
-            ```bash
-            # 1. 创建并切换到新分支
-            git checkout -b fix/issue-<number>-<description>  # Bug 修复（来自 Issue）
-            git checkout -b feat/pr-<number>-<description>    # 新功能（来自 PR）
-
-            # 2. 提交代码（确保先运行 git config 检查身份）
-            git add .
-            # ⚠️ 如果是修复 Issue，commit message 必须包含关闭关键字
-            git commit -m "fix: 描述修复内容, close #<issue-number>"  # Issue 场景
-            git commit -m "feat: 描述新功能"                            # PR 场景
-
-            # 3. 推送到远程
-            git push origin <branch-name>
-
-            # 4. 创建 PR 到 dev 分支（必须指定 --base dev）
-            # Issue 场景：PR body 中也要包含关闭关键字
-            gh pr create --base dev --title "Fix: ..." --body "Close #<issue-number>\n\n详细描述"
-            # PR 场景：正常描述即可
-            gh pr create --base dev --title "..." --body "详细描述"
-            ```
-
-            **GitHub 自动关闭 Issue 的关键字**：
-            - `close #123` / `closes #123` / `fix #123` / `fixes #123` / `resolve #123` / `resolves #123`
-            - 可用于 commit message 或 PR 描述中，推荐两处都写
-            - PR 合并到 dev 后，相关 Issue 会自动关闭
-
-            ## 对于 PR 事件（opened, synchronize, edited）：
-            1. **代码审查**：
-               - 分析代码质量、潜在 bug、安全问题、性能问题
-               - 使用 `mcp__github_inline_comment__create_inline_comment` 添加行内评论
-               - 使用 `gh pr comment` 添加总体评论
-
-            2. **自动标签**：
-               - 分析 PR 内容，使用 `gh pr edit --add-label` 添加适当标签
-               - 标签类型：bug, enhancement, documentation, breaking-change, needs-review
-               - 优先级：priority-high, priority-medium, priority-low
-
-            3. **代码修复**（如果需要且用户明确请求）：
-               - **严格遵循标准 Git 工作流**（见上方）
-               - 创建新分支：`git checkout -b fix/pr-<number>-<description>`
-               - 修改代码并提交：`git add . && git commit -m "fix: ..."`
-               - 推送分支：`git push origin <branch-name>`
-               - 创建 PR 到 dev：`gh pr create --base dev --title "..." --body "..."`
-               - **禁止**：直接提交到当前分支、直接推送到 main、创建指向 main 的 PR
-
-            ## 对于 Issue 事件（opened, edited）：
-            1. **自动分类和标签**：
-               - 首先运行 `gh label list` 获取可用标签
-               - 分析 Issue 类型：bug, feature-request, question, documentation
-               - 评估优先级：P1 (critical), P2 (high), P3 (medium), P4 (low)
-               - 使用 `gh issue edit --add-label` 添加标签
-
-            2. **重复检测**：
-               - 使用 `gh search issues` 查找类似 Issue
-               - 如果发现重复，添加 duplicate 标签并评论说明
-
-            3. **自动回复**：
-               - 对于问题类 Issue，提供详细解答
-               - 对于 bug 报告，确认问题并提供临时解决方案
-               - 对于功能请求，评估可行性并提供建议
-
-            4. **代码修复**（如果用户明确请求）：
-               - **严格遵循标准 Git 工作流**
-               - 创建分支：`git checkout -b fix/issue-<number>-<description>`
-               - **关键**：commit message 必须包含 `close #<issue-number>`
-               - PR body 也要包含关闭关键字
-               - 示例：`gh pr create --base dev --title "Fix #123: ..." --body "Close #123\n\n修复了..."`
-
-            ## 对于评论事件（@ 提及）：
-            1. **智能响应**：
-               - 回答用户问题
-               - 提供代码示例
-               - 解释技术细节
-               - 如果需要修复代码，**严格遵循标准 Git 工作流**：
-                 * 创建新分支（不要直接修改当前分支）
-                 * **如果是 Issue 评论**：commit message 必须包含 `close #<issue-number>`
-                 * **如果是 PR 评论**：正常的 commit message 即可
-                 * 提交代码后推送到远程
-                 * 创建 PR 到 dev 分支（必须使用 `--base dev`）
-                 * Issue 场景示例：`gh pr create --base dev --title "Fix #123: ..." --body "Close #123\n\n..."`
-                 * 永远不要直接提交到 main 或创建指向 main 的 PR
-
-            2. **上下文理解**：
-               - 阅读完整的对话历史
-               - 理解 PR/Issue 的完整上下文
-               - 提供针对性的建议
-
-            ## 工具使用指南：
-            - 标签管理：`gh issue edit <number> --add-label "label1,label2"`
-            - PR 标签：`gh pr edit <number> --add-label "label1,label2"`
-            - 评论：`gh issue comment <number> --body "content"` 或 `gh pr comment <number> --body "content"`
-            - 搜索：`gh search issues "keywords" --limit 5`
-            - 查看详情：`gh issue view <number>` 或 `gh pr view <number>`
-
-            ## 重要原则：
-            - **分支管理铁律**：所有代码变更必须通过新分支 → PR 到 dev，禁止直接操作 main（除非 PR 的发起分支是 dev）
-            - 始终保持专业和友好的语气
-            - 提供可操作的建议
-            - 如果不确定，说明不确定的原因
-            - 自动化操作（标签、分类）不需要评论说明，静默执行
-            - 只在需要与用户交互时才发表评论
-            - **所有 PR 必须指向 dev 分支**（除非 PR 的发起分支是 dev），使用 `gh pr create --base dev`
-
-          # Claude 配置参数
-          claude_args: |
-            --max-turns 999
-            --allowedTools "Read,Write,Edit,Bash(gh:*),Bash(git:*),Bash(npm:*),Bash(bun:*),Bash(yarn:*),mcp__github_inline_comment__create_inline_comment"
-
-          # 其他配置
-          use_commit_signing: true
-          # 禁用进度追踪
-          track_progress: false

.github/workflows/claude-ci-autofix.yml

@@ -1,32 +1,24 @@
 name: Claude CI Auto-Fix
 
-# 当 CI 失败时自动触发修复
 on:
   workflow_run:
-    # 监听本项目的真实 CI Workflow 名称
-    workflows: ["Non-Main Branch CI/CD", "Auto Release Pipeline", "PR Build Check"]
-    types:
-      - completed
-
-permissions:
-  contents: write # 创建分支和提交代码
-  pull-requests: write # 创建修复 PR
-  actions: read # 读取 CI 日志
-  issues: write # 评论通知
-  id-token: write # OIDC 认证
+    workflows: ["PR Build Check", "Non-Main Branch CI/CD"]
+    types: [completed]
 
 jobs:
   auto-fix:
-    # 触发条件：
-    # 1. CI 失败
-    # 2. 不是 Claude 自己创建的修复分支（避免循环）
-    # 注意：不再强制要求 PR，可以修复任何分支的 CI 失败
+    # Only run on failure, skip Claude's own fix branches
     if: |
       github.event.workflow_run.conclusion == 'failure' &&
-      !startsWith(github.event.workflow_run.head_branch, 'claude-ci-fix-')
-
+      !startsWith(github.event.workflow_run.head_branch, 'claude-fix-')
     runs-on: ubuntu-latest
     timeout-minutes: 15
+    permissions:
+      contents: write
+      pull-requests: write
+      actions: read
+      issues: write
+      id-token: write
 
     steps:
       - name: Checkout code
@@ -40,24 +32,20 @@ jobs:
         uses: actions/github-script@v7
         with:
           script: |
-            // 获取失败的 Workflow Run 详情
             const run = await github.rest.actions.getWorkflowRun({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: ${{ github.event.workflow_run.id }}
             });
 
