# Set Up Workflow: Claude Code Workflows: Automated Code, Security, and Design Review
## What This Is
A battle-tested collection of three production-grade workflows for automating code review, security scanning, and design review using Claude Code agents and GitHub Actions. Built by an AI-native startup based on real usage since Claude Code's launch, these workflows integrate dual-loop agent architecture with slash commands to eliminate routine review tasks. Business owners can use this to reduce engineering bottlenecks, catch security vulnerabilities before deployment, and maintain UI consistency without manual QA overhead.
Source: https://github.com/OneRedOak/claude-code-workflows
## Before You Start
Scan my workspace and analyze:
- The project language, framework, and directory structure
- Existing AI provider config (check .env, .env.local, config files for API keys — OpenRouter, OpenAI, Anthropic, Google AI, etc.)
- Whether this repository or a similar tool is already cloned or installed
Then ask me before proceeding:
1. Which AI provider/API should this use? (Use whatever I already have configured, or ask me to set one up — options include direct provider APIs or a unified service like OpenRouter)
2. Where in my project should this be integrated?
3. Are there any customizations I need (model preferences, naming conventions, constraints)?
## Fetch the Source
Clone or inspect the repository to understand what needs to be installed:
```bash
gh repo clone OneRedOak/claude-code-workflows
```
Review the README, directory structure, and any install instructions before proceeding.
## What to Implement
This is an **AI Workflow** — an end-to-end automation pattern or integration pipeline.
- Study the workflow architecture from the source and context below
- Identify which parts I can implement locally vs. parts that need external services
- For local parts: implement them using my existing stack and API keys
- For external parts: tell me exactly what services I need and help me configure the integration code
- Wire up any required API calls using keys from my .env files
## Additional Context
- Clone the repository (git clone https://github.com/OneRedOak/claude-code-workflows) and navigate to the code-review folder to read the setup README and identify which GitHub Actions secrets and slash commands you need to configure for your repo.
- Install the Security Review Workflow into an existing GitHub repo by copying the workflow YAML into your .github/workflows directory, then open a test PR with a known dummy secret to confirm the automated scanner flags it correctly.
- Add the Design Review Workflow to a front-end project by installing the Playwright MCP dependency and wiring the provided slash command into your Claude Code setup, then trigger it on a recent UI PR to generate your first automated accessibility and design consistency report.
## Guidelines
- Adapt everything to my existing project — do not assume a specific stack or directory layout
- Use whichever AI provider I already have configured; if I need a new one, tell me what to sign up for and I'll give you the key
- Check my .env files for existing API keys (OpenRouter, OpenAI, Anthropic, Google AI) before asking me to add one
- Review any fetched code for safety before installing or executing it
- After setup, run a quick verification and show me a summary of exactly what was installed, where, and how to use it