anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-23 23:14:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: anthropics:ashwin/inlines
Branches Tags
anthropics:main anthropics:ashwin/bump-bun-to-2.1.1 anthropics:fix-tag-sync anthropics:claude/autopatch-scan-caf54156-vuln-17-L6v6t anthropics:claude/slack-improve-autofix-suggestion-detection-jVXXD anthropics:claude/slack-add-clawd-stop-label-check-YOQgu anthropics:boris/add-push-event-support anthropics:feature/merge-prepare-and-run-steps anthropics:claude/issue-746-20251216-2049 anthropics:claude/fix-command-injection-012ini6RiyJVXxae6QfACQce anthropics:claude/slack-standardize-pr-instructions-Jpta2 anthropics:fix/installation-lock-file-cleanup anthropics:claude/fix-command-injection-01G6U5P2UUcNFSDQ5ugMJToh anthropics:claude/fix-command-injection-011p27fUErJNzJnC8F2NhDfU anthropics:claude/slack-session-01CmWq48mc2PNmbs57vtiDL8 anthropics:claude/fix-017jw8xRDW1dJWuVWmZf8L37 anthropics:claude/slack-session-01MVWPvyum9Tfs4uZKSYNwb2 anthropics:ashwin/debug-agent-sdk anthropics:ashwin/timeoutfi anthropics:inigo/structured-outputs-clean anthropics:inigo/add-structured-outputs anthropics:inigo/structured-outputs anthropics:inigo/structured-outputs-v2 anthropics:claude/slack-session-01V5yvGzTYGjKuXyrkd816Q8 anthropics:claude/slack-session-01KNnXBDe14t4FYBFYj6x6kz anthropics:claude/update-docs-claude-code-action-011CUcQCrd4gH7XpanoeKXJg anthropics:ashwin/inlines anthropics:add-plugins-input anthropics:add-claude-github-actions-1761020053046 anthropics:add-claude-github-actions-1761019930984 anthropics:claude/update-readme-011CTvTGkPpgCdDtj57GaAAk anthropics:claude/aussie-readme-011CTv66HfGaaE3LMmFM9ZtN anthropics:claude/update-readme-011CTtgkeo2Hx7eheVcEwxb4 anthropics:claude/aussie-readme-update-011CTtgCkB57KfsJ1SUWUwaj anthropics:claude/minor-update-011CTrjPp29xM3Cnbz2FLdqy anthropics:ashwin/branch-template anthropics:demo/subtle-test-issues anthropics:demo/flawed-branch-tests-fix anthropics:demo/flawed-branch-tests anthropics:ashwin/allownonwritetest anthropics:ashwin/testghe anthropics:ashwin/testcommenttime anthropics:test-ci-tools-fix-3 anthropics:test-ci-tools-fix anthropics:eap anthropics:ashwin/testfix anthropics:ashwin/rmnpmrc anthropics:v1-dev anthropics:ashwin/envlog anthropics:km-anthropic-patch-1 anthropics:test-auto-fix-trigger anthropics:ashwin/verbosedebug anthropics:test-autofix-from-scratch anthropics:test-ci-failure anthropics:ashwin/inputtest anthropics:eaptest anthropics:test-gh-comment anthropics:ashwin/v1-devtest anthropics:test-no-approval anthropics:feat/ttyd-cloudflared-tunnel-integration anthropics:ashwin/claudestep anthropics:support-bot-user anthropics:ashwin/testid anthropics:km/add-mcp-to-agent anthropics:testenvvar anthropics:km/discriminated-unions-cleanup anthropics:ashwin/examples anthropics:claude/issue-313-20250719-1530 anthropics:ashwin/modelparam anthropics:ashwin/testnetwork anthropics:ashwin/branchfix anthropics:ashwin-ant-patch-3 anthropics:ashwin/stickytest anthropics:feat-add-label-trigger anthropics:ashwin/testdynamicfetch anthropics:ashwin/multiline anthropics:claude/issue-132-20250605_170450 anthropics:update-claude-code-base-action-v0.0.10-20250605-165057 anthropics:ashwin/promptfiletest anthropics:ashwin/debug anthropics:claude/issue-122-20250604_004902 anthropics:claude/issue-125-20250604_150607 anthropics:claude/issue-123-20250604_005116 anthropics:ashwin/triagefix anthropics:update-claude-code-base-action-v0.0.9-20250603-035419 anthropics:claude/issue-101-20250531_001023 anthropics:ashwin/commenttool anthropics:claude/issue-95-20250530_142727 anthropics:claude/issue-103-20250531_051637 anthropics:ashwin-ant-patch-2 anthropics:testbranch anthropics:ashwin-ant-patch-1 anthropics:ashwin/faq anthropics:ashwin/bump anthropics:claude/issue-62-20250527_192138 anthropics:ashwin/tools anthropics:enhance-text-sanitization anthropics:ashwin/erroroutput anthropics:update-claude-code-base-action-v0.0.7-20250529-000200 anthropics:ashwin/shabump anthropics:claude/issue-49-20250527_235943 anthropics:claude/issue-52-20250526_025103 anthropics:ashwin/triage anthropics:ashwin/dsstore anthropics:ashwin/bugtemplate anthropics:ashwin/pin anthropics:ashwin/errorlogging anthropics:fix-500-error-logging anthropics:fix-mcp-undefined-error anthropics:fix-local-action-reference anthropics:update-claude-workflow-v2 anthropics:add-claude-github-actions-1747972566174 anthropics:update-to-use-model-parameter anthropics:np-anthropic-patch-1 anthropics:lina/rename-anthropic-model-to-model anthropics:lina/html_comments_strip anthropics:lina/modify-action-name anthropics:lina/modify-base-action
anthropics:v1 anthropics:v1.0.33 anthropics:v1.0.32 anthropics:v1.0.31 anthropics:v1.0.30 anthropics:v1.0.29 anthropics:v1.0.28 anthropics:v1.0.27 anthropics:v1.0.26 anthropics:v1.0.25 anthropics:v1.0.24 anthropics:v1.0.23 anthropics:v1.0.22 anthropics:v1.0.21 anthropics:v1.0.20 anthropics:v1.0.19 anthropics:v1.0.18 anthropics:v1.0.17 anthropics:v1.0.16 anthropics:v1.0.15 anthropics:v1.0.14 anthropics:v1.0.13 anthropics:v1.0.12 anthropics:v1.0.11 anthropics:v1.0.10 anthropics:v1.0.9 anthropics:v1.0.8 anthropics:v1.0.7 anthropics:v1.0.6 anthropics:v1.0.5 anthropics:v1.0.4 anthropics:v1.0.3 anthropics:v1.0.2 anthropics:v1.0.1 anthropics:v1.0.0 anthropics:v0 anthropics:v0.0.63 anthropics:beta anthropics:v0.0.62 anthropics:v0.0.61 anthropics:v0.0.60 anthropics:v0.0.59 anthropics:v0.0.58 anthropics:v0.0.57 anthropics:v0.0.56 anthropics:v0.0.55 anthropics:v0.0.54 anthropics:v0.0.53 anthropics:v0.0.52 anthropics:v0.0.51 anthropics:v0.0.50 anthropics:v0.0.49 anthropics:v0.0.48 anthropics:v0.0.47 anthropics:v0.0.46 anthropics:v0.0.45 anthropics:v0.0.44 anthropics:v0.0.43 anthropics:v0.0.42 anthropics:v0.0.41 anthropics:v0.0.40 anthropics:v0.0.39 anthropics:v0.0.38 anthropics:v0.0.37 anthropics:v0.0.36 anthropics:v0.0.35 anthropics:v0.0.34 anthropics:v0.0.33 anthropics:v0.0.32 anthropics:v0.0.31 anthropics:v0.0.30 anthropics:v0.0.29 anthropics:v0.0.28 anthropics:v0.0.27 anthropics:v0.0.26 anthropics:v0.0.25 anthropics:v0.0.24 anthropics:v0.0.23 anthropics:v0.0.22 anthropics:v0.0.21 anthropics:v0.0.20 anthropics:v0.0.19 anthropics:v0.0.18 anthropics:v0.0.17 anthropics:v0.0.16 anthropics:v0.0.15 anthropics:v0.0.14 anthropics:v0.0.13 anthropics:v0.0.12 anthropics:v0.0.11 anthropics:v0.0.10 anthropics:v0.0.9 anthropics:v0.0.8 anthropics:v0.0.7 anthropics:v0.0.6 anthropics:v0.0.5 anthropics:v0.0.4 anthropics:v0.0.3 anthropics:v0.0.2 anthropics:v0.0.1
..
compare: anthropics:ashwin/branch-template
Branches Tags
anthropics:main anthropics:ashwin/bump-bun-to-2.1.1 anthropics:fix-tag-sync anthropics:claude/autopatch-scan-caf54156-vuln-17-L6v6t anthropics:claude/slack-improve-autofix-suggestion-detection-jVXXD anthropics:claude/slack-add-clawd-stop-label-check-YOQgu anthropics:boris/add-push-event-support anthropics:feature/merge-prepare-and-run-steps anthropics:claude/issue-746-20251216-2049 anthropics:claude/fix-command-injection-012ini6RiyJVXxae6QfACQce anthropics:claude/slack-standardize-pr-instructions-Jpta2 anthropics:fix/installation-lock-file-cleanup anthropics:claude/fix-command-injection-01G6U5P2UUcNFSDQ5ugMJToh anthropics:claude/fix-command-injection-011p27fUErJNzJnC8F2NhDfU anthropics:claude/slack-session-01CmWq48mc2PNmbs57vtiDL8 anthropics:claude/fix-017jw8xRDW1dJWuVWmZf8L37 anthropics:claude/slack-session-01MVWPvyum9Tfs4uZKSYNwb2 anthropics:ashwin/debug-agent-sdk anthropics:ashwin/timeoutfi anthropics:inigo/structured-outputs-clean anthropics:inigo/add-structured-outputs anthropics:inigo/structured-outputs anthropics:inigo/structured-outputs-v2 anthropics:claude/slack-session-01V5yvGzTYGjKuXyrkd816Q8 anthropics:claude/slack-session-01KNnXBDe14t4FYBFYj6x6kz anthropics:claude/update-docs-claude-code-action-011CUcQCrd4gH7XpanoeKXJg anthropics:ashwin/inlines anthropics:add-plugins-input anthropics:add-claude-github-actions-1761020053046 anthropics:add-claude-github-actions-1761019930984 anthropics:claude/update-readme-011CTvTGkPpgCdDtj57GaAAk anthropics:claude/aussie-readme-011CTv66HfGaaE3LMmFM9ZtN anthropics:claude/update-readme-011CTtgkeo2Hx7eheVcEwxb4 anthropics:claude/aussie-readme-update-011CTtgCkB57KfsJ1SUWUwaj anthropics:claude/minor-update-011CTrjPp29xM3Cnbz2FLdqy anthropics:ashwin/branch-template anthropics:demo/subtle-test-issues anthropics:demo/flawed-branch-tests-fix anthropics:demo/flawed-branch-tests anthropics:ashwin/allownonwritetest anthropics:ashwin/testghe anthropics:ashwin/testcommenttime anthropics:test-ci-tools-fix-3 anthropics:test-ci-tools-fix anthropics:eap anthropics:ashwin/testfix anthropics:ashwin/rmnpmrc anthropics:v1-dev anthropics:ashwin/envlog anthropics:km-anthropic-patch-1 anthropics:test-auto-fix-trigger anthropics:ashwin/verbosedebug anthropics:test-autofix-from-scratch anthropics:test-ci-failure anthropics:ashwin/inputtest anthropics:eaptest anthropics:test-gh-comment anthropics:ashwin/v1-devtest anthropics:test-no-approval anthropics:feat/ttyd-cloudflared-tunnel-integration anthropics:ashwin/claudestep anthropics:support-bot-user anthropics:ashwin/testid anthropics:km/add-mcp-to-agent anthropics:testenvvar anthropics:km/discriminated-unions-cleanup anthropics:ashwin/examples anthropics:claude/issue-313-20250719-1530 anthropics:ashwin/modelparam anthropics:ashwin/testnetwork anthropics:ashwin/branchfix anthropics:ashwin-ant-patch-3 anthropics:ashwin/stickytest anthropics:feat-add-label-trigger anthropics:ashwin/testdynamicfetch anthropics:ashwin/multiline anthropics:claude/issue-132-20250605_170450 anthropics:update-claude-code-base-action-v0.0.10-20250605-165057 anthropics:ashwin/promptfiletest anthropics:ashwin/debug anthropics:claude/issue-122-20250604_004902 anthropics:claude/issue-125-20250604_150607 anthropics:claude/issue-123-20250604_005116 anthropics:ashwin/triagefix anthropics:update-claude-code-base-action-v0.0.9-20250603-035419 anthropics:claude/issue-101-20250531_001023 anthropics:ashwin/commenttool anthropics:claude/issue-95-20250530_142727 anthropics:claude/issue-103-20250531_051637 anthropics:ashwin-ant-patch-2 anthropics:testbranch anthropics:ashwin-ant-patch-1 anthropics:ashwin/faq anthropics:ashwin/bump anthropics:claude/issue-62-20250527_192138 anthropics:ashwin/tools anthropics:enhance-text-sanitization anthropics:ashwin/erroroutput anthropics:update-claude-code-base-action-v0.0.7-20250529-000200 anthropics:ashwin/shabump anthropics:claude/issue-49-20250527_235943 anthropics:claude/issue-52-20250526_025103 anthropics:ashwin/triage anthropics:ashwin/dsstore anthropics:ashwin/bugtemplate anthropics:ashwin/pin anthropics:ashwin/errorlogging anthropics:fix-500-error-logging anthropics:fix-mcp-undefined-error anthropics:fix-local-action-reference anthropics:update-claude-workflow-v2 anthropics:add-claude-github-actions-1747972566174 anthropics:update-to-use-model-parameter anthropics:np-anthropic-patch-1 anthropics:lina/rename-anthropic-model-to-model anthropics:lina/html_comments_strip anthropics:lina/modify-action-name anthropics:lina/modify-base-action
anthropics:v1 anthropics:v1.0.33 anthropics:v1.0.32 anthropics:v1.0.31 anthropics:v1.0.30 anthropics:v1.0.29 anthropics:v1.0.28 anthropics:v1.0.27 anthropics:v1.0.26 anthropics:v1.0.25 anthropics:v1.0.24 anthropics:v1.0.23 anthropics:v1.0.22 anthropics:v1.0.21 anthropics:v1.0.20 anthropics:v1.0.19 anthropics:v1.0.18 anthropics:v1.0.17 anthropics:v1.0.16 anthropics:v1.0.15 anthropics:v1.0.14 anthropics:v1.0.13 anthropics:v1.0.12 anthropics:v1.0.11 anthropics:v1.0.10 anthropics:v1.0.9 anthropics:v1.0.8 anthropics:v1.0.7 anthropics:v1.0.6 anthropics:v1.0.5 anthropics:v1.0.4 anthropics:v1.0.3 anthropics:v1.0.2 anthropics:v1.0.1 anthropics:v1.0.0 anthropics:v0 anthropics:v0.0.63 anthropics:beta anthropics:v0.0.62 anthropics:v0.0.61 anthropics:v0.0.60 anthropics:v0.0.59 anthropics:v0.0.58 anthropics:v0.0.57 anthropics:v0.0.56 anthropics:v0.0.55 anthropics:v0.0.54 anthropics:v0.0.53 anthropics:v0.0.52 anthropics:v0.0.51 anthropics:v0.0.50 anthropics:v0.0.49 anthropics:v0.0.48 anthropics:v0.0.47 anthropics:v0.0.46 anthropics:v0.0.45 anthropics:v0.0.44 anthropics:v0.0.43 anthropics:v0.0.42 anthropics:v0.0.41 anthropics:v0.0.40 anthropics:v0.0.39 anthropics:v0.0.38 anthropics:v0.0.37 anthropics:v0.0.36 anthropics:v0.0.35 anthropics:v0.0.34 anthropics:v0.0.33 anthropics:v0.0.32 anthropics:v0.0.31 anthropics:v0.0.30 anthropics:v0.0.29 anthropics:v0.0.28 anthropics:v0.0.27 anthropics:v0.0.26 anthropics:v0.0.25 anthropics:v0.0.24 anthropics:v0.0.23 anthropics:v0.0.22 anthropics:v0.0.21 anthropics:v0.0.20 anthropics:v0.0.19 anthropics:v0.0.18 anthropics:v0.0.17 anthropics:v0.0.16 anthropics:v0.0.15 anthropics:v0.0.14 anthropics:v0.0.13 anthropics:v0.0.12 anthropics:v0.0.11 anthropics:v0.0.10 anthropics:v0.0.9 anthropics:v0.0.8 anthropics:v0.0.7 anthropics:v0.0.6 anthropics:v0.0.5 anthropics:v0.0.4 anthropics:v0.0.3 anthropics:v0.0.2 anthropics:v0.0.1