-            // 获取所有 Jobs
             const jobs = await github.rest.actions.listJobsForWorkflowRun({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: ${{ github.event.workflow_run.id }}
             });
 
-            // 筛选失败的 Jobs
             const failedJobs = jobs.data.jobs.filter(job => job.conclusion === 'failure');
 
-            // 获取失败 Jobs 的日志
             let errorLogs = [];
             for (const job of failedJobs) {
               try {
@@ -66,11 +54,8 @@ jobs:
                   repo: context.repo.repo,
                   job_id: job.id
                 });
-
-                // 提取最后 5000 行日志（避免过长）
                 const logLines = logs.data.split('\n');
-                const relevantLogs = logLines.slice(-5000).join('\n');
-
+                const relevantLogs = logLines.slice(-3000).join('\n');
                 errorLogs.push({
                   jobName: job.name,
                   logs: relevantLogs
@@ -93,7 +78,7 @@ jobs:
               headBranch: '${{ github.event.workflow_run.head_branch }}'
             };
 
-      - name: Fix CI failures with Claude
+      - name: Run Claude Code for CI Fix
         uses: anthropics/claude-code-action@v1
         env:
           ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
@@ -101,87 +86,77 @@ jobs:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
 
           prompt: |
-            REPO: ${{ github.repository }}
-            CI WORKFLOW: ${{ fromJSON(steps.failure_details.outputs.result).workflowName }}
-            FAILED RUN: ${{ fromJSON(steps.failure_details.outputs.result).runUrl }}
-            HAS PR: ${{ fromJSON(steps.failure_details.outputs.result).hasPR }}
-            PR NUMBER: ${{ fromJSON(steps.failure_details.outputs.result).prNumber }}
-            BRANCH: ${{ fromJSON(steps.failure_details.outputs.result).headBranch }}
-            FAILED JOBS: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs, ', ') }}
-
-            ## 任务：自动修复 CI 失败
+            You are a CI failure auto-fixer for the repository ${{ github.repository }}.
 
-            CI 构建失败了，请分析错误日志并尝试自动修复。
+            Context:
+            - Workflow: ${{ fromJSON(steps.failure_details.outputs.result).workflowName }}
+            - Failed run: ${{ fromJSON(steps.failure_details.outputs.result).runUrl }}
+            - Branch: ${{ fromJSON(steps.failure_details.outputs.result).headBranch }}
+            - Has PR: ${{ fromJSON(steps.failure_details.outputs.result).hasPR }}
+            - PR Number: ${{ fromJSON(steps.failure_details.outputs.result).prNumber }}
+            - Failed jobs: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs, ', ') }}
 
-            ### 错误日志：
+            Error logs:
             ```
             ${{ toJSON(fromJSON(steps.failure_details.outputs.result).errorLogs) }}
             ```
 
-            ### 修复策略：
+            Task: Analyze and fix the CI failure.
 
-            1. **分析错误类型**：
-               - ESLint/Prettier 错误 → 运行 `npm run lint:fix` 或 `bun run lint:fix`
-               - TypeScript 类型错误 → 修复类型定义
-               - 测试失败 → 分析并修复测试或代码
-               - 构建失败 → 检查依赖和配置
+            ## Instructions:
 
-            2. **执行修复**：
-               - 使用 Read 工具查看相关文件
-               - 使用 Edit 工具修复问题
-               - 如果是格式化问题，运行相应的 lint/format 命令
-               - 使用 Bash(npm:*) 或 Bash(bun:*) 运行修复命令
+            1. **Analyze the error logs** to identify:
+               - ESLint/Prettier errors → Run `bun run lint:fix` or `bun run format`
+               - TypeScript errors → Fix type definitions
+               - Test failures → Fix tests or code
+               - Build errors → Check dependencies and config
 
-            3. **验证修复**：
-               - 如果可能，运行相关的测试或 lint 命令验证修复
-               - 确保修复不会引入新问题
+            2. **Apply fixes**:
+               - Use Read tool to examine files
+               - Use Edit tool to fix issues
+               - Run fix commands if applicable
 
-            4. **提交修复**（根据场景选择）：
+            3. **Verify fixes**:
+               - Run `bun run typecheck` for type errors
+               - Run `bun run lint` for lint errors
 
-            **场景 A - 有关联 PR (HAS PR = true)**:
-               - 创建新分支：`claude-ci-fix-pr-${{ fromJSON(steps.failure_details.outputs.result).prNumber }}-${{ github.run_id }}`
-               - 提交修复：`git add . && git commit -m "fix: auto-fix CI failures in ${{ fromJSON(steps.failure_details.outputs.result).workflowName }}"`
-               - 推送分支：`git push origin <branch-name>`
-               - 使用 `gh pr create --base ${{ fromJSON(steps.failure_details.outputs.result).headBranch }}` 创建 PR，指向原始分支
-               - PR 描述使用下面的模板 A
+            4. **Commit and push**:
 
-            **场景 B - 无关联 PR (HAS PR = false)**:
-               - 直接在当前分支 `${{ fromJSON(steps.failure_details.outputs.result).headBranch }}` 上修复
-               - 提交修复：`git add . && git commit -m "fix: auto-fix CI failures in ${{ fromJSON(steps.failure_details.outputs.result).workflowName }} "`
-               - 推送：`git push origin ${{ fromJSON(steps.failure_details.outputs.result).headBranch }}`
-               - **不需要创建 PR**
+               **If has PR (hasPR = true)**:
+               ```bash
+               git checkout -b claude-fix-pr-${{ fromJSON(steps.failure_details.outputs.result).prNumber }}-${{ github.run_id }}
+               git add .
+               git commit -m "fix: auto-fix CI failures in ${{ fromJSON(steps.failure_details.outputs.result).workflowName }}"
+               git push origin claude-fix-pr-${{ fromJSON(steps.failure_details.outputs.result).prNumber }}-${{ github.run_id }}
 
-            5. **PR 描述模板 A (仅场景 A 使用)**：
-               ```
-               ## 🤖 自动修复 CI 失败
-
-               此 PR 由 Claude AI 自动创建，用于修复 CI 失败。
+               # Create PR to the original branch
+               gh pr create \
+                 --base ${{ fromJSON(steps.failure_details.outputs.result).headBranch }} \
+                 --title "🤖 Auto-fix CI failures for PR #${{ fromJSON(steps.failure_details.outputs.result).prNumber }}" \
+                 --body "## Auto-fix CI Failures
 
-               **原始 PR**: #${{ fromJSON(steps.failure_details.outputs.result).prNumber }}
-               **失败的 CI**: [${{ fromJSON(steps.failure_details.outputs.result).workflowName }}](${{ fromJSON(steps.failure_details.outputs.result).runUrl }})
-               **失败的 Jobs**: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs, ', ') }}
+               Original PR: #${{ fromJSON(steps.failure_details.outputs.result).prNumber }}
+               Failed CI: [${{ fromJSON(steps.failure_details.outputs.result).workflowName }}](${{ fromJSON(steps.failure_details.outputs.result).runUrl }})
 
-               ### 修复内容：
-               [描述你做了什么修复]
-
-               ### 验证：
-               [说明如何验证修复是否有效]
+               ### Fixes Applied:
+               [Describe your fixes]
 
                ---
-               🤖 由 Claude Code 自动生成
+               🤖 *Auto-generated by Claude AI*"
                ```
 
