ci(claude-review): shallow checkout + harden dispatch input + failure diagnostics

[umangyadav]

Summary

• Faster checkout — fetch-depth: 0 → depth-1 + on-demand deepen of both default branch and HEAD by SHA (avoids a full clone of a large repo). Same pattern applied in the prefetch step against baseRefName.
• Dispatch-input hardening — new Validate PR number step rejects ^[1-9][0-9]*$ failures (any whitespace, leading zeros, non-digits) before the value reaches a refspec or API call. Validated value is exported as a job output so post and cleanup see the same value across job boundaries; strict rejection also closes a concurrency.group race where whitespace variants of the same PR could land in different buckets.
• Failure diagnostics — new if: failure() step classifies the earliest failed step and writes retry guidance to the Step Summary. Symmetric diagnostic in cleanup surfaces the "label is stuck" condition with the exact recovery command.
• Action SHAs bumped to Node-24-compatible pins (checkout, upload/download-artifact).
• Sanitizer-tests workflow: sparse-checkout .github/scripts (enables partial clone, no source tree).
• Docs (CLAUDE_AUTO_REVIEW.md): §8 step table refreshed; new §8.2 documents the failure-mode classification and the rationale for diagnostic-only (no programmatic retry).

Test plan

• Self-trigger by re-labeling this PR with claude-review once merged to confirm the label path still works end-to-end.
• Dry-runs (local): all 25 PR-validate edge cases route correctly; both deepen and prefetch resolve merge-base on near- and far-base PR shapes; diagnostic classifies each of the 11 step-failure modes to the expected mode label.
• CI: premerge clang-format / lint / sanitizer-fixture suite must stay green.

Made with Cursor

[rocmlir-pr-reviewer]

⚠️ This PR modifies the Claude-review CI security perimeter

The following files in this PR control whether and how the
claude-review workflow protects its LLM Gateway secrets at
runtime (see .github/workflows/CLAUDE_AUTO_REVIEW.md):

• .github/workflows/CLAUDE_AUTO_REVIEW.md
• .github/workflows/claude_auto_review.yml
• .github/workflows/claude_auto_review_sanitizer_tests.yml

Before applying the claude-review label on this PR, please:

1. Audit the diff in these paths line-by-line. A malicious or
   accidental change could disable the --allowedTools
   restriction, the overlay step, the sanitizer, or the
   review/post job split -- any of which would expose the
   secrets in env to the PR-modified workflow.
2. If the changes are legitimate and you want a Claude review,
   do NOT apply the claude-review label. Instead, run via
   Actions → Claude Auto Review → Run workflow and enter
   this PR's number. The dispatch path runs from the trusted,
   code-owner-approved version of the workflow on
   develop, so a malicious PR-side
   modification cannot affect the run.

(This banner is automated. The modifies-ci-paths label
will be removed automatically if a future push removes the
perimeter modifications. The Layer-3 in-workflow guard will
additionally fail the claude-review label-triggered run
on this PR if the label is applied while perimeter changes
are present.)

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[rocmlir-pr-reviewer]

Verdict: APPROVE -- submitted as COMMENT (automated reviews are advisory)  ·  Findings: 0 (0 Critical, 0 Major, 0 Minor)

---

Scope

CI-only change to the claude-review pipeline. Three files:

• .github/workflows/claude_auto_review.yml — depth-1 checkout + on-demand deepen of both default branch and HEAD SHA; strict-regex pr-validate step exported as job output; if: failure() diagnostic step in both review and cleanup jobs; action SHAs bumped to v6/v7 (Node-24 compatible).
• .github/workflows/claude_auto_review_sanitizer_tests.yml — sparse-checkout .github/scripts (partial clone).
• .github/workflows/CLAUDE_AUTO_REVIEW.md — refreshed §8 step table; new §8.2 failure-classification subsection.

Findings

No blocking issues found.

Notes

• Step-id wiring in the diagnostic block all resolves: pr-validate, checkout, deepen, perimeter-block, snapshot, overlay, app-token, prefetch, claude-code, materialize, sanitize each have matching id: declarations.
• The doc cross-reference [§8.2](#82-failure-handling) targets the pre-existing ### 8.2 Failure handling heading; correct anchor.
• concurrency.group deliberately stays on raw inputs.pr_number (Actions expressions have no trim); the strict ^[1-9][0-9]*$ regex in pr-validate is what guarantees only the canonical form ever produces a real run, so distinct buckets for the same PR cannot occur.
• cleanup's PR_NUMBER: ${{ needs.review.outputs.pr_number || env.PR_NUMBER }} fallback is safe: the cleanup job's if: restricts it to the pull_request label path, where env.PR_NUMBER is the typed event integer (never the unvalidated dispatch input).
• The deepen step fetches both $DEFAULT_BRANCH (by name) and $HEAD_SHA (by SHA) because actions/checkout with fetch-depth: 1 leaves HEAD as a grafted root with no local parents; deepening only the default branch would never un-shallow HEAD and merge-base would stay empty. The 50 + 10×500 = ~5050-commit cap then hard-fails rather than letting the perimeter gate fail-open on an empty three-dot diff. Correct, and the same pattern is reused (correctly) in prefetch for the PR's actual baseRefName.
• Sanitizer-tests workflow's sparse-checkout: .github/scripts covers everything the suite touches (sanitize_claude_actions.sh, secret_patterns.sh, tests/test_sanitize.sh and its fixtures all live under that path). Pre-merge sanitizer-fixture-suite check is green.

CI status

All four pre-merge checks pass (Python performance script tests, Python format and lint checks, sanitizer-fixture-suite, detect). No failed or cancelled checks.