* docs: add prompt injection security note
Add warning about potential hidden markdown in untrusted content from external contributors. Documents existing sanitization measures while acknowledging new bypass techniques may emerge.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update docs/security.md
Co-authored-by: David Dworken <dworken@anthropic.com>
* format
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: David Dworken <dworken@anthropic.com>
Changed test prompts from communication-style echo commands to legitimate
technical operations. This ensures Claude attempts the Bash tool call
(which then gets blocked by permissions) instead of refusing based on
communication guidelines.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add pull_request_target event support to enable Claude Code usage with forked
repositories while maintaining proper security boundaries. This resolves issues
with dependabot PRs and external contributions that require write permissions.
Changes:
- Add pull_request_target to supported GitHub events in context parsing
- Update type definitions to include PullRequestTargetEvent
- Modify IS_PR calculation to detect pull_request_target as PR context
- Add comprehensive test coverage for pull_request_target workflows
- Update documentation to reflect pull_request_target support
The pull_request_target event provides the same payload structure as
pull_request but runs with write permissions from the base repository,
making it ideal for secure automation of external contributions.
Fixes#347
- Update parseAllowedTools to accept both --allowedTools and --allowed-tools
- Add regex alternation to support both camelCase and kebab-case variants
- Add test cases for unquoted and quoted kebab-case formats
- All existing tests continue to pass
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* fix: update test workflow reference in test-local.sh
Change workflow file from test-action.yml to test-base-action.yml
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs(CLAUDE): update test workflow reference in CLAUDE.md
---------
Co-authored-by: Claude <noreply@anthropic.com>
Move detector.test.ts from tests/modes/ to test/modes/ and fix TypeScript
type errors by adding missing required properties (botId, botName, allowedNonWriteUsers).
Remove empty tests/ directory structure.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add documentation for the two previously undocumented inputs that allow
users to provide custom executables for specialized environments:
- path_to_claude_code_executable: for custom Claude Code binaries
- path_to_bun_executable: for custom Bun runtime
These inputs are particularly useful for environments like Nix, NixOS,
custom containers, and other package management systems where the
default installation may not work.
Updated files:
- docs/usage.md: Added to inputs table
- docs/faq.md: Added FAQ entry with examples and use cases
- docs/configuration.md: Added dedicated section with examples
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Added a PostToolUse hook that automatically runs `bun run format` after
Edit, Write, or MultiEdit operations, similar to the Python SDK's ruff
formatting hook. This ensures code is automatically formatted whenever
changes are made.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* enable track_progress for comments
* refactor: pass mode explicitly to prepareMcpConfig
Update prepareMcpConfig to receive the mode parameter from its callers
instead of detecting agent mode by checking context.inputs.prompt.
This makes mode determination explicit and controlled by the caller.
Also update all test cases to include the required mode parameter
and fix agent mode test expectations to match new behavior where
MCP config is only included when tools are explicitly allowed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix test
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat: update claude-review workflow to use progress tracking and slash command
- Rename workflow from "Auto review PRs" to "PR Review with Progress Tracking"
- Update trigger types to include synchronize, ready_for_review, reopened
- Add pull-requests: write permission for tracking comments
- Replace direct_prompt with /review-pr slash command using custom command file
- Update to use claude-code-action@v1
- Switch to inline comment tool for more precise PR feedback
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* agents
* refactor: standardize agent output format instructions
Unified the output format instructions across all reviewer agents to follow a consistent structure:
- Converted numbered sections to bold headers for better readability
- Standardized "Review Structure" sections across all agents
- Maintained distinct analysis areas specific to each reviewer type
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
The GitHub comment MCP server was being included in agent mode even when no comment tools were explicitly allowed. This fix ensures the server is only included in tag mode where it's always needed for updating Claude comments.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Fixes#528 - Issues events now correctly use agent mode when an explicit
prompt is provided in the workflow YAML, matching the behavior of PR events.
Previously, issues events would always use tag mode (with tracking comments)
even when a prompt was provided, creating inconsistent behavior compared to
pull request events which correctly used agent mode for automation.
The fix adds a check for explicit prompts before checking for triggers,
ensuring consistent mode selection across all event types.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add repository_dispatch event support
Add support for repository_dispatch events in GitHub context parsing system. This enables the action to handle custom API-triggered events properly.
Changes:
- Add RepositoryDispatchEvent type definition
- Include repository_dispatch in automation event names
- Update context parsing to handle repository_dispatch events
- Update documentation to reflect repository_dispatch availability
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* style: format code with prettier
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* test: add comprehensive repository_dispatch event test coverage
- Add mockRepositoryDispatchContext with realistic payload structure
- Add repository_dispatch mode detection tests in registry.test.ts
- Add repository_dispatch trigger tests in agent.test.ts
- Ensure repository_dispatch events are properly handled as automation events
- Verify agent mode trigger behavior with and without prompts
- All 394 tests passing with new coverage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* style: format test files with prettier
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Removes the OIDC id-token permission requirement and adds explicit github_token input to both workflow files. This simplifies authentication by using the standard GITHUB_TOKEN instead of requiring OIDC token exchange.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- Add id-token write permission for OIDC token exchange
- Update prompt to emphasize adding P1/P2/P3 priority labels based on label descriptions
- Ensure Claude selects appropriate priority labels from the available options
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Adds a new optional bot_id input parameter that defaults to the github-actions[bot] ID (41898282). This resolves the "403 Resource not accessible by integration" error that occurs when using GitHub App installation tokens, which cannot access the /user endpoint.
Changes:
- Add bot_id input to action.yml with default value
- Update context parsing to include bot_id from environment
- Modify agent mode to use bot_id when available, avoiding API calls that fail with GitHub App tokens
- Add clear error handling for GitHub App token limitations
- Update documentation in usage.md and faq.md
- Fix test mocks to include bot_id field
This allows users to specify a custom bot user ID or use the default github-actions[bot] ID automatically, preventing 403 errors in automation workflows.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
