Add allowed_tools input parameter and enable MCP file ops for agent mode

- Add allowed_tools input to action.yml so workflows can specify allowed tools
- Pass allowed_tools to prepare step via environment variable
- Update agent mode to use allowed_tools when building claude_args
- Add GitHub file ops MCP server to agent mode when use_commit_signing is enabled
- This allows agent mode (used by auto-fix workflows) to write and commit files

action.yml

@@ -81,6 +81,10 @@ inputs:
     description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands"
     required: false
     default: "false"
+  allowed_tools:
+    description: "Comma-separated list of tools to allow Claude to use (e.g., 'Edit,MultiEdit,Write,Read'). If not set, mode defaults apply."
+    required: false
+    default: ""
   experimental_allowed_domains:
     description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected."
     required: false
@@ -130,6 +134,7 @@ runs:
         ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
         CLAUDE_ARGS: ${{ inputs.claude_args }}
         MCP_CONFIG: ${{ inputs.mcp_config }}
+        ALLOWED_TOOLS: ${{ inputs.allowed_tools }}
 
     - name: Install Base Action Dependencies
       if: steps.prepare.outputs.contains_trigger == 'true'

src/modes/agent/index.ts

@@ -83,6 +83,29 @@ export const agentMode: Mode = {
       },
     };
 
+    // Add GitHub file ops server when using commit signing
+    if (context.inputs?.useCommitSigning) {
+      mcpConfig.mcpServers["github-file-ops-server"] = {
+        command: "bun",
+        args: [
+          "run",
+          `${process.env.GITHUB_ACTION_PATH}/src/mcp/github-file-ops-server.ts`,
+        ],
+        env: {
+          GITHUB_TOKEN: githubToken || "",
+          REPO_OWNER: context.repository.owner,
+          REPO_NAME: context.repository.repo,
+          BRANCH_NAME: "", // Agent mode doesn't pre-create branches
+          BASE_BRANCH: "",
+          REPO_DIR: process.env.GITHUB_WORKSPACE || process.cwd(),
+          GITHUB_EVENT_NAME: process.env.GITHUB_EVENT_NAME || "",
+          IS_PR: "false", // Agent mode doesn't create PRs by default
+          GITHUB_API_URL:
+            process.env.GITHUB_API_URL || "https://api.github.com",
+        },
+      };
+    }
+
     // Add user-provided additional MCP config if any
     const additionalMcpConfig = process.env.MCP_CONFIG || "";
     if (additionalMcpConfig.trim()) {
@@ -101,12 +124,23 @@ export const agentMode: Mode = {
       }
     }
 
-    // Agent mode: pass through user's claude_args with MCP config
+    // Agent mode: pass through user's claude_args with MCP config and allowed_tools
     const userClaudeArgs = process.env.CLAUDE_ARGS || "";
+    const userAllowedTools = process.env.ALLOWED_TOOLS || "";
     const escapedMcpConfig = JSON.stringify(mcpConfig).replace(/'/g, "'\\''");
-    const claudeArgs =
+    let claudeArgs = `--mcp-config '${escapedMcpConfig}'`;
-      `--mcp-config '${escapedMcpConfig}' ${userClaudeArgs}`.trim();
+    
-    core.setOutput("claude_args", claudeArgs);
+    // Add allowed_tools if specified
+    if (userAllowedTools) {
+      claudeArgs += ` --allowedTools "${userAllowedTools}"`;
+    }
+    
+    // Add user's additional claude_args
+    if (userClaudeArgs) {
+      claudeArgs += ` ${userClaudeArgs}`;
+    }
+    
+    core.setOutput("claude_args", claudeArgs.trim());
 
     return {
       commentId: undefined,