feat(ci): add GitHub workflow for translation review

[wackerow]

Description

Add dedicated workflow for reviewing translation imports via Claude.

Triggers:

• Manual: @claude /review-translations comment on any PR
• Automatic: PRs with title starting "i18n:" (restricted to authorized users, i18n/* branches, same-repo only)

Features:

• Parallel Task agents (one per language) for faster reviews
• Posts quality scores and findings as PR comment
• Includes copy/paste command to request fixes if critical issues found
• Read-only permissions (no auto-fixing)

Also updates claude.yml to skip /review-translations commands, which are now handled by the dedicated workflow.

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

[netlify]

✅ Deploy Preview for ethereumorg ready!

Name	Link
🔨 Latest commit	672541d
🔍 Latest deploy log	https://app.netlify.com/projects/ethereumorg/deploys/6984dfabdb990600083a5946
😎 Deploy Preview	https://deploy-preview-17234.ethereum.it
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	7 paths audited Performance: 55 (🔴 down 4 from production) Accessibility: 94 (no change from production) Best Practices: 100 (🟢 up 1 from production) SEO: 100 (no change from production) PWA: 59 (no change from production) View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[wackerow]

Code Review - Translation Review Workflow

Overview

This PR adds a dedicated GitHub Actions workflow for automated translation reviews with proper security boundaries and flexible triggering options.

✅ Strong Security Implementation

Authorization Controls (Lines 17-35)

• Manual triggers require authorized user list for @claude /review-translations commands
• Automatic triggers include triple-layer protection:
  • Branch must match i18n/* pattern
  • Must originate from same repository (blocks forks)
  • User must be in authorized list
• Prevents unauthorized workflow execution ✅

Permission Model (Line 111)

allowed_tools: "Task,Glob,Grep,LS,Read,Bash(git status:*),Bash(git diff:*),Bash(git log:*),Bash(git worktree:*),Bash(gh api:*),Bash(gh pr view:*)"

Read-only operations only - no write/commit/push capabilities. Proper least-privilege approach ✅

✅ Well-Structured Design

Workflow Separation

• claude-review-translations.yml - Dedicated translation reviews
• claude.yml - Updated to skip /review-translations commands
• Clean separation of concerns with no overlap issues

Flexible Configuration

• Supports --language, --scope, and --model flags
• Model selection: opus (default), sonnet, or haiku
• 120-minute timeout for large translation PRs

Parallel Processing

• Uses Task tool to spawn one agent per language
• Efficient review of multi-language imports

💡 Optional Considerations

Cost Management (Line 66)
Auto-triggered reviews default to Opus (highest quality, highest cost). Consider sonnet default for automatic reviews if budget is a concern, reserving opus for manual
reviews.

Maintenance (Lines 21, 28, 35)
Authorized user list appears in three locations. Could extract to environment variable or GitHub team for easier updates.

Verdict

Well-designed workflow with proper security controls and read-only permissions. Ready to merge! 🚀

---

Reviewed-By: Claude Sonnet 4.5 noreply@anthropic.com

[pettinarip]

@wackerow LGTM, left minor comments