* fix: update test workflow reference in test-local.sh
Change workflow file from test-action.yml to test-base-action.yml
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs(CLAUDE): update test workflow reference in CLAUDE.md
---------
Co-authored-by: Claude <noreply@anthropic.com>
Move detector.test.ts from tests/modes/ to test/modes/ and fix TypeScript
type errors by adding missing required properties (botId, botName, allowedNonWriteUsers).
Remove empty tests/ directory structure.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add documentation for the two previously undocumented inputs that allow
users to provide custom executables for specialized environments:
- path_to_claude_code_executable: for custom Claude Code binaries
- path_to_bun_executable: for custom Bun runtime
These inputs are particularly useful for environments like Nix, NixOS,
custom containers, and other package management systems where the
default installation may not work.
Updated files:
- docs/usage.md: Added to inputs table
- docs/faq.md: Added FAQ entry with examples and use cases
- docs/configuration.md: Added dedicated section with examples
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Added a PostToolUse hook that automatically runs `bun run format` after
Edit, Write, or MultiEdit operations, similar to the Python SDK's ruff
formatting hook. This ensures code is automatically formatted whenever
changes are made.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* enable track_progress for comments
* refactor: pass mode explicitly to prepareMcpConfig
Update prepareMcpConfig to receive the mode parameter from its callers
instead of detecting agent mode by checking context.inputs.prompt.
This makes mode determination explicit and controlled by the caller.
Also update all test cases to include the required mode parameter
and fix agent mode test expectations to match new behavior where
MCP config is only included when tools are explicitly allowed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix test
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat: update claude-review workflow to use progress tracking and slash command
- Rename workflow from "Auto review PRs" to "PR Review with Progress Tracking"
- Update trigger types to include synchronize, ready_for_review, reopened
- Add pull-requests: write permission for tracking comments
- Replace direct_prompt with /review-pr slash command using custom command file
- Update to use claude-code-action@v1
- Switch to inline comment tool for more precise PR feedback
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* agents
* refactor: standardize agent output format instructions
Unified the output format instructions across all reviewer agents to follow a consistent structure:
- Converted numbered sections to bold headers for better readability
- Standardized "Review Structure" sections across all agents
- Maintained distinct analysis areas specific to each reviewer type
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
The GitHub comment MCP server was being included in agent mode even when no comment tools were explicitly allowed. This fix ensures the server is only included in tag mode where it's always needed for updating Claude comments.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Fixes#528 - Issues events now correctly use agent mode when an explicit
prompt is provided in the workflow YAML, matching the behavior of PR events.
Previously, issues events would always use tag mode (with tracking comments)
even when a prompt was provided, creating inconsistent behavior compared to
pull request events which correctly used agent mode for automation.
The fix adds a check for explicit prompts before checking for triggers,
ensuring consistent mode selection across all event types.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add repository_dispatch event support
Add support for repository_dispatch events in GitHub context parsing system. This enables the action to handle custom API-triggered events properly.
Changes:
- Add RepositoryDispatchEvent type definition
- Include repository_dispatch in automation event names
- Update context parsing to handle repository_dispatch events
- Update documentation to reflect repository_dispatch availability
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* style: format code with prettier
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* test: add comprehensive repository_dispatch event test coverage
- Add mockRepositoryDispatchContext with realistic payload structure
- Add repository_dispatch mode detection tests in registry.test.ts
- Add repository_dispatch trigger tests in agent.test.ts
- Ensure repository_dispatch events are properly handled as automation events
- Verify agent mode trigger behavior with and without prompts
- All 394 tests passing with new coverage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* style: format test files with prettier
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Removes the OIDC id-token permission requirement and adds explicit github_token input to both workflow files. This simplifies authentication by using the standard GITHUB_TOKEN instead of requiring OIDC token exchange.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- Add id-token write permission for OIDC token exchange
- Update prompt to emphasize adding P1/P2/P3 priority labels based on label descriptions
- Ensure Claude selects appropriate priority labels from the available options
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Adds a new optional bot_id input parameter that defaults to the github-actions[bot] ID (41898282). This resolves the "403 Resource not accessible by integration" error that occurs when using GitHub App installation tokens, which cannot access the /user endpoint.
