Add pull_request_target event support to enable Claude Code usage with forked
repositories while maintaining proper security boundaries. This resolves issues
with dependabot PRs and external contributions that require write permissions.
Changes:
- Add pull_request_target to supported GitHub events in context parsing
- Update type definitions to include PullRequestTargetEvent
- Modify IS_PR calculation to detect pull_request_target as PR context
- Add comprehensive test coverage for pull_request_target workflows
- Update documentation to reflect pull_request_target support
The pull_request_target event provides the same payload structure as
pull_request but runs with write permissions from the base repository,
making it ideal for secure automation of external contributions.
Fixes#347
- Update parseAllowedTools to accept both --allowedTools and --allowed-tools
- Add regex alternation to support both camelCase and kebab-case variants
- Add test cases for unquoted and quoted kebab-case formats
- All existing tests continue to pass
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* fix: update test workflow reference in test-local.sh
Change workflow file from test-action.yml to test-base-action.yml
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs(CLAUDE): update test workflow reference in CLAUDE.md
---------
Co-authored-by: Claude <noreply@anthropic.com>
Move detector.test.ts from tests/modes/ to test/modes/ and fix TypeScript
type errors by adding missing required properties (botId, botName, allowedNonWriteUsers).
Remove empty tests/ directory structure.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add documentation for the two previously undocumented inputs that allow
users to provide custom executables for specialized environments:
- path_to_claude_code_executable: for custom Claude Code binaries
- path_to_bun_executable: for custom Bun runtime
These inputs are particularly useful for environments like Nix, NixOS,
custom containers, and other package management systems where the
default installation may not work.
Updated files:
- docs/usage.md: Added to inputs table
- docs/faq.md: Added FAQ entry with examples and use cases
- docs/configuration.md: Added dedicated section with examples
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Added a PostToolUse hook that automatically runs `bun run format` after
Edit, Write, or MultiEdit operations, similar to the Python SDK's ruff
formatting hook. This ensures code is automatically formatted whenever
changes are made.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* enable track_progress for comments
* refactor: pass mode explicitly to prepareMcpConfig
Update prepareMcpConfig to receive the mode parameter from its callers
instead of detecting agent mode by checking context.inputs.prompt.
This makes mode determination explicit and controlled by the caller.
Also update all test cases to include the required mode parameter
and fix agent mode test expectations to match new behavior where
MCP config is only included when tools are explicitly allowed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix test
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat: update claude-review workflow to use progress tracking and slash command
- Rename workflow from "Auto review PRs" to "PR Review with Progress Tracking"
- Update trigger types to include synchronize, ready_for_review, reopened
- Add pull-requests: write permission for tracking comments
- Replace direct_prompt with /review-pr slash command using custom command file
- Update to use claude-code-action@v1
- Switch to inline comment tool for more precise PR feedback
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* agents
* refactor: standardize agent output format instructions
Unified the output format instructions across all reviewer agents to follow a consistent structure:
- Converted numbered sections to bold headers for better readability
- Standardized "Review Structure" sections across all agents
- Maintained distinct analysis areas specific to each reviewer type
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
The GitHub comment MCP server was being included in agent mode even when no comment tools were explicitly allowed. This fix ensures the server is only included in tag mode where it's always needed for updating Claude comments.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Fixes#528 - Issues events now correctly use agent mode when an explicit
prompt is provided in the workflow YAML, matching the behavior of PR events.
Previously, issues events would always use tag mode (with tracking comments)
even when a prompt was provided, creating inconsistent behavior compared to
pull request events which correctly used agent mode for automation.
The fix adds a check for explicit prompts before checking for triggers,
ensuring consistent mode selection across all event types.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add repository_dispatch event support
Add support for repository_dispatch events in GitHub context parsing system. This enables the action to handle custom API-triggered events properly.
Changes:
- Add RepositoryDispatchEvent type definition
- Include repository_dispatch in automation event names
- Update context parsing to handle repository_dispatch events
- Update documentation to reflect repository_dispatch availability
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* style: format code with prettier
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* test: add comprehensive repository_dispatch event test coverage
- Add mockRepositoryDispatchContext with realistic payload structure
- Add repository_dispatch mode detection tests in registry.test.ts
- Add repository_dispatch trigger tests in agent.test.ts
- Ensure repository_dispatch events are properly handled as automation events
- Verify agent mode trigger behavior with and without prompts
- All 394 tests passing with new coverage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* style: format test files with prettier
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Removes the OIDC id-token permission requirement and adds explicit github_token input to both workflow files. This simplifies authentication by using the standard GITHUB_TOKEN instead of requiring OIDC token exchange.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- Add id-token write permission for OIDC token exchange
- Update prompt to emphasize adding P1/P2/P3 priority labels based on label descriptions
- Ensure Claude selects appropriate priority labels from the available options
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Adds a new optional bot_id input parameter that defaults to the github-actions[bot] ID (41898282). This resolves the "403 Resource not accessible by integration" error that occurs when using GitHub App installation tokens, which cannot access the /user endpoint.