13 Commits
ashwin/inl ... ashwin/bra

Author SHA1 Message Date
Cole Davis
b12957001c Fall back to default on duplicate branch 2025-09-16 21:46:32 -04:00
Cole Davis
60112e2967 Still replace undefined values 2025-09-16 21:16:23 -04:00
Cole Davis
ddb3ef092b Merge createBranchTemplateVariables into generateBranchName 2025-09-16 21:05:17 -04:00
Cole Davis
35c0ca2406 Clean up comments, docstrings 2025-09-16 20:55:40 -04:00
Cole Davis
1a49e00b3e Add check for empty template-generated name 2025-09-16 20:50:52 -04:00
Cole Davis
e758a32de7 Only fetch first label 2025-09-16 20:33:16 -04:00
Cole Davis
6246ecdcb5 Remove more granular time template variables 2025-09-16 20:31:18 -04:00
Cole Davis
32e7aeee0e More concise description for branch_name_template 2025-09-16 20:26:12 -04:00
Cole Davis
40c2c1e7b4 Add description template variable 2025-09-15 14:22:56 -04:00
Cole Davis
9c4bc5dc35 Add label to template variables 2025-09-15 14:22:56 -04:00
Cole Davis
b5de2b9913 Use branch name template 2025-09-15 14:22:56 -04:00
Cole Davis
4991c0c947 Logging 2025-09-15 14:22:56 -04:00
Cole Davis
726d5808b5 Add branch-name-template config option 2025-09-15 14:22:56 -04:00
46 changed files with 528 additions and 1392 deletions
Expand all files Collapse all files

6
.github/workflows/ci.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
- uses: oven-sh/setup-bun@v2 - uses: oven-sh/setup-bun@v2
with: with:
@@ -24,7 +24,7 @@ jobs:
prettier: prettier:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
- uses: oven-sh/setup-bun@v1 - uses: oven-sh/setup-bun@v1
with: with:
@@ -39,7 +39,7 @@ jobs:
typecheck: typecheck:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
- uses: oven-sh/setup-bun@v2 - uses: oven-sh/setup-bun@v2
with: with:

2
.github/workflows/claude-review.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
id-token: write id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1

38
.github/workflows/claude-test.yml vendored Normal file
View File

@@ -0,0 +1,38 @@
# Test workflow for km-anthropic fork (v1-dev branch)
# This tests the fork implementation, not the main repo
name: Claude Code (Fork Test)
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened, assigned]
pull_request_review:
types: [submitted]
jobs:
claude:
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (
contains(github.event.issue.body, '@claude') ||
contains(github.event.issue.title, '@claude')
))
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
issues: write
id-token: write # Required for OIDC token exchange
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Claude Code
uses: km-anthropic/claude-code-action@v1-dev
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

2
.github/workflows/claude.yml vendored
View File

@@ -25,7 +25,7 @@ jobs:
id-token: write id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1

2
.github/workflows/issue-triage.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0

6
.github/workflows/release.yml vendored
View File

@@ -19,7 +19,7 @@ jobs:
next_version: ${{ steps.next_version.outputs.next_version }} next_version: ${{ steps.next_version.outputs.next_version }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -91,7 +91,7 @@ jobs:
contents: write contents: write
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -116,7 +116,7 @@ jobs:
environment: production environment: production
steps: steps:
- name: Checkout base-action repo - name: Checkout base-action repo
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
repository: anthropics/claude-code-base-action repository: anthropics/claude-code-base-action
token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }} token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}

4
.github/workflows/test-settings.yml vendored
View File

@@ -67,7 +67,7 @@ jobs:
uses: ./base-action uses: ./base-action
with: with:
prompt: | prompt: |
Run the command `echo $HOME` to check the home directory path Use Bash to echo "This should not work"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
settings: | settings: |
{ {
@@ -163,7 +163,7 @@ jobs:
uses: ./base-action uses: ./base-action
with: with:
prompt: | prompt: |
Run the command `echo $HOME` to check the home directory path Use Bash to echo "This should not work from file"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
settings: "test-settings.json" settings: "test-settings.json"