-            ### 重要提示：
-            - 只修复明显且安全的问题（lint、格式化、简单类型错误）
-            - 如果错误复杂或需要业务逻辑判断，在 PR 中说明无法自动修复（场景 A）或在 commit message 中说明（场景 B）
-            - 确保不会破坏现有功能
-            - 所有修复都应该是保守和安全的
-            - **场景 B 的 commit message 必须不能包含 [skip ci] 以再次触发 CI**
+               **If no PR (hasPR = false)**:
+               ```bash
+               git add .
+               git commit -m "fix: auto-fix CI failures in ${{ fromJSON(steps.failure_details.outputs.result).workflowName }}"
+               git push origin ${{ fromJSON(steps.failure_details.outputs.result).headBranch }}
+               ```
 
-          claude_args: |
-            --max-turns 999
-            --allowedTools "Read,Write,Edit,Bash(git:*),Bash(gh:*),Bash(npm:*),Bash(bun:*),Bash(yarn:*),Bash(npx:*)"
+            ## Important:
+            - Only fix obvious, safe issues (lint, format, simple type errors)
+            - Don't make changes that alter functionality
+            - If unsure, document what couldn't be fixed
+            - Don't include [skip ci] - let CI run again
 
+          claude_args: "--max-turns 999 --allowedTools Read,Write,Edit,Bash(gh:*),Bash(git:*),Bash(bun:*),Bash(npm:*)"
           use_commit_signing: true
-          # workflow_run 事件不支持 track_progress,禁用以确保正常执行
-          track_progress: false

.github/workflows/claude-dependency-review.yml

@@ -0,0 +1,110 @@
+name: Claude Dependency Review
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+      - 'bun.lockb'
+      - 'yarn.lock'
+      - 'pnpm-lock.yaml'
+
+jobs:
+  dependency-review:
+    # Skip bot actors
+    if: "!endsWith(github.actor, '[bot]')"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code for Dependency Review
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Allow external contributors (fork PRs) to trigger this workflow
+          allowed_non_write_users: "*"
+
+          prompt: |
+            You are a dependency reviewer for the repository ${{ github.repository }}.
+
+            Task: Review dependency changes in PR #${{ github.event.pull_request.number }}.
+
+            ## Instructions:
+
+            1. **Get dependency changes**:
+               ```bash
+               gh pr diff ${{ github.event.pull_request.number }} -- package.json
+               ```
+
+            2. **Identify changes**:
+               - New dependencies added
+               - Dependencies removed
+               - Version updates (major, minor, patch)
+               - Moved between dependencies/devDependencies
+
+            3. **For each new/updated dependency, check**:
+               - **Popularity**: Is it widely used?
+               - **Maintenance**: Recent commits? Active maintainers?
+               - **Security**: Known vulnerabilities?
+               - **License**: Compatible with project?
+               - **Size**: Bundle size impact?
+
+            4. **Analyze version changes**:
+               - **Major**: Check for breaking changes
+               - **Minor**: Review new features
+               - **Patch**: Usually safe, check changelog
+
+            5. **Post review**:
+               ```bash
+               gh pr comment ${{ github.event.pull_request.number }} --body "Your review"
+               ```
+
+            ## Review Format:
+            ```markdown
+            ## 📦 Dependency Review
+
+            ### New Dependencies
+            | Package | Version | Weekly Downloads | License | Notes |
+            |---------|---------|-----------------|---------|-------|
+            | pkg-name | 1.0.0 | 1M | MIT | [Assessment] |
+
+            ### Updated Dependencies
+            | Package | From | To | Change Type | Breaking? |
+            |---------|------|-----|------------|-----------|
+            | pkg-name | 1.0.0 | 2.0.0 | Major | ⚠️ Yes |
+
+            ### Removed Dependencies
+            - `pkg-name` - [Reason if apparent]
+
+            ### Recommendations
+            - [Any concerns or suggestions]
+
+            ### Security Notes
+            - [Known vulnerabilities or security considerations]
+
+            ---
+            🤖 *Dependency review by Claude AI*
+            ```
+
+            ## Guidelines:
+            - Flag major version bumps for review
+            - Note any packages with security advisories
+            - Suggest alternatives for problematic packages
+            - Check for duplicate functionality
+
+          claude_args: "--max-turns 999 --allowedTools Read,Bash(gh:*),Bash(cat:*)"
+          use_commit_signing: true

.github/workflows/claude-docs-review.yml

@@ -0,0 +1,122 @@
+name: Claude Docs Review
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+    paths:
+      - '**.md'
+      - 'docs/**'
+
+jobs:
+  docs-review:
+    # Skip bot actors
+    if: "!endsWith(github.actor, '[bot]')"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code for Docs Review
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Allow external contributors (fork PRs) to trigger this workflow
+          allowed_non_write_users: "*"
+
+          prompt: |
+            You are a documentation reviewer for the repository ${{ github.repository }}.
+
+            Task: Review documentation changes in PR #${{ github.event.pull_request.number }}.
+
+            ## Instructions:
+
+            1. **Get documentation changes**:
+               ```bash
+               gh pr diff ${{ github.event.pull_request.number }} -- '*.md'
+               gh pr view ${{ github.event.pull_request.number }} --json files --jq '.files[].path' | grep -E '\.(md)$'
+               ```
+
+            2. **Review each changed document for**:
+
+               **Content Quality**:
+               - Accuracy of technical information
+               - Completeness of explanations
+               - Logical flow and organization
+               - Appropriate level of detail
+
+               **Writing Style**:
+               - Clear and concise language
+               - Consistent terminology
+               - Proper grammar and spelling
+               - Active voice preferred
+
+               **Formatting**:
+               - Proper markdown syntax
+               - Consistent heading hierarchy
+               - Code blocks with language tags
+               - Working links
+
+               **Code Examples**:
+               - Syntactically correct
+               - Actually runnable
+               - Well commented
+               - Up to date with codebase
+
+            3. **Check for**:
+               - Broken links (internal and external)
+               - Outdated information
+               - Missing sections
+               - Inconsistency with existing docs
+
+            4. **Post review**:
+               ```bash
+               gh pr comment ${{ github.event.pull_request.number }} --body "Your review"
+               ```
+
+            ## Review Format:
+            ```markdown
+            ## 📝 Documentation Review
+
+            ### Files Reviewed
+            - `path/to/file.md`
+
+            ### Content Feedback
+            - [Specific feedback on content accuracy and completeness]
+
+            ### Style & Formatting
+            - [Feedback on writing style and markdown formatting]
+
+            ### Code Examples
+            - [Feedback on code snippets]
+
+            ### Suggestions
+            - [Improvement suggestions]
+
+            ### Issues
+            - [ ] [Issue 1 - needs fixing]
+            - [ ] [Issue 2 - needs fixing]
+
+            ---
+            🤖 *Documentation review by Claude AI*
+            ```
+
+            ## Guidelines:
+            - Be constructive and specific
+            - Suggest concrete improvements
+            - Check that examples actually work
+            - Verify links are not broken
+
+          claude_args: "--max-turns 999 --allowedTools Read,Grep,Bash(gh:*),Bash(cat:*)"
+          use_commit_signing: true

