wylab/claude-hub
1
0
Fork 0
forked from claude-did-this/claude-hub
Code Issues 1 Pull Requests Activity
Files
main
claude-hub/docs/complete-workflow.md
Jonathan Flatt fdf255cbec feat: remove JavaScript files replaced by TypeScript equivalents 
- Remove 11 JavaScript source files that have been migrated to TypeScript
- Update package.json scripts to reference TypeScript files
- Update documentation and scripts to reference .ts instead of .js
- Keep JavaScript files without TypeScript equivalents (chatbot-related)

This completes the TypeScript migration for core application files while
maintaining backward compatibility for components not yet migrated.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-28 15:01:03 +00:00

275 lines
6.5 KiB
Markdown
Raw Permalink Blame History

# Complete Claude GitHub Webhook Workflow
This document provides a comprehensive overview of the entire workflow from GitHub webhook reception to Claude execution and response.
## Architecture Overview
```
GitHub → Webhook Service → Docker Container → Claude API
↓ ↓
←←←←←← GitHub API ←←←←←←←←←←←←←←←←←
```
## Detailed Workflow
### 1. GitHub Webhook Reception
**Endpoint**: `POST /api/webhooks/github`
**Handler**: `src/index.ts:38`
1. GitHub sends webhook event to the service
2. Express middleware captures raw body for signature verification
3. Request is passed to the GitHub controller
### 2. Webhook Verification & Processing
**Controller**: `src/controllers/githubController.ts`
**Method**: `handleWebhook()`
1. Verifies webhook signature using `GITHUB_WEBHOOK_SECRET`
2. Parses event payload
3. Supported event types:
- `issue_comment.created`
- `pull_request_review_comment.created`
- `pull_request.created`
### 3. Command Extraction
1. Checks for bot mention in comment body (using BOT_USERNAME env variable)
2. Extracts command using regex pattern based on configured bot username
3. Captures:
- Repository full name
- Issue/PR number
- Branch information (if PR)
- Command to execute
### 4. Claude Container Preparation
**Service**: `src/services/claudeService.ts`
**Method**: `processCommand()`
1. Builds Docker image if not exists: `claude-code-runner:latest`
2. Creates unique container name
3. Prepares environment variables:
```
GITHUB_TOKEN
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION
ANTHROPIC_MODEL
CLAUDE_CODE_USE_BEDROCK
REPO_FULL_NAME
ISSUE_NUMBER
TARGET_BRANCH
COMMAND
```
### 5. Container Execution
**Entrypoint**: `claudecode-entrypoint.sh`
1. Configure GitHub CLI authentication
2. Clone repository with GitHub token
3. Checkout appropriate branch:
- PR branch for pull requests
- Main/default branch for issues
4. Set git configuration for commits
5. Run Claude Code CLI with command
6. Save response to `/tmp/response.md`
### 6. Response Handling
**Controller**: `src/controllers/githubController.ts`
**Method**: `handleWebhook()`
1. Read response from container
2. Return response as HTTP JSON response
3. Clean up container (if configured)
## API Endpoints
### Main Webhook Endpoint
- **URL**: `/api/webhooks/github`
- **Method**: `POST`
- **Headers**: `X-Hub-Signature-256` (GitHub webhook signature)
- **Purpose**: Receives GitHub webhook events
### Direct Claude API
- **URL**: `/api/claude`
- **Method**: `POST`
- **Body**:
```json
{
"repository": "owner/repo",
"useContainer": true,
"command": "your command here"
}
```
- **Purpose**: Direct Claude invocation (testing/debugging)
### Health Check
- **URL**: `/health`
- **Method**: `GET`
- **Response**:
```json
{
"status": "OK",
"docker": true,
"timestamp": "2024-11-03T12:00:00.000Z"
}
```
- **Purpose**: Service health monitoring
## Environment Variables
### Required
| Variable | Description | Example |
|----------|-------------|---------|
| `GITHUB_TOKEN` | GitHub personal access token | `your_github_token` |
| `GITHUB_WEBHOOK_SECRET` | Webhook signature secret | `your-secret` |
| `AWS_ACCESS_KEY_ID` | AWS access key for Bedrock | `your_access_key_id` |
| `AWS_SECRET_ACCESS_KEY` | AWS secret key | `xxxxx` |
### Optional
| Variable | Description | Default |
|----------|-------------|---------|
| `AWS_REGION` | AWS region for Bedrock | `us-east-1` |
| `ANTHROPIC_MODEL` | Claude model to use | `claude-3-sonnet-20241022` |
| `CLAUDE_CODE_USE_BEDROCK` | Use Bedrock (vs API) | `1` |
| `PORT` | Service port | `3002` |
| `LOG_LEVEL` | Logging verbosity | `info` |
| `CLEANUP_CONTAINERS` | Auto-cleanup after execution | `false` |
## Docker Container Lifecycle
### Build Phase
1. `Dockerfile.claudecode` defines Claude execution environment
2. Installs:
- Node.js 18
- GitHub CLI
- AWS CLI
- Claude Code CLI
- Git and utilities
### Execution Phase
1. Container created with unique name
2. Volumes mounted:
- `/tmp/response.md` for output
- Project directory for access
3. Environment variables passed
4. Runs `claudecode-entrypoint.sh`
### Cleanup Phase
1. Response file extracted
2. Container stopped
3. Container removed (if cleanup enabled)
4. Volumes cleaned up
## Security Considerations
1. **Webhook Verification**: All webhooks verified with HMAC signature
2. **Container Isolation**: Each request runs in isolated container
3. **Limited Permissions**: Claude Code runs with restricted tools
4. **Token Security**: GitHub tokens never exposed in logs
5. **Network Isolation**: Containers run in isolated network
## Error Handling
1. **Webhook Errors**: Return 401 for invalid signatures
2. **Container Errors**: Caught and logged, error posted to GitHub
3. **API Errors**: Return appropriate HTTP status codes
4. **Timeout Handling**: Container execution limited to 5 minutes
5. **Cleanup Errors**: Logged but don't fail the request
## Testing
### Manual Testing
```bash
# Test webhook locally
node test-webhook-manual.js
# Test Claude API directly
node test-claude-api.js owner/repo
# Test with container
node test-claude-api.js owner/repo container "Your command"
```
### Integration Testing
```bash
# Full workflow test
npm test
# Docker container test
./test-claudecode-docker.sh
```
## Deployment
### Docker Compose
```yaml
services:
webhook:
build: .
ports:
- "8082:3002"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- n8n_default
```
### Production Considerations
1. Use environment-specific `.env` files
2. Enable container cleanup for production
3. Set appropriate resource limits
4. Configure logging for monitoring
5. Use webhook URL allowlisting
## Troubleshooting
### Common Issues
1. **Webhook Signature Failures**
- Check `GITHUB_WEBHOOK_SECRET` matches GitHub
- Verify raw body is captured correctly
2. **Container Build Failures**
- Check Docker daemon is running
- Verify Docker socket permissions
3. **Claude Errors**
- Verify AWS credentials are valid
- Check Bedrock model availability in region
4. **GitHub API Errors**
- Verify `GITHUB_TOKEN` has correct permissions
- Check rate limits
### Debug Commands
```bash
# View webhook logs
docker compose logs -f webhook
# List running containers
docker ps -a | grep claude-code
# Debug container directly
./debug-container.sh
# Check Docker connectivity
curl --unix-socket /var/run/docker.sock http://localhost/info
```
Reference in New Issue View Git Blame Copy Permalink