15
action.yml
View File

@@ -23,6 +23,10 @@ inputs:
description: "The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)" description: "The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)"
required: false required: false
default: "claude/" default: "claude/"
branch_name_template:
description: "Template for branch naming. Available variables: {{prefix}}, {{entityType}}, {{entityNumber}}, {{timestamp}}, {{sha}}, {{label}}, {{description}}. {{label}} will be first label from the issue/PR, or {{entityType}} as a fallback. {{description}} will be the first 3 words of the issue/PR title in kebab-case. Default: '{{prefix}}{{entityType}}-{{entityNumber}}-{{timestamp}}'"
required: false
default: ""
allowed_bots: allowed_bots:
description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots." description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots."
required: false required: false
@@ -101,10 +105,6 @@ inputs:
description: "Optional path to a custom Bun executable. If provided, skips automatic Bun installation and uses this executable instead. WARNING: Using an incompatible version may cause problems if the action requires specific Bun features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment." description: "Optional path to a custom Bun executable. If provided, skips automatic Bun installation and uses this executable instead. WARNING: Using an incompatible version may cause problems if the action requires specific Bun features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment."
required: false required: false
default: "" default: ""
plugins:
description: "Comma-separated list of Claude Code plugin names to install (e.g., 'plugin1,plugin2,plugin3')"
required: false
default: ""
outputs: outputs:
execution_file: execution_file:
@@ -154,6 +154,7 @@ runs:
LABEL_TRIGGER: ${{ inputs.label_trigger }} LABEL_TRIGGER: ${{ inputs.label_trigger }}
BASE_BRANCH: ${{ inputs.base_branch }} BASE_BRANCH: ${{ inputs.base_branch }}
BRANCH_PREFIX: ${{ inputs.branch_prefix }} BRANCH_PREFIX: ${{ inputs.branch_prefix }}
BRANCH_NAME_TEMPLATE: ${{ inputs.branch_name_template }}
OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }} OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
ALLOWED_BOTS: ${{ inputs.allowed_bots }} ALLOWED_BOTS: ${{ inputs.allowed_bots }}
ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }} ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }}
@@ -167,7 +168,6 @@ runs:
ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }} ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
CLAUDE_ARGS: ${{ inputs.claude_args }} CLAUDE_ARGS: ${{ inputs.claude_args }}
ALL_INPUTS: ${{ toJson(inputs) }} ALL_INPUTS: ${{ toJson(inputs) }}
PLUGINS: ${{ inputs.plugins }}
- name: Install Base Action Dependencies - name: Install Base Action Dependencies
if: steps.prepare.outputs.contains_trigger == 'true' if: steps.prepare.outputs.contains_trigger == 'true'
@@ -182,7 +182,7 @@ runs:
# Install Claude Code if no custom executable is provided # Install Claude Code if no custom executable is provided
if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
echo "Installing Claude Code..." echo "Installing Claude Code..."
curl -fsSL https://claude.ai/install.sh | bash -s 2.0.27 curl -fsSL https://claude.ai/install.sh | bash -s 1.0.113
echo "$HOME/.local/bin" >> "$GITHUB_PATH" echo "$HOME/.local/bin" >> "$GITHUB_PATH"
else else
echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}" echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
@@ -218,7 +218,6 @@ runs:
INPUT_ACTION_INPUTS_PRESENT: ${{ steps.prepare.outputs.action_inputs_present }} INPUT_ACTION_INPUTS_PRESENT: ${{ steps.prepare.outputs.action_inputs_present }}
INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }} INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
INPUT_PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }} INPUT_PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }}
INPUT_PLUGINS: ${{ inputs.plugins }}
# Model configuration # Model configuration
GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
@@ -265,7 +264,7 @@ runs:
GITHUB_EVENT_NAME: ${{ github.event_name }} GITHUB_EVENT_NAME: ${{ github.event_name }}
TRIGGER_COMMENT_ID: ${{ github.event.comment.id }} TRIGGER_COMMENT_ID: ${{ github.event.comment.id }}
CLAUDE_BRANCH: ${{ steps.prepare.outputs.CLAUDE_BRANCH }} CLAUDE_BRANCH: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_target' || github.event_name == 'pull_request_review_comment' }} IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_review_comment' }}
BASE_BRANCH: ${{ steps.prepare.outputs.BASE_BRANCH }} BASE_BRANCH: ${{ steps.prepare.outputs.BASE_BRANCH }}
CLAUDE_SUCCESS: ${{ steps.claude-code.outputs.conclusion == 'success' }} CLAUDE_SUCCESS: ${{ steps.claude-code.outputs.conclusion == 'success' }}
OUTPUT_FILE: ${{ steps.claude-code.outputs.execution_file || '' }} OUTPUT_FILE: ${{ steps.claude-code.outputs.execution_file || '' }}

2
base-action/README.md
View File

@@ -336,7 +336,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0

7
base-action/action.yml
View File

@@ -55,10 +55,6 @@ inputs:
description: "Optional path to a custom Bun executable. If provided, skips automatic Bun installation and uses this executable instead. WARNING: Using an incompatible version may cause problems if the action requires specific Bun features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment." description: "Optional path to a custom Bun executable. If provided, skips automatic Bun installation and uses this executable instead. WARNING: Using an incompatible version may cause problems if the action requires specific Bun features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment."
required: false required: false
default: "" default: ""
plugins:
description: "Comma-separated list of Claude Code plugin names to install (e.g., 'plugin1,plugin2,plugin3')"
required: false
default: ""
outputs: outputs:
conclusion: conclusion:
@@ -103,7 +99,7 @@ runs:
run: | run: |
if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
echo "Installing Claude Code..." echo "Installing Claude Code..."
curl -fsSL https://claude.ai/install.sh | bash -s 2.0.27 curl -fsSL https://claude.ai/install.sh | bash -s 1.0.113
else else
echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}" echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
# Add the directory containing the custom executable to PATH # Add the directory containing the custom executable to PATH
@@ -130,7 +126,6 @@ runs:
INPUT_CLAUDE_ARGS: ${{ inputs.claude_args }} INPUT_CLAUDE_ARGS: ${{ inputs.claude_args }}
INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }} INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
INPUT_PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }} INPUT_PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }}
INPUT_PLUGINS: ${{ inputs.plugins }}
# Provider configuration # Provider configuration
ANTHROPIC_API_KEY: ${{ inputs.anthropic_api_key }} ANTHROPIC_API_KEY: ${{ inputs.anthropic_api_key }}

2
base-action/examples/issue-triage.yml
View File

@@ -32,7 +32,7 @@ jobs:
"--rm", "--rm",
"-e", "-e",
"GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_PERSONAL_ACCESS_TOKEN",
"ghcr.io/github/github-mcp-server:sha-23fa0dd" "ghcr.io/github/github-mcp-server:sha-7aced2b"
], ],
"env": { "env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}" "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"

7
base-action/src/index.ts
View File

@@ -5,7 +5,6 @@ import { preparePrompt } from "./prepare-prompt";
import { runClaude } from "./run-claude"; import { runClaude } from "./run-claude";
import { setupClaudeCodeSettings } from "./setup-claude-code-settings"; import { setupClaudeCodeSettings } from "./setup-claude-code-settings";
import { validateEnvironmentVariables } from "./validate-env"; import { validateEnvironmentVariables } from "./validate-env";
import { installPlugins } from "./install-plugins";
async function run() { async function run() {
try { try {
@@ -16,12 +15,6 @@ async function run() {
undefined, // homeDir undefined, // homeDir
); );
// Install Claude Code plugins if specified
await installPlugins(
process.env.INPUT_PLUGINS,
process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE,
);
const promptConfig = await preparePrompt({ const promptConfig = await preparePrompt({
prompt: process.env.INPUT_PROMPT || "", prompt: process.env.INPUT_PROMPT || "",
promptFile: process.env.INPUT_PROMPT_FILE || "", promptFile: process.env.INPUT_PROMPT_FILE || "",

155
base-action/src/install-plugins.ts
View File

@@ -1,155 +0,0 @@
import { spawn, ChildProcess } from "child_process";
const PLUGIN_NAME_REGEX = /^[@a-zA-Z0-9_\-\/\.]+$/;
const MAX_PLUGIN_NAME_LENGTH = 512;
const CLAUDE_CODE_MARKETPLACE_URL =
"https://github.com/anthropics/claude-code.git";
const PATH_TRAVERSAL_REGEX =
/\.\.\/|\/\.\.|\.\/|\/\.|(?:^|\/)\.\.$|(?:^|\/)\.$|\.\.(?![0-9])/;
/**
* Validates a plugin name for security issues
* @param pluginName - The plugin name to validate
* @throws {Error} If the plugin name is invalid
*/
function validatePluginName(pluginName: string): void {
// Normalize Unicode to prevent homoglyph attacks (e.g., fullwidth dots, Unicode slashes)
const normalized = pluginName.normalize("NFC");
if (normalized.length > MAX_PLUGIN_NAME_LENGTH) {
throw new Error(`Plugin name too long: ${normalized.substring(0, 50)}...`);
}
if (!PLUGIN_NAME_REGEX.test(normalized)) {
throw new Error(`Invalid plugin name format: ${pluginName}`);
}
// Prevent path traversal attacks with single efficient regex check
if (PATH_TRAVERSAL_REGEX.test(normalized)) {
throw new Error(`Invalid plugin name format: ${pluginName}`);
}
}
/**
* Parse a comma-separated list of plugin names and return an array of trimmed, non-empty plugin names
* Validates plugin names to prevent command injection and path traversal attacks
* Allows: letters, numbers, @, -, _, /, . (common npm/scoped package characters)
* Disallows: path traversal (../, ./), shell metacharacters, and consecutive dots
*/
function parsePlugins(plugins?: string): string[] {
const trimmedPlugins = plugins?.trim();
if (!trimmedPlugins) {
return [];
}
// Split by comma and process each plugin
return trimmedPlugins
.split(",")
.map((p) => p.trim())
.filter((p) => {
if (p.length === 0) return false;
validatePluginName(p);
return true;
});
}
/**
* Executes a Claude Code CLI command with proper error handling
* @param claudeExecutable - Path to the Claude executable
* @param args - Command arguments to pass to the executable
* @param errorContext - Context string for error messages (e.g., "Failed to install plugin 'foo'")
* @returns Promise that resolves when the command completes successfully
* @throws {Error} If the command fails to execute
*/
async function executeClaudeCommand(
claudeExecutable: string,
args: string[],
errorContext: string,
): Promise<void> {
return new Promise((resolve, reject) => {
const childProcess: ChildProcess = spawn(claudeExecutable, args, {
stdio: "inherit",
});
childProcess.on("close", (code: number | null) => {
if (code === 0) {
resolve();
} else if (code === null) {
reject(new Error(`${errorContext}: process terminated by signal`));
} else {
reject(new Error(`${errorContext} (exit code: ${code})`));
}
});
childProcess.on("error", (err: Error) => {
reject(new Error(`${errorContext}: ${err.message}`));
});
});
}
/**
* Installs a single Claude Code plugin
*/
async function installPlugin(
pluginName: string,
claudeExecutable: string,
): Promise<void> {
return executeClaudeCommand(
claudeExecutable,
["plugin", "install", pluginName],
`Failed to install plugin '${pluginName}'`,
);
}
/**
* Adds the Claude Code marketplace
* @param claudeExecutable - Path to the Claude executable
* @returns Promise that resolves when the marketplace add command completes
* @throws {Error} If the command fails to execute
*/
async function addMarketplace(claudeExecutable: string): Promise<void> {
console.log("Adding Claude Code marketplace...");
return executeClaudeCommand(
claudeExecutable,
["plugin", "marketplace", "add", CLAUDE_CODE_MARKETPLACE_URL],
"Failed to add marketplace",
);
}
/**
* Installs Claude Code plugins from a comma-separated list
* @param pluginsInput - Comma-separated list of plugin names, or undefined/empty to skip installation
* @param claudeExecutable - Path to the Claude executable (defaults to "claude")
* @returns Promise that resolves when all plugins are installed
* @throws {Error} If any plugin fails validation or installation (stops on first error)
*/
export async function installPlugins(
pluginsInput: string | undefined,
claudeExecutable?: string,
): Promise<void> {
const plugins = parsePlugins(pluginsInput);
if (plugins.length === 0) {
console.log("No plugins to install");
return;
}
// Resolve executable path with explicit fallback
const resolvedExecutable = claudeExecutable || "claude";
// Add marketplace before installing plugins
await addMarketplace(resolvedExecutable);
console.log(`Installing ${plugins.length} plugin(s)...`);
for (const plugin of plugins) {
console.log(`Installing plugin: ${plugin}`);
await installPlugin(plugin, resolvedExecutable);
console.log(`✓ Successfully installed: ${plugin}`);
}
console.log("All plugins installed successfully");
}