.github/workflows/claude-issue-auto-response.yml

@@ -0,0 +1,92 @@
+name: Claude Issue Auto Response
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  auto-response:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Run Claude Code for Issue Auto Response
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          prompt: |
+            You are a helpful assistant for the repository ${{ github.repository }}.
+
+            Task: Provide an initial helpful response to issue #${{ github.event.issue.number }}.
+
+            **IMPORTANT: This workflow provides HELP and GUIDANCE only. Do NOT create PRs or fix code automatically.**
+            If the user needs a code fix, guide them to request it by commenting "@claude please fix this".
+
+            ## Instructions:
+
+            1. **Read the issue**:
+               ```bash
+               gh issue view ${{ github.event.issue.number }}
+               ```
+
+            2. **Read the project documentation**:
+               ```bash
+               cat CLAUDE.md
+               cat README.md
+               ```
+
+            3. **Analyze the issue type and respond appropriately**:
+
+               **For Questions**:
+               - Search the codebase for relevant information
+               - Provide a helpful answer with code examples if applicable
+               - Link to relevant documentation
+               - Point to the relevant source files
+
+               **For Bug Reports**:
+               - Acknowledge the report
+               - Ask for additional information if needed (version, steps to reproduce, logs)
+               - Suggest temporary workarounds if known
+               - Identify potentially affected code and explain what might be wrong
+               - **Tell them**: "If you'd like me to create a fix, please comment `@claude please fix this`"
+
+               **For Feature Requests**:
+               - Acknowledge the request
+               - Briefly assess feasibility based on codebase knowledge
+               - Suggest implementation approach
+               - Point to related existing code
+               - **Tell them**: "If you'd like me to implement this, please comment `@claude please implement this`"
+
+            4. **Post your response**:
+               ```bash
+               gh issue comment ${{ github.event.issue.number }} --body "Your response here"
+               ```
+
+            ## Response Guidelines:
+            - Be friendly, professional, and helpful
+            - Keep responses concise but informative
+            - Use markdown formatting for readability
+            - Include code snippets to illustrate points (but don't create PRs)
+            - Always end with a clear next step
+            - If they need a fix, tell them to use @claude to request it
+            - Sign off with: "🤖 *This is an automated response from Claude AI*"
+
+            ## Do NOT:
+            - Create branches or PRs
+            - Commit any code changes
+            - Use Write or Edit tools
+            - Respond to spam, duplicates, or empty issues
+
+          claude_args: "--max-turns 999 --allowedTools Read,Bash(gh:*),Bash(cat:*),Bash(find:*),Grep"
+          use_commit_signing: true

.github/workflows/claude-issue-duplicate-check.yml

@@ -0,0 +1,82 @@
+name: Claude Issue Duplicate Check
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  check-duplicate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Run Claude Code for Duplicate Detection
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          prompt: |
+            You are a duplicate issue detector for the repository ${{ github.repository }}.
+
+            Task: Check if issue #${{ github.event.issue.number }} is a duplicate of an existing issue.
+
+            ## Instructions:
+
+            1. **Read the new issue**:
+               ```bash
+               gh issue view ${{ github.event.issue.number }}
+               ```
+
+            2. **Search for similar issues**:
+               - Extract key terms from the issue title and body
+               - Search using multiple queries:
+               ```bash
+               gh search issues "keyword1 keyword2" --repo ${{ github.repository }} --state open --limit 10
+               gh search issues "keyword3" --repo ${{ github.repository }} --state open --limit 10
+               ```
+
+            3. **Analyze potential duplicates**:
+               - For each candidate, read the full issue:
+               ```bash
+               gh issue view <number>
+               ```
+               - Compare the core problem being reported
+               - Consider if they describe the same root cause
+
+            4. **If duplicate found**:
+               - Add the "duplicate" label:
+               ```bash
+               gh issue edit ${{ github.event.issue.number }} --add-label "duplicate"
+               ```
+               - Post a comment linking to the original:
+               ```bash
+               gh issue comment ${{ github.event.issue.number }} --body "This issue appears to be a duplicate of #<original-number>. Please follow the discussion there.
+
+               If you believe this is not a duplicate, please explain the difference and we will reopen this issue."
+               ```
+               - Close the issue:
+               ```bash
+               gh issue close ${{ github.event.issue.number }}
+               ```
+
+            5. **If NOT a duplicate**:
+               - Do nothing - no comment needed
+
+            ## Important:
+            - Only mark as duplicate if you are confident (>80% similarity)
+            - Focus on the core problem, not just keywords
+            - Consider both open and recently closed issues
+            - Be helpful in your duplicate comment
+
+          claude_args: "--max-turns 999 --allowedTools Bash(gh:*)"
+          use_commit_signing: true

.github/workflows/claude-issue-oncall-triage.yml

@@ -0,0 +1,82 @@
+name: Claude Oncall Issue Triage
+
+on:
+  schedule:
+    # Run every 6 hours
+    - cron: '0 */6 * * *'
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  oncall-triage:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Run Claude Code for Oncall Triage
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          prompt: |
+            You are an oncall triage assistant for the repository ${{ github.repository }}.
+
+            Task: Identify critical blocking issues that require immediate oncall attention.
+
+            ## Instructions:
+
+            1. **Fetch recent open issues** (updated in the last 3 days):
+               ```bash
+               gh issue list --state open --json number,title,updatedAt,labels,comments --limit 50
+               ```
+
+            2. **For each issue, evaluate if it needs oncall attention**:
+               - Read the full issue and comments:
+               ```bash
+               gh issue view <number>
+               gh issue view <number> --comments
+               ```
+
+            3. **Oncall criteria** (ALL must be met):
+               a) **Is it a bug?** (has "bug" label or describes bug behavior)
+               b) **High engagement?** (5+ comments or reactions)
+               c) **Truly blocking?** Indicators:
+                  - "crash", "stuck", "frozen", "hang", "unresponsive"
+                  - "cannot use", "blocked", "broken", "down"
+                  - Prevents core functionality from working
+                  - No reasonable workaround exists
+
+            4. **For qualifying issues** (without "oncall" label):
+               - Add the "oncall" label:
+               ```bash
+               gh issue edit <number> --add-label "oncall"
+               ```
+               - Do NOT post any comments
+
+            5. **Do NOT apply oncall label if**:
+               - Issue already has "oncall" label
+               - Issue has "P4-low" or "wontfix" labels
+               - A workaround is mentioned and works
+               - It's a feature request, not a bug
+
+            ## Important:
+            - Be conservative - only flag truly critical blocking issues
+            - Do NOT post any comments to issues
+            - Do NOT remove existing labels
+            - Your only action should be to add the "oncall" label
+
+            ## Summary:
+            After processing, provide a summary:
+            - Total issues evaluated
+            - Issues that received "oncall" label (with numbers and brief reasons)
+            - Close calls that almost qualified but didn't
+
+          claude_args: "--max-turns 999 --allowedTools Bash(gh:*)"
+          use_commit_signing: true