Changes:
- Add bot_id input to action.yml with default value
- Update context parsing to include bot_id from environment
- Modify agent mode to use bot_id when available, avoiding API calls that fail with GitHub App tokens
- Add clear error handling for GitHub App token limitations
- Update documentation in usage.md and faq.md
- Fix test mocks to include bot_id field
This allows users to specify a custom bot user ID or use the default github-actions[bot] ID automatically, preventing 403 errors in automation workflows.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Changed from @anthropics/claude-code-base-action to @anthropics/claude-code-action
to use the correct action name in the issue triage workflow.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add documentation for the timeout_minutes input removal that occurred in PR #482.
The input has been replaced with standard GitHub Actions timeout-minutes at job level.
Fixes#527
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>
* restore: bring back generic tag mode example (claude.yml)
PR #505 removed claude.yml as part of simplifying examples, but this
left a gap - there was no longer a generic tag mode example showing
how to respond to @claude mentions.
This file serves as the primary starting point for users wanting to
use tag mode to have Claude respond to mentions in:
- Issue comments
- Pull request review comments
- Issues (when opened or assigned)
- Pull request reviews
The example includes all required permissions and shows optional
configurations commented out.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* format: add missing newline at end of claude.yml
Co-authored-by: kashyap murali <km-anthropic@users.noreply.github.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: kashyap murali <km-anthropic@users.noreply.github.com>
Fixes the OIDC authentication issue by adding the required id-token: write permission
to the GitHub Actions workflow for issue triage.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: make MCP servers conditional in agent mode
In agent mode, MCP servers (github_comment, github_ci) are now only included
when explicitly requested via allowedTools, rather than being auto-provisioned.
This change gives agent mode workflows complete control over which MCP
servers are included, preventing unwanted automatic provisioning of GitHub
integration tools.
Changes:
- Add agent mode detection in prepareMcpConfig
- Make github_comment server conditional based on allowedTools in agent mode
- Make github_ci server conditional based on allowedTools in agent mode
- Tag mode behavior remains unchanged (auto-inclusion)
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* test: update agent mode test for conditional MCP behavior
Updated test expectation to match the new conditional MCP server behavior
where agent mode only includes MCP config when servers are actually needed.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Kashyap Murali <13315300+katchu11@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Implement time-based filtering for GitHub comments and reviews to prevent
malicious actors from editing existing comments after Claude is triggered
to inject harmful content.
Changes:
- Add updatedAt and lastEditedAt fields to GraphQL queries
- Update GitHubComment and GitHubReview types with timestamp fields
- Implement filterCommentsToTriggerTime() and filterReviewsToTriggerTime()
- Add extractTriggerTimestamp() to extract trigger time from webhooks
- Update tag and review modes to pass trigger timestamp to data fetcher
Security benefits:
- Prevents comment injection attacks via post-trigger edits
- Maintains chronological integrity of conversation context
- Ensures only comments in their final state before trigger are processed
- Backward compatible with graceful degradation
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: enhance mode routing with track_progress and context preservation
This PR implements enhanced mode routing to address two critical v1 migration issues:
1. Lost GitHub context when using custom prompts in tag mode
2. Missing tracking comments for automatic PR reviews
Changes:
- Add track_progress input to force tag mode with tracking comments for PR/issue events
- Support custom prompt injection in tag mode via <custom_instructions> section
- Inject GitHub context as environment variables in agent mode
- Validate track_progress usage (only allowed for PR/issue events)
- Comprehensive test coverage for new routing logic
Event Routing:
- Comment events: Default to tag mode, switch to agent with explicit prompt
- PR/Issue events: Default to agent mode, switch to tag mode with track_progress
- Custom prompts can now be used in tag mode without losing context
This ensures backward compatibility while solving context preservation and tracking visibility issues reported in discussions #490 and #491.
* formatting
* fix: address review comments
- Simplify track_progress description to be more general
- Move import to top of types.ts file
* revert: keep detailed track_progress description
The original description provides clarity about which specific event actions are supported.
* fix: add GitHub CI MCP tools to tag mode allowed list
Claude was trying to use CI status tools but they weren't in the
allowed list for tag mode, causing permission errors. This fix adds
the CI tools so Claude can check workflow status when reviewing PRs.