Changes:
- Add bot_id input to action.yml with default value
- Update context parsing to include bot_id from environment
- Modify agent mode to use bot_id when available, avoiding API calls that fail with GitHub App tokens
- Add clear error handling for GitHub App token limitations
- Update documentation in usage.md and faq.md
- Fix test mocks to include bot_id field
This allows users to specify a custom bot user ID or use the default github-actions[bot] ID automatically, preventing 403 errors in automation workflows.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Changed from @anthropics/claude-code-base-action to @anthropics/claude-code-action
to use the correct action name in the issue triage workflow.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add documentation for the timeout_minutes input removal that occurred in PR #482.
The input has been replaced with standard GitHub Actions timeout-minutes at job level.
Fixes#527
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>
* restore: bring back generic tag mode example (claude.yml)
PR #505 removed claude.yml as part of simplifying examples, but this
left a gap - there was no longer a generic tag mode example showing
how to respond to @claude mentions.
This file serves as the primary starting point for users wanting to
use tag mode to have Claude respond to mentions in:
- Issue comments
- Pull request review comments
- Issues (when opened or assigned)
- Pull request reviews
The example includes all required permissions and shows optional
configurations commented out.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* format: add missing newline at end of claude.yml
Co-authored-by: kashyap murali <km-anthropic@users.noreply.github.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: kashyap murali <km-anthropic@users.noreply.github.com>
Fixes the OIDC authentication issue by adding the required id-token: write permission
to the GitHub Actions workflow for issue triage.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: make MCP servers conditional in agent mode
In agent mode, MCP servers (github_comment, github_ci) are now only included
when explicitly requested via allowedTools, rather than being auto-provisioned.
This change gives agent mode workflows complete control over which MCP
servers are included, preventing unwanted automatic provisioning of GitHub
integration tools.
Changes:
- Add agent mode detection in prepareMcpConfig
- Make github_comment server conditional based on allowedTools in agent mode
- Make github_ci server conditional based on allowedTools in agent mode
- Tag mode behavior remains unchanged (auto-inclusion)
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* test: update agent mode test for conditional MCP behavior
Updated test expectation to match the new conditional MCP server behavior
where agent mode only includes MCP config when servers are actually needed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Kashyap Murali <13315300+katchu11@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Implement time-based filtering for GitHub comments and reviews to prevent
malicious actors from editing existing comments after Claude is triggered
to inject harmful content.
Changes:
- Add updatedAt and lastEditedAt fields to GraphQL queries
- Update GitHubComment and GitHubReview types with timestamp fields
- Implement filterCommentsToTriggerTime() and filterReviewsToTriggerTime()
- Add extractTriggerTimestamp() to extract trigger time from webhooks
- Update tag and review modes to pass trigger timestamp to data fetcher
Security benefits:
- Prevents comment injection attacks via post-trigger edits
- Maintains chronological integrity of conversation context
- Ensures only comments in their final state before trigger are processed
- Backward compatible with graceful degradation
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: enhance mode routing with track_progress and context preservation
This PR implements enhanced mode routing to address two critical v1 migration issues:
1. Lost GitHub context when using custom prompts in tag mode
2. Missing tracking comments for automatic PR reviews
Changes:
- Add track_progress input to force tag mode with tracking comments for PR/issue events
- Support custom prompt injection in tag mode via <custom_instructions> section
- Inject GitHub context as environment variables in agent mode
- Validate track_progress usage (only allowed for PR/issue events)
- Comprehensive test coverage for new routing logic
Event Routing:
- Comment events: Default to tag mode, switch to agent with explicit prompt
- PR/Issue events: Default to agent mode, switch to tag mode with track_progress
- Custom prompts can now be used in tag mode without losing context
This ensures backward compatibility while solving context preservation and tracking visibility issues reported in discussions #490 and #491.
* formatting
* fix: address review comments
- Simplify track_progress description to be more general
- Move import to top of types.ts file
* revert: keep detailed track_progress description
The original description provides clarity about which specific event actions are supported.
* fix: add GitHub CI MCP tools to tag mode allowed list
Claude was trying to use CI status tools but they weren't in the
allowed list for tag mode, causing permission errors. This fix adds
the CI tools so Claude can check workflow status when reviewing PRs.
* fix: provide explicit git base branch reference to prevent PR review errors
- Tell Claude to use 'origin/{baseBranch}' instead of assuming 'main'
- Add explicit instructions for git diff/log commands with correct base branch
- Fixes 'fatal: ambiguous argument main..HEAD' error in fork environments
- Claude was autonomously running git diff main..HEAD when reviewing PRs
* fix prompt generation
* ci pass
---------
Co-authored-by: Ashwin Bhat <ashwin@anthropic.com>
- Add PR repository and number to review prompts
- Note that PR branch is already checked out
- Update allowed tools to use inline comments and gh CLI
- Remove experimental review mode example in favor of standardized approach
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Always create a new object copy of defaultInputs to prevent mutations from affecting other tests.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