.github/workflows/claude-issue-stale-cleanup.yml

@@ -0,0 +1,85 @@
+name: Claude Issue Stale Cleanup
+
+on:
+  schedule:
+    # Run every day at 00:00 UTC
+    - cron: '0 0 * * *'
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  stale-cleanup:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Run Claude Code for Stale Issue Cleanup
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          prompt: |
+            You are a stale issue cleanup assistant for the repository ${{ github.repository }}.
+
+            Task: Identify and manage stale issues that have had no activity.
+
+            ## Instructions:
+
+            1. **Find stale issues** (no activity for 30+ days):
+               ```bash
+               gh issue list --state open --json number,title,updatedAt,labels --limit 100
+               ```
+
+            2. **For each potentially stale issue**:
+               - Check if it already has a "stale" label
+               - Check the last activity date
+               - Read the issue to understand its importance
+
+            3. **Stale issue handling** (no activity for 30 days):
+               - Add "stale" label:
+               ```bash
+               gh issue edit <number> --add-label "stale"
+               ```
+               - Post a warning comment:
+               ```bash
+               gh issue comment <number> --body "This issue has been automatically marked as stale because it has not had any activity in the last 30 days.
+
+               If this issue is still relevant:
+               - Please comment to keep it open
+               - Add any new information that might help resolve it
+
+               This issue will be automatically closed in 14 days if there is no further activity."
+               ```
+
+            4. **Very stale issue handling** (stale label + no activity for 14 more days):
+               - Close the issue:
+               ```bash
+               gh issue close <number>
+               ```
+               - Post a closing comment:
+               ```bash
+               gh issue comment <number> --body "This issue has been automatically closed due to inactivity.
+
+               If you believe this issue is still relevant, please feel free to reopen it with additional information."
+               ```
+
+            5. **Exceptions - Do NOT mark as stale**:
+               - Issues with "P1-critical" or "P2-high" labels
+               - Issues with "pinned" or "keep-open" labels
+               - Issues with recent commits referencing them
+
+            ## Summary:
+            After processing, provide a summary:
+            - Number of issues marked as stale
+            - Number of issues closed
+            - List of affected issue numbers
+
+          claude_args: "--max-turns 999 --allowedTools Bash(gh:*)"
+          use_commit_signing: true

.github/workflows/claude-issue-triage.yml

@@ -0,0 +1,66 @@
+name: Claude Issue Triage
+
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  triage-issue:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Run Claude Code for Issue Triage
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          prompt: |
+            You are an issue triage assistant for the repository ${{ github.repository }}.
+
+            Task: Analyze and label the newly opened issue #${{ github.event.issue.number }}.
+
+            ## Instructions:
+
+            1. **Read the issue** using `gh issue view ${{ github.event.issue.number }}`
+
+            2. **Fetch available labels** using `gh label list`
+
+            3. **Analyze the issue** and determine:
+               - **Type**: bug, feature-request, question, documentation, enhancement
+               - **Priority**: P1 (critical), P2 (high), P3 (medium), P4 (low)
+               - **Component**: api, ui, database, auth, proxy, etc.
+
+            4. **Apply labels** using `gh issue edit ${{ github.event.issue.number }} --add-label "label1,label2"`
+
+            ## Label Guidelines:
+
+            - **bug**: Issue describes unexpected behavior or errors
+            - **feature-request**: Issue requests new functionality
+            - **question**: Issue asks for help or clarification
+            - **documentation**: Issue relates to docs improvement
+            - **enhancement**: Issue suggests improvement to existing feature
+
+            - **P1-critical**: System down, data loss, security vulnerability
+            - **P2-high**: Major feature broken, no workaround
+            - **P3-medium**: Feature partially broken, workaround exists
+            - **P4-low**: Minor issue, cosmetic problems
+
+            ## Important:
+            - Do NOT post any comments - only apply labels
+            - Be conservative with priority labels
+            - Apply at most 3-4 labels total
+            - If unsure about a label, don't apply it
+
+          claude_args: "--max-turns 999 --allowedTools Bash(gh:*)"
+          use_commit_signing: true

.github/workflows/claude-mention-responder.yml

@@ -0,0 +1,126 @@
+name: Claude Mention Responder
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  mention-responder:
+    # Only respond to @claude mentions, skip bot comments
+    if: |
+      contains(github.event.comment.body, '@claude') &&
+      !endsWith(github.actor, '[bot]')
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Run Claude Code for Mention Response
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          trigger_phrase: "@claude"
+
+          prompt: |
+            You are an AI assistant for the repository ${{ github.repository }}.
+
+            Context:
+            - Event: ${{ github.event_name }}
+            - Actor: ${{ github.actor }}
+            - Comment: ${{ github.event.comment.body }}
+
+            Task: Respond to the @claude mention with helpful assistance.
+
+            ## Instructions:
+
+            1. **Understand the context**:
+               - For issue comments: `gh issue view ${{ github.event.issue.number }}`
+               - For PR comments: `gh pr view ${{ github.event.pull_request.number || github.event.issue.number }}`
+               - Read all previous comments to understand the conversation
+
+            2. **Determine the appropriate response type**:
+               
+               **Provide HELP (default) when**:
+               - User asks a question about how something works
+               - User needs explanation or documentation
+               - User asks for suggestions or recommendations
+               - Issue is about configuration, usage, or understanding
+               - The request is vague or unclear
+               
+               **Provide CODE FIX only when**:
+               - User EXPLICITLY requests a fix (e.g., "please fix", "can you implement", "help me fix")
+               - Issue clearly describes a bug with reproduction steps
+               - User asks to "create a PR" or "submit a fix"
+               - The fix is straightforward and well-defined
+
+               **When in doubt, provide help first and ask if they want a code fix.**
+
+            3. **For HELP responses** (most common):
+               - Search the codebase to find relevant information
+               - Provide clear explanations with code examples
+               - Point to relevant files and documentation
+               - Suggest solutions without implementing them
+               - Ask clarifying questions if needed
+
+            4. **For CODE FIX requests** (only when explicitly requested):
+               
+               **CRITICAL: Branch Strategy**
+               ```bash
+               # ALWAYS start from dev branch (NEVER from main)
+               git fetch origin dev
+               git checkout -b fix/issue-${{ github.event.issue.number }}-description origin/dev
+
+               # Make your changes using Edit tool
+
+               # Commit with proper message (include closing keyword for issues)
+               git add .
+               git commit -m "fix: description, close #${{ github.event.issue.number }}"
+
+               # Push the branch
+               git push origin fix/issue-${{ github.event.issue.number }}-description
+
+               # Create PR to dev (NEVER to main)
+               gh pr create --base dev --title "Fix #${{ github.event.issue.number }}: ..." --body "Close #${{ github.event.issue.number }}
+
+               ## Summary
+               [Description of the fix]
+
+               ## Changes
+               - [List of changes]
+               "
+               ```
+
+            5. **Post your response**:
+               - For issues: `gh issue comment ${{ github.event.issue.number }} --body "..."`
+               - For PRs: `gh pr comment ${{ github.event.issue.number }} --body "..."`
+
+            ## Response Guidelines:
+            - Default to providing help, not code fixes
+            - Be helpful, clear, and concise
+            - Include code examples when relevant
+            - Explain your reasoning
+            - If you provide a fix, explain what you changed and why
+            - Sign off with: "🤖 *Response from Claude AI*"
+
+            ## Git Workflow Rules (for code fixes only):
+            - ALWAYS create branches from `origin/dev`, NEVER from main
+            - ALWAYS create PRs targeting `dev` branch
+            - NEVER commit directly to main or dev
+            - Include closing keywords for issues in commit messages
+            - Use descriptive branch names: `fix/issue-NUMBER-description`
+
+          claude_args: "--max-turns 999 --allowedTools Read,Write,Edit,Grep,Glob,Bash(gh:*),Bash(git:*),Bash(cat:*),Bash(find:*)"
+          use_commit_signing: true