449
base-action/test/install-plugins.test.ts
View File

@@ -1,449 +0,0 @@
#!/usr/bin/env bun
import { describe, test, expect, mock, spyOn, afterEach } from "bun:test";
import { installPlugins } from "../src/install-plugins";
import * as childProcess from "child_process";
describe("installPlugins", () => {
let spawnSpy: ReturnType<typeof spyOn> | undefined;
afterEach(() => {
// Restore original spawn after each test
if (spawnSpy) {
spawnSpy.mockRestore();
}
});
function createMockSpawn(
exitCode: number | null = 0,
shouldError: boolean = false,
) {
const mockProcess = {
on: mock((event: string, handler: Function) => {
if (event === "close" && !shouldError) {
// Simulate successful close
setTimeout(() => handler(exitCode), 0);
} else if (event === "error" && shouldError) {
// Simulate error
setTimeout(() => handler(new Error("spawn error")), 0);
}
return mockProcess;
}),
};
spawnSpy = spyOn(childProcess, "spawn").mockImplementation(
() => mockProcess as any,
);
return spawnSpy;
}
test("should not call spawn when no plugins are specified", async () => {
const spy = createMockSpawn();
await installPlugins("");
expect(spy).not.toHaveBeenCalled();
});
test("should not call spawn when plugins is undefined", async () => {
const spy = createMockSpawn();
await installPlugins(undefined);
expect(spy).not.toHaveBeenCalled();
});
test("should not call spawn when plugins is only whitespace", async () => {
const spy = createMockSpawn();
await installPlugins(" ");
expect(spy).not.toHaveBeenCalled();
});
test("should install a single plugin with default executable", async () => {
const spy = createMockSpawn();
await installPlugins("test-plugin");
expect(spy).toHaveBeenCalledTimes(2);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
// Second call: install plugin
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "install", "test-plugin"],
{ stdio: "inherit" },
);
});
test("should install multiple plugins sequentially", async () => {
const spy = createMockSpawn();
await installPlugins("plugin1,plugin2,plugin3");
expect(spy).toHaveBeenCalledTimes(4);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
// Subsequent calls: install plugins
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "install", "plugin1"],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
3,
"claude",
["plugin", "install", "plugin2"],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
4,
"claude",
["plugin", "install", "plugin3"],
{ stdio: "inherit" },
);
});
test("should use custom claude executable path when provided", async () => {
const spy = createMockSpawn();
await installPlugins("test-plugin", "/custom/path/to/claude");
expect(spy).toHaveBeenCalledTimes(2);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"/custom/path/to/claude",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
// Second call: install plugin
expect(spy).toHaveBeenNthCalledWith(
2,
"/custom/path/to/claude",
["plugin", "install", "test-plugin"],
{ stdio: "inherit" },
);
});
test("should trim whitespace from plugin names before installation", async () => {
const spy = createMockSpawn();
await installPlugins(" plugin1 , plugin2 ");
expect(spy).toHaveBeenCalledTimes(3);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "install", "plugin1"],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
3,
"claude",
["plugin", "install", "plugin2"],
{ stdio: "inherit" },
);
});
test("should skip empty entries in plugin list", async () => {
const spy = createMockSpawn();
await installPlugins("plugin1,,plugin2");
expect(spy).toHaveBeenCalledTimes(3);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "install", "plugin1"],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
3,
"claude",
["plugin", "install", "plugin2"],
{ stdio: "inherit" },
);
});
test("should handle plugin installation error and throw", async () => {
createMockSpawn(1, false); // Exit code 1
await expect(installPlugins("failing-plugin")).rejects.toThrow(
"Failed to add marketplace (exit code: 1)",
);
});
test("should handle null exit code (process terminated by signal)", async () => {
createMockSpawn(null, false); // Exit code null (terminated by signal)
await expect(installPlugins("terminated-plugin")).rejects.toThrow(
"Failed to add marketplace: process terminated by signal",
);
});
test("should stop installation on first error", async () => {
const spy = createMockSpawn(1, false); // Exit code 1
await expect(installPlugins("plugin1,plugin2,plugin3")).rejects.toThrow(
"Failed to add marketplace (exit code: 1)",
);
// Should only try to add marketplace before failing
expect(spy).toHaveBeenCalledTimes(1);
});
test("should handle plugins with special characters in names", async () => {
const spy = createMockSpawn();
await installPlugins("org/plugin-name,@scope/plugin");
expect(spy).toHaveBeenCalledTimes(3);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "install", "org/plugin-name"],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
3,
"claude",
["plugin", "install", "@scope/plugin"],
{ stdio: "inherit" },
);
});
test("should handle spawn errors", async () => {
createMockSpawn(0, true); // Trigger error event
await expect(installPlugins("test-plugin")).rejects.toThrow(
"Failed to add marketplace: spawn error",
);
});
test("should install plugins with custom executable and multiple plugins", async () => {
const spy = createMockSpawn();
await installPlugins("plugin-a,plugin-b", "/usr/local/bin/claude-custom");
expect(spy).toHaveBeenCalledTimes(3);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"/usr/local/bin/claude-custom",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
2,
"/usr/local/bin/claude-custom",
["plugin", "install", "plugin-a"],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
3,
"/usr/local/bin/claude-custom",
["plugin", "install", "plugin-b"],
{ stdio: "inherit" },
);
});
test("should reject plugin names with command injection attempts", async () => {
const spy = createMockSpawn();
// Should throw due to invalid characters (semicolon and spaces)
await expect(installPlugins("plugin-name; rm -rf /")).rejects.toThrow(
"Invalid plugin name format",
);
// Mock should never be called because validation fails first
expect(spy).not.toHaveBeenCalled();
});
test("should reject plugin names with path traversal using ../", async () => {
const spy = createMockSpawn();
await expect(installPlugins("../../../malicious-plugin")).rejects.toThrow(
"Invalid plugin name format",
);
expect(spy).not.toHaveBeenCalled();
});
test("should reject plugin names with path traversal using ./", async () => {
const spy = createMockSpawn();
await expect(installPlugins("./../../@scope/package")).rejects.toThrow(
"Invalid plugin name format",
);
expect(spy).not.toHaveBeenCalled();
});
test("should reject plugin names with consecutive dots", async () => {
const spy = createMockSpawn();
await expect(installPlugins(".../.../package")).rejects.toThrow(
"Invalid plugin name format",
);
expect(spy).not.toHaveBeenCalled();
});
test("should reject plugin names with hidden path traversal", async () => {
const spy = createMockSpawn();
await expect(installPlugins("package/../other")).rejects.toThrow(
"Invalid plugin name format",
);
expect(spy).not.toHaveBeenCalled();
});
test("should accept plugin names with single dots in version numbers", async () => {
const spy = createMockSpawn();
await installPlugins("plugin-v1.0.2");
expect(spy).toHaveBeenCalledTimes(2);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "install", "plugin-v1.0.2"],
{ stdio: "inherit" },
);
});
test("should accept plugin names with multiple dots in semantic versions", async () => {
const spy = createMockSpawn();
await installPlugins("@scope/plugin-v1.0.0-beta.1");
expect(spy).toHaveBeenCalledTimes(2);
// First call: add marketplace
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
[
"plugin",
"marketplace",
"add",
"https://github.com/anthropics/claude-code.git",
],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "install", "@scope/plugin-v1.0.0-beta.1"],
{ stdio: "inherit" },
);
});
test("should reject Unicode homoglyph path traversal attempts", async () => {
const spy = createMockSpawn();
// Using fullwidth dots (U+FF0E) and fullwidth solidus (U+FF0F)
await expect(installPlugins("malicious")).rejects.toThrow(
"Invalid plugin name format",
);
expect(spy).not.toHaveBeenCalled();
});
test("should reject path traversal at end of path", async () => {
const spy = createMockSpawn();
await expect(installPlugins("package/..")).rejects.toThrow(
"Invalid plugin name format",
);
expect(spy).not.toHaveBeenCalled();
});
test("should reject single dot directory reference", async () => {
const spy = createMockSpawn();
await expect(installPlugins("package/.")).rejects.toThrow(
"Invalid plugin name format",
);
expect(spy).not.toHaveBeenCalled();
});
test("should reject path traversal in middle of path", async () => {
const spy = createMockSpawn();
await expect(installPlugins("package/../other")).rejects.toThrow(
"Invalid plugin name format",
);
expect(spy).not.toHaveBeenCalled();
});
});

2
docs/custom-automations.md
View File

@@ -15,7 +15,7 @@ The action automatically detects which mode to use based on your configuration:
This action supports the following GitHub events ([learn more GitHub event triggers](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows)): This action supports the following GitHub events ([learn more GitHub event triggers](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows)):
- `pull_request` or `pull_request_target` - When PRs are opened or synchronized - `pull_request` - When PRs are opened or synchronized
- `issue_comment` - When comments are created on issues or PRs - `issue_comment` - When comments are created on issues or PRs
- `pull_request_comment` - When comments are made on PR diffs - `pull_request_comment` - When comments are made on PR diffs
- `issues` - When issues are opened or assigned - `issues` - When issues are opened or assigned

2
docs/faq.md
View File

@@ -127,7 +127,7 @@ For performance, Claude uses shallow clones:
If you need full history, you can configure this in your workflow before calling Claude in the `actions/checkout` step. If you need full history, you can configure this in your workflow before calling Claude in the `actions/checkout` step.
``` ```
- uses: actions/checkout@v5 - uses: actions/checkout@v4
depth: 0 # will fetch full repo history depth: 0 # will fetch full repo history
``` ```

23
docs/security.md
View File

@@ -13,28 +13,13 @@
- **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered - **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
- **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions - **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions
## ⚠️ Prompt Injection Risks
**Beware of potential hidden markdown when tagging Claude on untrusted content.** External contributors may include hidden instructions through HTML comments, invisible characters, hidden attributes, or other techniques. The action sanitizes content by stripping HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities, but new bypass techniques may emerge. We recommend reviewing the raw content of all input coming from external contributors before allowing Claude to process it.
## GitHub App Permissions ## GitHub App Permissions
The [Claude Code GitHub app](https://github.com/apps/claude) requests the following permissions: The [Claude Code GitHub app](https://github.com/apps/claude) requires these permissions:
### Currently Used Permissions - **Pull Requests**: Read and write to create PRs and push changes
- **Issues**: Read and write to respond to issues
- **Contents** (Read & Write): For reading repository files and creating branches - **Contents**: Read and write to modify repository files
- **Pull Requests** (Read & Write): For reading PR data and creating/updating pull requests
- **Issues** (Read & Write): For reading issue data and updating issue comments
### Permissions for Future Features
The following permissions are requested but not yet actively used. These will enable planned features in future releases:
- **Discussions** (Read & Write): For interaction with GitHub Discussions
- **Actions** (Read): For accessing workflow run data and logs
- **Checks** (Read): For reading check run results
- **Workflows** (Read & Write): For triggering and managing GitHub Actions workflows
## Commit Signing ## Commit Signing

