From a44c75d11825ac6ee542188eff1e594dbec54dbe Mon Sep 17 00:00:00 2001
From: km-anthropic <km-anthropic@users.noreply.github.com>
Date: Tue, 19 Aug 2025 15:25:37 -0700
Subject: [PATCH] Add explicit allowed_tools to auto-fix workflows

The slash command frontmatter allowed_tools isn't being passed through,
so we need to explicitly allow Edit/Write/MultiEdit tools in the workflow
---
 .github/workflows/auto-fix-ci-inline.yml | 1 +
 .github/workflows/auto-fix-ci.yml        | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/auto-fix-ci-inline.yml b/.github/workflows/auto-fix-ci-inline.yml
index 25dd5cc..f6e610d 100644
--- a/.github/workflows/auto-fix-ci-inline.yml
+++ b/.github/workflows/auto-fix-ci-inline.yml
@@ -148,6 +148,7 @@ jobs:
           timeout_minutes: "30"
           use_sticky_comment: "true"
           use_commit_signing: "true"
+          allowed_tools: "Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash,mcp__github_file_ops__commit_files,mcp__github_file_ops__delete_files"
           claude_args: "--max-turns 15"
 
       - name: Push fix branch
diff --git a/.github/workflows/auto-fix-ci.yml b/.github/workflows/auto-fix-ci.yml
index 71ee575..482e783 100644
--- a/.github/workflows/auto-fix-ci.yml
+++ b/.github/workflows/auto-fix-ci.yml
@@ -90,6 +90,7 @@ jobs:
           timeout_minutes: "30"
           use_sticky_comment: "true"
           use_commit_signing: "true"
+          allowed_tools: "Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash,mcp__github_file_ops__commit_files,mcp__github_file_ops__delete_files"
           claude_args: "--max-turns 15"
 
       - name: Push fix branch