* fix: provide explicit git base branch reference to prevent PR review errors
- Tell Claude to use 'origin/{baseBranch}' instead of assuming 'main'
- Add explicit instructions for git diff/log commands with correct base branch
- Fixes 'fatal: ambiguous argument main..HEAD' error in fork environments
- Claude was autonomously running git diff main..HEAD when reviewing PRs
* fix prompt generation
* ci pass
---------
Co-authored-by: Ashwin Bhat <ashwin@anthropic.com>
- Add PR repository and number to review prompts
- Note that PR branch is already checked out
- Update allowed tools to use inline comments and gh CLI
- Remove experimental review mode example in favor of standardized approach
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Always create a new object copy of defaultInputs to prevent mutations from affecting other tests.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
The update-major-tag.yml workflow was:
1. Incorrectly updating the beta tag instead of major version tags
2. Redundant - release.yml already has an update-major-tag job that properly updates major version tags
Removing this workflow ensures:
- Beta tag stays at v0.0.63 and won't be automatically moved
- No duplicate major tag update logic
- Single source of truth for tag management in release.yml
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Kashyap Murali <13315300+katchu11@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Commenting out the GitHub release creation step for the base action repository
to temporarily pause automatic releases while keeping tag synchronization active.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* tmp
* chore: migrate GitHub workflows from @beta to @v1
- Update claude.yml and issue-triage.yml to use claude-code-action@v1
- Migrate deprecated inputs to new claude_args format
- Move mcp_config to --mcp-config in claude_args
- Follow v1 migration guide for simplified configuration
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Remove mcp_config input in favor of --mcp-config in claude_args
BREAKING CHANGE: The mcp_config input has been removed. Users should now use --mcp-config flag in claude_args instead.
This simplifies the action's input surface area and aligns better with the Claude Code CLI interface. Users can still add multiple MCP configurations by using multiple --mcp-config flags.
Migration:
- Before: mcp_config: '{"mcpServers": {...}}'
- After: claude_args: '--mcp-config {"mcpServers": {...}}'
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add outer action MCP tests to workflow
- Add test-outer-action-inline-mcp job to test inline MCP config via claude_args
- Add test-outer-action-file-mcp job to test file-based MCP config via claude_args
- Keep base-action tests unchanged (they still use mcp_config parameter)
- Test that MCP tools are properly discovered and can be executed through the outer action
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Fix: Add Bun setup to outer action MCP test jobs
The test jobs for the outer action were failing because Bun wasn't installed.
Added Setup Bun step to both test-outer-action-inline-mcp and test-outer-action-file-mcp jobs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add id-token permission to outer action MCP test jobs
The outer action needs id-token: write permission for OIDC authentication
when using the GitHub App. Added full permissions block to both
test-outer-action-inline-mcp and test-outer-action-file-mcp jobs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Use github_token parameter instead of id-token permission
Replace id-token: write permission with explicit github_token parameter
for both outer action MCP test jobs. This simplifies authentication by
using the provided GitHub token directly.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Use RUNNER_TEMP environment variable consistently
Changed from GitHub Actions expression syntax to environment variable
for consistency with the rest of the workflow file.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Use execution_file output from action instead of hardcoded path
Updated outer action test jobs to:
- Add step IDs (claude-inline-test, claude-file-test)
- Use the execution_file output from the action steps
- This is more reliable than hardcoding the output file path
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* tmp
* Fix MCP test assertions to match actual output format
Updated the test assertions to match the actual JSON structure:
- Tool calls are in assistant messages with type='tool_use'
- Tool results are in user messages with type='tool_result'
- The test tool returns 'Test tool response' not 'Hello from test tool'
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Make inline MCP test actually use the tool instead of just listing
Changed the inline MCP test to:
- Request that Claude uses the test tool (not just list it)
- Add --allowedTools to ensure the tool can be used
- Check that the tool was actually called and returned expected result
- Output the full JSON for debugging
This makes both tests (inline and file-based) consistent in their approach.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Remove the update-beta-tag job since the update-major-tag job already handles major version tagging (v0, v1, v2). Keep release marked as non-latest to allow v1 to remain the latest release.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