16
docs/solutions.md
View File

@@ -35,7 +35,7 @@ jobs:
pull-requests: write pull-requests: write
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1
@@ -89,7 +89,7 @@ jobs:
pull-requests: write pull-requests: write
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1
@@ -153,7 +153,7 @@ jobs:
pull-requests: write pull-requests: write
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1
@@ -211,7 +211,7 @@ jobs:
pull-requests: write pull-requests: write
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1
@@ -268,7 +268,7 @@ jobs:
pull-requests: write pull-requests: write
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1
@@ -344,7 +344,7 @@ jobs:
pull-requests: write pull-requests: write
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -456,7 +456,7 @@ jobs:
pull-requests: write pull-requests: write
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
with: with:
ref: ${{ github.event.pull_request.head.ref }} ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0 fetch-depth: 0
@@ -513,7 +513,7 @@ jobs:
security-events: write security-events: write
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1

58
docs/usage.md
View File

@@ -32,9 +32,6 @@ jobs:
# --max-turns 10 # --max-turns 10
# --model claude-4-0-sonnet-20250805 # --model claude-4-0-sonnet-20250805
# Optional: install Claude Code plugins
# plugins: "plugin1,plugin2,plugin3"
# Optional: add custom trigger phrase (default: @claude) # Optional: add custom trigger phrase (default: @claude)
# trigger_phrase: "/claude" # trigger_phrase: "/claude"
# Optional: add assignee trigger for issues # Optional: add assignee trigger for issues
@@ -50,33 +47,33 @@ jobs:
## Inputs ## Inputs
| Input | Description | Required | Default | | Input | Description | Required | Default |
| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------- | | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------------- |
| `anthropic_api_key` | Anthropic API key (required for direct API, not needed for Bedrock/Vertex) | No\* | - | | `anthropic_api_key` | Anthropic API key (required for direct API, not needed for Bedrock/Vertex) | No\* | - |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No\* | - | | `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No\* | - |
| `prompt` | Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - | | `prompt` | Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - |
| `track_progress` | Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No | `false` | | `track_progress` | Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No | `false` |
| `claude_args` | Additional [arguments to pass directly to Claude CLI](https://docs.claude.com/en/docs/claude-code/cli-reference#cli-flags) (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" | | `claude_args` | Additional arguments to pass directly to Claude CLI (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" |
| `base_branch` | The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - | | `base_branch` | The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - |
| `use_sticky_comment` | Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No | `false` | | `use_sticky_comment` | Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No | `false` |
| `github_token` | GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!** | No | - | | `github_token` | GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!** | No | - |
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | `false` | | `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | `false` |
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | `false` | | `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | `false` |
| `assignee_trigger` | The assignee username that triggers the action (e.g. @claude). Only used for issue assignment | No | - | | `mcp_config` | Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers | No | "" |
| `label_trigger` | The label name that triggers the action when applied to an issue (e.g. "claude") | No | - | | `assignee_trigger` | The assignee username that triggers the action (e.g. @claude). Only used for issue assignment | No | - |
| `trigger_phrase` | The trigger phrase to look for in comments, issue/PR bodies, and issue titles | No | `@claude` | | `label_trigger` | The label name that triggers the action when applied to an issue (e.g. "claude") | No | - |
| `branch_prefix` | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No | `claude/` | | `trigger_phrase` | The trigger phrase to look for in comments, issue/PR bodies, and issue titles | No | `@claude` |
| `settings` | Claude Code settings as JSON string or path to settings JSON file | No | "" | | `branch_prefix` | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No | `claude/` |
| `additional_permissions` | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" | | `settings` | Claude Code settings as JSON string or path to settings JSON file | No | "" |
| `experimental_allowed_domains` | Restrict network access to these domains only (newline-separated). | No | "" | | `additional_permissions` | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" |
| `use_commit_signing` | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No | `false` | | `experimental_allowed_domains` | Restrict network access to these domains only (newline-separated). | No | "" |
| `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID) | No | `41898282` | | `use_commit_signing` | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No | `false` |
| `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name) | No | `claude[bot]` | | `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID) | No | `41898282` |
| `allowed_bots` | Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots | No | "" | | `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name) | No | `claude[bot]` |
| `allowed_non_write_users` | **⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md) | No | "" | | `allowed_bots` | Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots | No | "" |
| `path_to_claude_code_executable` | Optional path to a custom Claude Code executable. Skips automatic installation. Useful for Nix, custom containers, or specialized environments | No | "" | | `allowed_non_write_users` | **⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md) | No | "" |
| `path_to_bun_executable` | Optional path to a custom Bun executable. Skips automatic Bun installation. Useful for Nix, custom containers, or specialized environments | No | "" | | `path_to_claude_code_executable` | Optional path to a custom Claude Code executable. Skips automatic installation. Useful for Nix, custom containers, or specialized environments | No | "" |
| `plugins` | Comma-separated list of Claude Code plugin names to install (e.g., `plugin1,plugin2,plugin3`). Plugins are installed before Claude Code execution | No | "" | | `path_to_bun_executable` | Optional path to a custom Bun executable. Skips automatic Bun installation. Useful for Nix, custom containers, or specialized environments | No | "" |
### Deprecated Inputs ### Deprecated Inputs
@@ -93,7 +90,6 @@ These inputs are deprecated and will be removed in a future version:
| `fallback_model` | **DEPRECATED**: Use `claude_args` with fallback configuration | Configure fallback in `claude_args` or `settings` | | `fallback_model` | **DEPRECATED**: Use `claude_args` with fallback configuration | Configure fallback in `claude_args` or `settings` |
| `allowed_tools` | **DEPRECATED**: Use `claude_args` with `--allowedTools` instead | Use `claude_args: "--allowedTools Edit,Read,Write"` | | `allowed_tools` | **DEPRECATED**: Use `claude_args` with `--allowedTools` instead | Use `claude_args: "--allowedTools Edit,Read,Write"` |
| `disallowed_tools` | **DEPRECATED**: Use `claude_args` with `--disallowedTools` instead | Use `claude_args: "--disallowedTools WebSearch"` | | `disallowed_tools` | **DEPRECATED**: Use `claude_args` with `--disallowedTools` instead | Use `claude_args: "--disallowedTools WebSearch"` |
| `mcp_config` | **DEPRECATED**: Use `claude_args` with `--mcp-config` instead | Use `claude_args: "--mcp-config '{...}'"` |
| `claude_env` | **DEPRECATED**: Use `settings` with env configuration | Configure environment in `settings` JSON | | `claude_env` | **DEPRECATED**: Use `settings` with env configuration | Configure environment in `settings` JSON |
\*Required when using direct Anthropic API (default and when not using Bedrock or Vertex) \*Required when using direct Anthropic API (default and when not using Bedrock or Vertex)

2
examples/ci-failure-auto-fix.yml
View File

@@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
ref: ${{ github.event.workflow_run.head_branch }} ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0 fetch-depth: 0

2
examples/claude.yml
View File

@@ -26,7 +26,7 @@ jobs:
actions: read # Required for Claude to read CI results on PRs actions: read # Required for Claude to read CI results on PRs
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1

2
examples/issue-deduplication.yml
View File

@@ -15,7 +15,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1

2
examples/issue-triage.yml
View File

@@ -14,7 +14,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0

2
examples/manual-code-analysis.yml
View File

@@ -23,7 +23,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 2 # Need at least 2 commits to analyze the latest fetch-depth: 2 # Need at least 2 commits to analyze the latest

2
examples/pr-review-comprehensive.yml
View File

@@ -16,7 +16,7 @@ jobs:
id-token: write id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1

2
examples/pr-review-filtered-authors.yml
View File

@@ -18,7 +18,7 @@ jobs:
id-token: write id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1

2
examples/pr-review-filtered-paths.yml
View File

@@ -19,7 +19,7 @@ jobs:
id-token: write id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v5 uses: actions/checkout@v4
with: with:
fetch-depth: 1 fetch-depth: 1

5
src/create-prompt/index.ts
View File

@@ -384,7 +384,6 @@ export function getEventTypeAndContext(envVars: PreparedContext): {
}; };
case "pull_request": case "pull_request":
case "pull_request_target":
return { return {
eventType: "PULL_REQUEST", eventType: "PULL_REQUEST",
triggerContext: eventData.eventAction triggerContext: eventData.eventAction
@@ -684,7 +683,7 @@ ${
- Display the todo list as a checklist in the GitHub comment and mark things off as you go. - Display the todo list as a checklist in the GitHub comment and mark things off as you go.
- REPOSITORY SETUP INSTRUCTIONS: The repository's CLAUDE.md file(s) contain critical repo-specific setup instructions, development guidelines, and preferences. Always read and follow these files, particularly the root CLAUDE.md, as they provide essential context for working with the codebase effectively. - REPOSITORY SETUP INSTRUCTIONS: The repository's CLAUDE.md file(s) contain critical repo-specific setup instructions, development guidelines, and preferences. Always read and follow these files, particularly the root CLAUDE.md, as they provide essential context for working with the codebase effectively.
- Use h3 headers (###) for section titles in your comments, not h1 headers (#). - Use h3 headers (###) for section titles in your comments, not h1 headers (#).
- Your comment must always include the job run link in the format "[View job run](${GITHUB_SERVER_URL}/${context.repository}/actions/runs/${process.env.GITHUB_RUN_ID})" at the bottom of your response (branch link if there is one should also be included there). - Your comment must always include the job run link (and branch link if there is one) at the bottom.
CAPABILITIES AND LIMITATIONS: CAPABILITIES AND LIMITATIONS:
When users ask you to do something, be aware of what you can and cannot do. This section helps you understand how to respond when users request actions outside your scope. When users ask you to do something, be aware of what you can and cannot do. This section helps you understand how to respond when users request actions outside your scope.
@@ -709,7 +708,7 @@ What You CANNOT Do:
- Modify files in the .github/workflows directory (GitHub App permissions do not allow workflow modifications) - Modify files in the .github/workflows directory (GitHub App permissions do not allow workflow modifications)
When users ask you to perform actions you cannot do, politely explain the limitation and, when applicable, direct them to the FAQ for more information and workarounds: When users ask you to perform actions you cannot do, politely explain the limitation and, when applicable, direct them to the FAQ for more information and workarounds:
"I'm unable to [specific action] due to [reason]. You can find more information and potential workarounds in the [FAQ](https://github.com/anthropics/claude-code-action/blob/main/docs/faq.md)." "I'm unable to [specific action] due to [reason]. You can find more information and potential workarounds in the [FAQ](https://github.com/anthropics/claude-code-action/blob/main/FAQ.md)."
If a user asks for something outside these capabilities (and you have no other tools provided), politely explain that you cannot perform that action and suggest an alternative approach if possible. If a user asks for something outside these capabilities (and you have no other tools provided), politely explain that you cannot perform that action and suggest an alternative approach if possible.

