Fix MCP tool availability and shell escaping in tag mode

Pass MCP config and allowed tools through claude_args to ensure tools like
mcp__github_comment__update_claude_comment are properly available to Claude CLI.

Key changes:
- Tag mode outputs claude_args with MCP config (as JSON string) and allowed tools
- Fixed shell escaping vulnerability when JSON contains single quotes
- Agent mode passes through user-provided claude_args unchanged
- Re-added mcp_config input for users to provide custom MCP servers
- Cleaned up misleading comments and unused file operations
- Clarified test workflow is for fork testing

Security fix: Properly escape single quotes in MCP config JSON to prevent
shell injection vulnerabilities.

Co-Authored-By: Claude <noreply@anthropic.com>

src/entrypoints/prepare.ts

@@ -6,7 +6,6 @@
  */
 
 import * as core from "@actions/core";
-import { writeFile } from "fs/promises";
 import { setupGitHubToken } from "../github/token";
 import { checkWritePermissions } from "../github/validation/permissions";
 import { createOctokit } from "../github/api/client";
@@ -58,11 +57,7 @@ async function run() {
       githubToken,
     });
 
-    // Write MCP config to a file and set the file path as output
-    const mcpConfigPath = `${process.env.RUNNER_TEMP}/claude-mcp-config.json`;
-    await writeFile(mcpConfigPath, result.mcpConfig);
-    core.setOutput("mcp_config", result.mcpConfig);
-    core.setOutput("mcp_config_file", mcpConfigPath);
+    // MCP config is handled by individual modes (tag/agent) and included in their claude_args output
 
     // Step 6: Get system prompt from mode if available
     if (mode.getSystemPrompt) {

src/modes/agent/index.ts

@@ -79,7 +79,9 @@ export const agentMode: Mode = {
       }
     }
 
-    core.setOutput("mcp_config", JSON.stringify(mcpConfig));
+    // Agent mode: pass through user's claude_args without modification
+    const userClaudeArgs = process.env.CLAUDE_ARGS || "";
+    core.setOutput("claude_args", userClaudeArgs);
 
     return {
       commentId: undefined,

src/modes/tag/index.ts

@@ -114,7 +114,53 @@ export const tagMode: Mode = {
       context,
     });
 
-    core.setOutput("mcp_config", mcpConfig);
+    // Don't output mcp_config separately anymore - include in claude_args
+    
+    // Build claude_args for tag mode with required tools
+    // Tag mode REQUIRES these tools to function properly
+    const tagModeTools = [
+      "Edit",
+      "MultiEdit", 
+      "Glob",
+      "Grep",
+      "LS",
+      "Read",
+      "Write",
+      "mcp__github_comment__update_claude_comment",
+    ];
+    
+    // Add git commands when not using commit signing
+    if (!context.inputs.useCommitSigning) {
+      tagModeTools.push(
+        "Bash(git add:*)",
+        "Bash(git commit:*)",
+        "Bash(git push:*)",
+        "Bash(git status:*)",
+        "Bash(git diff:*)",
+        "Bash(git log:*)",
+        "Bash(git rm:*)"
+      );
+    } else {
+      // When using commit signing, use MCP file ops tools
+      tagModeTools.push(
+        "mcp__github_file_ops__commit_files",
+        "mcp__github_file_ops__delete_files"
+      );
+    }
+    
+    const userClaudeArgs = process.env.CLAUDE_ARGS || "";
+    
+    // Build complete claude_args with MCP config (as JSON string), tools, and user args
+    // Note: Once Claude supports multiple --mcp-config flags, we can pass as file path
+    // Escape single quotes in JSON to prevent shell injection
+    const escapedMcpConfig = mcpConfig.replace(/'/g, "'\\''");
+    let claudeArgs = `--mcp-config '${escapedMcpConfig}' `;
+    claudeArgs += `--allowedTools "${tagModeTools.join(',')}" `;
+    if (userClaudeArgs) {
+      claudeArgs += userClaudeArgs;
+    }
+    
+    core.setOutput("claude_args", claudeArgs.trim());
 
     return {
       commentId,