.github/workflows/claude-pr-changelog.yml

@@ -0,0 +1,102 @@
+name: Claude PR Changelog
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  pr-changelog:
+    # Only run when PR is merged
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.base.ref }}
+
+      - name: Run Claude Code for Changelog Generation
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          prompt: |
+            You are a changelog generator for the repository ${{ github.repository }}.
+
+            Task: Update CHANGELOG.md with entry for merged PR #${{ github.event.pull_request.number }}.
+
+            ## Instructions:
+
+            1. **Get PR information**:
+               ```bash
+               gh pr view ${{ github.event.pull_request.number }} --json title,body,labels,author
+               ```
+
+            2. **Read current changelog**:
+               ```bash
+               cat CHANGELOG.md 2>/dev/null || echo "# Changelog"
+               ```
+
+            3. **Determine change category** based on PR labels:
+               - `feature` → **Added**
+               - `enhancement` → **Changed**
+               - `bug` → **Fixed**
+               - `documentation` → **Documentation**
+               - `refactor` → **Refactored**
+               - `breaking-change` → **Breaking Changes**
+               - `chore` → **Maintenance**
+               - Default → **Changed**
+
+            4. **Generate changelog entry**:
+               Format: `- [Category] Brief description (#PR_NUMBER) @author`
+
+            5. **Update CHANGELOG.md**:
+               - If there's an "Unreleased" section, add the entry there
+               - If not, create one at the top
+               - Keep existing entries intact
+
+            6. **Commit the change**:
+               ```bash
+               git config user.name "github-actions[bot]"
+               git config user.email "github-actions[bot]@users.noreply.github.com"
+               git add CHANGELOG.md
+               git commit -m "docs: update changelog for PR #${{ github.event.pull_request.number }}"
+               git push
+               ```
+
+            ## Changelog Format:
+            ```markdown
+            # Changelog
+
+            ## [Unreleased]
+
+            ### Added
+            - New feature description (#123) @username
+
+            ### Changed
+            - Enhancement description (#124) @username
+
+            ### Fixed
+            - Bug fix description (#125) @username
+
+            ## [1.0.0] - 2024-01-01
+            ...
+            ```
+
+            ## Guidelines:
+            - Keep entries concise (one line)
+            - Use present tense ("Add" not "Added")
+            - Include PR number and author
+            - Don't duplicate existing entries
+            - Skip PRs with "skip-changelog" label
+
+          claude_args: "--max-turns 999 --allowedTools Read,Write,Edit,Bash(gh:*),Bash(git:*),Bash(cat:*)"
+          use_commit_signing: true

.github/workflows/claude-pr-description.yml

@@ -0,0 +1,103 @@
+name: Claude PR Description
+
+on:
+  pull_request_target:
+    types: [opened]
+
+jobs:
+  pr-description:
+    # Skip bot actors
+    if: "!endsWith(github.actor, '[bot]')"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: false
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code for PR Description Enhancement
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Allow external contributors (fork PRs) to trigger this workflow
+          allowed_non_write_users: "*"
+
+          prompt: |
+            You are a PR description enhancer for the repository ${{ github.repository }}.
+
+            Task: Enhance or generate a comprehensive description for PR #${{ github.event.pull_request.number }}.
+
+            ## Instructions:
+
+            1. **Get PR information**:
+               ```bash
+               gh pr view ${{ github.event.pull_request.number }} --json title,body
+               gh pr diff ${{ github.event.pull_request.number }}
+               ```
+
+            2. **Check if description needs enhancement**:
+               - If body is empty or very short (< 50 chars): Generate full description
+               - If body exists but missing sections: Add missing sections
+               - If body is comprehensive: Do nothing
+
+            3. **Analyze the changes**:
+               - What problem does this solve?
+               - What approach was taken?
+               - What files were changed and why?
+               - Are there any breaking changes?
+               - What testing was done?
+
+            4. **Generate/enhance description** using template:
+               ```markdown
+               ## Summary
+               [Brief description of what this PR does]
+
+               ## Problem
+               [What problem does this solve?]
+
+               ## Solution
+               [How does this PR solve the problem?]
+
+               ## Changes
+               - [List of key changes]
+
+               ## Testing
+               - [ ] Unit tests added/updated
+               - [ ] Manual testing performed
+               - [ ] No breaking changes
+
+               ## Screenshots (if applicable)
+               [Add screenshots for UI changes]
+
+               ## Related Issues
+               Closes #[issue_number] (if applicable)
+               ```
+
+            5. **Update PR description**:
+               ```bash
+               gh pr edit ${{ github.event.pull_request.number }} --body "New description"
+               ```
+
+            ## Guidelines:
+            - Don't overwrite good existing content
+            - Keep technical details accurate based on diff
+            - Be concise but comprehensive
+            - Detect linked issues from branch name or commits
+
+            ## Skip if:
+            - Description already follows template
+            - Description is already comprehensive (> 200 chars with clear structure)
+            - PR has "skip-description" label
+
+          claude_args: "--max-turns 999 --allowedTools Read,Bash(gh:*)"
+          use_commit_signing: true

.github/workflows/claude-pr-label.yml

@@ -0,0 +1,88 @@
+name: Claude PR Label
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+jobs:
+  pr-label:
+    # Skip bot actors
+    if: "!endsWith(github.actor, '[bot]')"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code for PR Labeling
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Allow external contributors (fork PRs) to trigger this workflow
+          allowed_non_write_users: "*"
+
+          prompt: |
+            You are a PR labeling assistant for the repository ${{ github.repository }}.
+
+            Task: Analyze PR #${{ github.event.pull_request.number }} and apply appropriate labels.
+
+            ## Instructions:
+
+            1. **Get PR information**:
+               ```bash
+               gh pr view ${{ github.event.pull_request.number }}
+               gh pr diff ${{ github.event.pull_request.number }} --name-only
+               ```
+
+            2. **Fetch available labels**:
+               ```bash
+               gh label list
+               ```
+
+            3. **Analyze and determine labels**:
+
+               **By Change Type**:
+               - `bug` - Fixes a bug
+               - `enhancement` - Improves existing feature
+               - `feature` - Adds new functionality
+               - `documentation` - Only docs changes
+               - `refactor` - Code restructuring without behavior change
+               - `test` - Only test changes
+               - `chore` - Build, CI, dependencies
+
+               **By Component** (based on files changed):
+               - `api` - Changes in src/app/api or src/app/v1
+               - `ui` - Changes in src/app/(pages) or src/components
+               - `database` - Changes in src/drizzle or src/repository
+               - `auth` - Changes in authentication related files
+               - `proxy` - Changes in proxy related files
+
+               **By Impact**:
+               - `breaking-change` - Breaks backward compatibility
+               - `needs-migration` - Requires database migration
+               - `needs-review` - Complex changes requiring careful review
+
+            4. **Apply labels**:
+               ```bash
+               gh pr edit ${{ github.event.pull_request.number }} --add-label "label1,label2"
+               ```
+
+            ## Important:
+            - Do NOT post any comments - only apply labels
+            - Apply at most 4-5 labels total
+            - Be accurate - don't over-label
+            - Don't remove existing labels
+
+          claude_args: "--max-turns 999 --allowedTools Bash(gh:*)"
+          use_commit_signing: true