14
src/create-prompt/types.ts
View File

@@ -78,7 +78,8 @@ type IssueLabeledEvent = {
labelTrigger: string; labelTrigger: string;
}; };
type PullRequestBaseEvent = { type PullRequestEvent = {
eventName: "pull_request";
eventAction?: string; // opened, synchronize, etc. eventAction?: string; // opened, synchronize, etc.
isPR: true; isPR: true;
prNumber: string; prNumber: string;
@@ -86,14 +87,6 @@ type PullRequestBaseEvent = {
baseBranch?: string; baseBranch?: string;
}; };
type PullRequestEvent = PullRequestBaseEvent & {
eventName: "pull_request";
};
type PullRequestTargetEvent = PullRequestBaseEvent & {
eventName: "pull_request_target";
};
// Union type for all possible event types // Union type for all possible event types
export type EventData = export type EventData =
| PullRequestReviewCommentEvent | PullRequestReviewCommentEvent
@@ -103,8 +96,7 @@ export type EventData =
| IssueOpenedEvent | IssueOpenedEvent
| IssueAssignedEvent | IssueAssignedEvent
| IssueLabeledEvent | IssueLabeledEvent
| PullRequestEvent | PullRequestEvent;
| PullRequestTargetEvent;
// Combined type with separate eventData field // Combined type with separate eventData field
export type PreparedContext = CommonFields & { export type PreparedContext = CommonFields & {

10
src/github/api/queries/github.ts
View File

@@ -16,6 +16,11 @@ export const PR_QUERY = `
additions additions
deletions deletions
state state
labels(first: 1) {
nodes {
name
}
}
commits(first: 100) { commits(first: 100) {
totalCount totalCount
nodes { nodes {
@@ -97,6 +102,11 @@ export const ISSUE_QUERY = `
} }
createdAt createdAt
state state
labels(first: 1) {
nodes {
name
}
}
comments(first: 100) { comments(first: 100) {
nodes { nodes {
id id

10
src/github/context.ts
View File

@@ -88,6 +88,7 @@ type BaseContext = {
labelTrigger: string; labelTrigger: string;
baseBranch?: string; baseBranch?: string;
branchPrefix: string; branchPrefix: string;
branchNameTemplate?: string;
useStickyComment: boolean; useStickyComment: boolean;
useCommitSigning: boolean; useCommitSigning: boolean;
botId: string; botId: string;
@@ -95,7 +96,6 @@ type BaseContext = {
allowedBots: string; allowedBots: string;
allowedNonWriteUsers: string; allowedNonWriteUsers: string;
trackProgress: boolean; trackProgress: boolean;
plugins: string[];
}; };
}; };
@@ -144,6 +144,7 @@ export function parseGitHubContext(): GitHubContext {
labelTrigger: process.env.LABEL_TRIGGER ?? "", labelTrigger: process.env.LABEL_TRIGGER ?? "",
baseBranch: process.env.BASE_BRANCH, baseBranch: process.env.BASE_BRANCH,
branchPrefix: process.env.BRANCH_PREFIX ?? "claude/", branchPrefix: process.env.BRANCH_PREFIX ?? "claude/",
branchNameTemplate: process.env.BRANCH_NAME_TEMPLATE,
useStickyComment: process.env.USE_STICKY_COMMENT === "true", useStickyComment: process.env.USE_STICKY_COMMENT === "true",
useCommitSigning: process.env.USE_COMMIT_SIGNING === "true", useCommitSigning: process.env.USE_COMMIT_SIGNING === "true",
botId: process.env.BOT_ID ?? String(CLAUDE_APP_BOT_ID), botId: process.env.BOT_ID ?? String(CLAUDE_APP_BOT_ID),
@@ -151,10 +152,6 @@ export function parseGitHubContext(): GitHubContext {
allowedBots: process.env.ALLOWED_BOTS ?? "", allowedBots: process.env.ALLOWED_BOTS ?? "",
allowedNonWriteUsers: process.env.ALLOWED_NON_WRITE_USERS ?? "", allowedNonWriteUsers: process.env.ALLOWED_NON_WRITE_USERS ?? "",
trackProgress: process.env.TRACK_PROGRESS === "true", trackProgress: process.env.TRACK_PROGRESS === "true",
plugins: (process.env.PLUGINS || "")
.split(",")
.map((p) => p.trim())
.filter((p) => p.length > 0),
}, },
}; };
@@ -179,8 +176,7 @@ export function parseGitHubContext(): GitHubContext {
isPR: Boolean(payload.issue.pull_request), isPR: Boolean(payload.issue.pull_request),
}; };
} }
case "pull_request": case "pull_request": {
case "pull_request_target": {
const payload = context.payload as PullRequestEvent; const payload = context.payload as PullRequestEvent;
return { return {
...commonFields, ...commonFields,

66
src/github/operations/branch.ts
View File

@@ -12,6 +12,15 @@ import type { ParsedGitHubContext } from "../context";
import type { GitHubPullRequest } from "../types"; import type { GitHubPullRequest } from "../types";
import type { Octokits } from "../api/client"; import type { Octokits } from "../api/client";
import type { FetchDataResult } from "../data/fetcher"; import type { FetchDataResult } from "../data/fetcher";
import { generateBranchName } from "../../utils/branch-template";
/**
* Extracts the first label from GitHub data, or returns undefined if no labels exist
*/
function extractFirstLabel(githubData: FetchDataResult): string | undefined {
const labels = githubData.contextData.labels?.nodes;
return labels && labels.length > 0 ? labels[0]?.name : undefined;
}
export type BranchInfo = { export type BranchInfo = {
baseBranch: string; baseBranch: string;
@@ -26,7 +35,7 @@ export async function setupBranch(
): Promise<BranchInfo> { ): Promise<BranchInfo> {
const { owner, repo } = context.repository; const { owner, repo } = context.repository;
const entityNumber = context.entityNumber; const entityNumber = context.entityNumber;
const { baseBranch, branchPrefix } = context.inputs; const { baseBranch, branchPrefix, branchNameTemplate } = context.inputs;
const isPR = context.isPR; const isPR = context.isPR;
if (isPR) { if (isPR) {
@@ -87,17 +96,8 @@ export async function setupBranch(
// Generate branch name for either an issue or closed/merged PR // Generate branch name for either an issue or closed/merged PR
const entityType = isPR ? "pr" : "issue"; const entityType = isPR ? "pr" : "issue";
// Create Kubernetes-compatible timestamp: lowercase, hyphens only, shorter format // Get the SHA of the source branch to use in template
const now = new Date(); let sourceSHA: string | undefined;
const timestamp = `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}-${String(now.getHours()).padStart(2, "0")}${String(now.getMinutes()).padStart(2, "0")}`;
// Ensure branch name is Kubernetes-compatible:
// - Lowercase only
// - Alphanumeric with hyphens
// - No underscores
// - Max 50 chars (to allow for prefixes)
const branchName = `${branchPrefix}${entityType}-${entityNumber}-${timestamp}`;
const newBranch = branchName.toLowerCase().substring(0, 50);
try { try {
// Get the SHA of the source branch to verify it exists // Get the SHA of the source branch to verify it exists
@@ -107,8 +107,46 @@ export async function setupBranch(
ref: `heads/${sourceBranch}`, ref: `heads/${sourceBranch}`,
}); });
const currentSHA = sourceBranchRef.data.object.sha; sourceSHA = sourceBranchRef.data.object.sha;
console.log(`Source branch SHA: ${currentSHA}`); console.log(`Source branch SHA: ${sourceSHA}`);
// Extract first label from GitHub data
const firstLabel = extractFirstLabel(githubData);
// Extract title from GitHub data
const title = githubData.contextData.title;
// Generate branch name using template or default format
let newBranch = generateBranchName(
branchNameTemplate,
branchPrefix,
entityType,
entityNumber,
sourceSHA,
firstLabel,
title,
);
// Check if generated branch already exists on remote
try {
await $`git ls-remote --exit-code origin refs/heads/${newBranch}`.quiet();
// If we get here, branch exists (exit code 0)
console.log(
`Branch '${newBranch}' already exists, falling back to default format`,
);
newBranch = generateBranchName(
undefined, // Force default template
branchPrefix,
entityType,
entityNumber,
sourceSHA,
firstLabel,
title,
);
} catch {
// Branch doesn't exist (non-zero exit code), continue with generated name
}
// For commit signing, defer branch creation to the file ops server // For commit signing, defer branch creation to the file ops server
if (context.inputs.useCommitSigning) { if (context.inputs.useCommitSigning) {

10
src/github/types.ts
View File

@@ -61,6 +61,11 @@ export type GitHubPullRequest = {
additions: number; additions: number;
deletions: number; deletions: number;
state: string; state: string;
labels: {
nodes: Array<{
name: string;
}>;
};
commits: { commits: {
totalCount: number; totalCount: number;
nodes: Array<{ nodes: Array<{
@@ -84,6 +89,11 @@ export type GitHubIssue = {
author: GitHubAuthor; author: GitHubAuthor;
createdAt: string; createdAt: string;
state: string; state: string;
labels: {
nodes: Array<{
name: string;
}>;
};
comments: { comments: {
nodes: GitHubComment[]; nodes: GitHubComment[];
}; };

10
src/mcp/install-mcp-server.ts
View File

@@ -134,17 +134,11 @@ export async function prepareMcpConfig(
}; };
} }
// Check if code-review plugin is in the plugins list
const hasCodeReviewPlugin = context.inputs.plugins.includes(
"code-review@claude-code-plugins",
);
// Include inline comment server for PRs when requested via allowed tools // Include inline comment server for PRs when requested via allowed tools
// or when code-review plugin is specified (needs inline comment access for reviews)
if ( if (
isEntityContext(context) && isEntityContext(context) &&
context.isPR && context.isPR &&
(hasGitHubMcpTools || hasInlineCommentTools || hasCodeReviewPlugin) (hasGitHubMcpTools || hasInlineCommentTools)
) { ) {
baseMcpConfig.mcpServers.github_inline_comment = { baseMcpConfig.mcpServers.github_inline_comment = {
command: "bun", command: "bun",
@@ -215,7 +209,7 @@ export async function prepareMcpConfig(
"GITHUB_PERSONAL_ACCESS_TOKEN", "GITHUB_PERSONAL_ACCESS_TOKEN",
"-e", "-e",
"GITHUB_HOST", "GITHUB_HOST",
"ghcr.io/github/github-mcp-server:sha-23fa0dd", // https://github.com/github/github-mcp-server/releases/tag/v0.17.1 "ghcr.io/github/github-mcp-server:sha-efef8ae", // https://github.com/github/github-mcp-server/releases/tag/v0.9.0
], ],
env: { env: {
GITHUB_PERSONAL_ACCESS_TOKEN: githubToken, GITHUB_PERSONAL_ACCESS_TOKEN: githubToken,

8
src/modes/agent/index.ts
View File

@@ -114,14 +114,6 @@ export const agentMode: Mode = {
const userClaudeArgs = process.env.CLAUDE_ARGS || ""; const userClaudeArgs = process.env.CLAUDE_ARGS || "";
const allowedTools = parseAllowedTools(userClaudeArgs); const allowedTools = parseAllowedTools(userClaudeArgs);
// Add inline comment tool if code-review plugin is present
const hasCodeReviewPlugin = context.inputs.plugins.includes(
"code-review@claude-code-plugins",
);
if (hasCodeReviewPlugin && isEntityContext(context) && context.isPR) {
allowedTools.push("mcp__github_inline_comment__create_inline_comment");
}
// Check for branch info from environment variables (useful for auto-fix workflows) // Check for branch info from environment variables (useful for auto-fix workflows)
const claudeBranch = process.env.CLAUDE_BRANCH || undefined; const claudeBranch = process.env.CLAUDE_BRANCH || undefined;
const baseBranch = const baseBranch =

