* feat: add path_to_claude_code_executable input for custom Claude Code installations
Adds optional input to specify a custom Claude Code executable path, bypassing automatic installation. This enables:
- Using pre-installed Claude Code binaries
- Testing with specific versions for debugging
- Custom installation paths in unique environments
Includes warning that older versions may cause compatibility issues with new features.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* test: add workflow to test custom Claude Code executable path
Adds test workflow that:
- Manually installs Claude Code via install script
- Uses the new path_to_claude_code_executable input
- Verifies the custom executable path works correctly
- Validates output and execution success
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Fixes "stdout maxBuffer length exceeded" error by increasing the buffer
from Node.js default of 1MB to 10MB when processing Claude output with jq.
This prevents failures when Claude produces large execution logs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add file permission detection to github-file-ops-server.ts to properly preserve file modes (regular, executable, symlink) when committing files through the GitHub API. This ensures executable scripts and other special files maintain their correct permissions.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Update the workflow validation message to be more specific about when
Claude Code workflows will start working, providing clearer guidance
to users experiencing this validation error.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Currently when running the `gh` command in the action, there is an error in the action logs that suggests that the GH_TOKEN isn't being set. We've solved this internally in our company by providing the GH_TOKEN in the action.
When running tests locally, process.env.RUNNER_TEMP is undefined, causing
the code to literally create "undefined/claude-prompts/" directories in
the working directory. Added fallback to "/tmp" following the pattern
already used in src/mcp/github-actions-server.ts.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: skip action gracefully for workflow validation errors
Handle workflow_not_found_on_default_branch and workflow_content_mismatch
errors by skipping the action with a warning instead of failing. This
improves user experience when adding Claude Code workflows to new
repositories or making workflow changes in PRs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update src/github/token.ts
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Add GitHub token redaction to update_claude_comment tool
- Add redactGitHubTokens() function to sanitizer.ts that detects and redacts all GitHub token formats (ghp_, gho_, ghs_, ghr_, github_pat_)
- Update sanitizeContent() to include token redaction in the sanitization pipeline
- Apply sanitization to comment body in github-comment-server.ts before updating comments
- Add comprehensive tests covering all token formats, edge cases, and integration scenarios
- Prevents accidental exposure of GitHub tokens in PR/issue comments while preserving existing functionality
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add GitHub token redaction to inline comment server
- Apply sanitizeContent() to comment body in github-inline-comment-server.ts before creating inline PR comments
- Ensures consistency in token redaction across all comment creation tools
- Prevents GitHub tokens from being exposed in inline PR review comments
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Replace bun install with official install script for more reliable
installation across different environments.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- Add GitHub alert box highlighting the v1.0 roadmap
- Link to discussion #428 for community feedback
- Briefly summarize key changes (automatic mode selection, unified prompt interface)
- Position prominently at top of README for maximum visibility
* feat: skip permission check for GitHub App bot users
GitHub Apps (users ending with [bot]) now bypass permission checks
as they have their own authorization mechanism.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add allow_bot_users option to control bot user access
- Add allow_bot_users input parameter (default: false)
- Modify checkHumanActor to optionally allow bot users
- Add comprehensive tests for bot user handling
- Improve security by blocking bot users by default
This change prevents potential prompt injection attacks from bot users
while providing flexibility for trusted bot integrations.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: mark bot user support feature as completed in roadmap
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: move allowedBots parameter to context object
Move allowedBots from function parameter to context.inputs to maintain
consistency with other input handling throughout the codebase.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: update README for bot user support feature
Add documentation for the new allowed_bots parameter that enables
bot users to trigger Claude actions with granular control.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: add missing allowedBots property in permissions test
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: update bot name format to include [bot] suffix in tests and docs
- Update test cases to use correct bot actor names with [bot] suffix
- Update documentation example to show correct bot name format
- Align with GitHub's actual bot naming convention
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: normalize bot names for allowed_bots validation
- Strip [bot] suffix from both actor names and allowed bot list for comparison
- Allow both "dependabot" and "dependabot[bot]" formats in allowed_bots input
- Display normalized bot names in error messages for consistency
- Add comprehensive test coverage for both naming formats
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* fix: prevent duplicate function signatures in review mode suggestions
This fixes a critical bug in the experimental review mode where GitHub
suggestions could create duplicate function signatures when applied.
The issue occurred because:
- GitHub suggestions REPLACE the entire selected line range
- Claude wasn't aware of this behavior and would include the function
signature in multi-line suggestions, causing duplication
Changes:
- Added detailed instructions about GitHub's line replacement behavior
- Provided clear examples for single-line vs multi-line suggestions
- Added explicit warnings about common mistakes (duplicate signatures)
- Improved code readability by using a codeBlock variable instead of
escaped backticks in template strings
This ensures Claude creates syntactically correct suggestions that
won't break code when applied through GitHub's suggestion feature.
* chore: format
* feat: add inline comment MCP server for experimental review mode
- Create standalone inline PR comments without review workflow
- Support single-line and multi-line comments
- Auto-install server when in experimental review mode
- Uses octokit.rest.pulls.createReviewComment() directly
* docs: clarify GitHub code suggestion syntax in inline comment server
Add clear documentation that suggestion blocks replace the entire selected
line range and must be syntactically complete drop-in replacements.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Renamed scripts/pre-push to scripts/pre-commit
- Updated install-hooks.sh to install pre-commit hook
- Hook now runs formatting, type checking, and tests before commit
These git config commands are no longer needed as allowed tools since
Claude should not be modifying git configuration settings. Updated
the corresponding test to reflect this intentional change.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- Restore prompt file creation logic that was accidentally removed in PR #374
- Agent mode now creates the prompt file directly in prepare() method
- Uses override_prompt or direct_prompt if available, falls back to minimal prompt
- Fixes 'Prompt file does not exist' error for workflow_dispatch and schedule events
- Add TODO comment to refactor this to use createPrompt in the future
Fixes#403
Allows modes to provide custom system prompts that are appended to Claude's base system prompt. This enables mode-specific instructions without modifying the core action logic.
- Add optional getSystemPrompt method to Mode interface
- Implement method in all existing modes (tag, agent, review)
- Update prepare.ts to call getSystemPrompt and export as env var
- Wire up APPEND_SYSTEM_PROMPT in action.yml to pass to base-action
All modes currently return undefined (no additional prompts), but the infrastructure is now in place for future modes to provide custom instructions.
* feat: add slash command shipping infrastructure
- Created /slash-commands/ directory to store bundled slash commands
- Added code-review.md slash command for automated PR reviews
- Modified setup-claude-code-settings.ts to copy slash commands to ~/.claude/
- Added test coverage for slash command installation
- Commands are automatically installed when the GitHub Action runs
* fix: simplify slash command implementation to match codebase patterns
- Reverted to using Bun's $ shell syntax consistently with the rest of the codebase
- Simplified slash command copying to basic shell commands
- Removed unnecessary fs/promises complexity
- Maintained all functionality and test coverage
- More appropriate for GitHub Action context where inputs are trusted
* remove test slash command
* fix: rename slash_commands_dir to experimental_slash_commands_dir
- Added 'experimental' prefix as suggested by Ashwin
- Updated all references in action.yml and base-action
- Restored accidentally removed code-review.md file
---------
Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
Updated all references from ACTIONS_TOKEN to DEFAULT_WORKFLOW_TOKEN to match
the naming convention used in action.yml where the GitHub token is passed as
DEFAULT_WORKFLOW_TOKEN environment variable.