.github/workflows/claude-pr-review.yml

@@ -0,0 +1,105 @@
+name: Claude PR Review
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, ready_for_review]
+
+jobs:
+  pr-review:
+    # Skip draft PRs and bot actors
+    if: |
+      github.event.pull_request.draft == false &&
+      !endsWith(github.actor, '[bot]')
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code for PR Review
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Allow external contributors (fork PRs) to trigger this workflow
+          allowed_non_write_users: "*"
+
+          prompt: |
+            You are a code reviewer for the repository ${{ github.repository }}.
+
+            Task: Review PR #${{ github.event.pull_request.number }} and provide constructive feedback.
+
+            ## Instructions:
+
+            1. **Get PR information**:
+               ```bash
+               gh pr view ${{ github.event.pull_request.number }}
+               gh pr diff ${{ github.event.pull_request.number }}
+               ```
+
+            2. **Read project standards**:
+               ```bash
+               cat CLAUDE.md
+               ```
+
+            3. **Analyze the changes** for:
+               - **Code Quality**: Clean code, proper naming, no code smells
+               - **Logic Errors**: Bugs, edge cases, race conditions
+               - **Security**: SQL injection, XSS, CSRF, hardcoded secrets
+               - **Performance**: N+1 queries, memory leaks, inefficient algorithms
+               - **Type Safety**: TypeScript errors, missing types
+               - **Best Practices**: Error handling, logging, testing
+
+            4. **For specific issues**, use inline comments:
+               ```bash
+               gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/comments \
+                 -f body="Your comment" \
+                 -f commit_id="COMMIT_SHA" \
+                 -f path="file/path" \
+                 -f line=LINE_NUMBER \
+                 -f side="RIGHT"
+               ```
+
+            5. **Post a summary review**:
+               ```bash
+               gh pr review ${{ github.event.pull_request.number }} --comment --body "Your summary"
+               ```
+
+            ## Review Guidelines:
+            - Be constructive and specific
+            - Explain WHY something is an issue
+            - Suggest concrete fixes when possible
+            - Acknowledge good practices you see
+            - Prioritize: Security > Bugs > Performance > Style
+
+            ## Summary Format:
+            ```markdown
+            ## 🔍 Code Review Summary
+
+            ### ✅ Strengths
+            - [Good things about the PR]
+
+            ### ⚠️ Issues Found
+            - **Critical**: [Security/Bug issues]
+            - **Important**: [Performance/Logic issues]
+            - **Minor**: [Style/Readability issues]
+
+            ### 💡 Suggestions
+            - [Optional improvements]
+
+            ---
+            🤖 *Automated review by Claude AI*
+            ```
+
+          claude_args: "--max-turns 999 --allowedTools Read,Grep,Bash(gh:*),Bash(cat:*)"
+          use_commit_signing: true

.github/workflows/claude-pr-size-check.yml

@@ -0,0 +1,103 @@
+name: Claude PR Size Check
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+jobs:
+  pr-size-check:
+    # Skip bot actors
+    if: "!endsWith(github.actor, '[bot]')"
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code for PR Size Check
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Allow external contributors (fork PRs) to trigger this workflow
+          allowed_non_write_users: "*"
+
+          prompt: |
+            You are a PR size analyzer for the repository ${{ github.repository }}.
+
+            Task: Check if PR #${{ github.event.pull_request.number }} is appropriately sized and suggest splitting if needed.
+
+            ## Instructions:
+
+            1. **Get PR statistics**:
+               ```bash
+               gh pr view ${{ github.event.pull_request.number }} --json additions,deletions,changedFiles
+               gh pr diff ${{ github.event.pull_request.number }} --name-only
+               ```
+
+            2. **Analyze PR size**:
+               - Count total lines changed (additions + deletions)
+               - Count number of files changed
+               - Identify different concerns being addressed
+
+            3. **Size thresholds**:
+               - **XS**: < 50 lines, < 5 files
+               - **S**: < 200 lines, < 10 files
+               - **M**: < 500 lines, < 20 files
+               - **L**: < 1000 lines, < 30 files
+               - **XL**: > 1000 lines or > 30 files
+
+            4. **Apply size label**:
+               ```bash
+               gh pr edit ${{ github.event.pull_request.number }} --add-label "size/M"
+               ```
+
+            5. **For large PRs (L or XL)**, post a comment with splitting suggestions:
+               ```bash
+               gh pr comment ${{ github.event.pull_request.number }} --body "Your suggestion"
+               ```
+
+            ## Large PR Comment Template:
+            ```markdown
+            ## 📊 PR Size Analysis
+
+            This PR is **[SIZE]** with **X lines** changed across **Y files**.
+
+            Large PRs are harder to review and more likely to introduce bugs.
+
+            ### 🔀 Suggested Split:
+
+            Based on the changes, this PR could be split into:
+
+            1. **PR 1**: [Description] - [files]
+            2. **PR 2**: [Description] - [files]
+            3. **PR 3**: [Description] - [files]
+
+            ### Why Split?
+            - Easier to review
+            - Faster CI feedback
+            - Easier to revert if needed
+            - Better git history
+
+            ---
+            🤖 *Automated analysis by Claude AI*
+            ```
+
+            ## Important:
+            - For XS, S, M sizes: Only apply label, no comment needed
+            - For L, XL sizes: Apply label AND post splitting suggestion
+            - Identify logical boundaries for splitting (different features, different components)
+            - Don't count generated files (package-lock.json, etc.) in size calculation
+
+          claude_args: "--max-turns 999 --allowedTools Bash(gh:*)"
+          use_commit_signing: true

.github/workflows/claude-release-notes.yml

@@ -0,0 +1,113 @@
+name: Claude Release Notes
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  release-notes:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Run Claude Code for Release Notes
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          prompt: |
+            You are a release notes generator for the repository ${{ github.repository }}.
+
+            Task: Generate comprehensive release notes for release ${{ github.event.release.tag_name }}.
+
+            ## Instructions:
+
+            1. **Get release information**:
+               ```bash
+               gh release view ${{ github.event.release.tag_name }}
+               ```
+
+            2. **Get commits since last release**:
+               ```bash
+               # Find previous tag
+               git tag --sort=-version:refname | head -n 2
+
+               # Get commits between tags
+               git log PREVIOUS_TAG..${{ github.event.release.tag_name }} --oneline
+               ```
+
+            3. **Get merged PRs since last release**:
+               ```bash
+               gh pr list --state merged --base main --json number,title,labels,author --limit 100
+               ```
+
+            4. **Categorize changes**:
+               - 🚀 **Features**: New functionality
+               - 🐛 **Bug Fixes**: Fixed issues
+               - ⚡ **Performance**: Speed improvements
+               - 🔒 **Security**: Security fixes
+               - 📝 **Documentation**: Doc updates
+               - 🏗️ **Refactoring**: Code improvements
+               - 🔧 **Maintenance**: Chores, dependencies
+
+            5. **Generate release notes**:
+               ```bash
+               gh release edit ${{ github.event.release.tag_name }} --notes "Your notes"
+               ```
+
+            ## Release Notes Format:
+            ```markdown
+            ## What's Changed
+
+            ### 🚀 Features
+            - Feature description (#PR) @author
+
+            ### 🐛 Bug Fixes
+            - Fix description (#PR) @author
+
+            ### ⚡ Performance
+            - Improvement description (#PR) @author
+
+            ### 🔒 Security
+            - Security fix description (#PR) @author
+
+            ### 📝 Documentation
+            - Doc update description (#PR) @author
+
+            ### 🏗️ Refactoring
+            - Refactor description (#PR) @author
+
+            ### 🔧 Maintenance
+            - Chore description (#PR) @author
+
+            ## Breaking Changes
+            - [List any breaking changes with migration guide]
+
+            ## Contributors
+            @user1, @user2, @user3
+
+            ## Upgrade Guide
+            [If applicable, how to upgrade from previous version]
+
+            ---
+            **Full Changelog**: https://github.com/${{ github.repository }}/compare/PREVIOUS_TAG...${{ github.event.release.tag_name }}
+            ```
+
+            ## Guidelines:
+            - Include all significant changes
+            - Credit PR authors
+            - Highlight breaking changes prominently
+            - Include upgrade instructions if needed
+            - Link to relevant PRs and issues
+
+          claude_args: "--max-turns 999 --allowedTools Read,Bash(gh:*),Bash(git:*)"
+          use_commit_signing: true