8
src/modes/agent/parse-tools.ts
View File

@@ -1,10 +1,10 @@
export function parseAllowedTools(claudeArgs: string): string[] { export function parseAllowedTools(claudeArgs: string): string[] {
// Match --allowedTools or --allowed-tools followed by the value // Match --allowedTools followed by the value
// Handle both quoted and unquoted values // Handle both quoted and unquoted values
const patterns = [ const patterns = [
/--(?:allowedTools|allowed-tools)\s+"([^"]+)"/, // Double quoted /--allowedTools\s+"([^"]+)"/, // Double quoted
/--(?:allowedTools|allowed-tools)\s+'([^']+)'/, // Single quoted /--allowedTools\s+'([^']+)'/, // Single quoted
/--(?:allowedTools|allowed-tools)\s+([^\s]+)/, // Unquoted /--allowedTools\s+([^\s]+)/, // Unquoted
]; ];
for (const pattern of patterns) { for (const pattern of patterns) {

94
src/utils/branch-template.ts Normal file
View File

@@ -0,0 +1,94 @@
#!/usr/bin/env bun
/**
* Branch name template parsing and variable substitution utilities
*/
/**
* Extracts the first three words from a title and converts them to kebab-case
*/
function extractDescription(title: string): string {
if (!title || title.trim() === "") {
return "";
}
return title
.trim() // Remove leading/trailing whitespace
.split(/\s+/) // Split on whitespace
.slice(0, 3) // Take first 3 words
.join("-") // Join with hyphens
.toLowerCase() // Convert to lowercase
.replace(/[^a-z0-9-]/g, "") // Remove non-alphanumeric except hyphens
.replace(/-+/g, "-") // Replace multiple hyphens with single
.replace(/^-|-$/g, ""); // Remove leading/trailing hyphens
}
export interface BranchTemplateVariables {
prefix: string;
entityType: string;
entityNumber: number;
timestamp: string;
sha?: string;
label?: string;
description?: string;
}
/**
* Replaces template variables in a branch name template
* Template format: {{variableName}}
*/
export function applyBranchTemplate(
template: string,
variables: BranchTemplateVariables,
): string {
let result = template;
// Replace each variable
Object.entries(variables).forEach(([key, value]) => {
const placeholder = `{{${key}}}`;
const replacement = value ? String(value) : "";
result = result.replaceAll(placeholder, replacement);
});
return result;
}
/**
* Generates a branch name from the provided `template` and set of `variables`. Uses a default format if the template is empty or produces an empty result.
*/
export function generateBranchName(
template: string | undefined,
branchPrefix: string,
entityType: string,
entityNumber: number,
sha?: string,
label?: string,
title?: string,
): string {
const now = new Date();
const variables: BranchTemplateVariables = {
prefix: branchPrefix,
entityType,
entityNumber,
timestamp: `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}-${String(now.getHours()).padStart(2, "0")}${String(now.getMinutes()).padStart(2, "0")}`,
sha: sha?.substring(0, 8), // First 8 characters of SHA
label: label || entityType, // Fall back to entityType if no label
description: title ? extractDescription(title) : undefined,
};
if (template?.trim()) {
const branchName = applyBranchTemplate(template, variables);
// Some templates could produce empty results- validate
if (branchName.trim().length > 0) return branchName;
console.log(
`Branch template '${template}' generated empty result, falling back to default format`,
);
}
const branchName = `${branchPrefix}${entityType}-${entityNumber}-${variables.timestamp}`;
// Kubernetes compatible: lowercase, max 50 chars, alphanumeric and hyphens only
return branchName.toLowerCase().substring(0, 50);
}

232
test/branch-template.test.ts Normal file
View File

@@ -0,0 +1,232 @@
#!/usr/bin/env bun
import { describe, it, expect } from "bun:test";
import {
applyBranchTemplate,
generateBranchName,
} from "../src/utils/branch-template";
describe("branch template utilities", () => {
describe("applyBranchTemplate", () => {
it("should replace all template variables", () => {
const template =
"{{prefix}}{{entityType}}-{{entityNumber}}-{{timestamp}}";
const variables = {
prefix: "feat/",
entityType: "issue",
entityNumber: 123,
timestamp: "20240301-1430",
sha: "abcd1234",
};
const result = applyBranchTemplate(template, variables);
expect(result).toBe("feat/issue-123-20240301-1430");
});
it("should handle custom templates with multiple variables", () => {
const template =
"{{prefix}}fix/{{entityType}}_{{entityNumber}}_{{timestamp}}_{{sha}}";
const variables = {
prefix: "claude-",
entityType: "pr",
entityNumber: 456,
timestamp: "20240301-1430",
sha: "abcd1234",
};
const result = applyBranchTemplate(template, variables);
expect(result).toBe("claude-fix/pr_456_20240301-1430_abcd1234");
});
it("should handle templates with missing variables gracefully", () => {
const template = "{{prefix}}{{entityType}}-{{missing}}-{{entityNumber}}";
const variables = {
prefix: "feat/",
entityType: "issue",
entityNumber: 123,
timestamp: "20240301-1430",
};
const result = applyBranchTemplate(template, variables);
expect(result).toBe("feat/issue-{{missing}}-123");
});
});
describe("generateBranchName", () => {
it("should use custom template when provided", () => {
const template = "{{prefix}}custom-{{entityType}}_{{entityNumber}}";
const result = generateBranchName(template, "feature/", "issue", 123);
expect(result).toBe("feature/custom-issue_123");
});
it("should use default format when template is empty", () => {
const result = generateBranchName("", "claude/", "issue", 123);
expect(result).toMatch(/^claude\/issue-123-\d{8}-\d{4}$/);
});
it("should use default format when template is undefined", () => {
const result = generateBranchName(undefined, "claude/", "pr", 456);
expect(result).toMatch(/^claude\/pr-456-\d{8}-\d{4}$/);
});
it("should preserve custom template formatting (no automatic lowercase/truncation)", () => {
const template = "{{prefix}}UPPERCASE_Branch-Name_{{entityNumber}}";
const result = generateBranchName(template, "Feature/", "issue", 123);
expect(result).toBe("Feature/UPPERCASE_Branch-Name_123");
});
it("should not truncate custom template results", () => {
const template =
"{{prefix}}very-long-branch-name-that-exceeds-the-maximum-allowed-length-{{entityNumber}}";
const result = generateBranchName(template, "feature/", "issue", 123);
expect(result).toBe(
"feature/very-long-branch-name-that-exceeds-the-maximum-allowed-length-123",
);
});
it("should apply Kubernetes-compatible transformations to default template only", () => {
const result = generateBranchName(undefined, "Feature/", "issue", 123);
expect(result).toMatch(/^feature\/issue-123-\d{8}-\d{4}$/);
expect(result.length).toBeLessThanOrEqual(50);
});
it("should handle SHA in template", () => {
const template = "{{prefix}}{{entityType}}-{{entityNumber}}-{{sha}}";
const result = generateBranchName(
template,
"fix/",
"pr",
789,
"abcdef123456",
);
expect(result).toBe("fix/pr-789-abcdef12");
});
it("should use label in template when provided", () => {
const template = "{{prefix}}{{label}}/{{entityNumber}}";
const result = generateBranchName(
template,
"feature/",
"issue",
123,
undefined,
"bug",
);
expect(result).toBe("feature/bug/123");
});
it("should fallback to entityType when label template is used but no label provided", () => {
const template = "{{prefix}}{{label}}-{{entityNumber}}";
const result = generateBranchName(template, "fix/", "pr", 456);
expect(result).toBe("fix/pr-456");
});
it("should handle template with both label and entityType", () => {
const template = "{{prefix}}{{label}}-{{entityType}}_{{entityNumber}}";
const result = generateBranchName(
template,
"dev/",
"issue",
789,
undefined,
"enhancement",
);
expect(result).toBe("dev/enhancement-issue_789");
});
it("should use description in template when provided", () => {
const template = "{{prefix}}{{description}}/{{entityNumber}}";
const result = generateBranchName(
template,
"feature/",
"issue",
123,
undefined,
undefined,
"Fix login bug with OAuth",
);
expect(result).toBe("feature/fix-login-bug/123");
});
it("should handle template with multiple variables including description", () => {
const template =
"{{prefix}}{{label}}/{{description}}-{{entityType}}_{{entityNumber}}";
const result = generateBranchName(
template,
"dev/",
"issue",
456,
undefined,
"bug",
"User authentication fails completely",
);
expect(result).toBe("dev/bug/user-authentication-fails-issue_456");
});
it("should handle description with special characters in template", () => {
const template = "{{prefix}}{{description}}-{{entityNumber}}";
const result = generateBranchName(
template,
"fix/",
"pr",
789,
undefined,
undefined,
"Add: User Registration & Email Validation",
);
expect(result).toBe("fix/add-user-registration-789");
});
it("should handle empty description in template", () => {
const template = "{{prefix}}{{description}}-{{entityNumber}}";
const result = generateBranchName(
template,
"test/",
"issue",
101,
undefined,
undefined,
"",
);
expect(result).toBe("test/-101");
});
it("should fallback to default format when template produces empty result", () => {
const template = "{{description}}"; // Will be empty if no title provided
const result = generateBranchName(template, "claude/", "issue", 123);
expect(result).toMatch(/^claude\/issue-123-\d{8}-\d{4}$/);
expect(result.length).toBeLessThanOrEqual(50);
});
it("should fallback to default format when template produces only whitespace", () => {
const template = " {{description}} "; // Will be " " if description is empty
const result = generateBranchName(
template,
"fix/",
"pr",
456,
undefined,
undefined,
"",
);
expect(result).toMatch(/^fix\/pr-456-\d{8}-\d{4}$/);
expect(result.length).toBeLessThanOrEqual(50);
});
});
});

2
test/create-prompt.test.ts
View File

@@ -61,6 +61,7 @@ describe("generatePrompt", () => {
body: "This is a test PR", body: "This is a test PR",
author: { login: "testuser" }, author: { login: "testuser" },
state: "OPEN", state: "OPEN",
labels: { nodes: [] },
createdAt: "2023-01-01T00:00:00Z", createdAt: "2023-01-01T00:00:00Z",
additions: 15, additions: 15,
deletions: 5, deletions: 5,
@@ -475,6 +476,7 @@ describe("generatePrompt", () => {
body: "The login form is not working", body: "The login form is not working",
author: { login: "testuser" }, author: { login: "testuser" },
state: "OPEN", state: "OPEN",
labels: { nodes: [] },
createdAt: "2023-01-01T00:00:00Z", createdAt: "2023-01-01T00:00:00Z",
comments: { comments: {
nodes: [], nodes: [],

6
test/data-formatter.test.ts
View File

@@ -28,6 +28,9 @@ describe("formatContext", () => {
additions: 50, additions: 50,
deletions: 30, deletions: 30,
state: "OPEN", state: "OPEN",
labels: {
nodes: [],
},
commits: { commits: {
totalCount: 3, totalCount: 3,
nodes: [], nodes: [],
@@ -63,6 +66,9 @@ Changed Files: 2 files`,
author: { login: "test-user" }, author: { login: "test-user" },
createdAt: "2023-01-01T00:00:00Z", createdAt: "2023-01-01T00:00:00Z",
state: "OPEN", state: "OPEN",
labels: {
nodes: [],
},
comments: { comments: {
nodes: [], nodes: [],
}, },