.github/workflows/claude-review-responder.yml

@@ -0,0 +1,110 @@
+name: Claude PR Review Responder
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  review-responder:
+    # Respond to reviews requesting changes or asking questions
+    # Skip bot reviews to prevent infinite loops
+    if: |
+      !endsWith(github.event.review.user.login, '[bot]') &&
+      (github.event.review.state == 'changes_requested' ||
+       contains(github.event.review.body, '@claude'))
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: false
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Run Claude Code for Review Response
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+
+          prompt: |
+            You are a PR author assistant for the repository ${{ github.repository }}.
+
+            Context:
+            - PR: #${{ github.event.pull_request.number }}
+            - Review by: ${{ github.event.review.user.login }}
+            - Review state: ${{ github.event.review.state }}
+            - Review body: ${{ github.event.review.body }}
+
+            Task: Help address the PR review feedback.
+
+            ## Instructions:
+
+            1. **Read the PR and review**:
+               ```bash
+               gh pr view ${{ github.event.pull_request.number }}
+               gh pr view ${{ github.event.pull_request.number }} --comments
+               ```
+
+            2. **Understand the feedback**:
+               - What changes are requested?
+               - Are there specific questions to answer?
+               - What's the priority of each item?
+
+            3. **For change requests that you can address**:
+               ```bash
+               # You're already on the PR branch
+               # Make the requested changes using Edit tool
+
+               # Commit with descriptive message
+               git add .
+               git commit -m "fix: address review feedback - description"
+
+               # Push to update the PR
+               git push origin ${{ github.event.pull_request.head.ref }}
+               ```
+
+            4. **Post a response** to the review:
+               ```bash
+               gh pr comment ${{ github.event.pull_request.number }} --body "Your response"
+               ```
+
+            ## Response Template:
+            ```markdown
+            ## Addressing Review Feedback
+
+            @${{ github.event.review.user.login }} Thank you for the review!
+
+            ### Changes Made:
+            - ✅ [Change 1] - [commit description]
+            - ✅ [Change 2] - [commit description]
+
+            ### Responses:
+            - **[Question/Comment]**: [Your response]
+
+            ### Not Addressed (needs discussion):
+            - [Item] - [Reason why not addressed]
+
+            Please re-review when you have a chance.
+
+            ---
+            🤖 *Changes made by Claude AI*
+            ```
+
+            ## Guidelines:
+            - Only make changes you're confident about
+            - For complex or ambiguous requests, ask for clarification
+            - Don't make changes that alter the PR's intent
+            - Explain what you changed and why
+
+          claude_args: "--max-turns 999 --allowedTools Read,Write,Edit,Grep,Bash(gh:*),Bash(git:*)"
+          use_commit_signing: true

.github/workflows/claude-security-scan.yml

@@ -0,0 +1,134 @@
+name: Claude Security Scan
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+    paths:
+      - '**.ts'
+      - '**.tsx'
+      - '**.js'
+      - '**.jsx'
+
+jobs:
+  security-scan:
+    # Skip bot actors
+    if: "!endsWith(github.actor, '[bot]')"
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code for Security Scan
+        uses: anthropics/claude-code-action@v1
+        env:
+          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Allow external contributors (fork PRs) to trigger this workflow
+          allowed_non_write_users: "*"
+
+          prompt: |
+            You are a security analyst for the repository ${{ github.repository }}.
+
+            Task: Perform a security scan on PR #${{ github.event.pull_request.number }}.
+
+            ## Instructions:
+
+            1. **Get the changes**:
+               ```bash
+               gh pr diff ${{ github.event.pull_request.number }}
+               ```
+
+            2. **Scan for OWASP Top 10 vulnerabilities**:
+
+               - **Injection** (SQL, NoSQL, Command, LDAP)
+                 - Look for: string concatenation in queries, unsanitized input in commands
+                 - Safe: Parameterized queries, ORMs with proper escaping
+
+               - **Broken Authentication**
+                 - Look for: Hardcoded credentials, weak password policies, missing rate limiting
+                 - Safe: Environment variables, strong hashing, proper session management
+
+               - **Sensitive Data Exposure**
+                 - Look for: Logging sensitive data, unencrypted storage, exposed API keys
+                 - Safe: Proper encryption, masked logging, secrets management
+
+               - **XXE (XML External Entities)**
+                 - Look for: XML parsing without disabling external entities
+                 - Safe: Disabled external entities, JSON instead of XML
+
+               - **Broken Access Control**
+                 - Look for: Missing authorization checks, IDOR vulnerabilities
+                 - Safe: Proper permission checks, ownership validation
+
+               - **Security Misconfiguration**
+                 - Look for: Debug mode in production, default credentials, verbose errors
+                 - Safe: Proper environment config, minimal error disclosure
+
+               - **XSS (Cross-Site Scripting)**
+                 - Look for: dangerouslySetInnerHTML, unsanitized user input in DOM
+                 - Safe: Proper escaping, Content Security Policy
+
+               - **Insecure Deserialization**
+                 - Look for: JSON.parse on untrusted data without validation
+                 - Safe: Schema validation, type checking
+
+               - **Using Components with Known Vulnerabilities**
+                 - Look for: Outdated dependencies, known CVEs
+                 - Safe: Regular updates, security advisories
+
+               - **Insufficient Logging & Monitoring**
+                 - Look for: Missing audit logs, no error tracking
+                 - Safe: Comprehensive logging, monitoring setup
+
+            3. **Additional checks**:
+               - SSRF (Server-Side Request Forgery)
+               - Path traversal
+               - Race conditions
+               - Insecure randomness
+               - Missing input validation
+
+            4. **Report findings**:
+               ```bash
+               gh pr comment ${{ github.event.pull_request.number }} --body "Your report"
+               ```
+
+            ## Report Format:
+            ```markdown
+            ## 🔒 Security Scan Results
+
+            ### 🚨 Critical Issues
+            [Issues that must be fixed before merge]
+
+            ### ⚠️ Warnings
+            [Issues that should be addressed]
+
+            ### ℹ️ Informational
+            [Best practice suggestions]
+
+            ### ✅ Passed Checks
+            - [List of security aspects that look good]
+
+            ---
+            🤖 *Security scan by Claude AI*
+            ```
+
+            ## Guidelines:
+            - Be specific about file and line numbers
+            - Provide remediation suggestions
+            - Don't report false positives
+            - If no issues found, still post a clean report
+
+          claude_args: "--max-turns 999 --allowedTools Read,Grep,Bash(gh:*)"
+          use_commit_signing: true

.github/workflows/dev.yml

@@ -60,7 +60,7 @@ jobs:
           node-version: "20"
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@v1
+        uses: oven-sh/setup-bun@v2
         with:
           bun-version: '1.3.2'
 

.github/workflows/pr-check.yml

@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: 📦 Setup Bun
-        uses: oven-sh/setup-bun@v1
+        uses: oven-sh/setup-bun@v2
         with:
           bun-version: '1.3.2'
 
@@ -73,7 +73,7 @@ jobs:
             type=sha,prefix=pr-
 
       - name: 🏗️ Build Docker image (Test Only - No Push)
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./deploy/Dockerfile

.github/workflows/release.yml

@@ -136,7 +136,7 @@ jobs:
 
       - name: Setup Bun
         if: steps.check.outputs.needs_bump == 'true'
-        uses: oven-sh/setup-bun@v1
+        uses: oven-sh/setup-bun@v2
         with:
           bun-version: '1.3.2'
 
@@ -237,7 +237,7 @@ jobs:
 
       - name: Create GitHub Release
         if: steps.check.outputs.needs_bump == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           tag_name: ${{ steps.next_version.outputs.new_tag }}
           name: Release ${{ steps.next_version.outputs.new_version }}