108
test/install-mcp-server.test.ts
View File

@@ -37,7 +37,6 @@ describe("prepareMcpConfig", () => {
allowedBots: "", allowedBots: "",
allowedNonWriteUsers: "", allowedNonWriteUsers: "",
trackProgress: false, trackProgress: false,
plugins: [],
}, },
}; };
@@ -277,111 +276,4 @@ describe("prepareMcpConfig", () => {
const parsed = JSON.parse(result); const parsed = JSON.parse(result);
expect(parsed.mcpServers.github_ci).not.toBeDefined(); expect(parsed.mcpServers.github_ci).not.toBeDefined();
}); });
test("should include inline comment server in agent mode when code-review plugin is specified", async () => {
const contextWithCodeReviewPlugin: ParsedGitHubContext = {
...mockPRContext,
inputs: {
...mockPRContext.inputs,
plugins: ["code-review@claude-code-plugins"],
},
};
const result = await prepareMcpConfig({
githubToken: "test-token",
owner: "test-owner",
repo: "test-repo",
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "agent",
context: contextWithCodeReviewPlugin,
});
const parsed = JSON.parse(result);
expect(parsed.mcpServers.github_inline_comment).toBeDefined();
expect(parsed.mcpServers.github_inline_comment.env.GITHUB_TOKEN).toBe(
"test-token",
);
});
test("should not include inline comment server in agent mode when code-review plugin is not specified", async () => {
const result = await prepareMcpConfig({
githubToken: "test-token",
owner: "test-owner",
repo: "test-repo",
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "agent",
context: mockPRContext,
});
const parsed = JSON.parse(result);
expect(parsed.mcpServers.github_inline_comment).not.toBeDefined();
});
test("should include inline comment server in agent mode when code-review plugin is in a list of plugins", async () => {
const contextWithMultiplePlugins: ParsedGitHubContext = {
...mockPRContext,
inputs: {
...mockPRContext.inputs,
plugins: ["plugin1", "code-review@claude-code-plugins", "plugin2"],
},
};
const result = await prepareMcpConfig({
githubToken: "test-token",
owner: "test-owner",
repo: "test-repo",
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "agent",
context: contextWithMultiplePlugins,
});
const parsed = JSON.parse(result);
expect(parsed.mcpServers.github_inline_comment).toBeDefined();
});
test("should not include inline comment server in agent mode when plugins contain similar but not exact match", async () => {
const contextWithSimilarPlugin: ParsedGitHubContext = {
...mockPRContext,
inputs: {
...mockPRContext.inputs,
plugins: ["code-review-other", "review@claude-code-plugins"],
},
};
const result = await prepareMcpConfig({
githubToken: "test-token",
owner: "test-owner",
repo: "test-repo",
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "agent",
context: contextWithSimilarPlugin,
});
const parsed = JSON.parse(result);
expect(parsed.mcpServers.github_inline_comment).not.toBeDefined();
});
test("should include inline comment server in agent mode when explicit inline comment tools are provided (backward compatibility)", async () => {
const result = await prepareMcpConfig({
githubToken: "test-token",
owner: "test-owner",
repo: "test-repo",
branch: "test-branch",
baseBranch: "main",
allowedTools: ["mcp__github_inline_comment__create_inline_comment"],
mode: "agent",
context: mockPRContext,
});
const parsed = JSON.parse(result);
expect(parsed.mcpServers.github_inline_comment).toBeDefined();
});
}); });

1
test/mockContext.ts
View File

@@ -25,7 +25,6 @@ const defaultInputs = {
allowedBots: "", allowedBots: "",
allowedNonWriteUsers: "", allowedNonWriteUsers: "",
trackProgress: false, trackProgress: false,
plugins: [],
}; };
const defaultRepository = { const defaultRepository = {

1
test/modes/detector.test.ts
View File

@@ -25,7 +25,6 @@ describe("detectMode with enhanced routing", () => {
allowedBots: "", allowedBots: "",
allowedNonWriteUsers: "", allowedNonWriteUsers: "",
trackProgress: false, trackProgress: false,
plugins: [],
}, },
}; };

16
test/modes/parse-tools.test.ts
View File

@@ -68,20 +68,4 @@ describe("parseAllowedTools", () => {
"mcp__github_comment__update", "mcp__github_comment__update",
]); ]);
}); });
test("parses kebab-case --allowed-tools", () => {
const args = "--allowed-tools mcp__github__*,mcp__github_comment__*";
expect(parseAllowedTools(args)).toEqual([
"mcp__github__*",
"mcp__github_comment__*",
]);
});
test("parses quoted kebab-case --allowed-tools", () => {
const args = '--allowed-tools "mcp__github__*,mcp__github_comment__*"';
expect(parseAllowedTools(args)).toEqual([
"mcp__github__*",
"mcp__github_comment__*",
]);
});
}); });

1
test/permissions.test.ts
View File

@@ -73,7 +73,6 @@ describe("checkWritePermissions", () => {
allowedBots: "", allowedBots: "",
allowedNonWriteUsers: "", allowedNonWriteUsers: "",
trackProgress: false, trackProgress: false,
plugins: [],
}, },
}); });

504
test/pull-request-target.test.ts
View File

@@ -1,504 +0,0 @@
#!/usr/bin/env bun
import { describe, test, expect } from "bun:test";
import {
getEventTypeAndContext,
generatePrompt,
generateDefaultPrompt,
} from "../src/create-prompt";
import type { PreparedContext } from "../src/create-prompt";
import type { Mode } from "../src/modes/types";
describe("pull_request_target event support", () => {
// Mock tag mode for testing
const mockTagMode: Mode = {
name: "tag",
description: "Tag mode",
shouldTrigger: () => true,
prepareContext: (context) => ({ mode: "tag", githubContext: context }),
getAllowedTools: () => [],
getDisallowedTools: () => [],
shouldCreateTrackingComment: () => true,
generatePrompt: (context, githubData, useCommitSigning) =>
generateDefaultPrompt(context, githubData, useCommitSigning),
prepare: async () => ({
commentId: 123,
branchInfo: {
baseBranch: "main",
currentBranch: "main",
claudeBranch: undefined,
},
mcpConfig: "{}",
}),
};
const mockGitHubData = {
contextData: {
title: "External PR via pull_request_target",
body: "This PR comes from a forked repository",
author: { login: "external-contributor" },
state: "OPEN",
createdAt: "2023-01-01T00:00:00Z",
additions: 25,
deletions: 3,
baseRefName: "main",
headRefName: "feature-branch",
headRefOid: "abc123",
commits: {
totalCount: 2,
nodes: [
{
commit: {
oid: "commit1",
message: "Initial feature implementation",
author: {
name: "External Dev",
email: "external@example.com",
},
},
},
{
commit: {
oid: "commit2",
message: "Fix typos and formatting",
author: {
name: "External Dev",
email: "external@example.com",
},
},
},
],
},
files: {
nodes: [
{
path: "src/feature.ts",
additions: 20,
deletions: 2,
changeType: "MODIFIED",
},
{
path: "tests/feature.test.ts",
additions: 5,
deletions: 1,
changeType: "ADDED",
},
],
},
comments: { nodes: [] },
reviews: { nodes: [] },
},
comments: [],
changedFiles: [],
changedFilesWithSHA: [
{
path: "src/feature.ts",
additions: 20,
deletions: 2,
changeType: "MODIFIED",
sha: "abc123",
},
{
path: "tests/feature.test.ts",
additions: 5,
deletions: 1,
changeType: "ADDED",
sha: "abc123",
},
],
reviewData: { nodes: [] },
imageUrlMap: new Map<string, string>(),
};
describe("prompt generation for pull_request_target", () => {
test("should generate correct prompt for pull_request_target event", () => {
const envVars: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "opened",
isPR: true,
prNumber: "123",
},
};
const prompt = generatePrompt(
envVars,
mockGitHubData,
false,
mockTagMode,
);
// Should contain pull request event type and metadata
expect(prompt).toContain("<event_type>PULL_REQUEST</event_type>");
expect(prompt).toContain("<is_pr>true</is_pr>");
expect(prompt).toContain("<pr_number>123</pr_number>");
expect(prompt).toContain(
"<trigger_context>pull request opened</trigger_context>",
);
// Should contain PR-specific information
expect(prompt).toContain(
"- src/feature.ts (MODIFIED) +20/-2 SHA: abc123",
);
expect(prompt).toContain(
"- tests/feature.test.ts (ADDED) +5/-1 SHA: abc123",
);
expect(prompt).toContain("external-contributor");
expect(prompt).toContain("<repository>owner/repo</repository>");
});
test("should handle pull_request_target with commit signing disabled", () => {
const envVars: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "synchronize",
isPR: true,
prNumber: "456",
},
};
const prompt = generatePrompt(
envVars,
mockGitHubData,
false,
mockTagMode,
);
// Should include git commands for non-commit-signing mode
expect(prompt).toContain("git push");
expect(prompt).toContain(
"Always push to the existing branch when triggered on a PR",
);
expect(prompt).toContain("mcp__github_comment__update_claude_comment");
// Should not include commit signing tools
expect(prompt).not.toContain("mcp__github_file_ops__commit_files");
});
test("should handle pull_request_target with commit signing enabled", () => {
const envVars: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "synchronize",
isPR: true,
prNumber: "456",
},
};
const prompt = generatePrompt(envVars, mockGitHubData, true, mockTagMode);
// Should include commit signing tools
expect(prompt).toContain("mcp__github_file_ops__commit_files");
expect(prompt).toContain("mcp__github_file_ops__delete_files");
expect(prompt).toContain("mcp__github_comment__update_claude_comment");
// Should not include git command instructions
expect(prompt).not.toContain("Use git commands via the Bash tool");
});
test("should treat pull_request_target same as pull_request in prompt generation", () => {
const baseContext: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "opened",
isPR: true,
prNumber: "123",
},
};
// Generate prompt for pull_request
const pullRequestContext: PreparedContext = {
...baseContext,
eventData: {
...baseContext.eventData,
eventName: "pull_request",
isPR: true,
prNumber: "123",
},
};
// Generate prompt for pull_request_target
const pullRequestTargetContext: PreparedContext = {
...baseContext,
eventData: {
...baseContext.eventData,
eventName: "pull_request_target",
isPR: true,
prNumber: "123",
},
};
const pullRequestPrompt = generatePrompt(
pullRequestContext,
mockGitHubData,
false,
mockTagMode,
);
const pullRequestTargetPrompt = generatePrompt(
pullRequestTargetContext,
mockGitHubData,
false,
mockTagMode,
);
// Both should have the same event type and structure
expect(pullRequestPrompt).toContain(
"<event_type>PULL_REQUEST</event_type>",
);
expect(pullRequestTargetPrompt).toContain(
"<event_type>PULL_REQUEST</event_type>",
);
expect(pullRequestPrompt).toContain(
"<trigger_context>pull request opened</trigger_context>",
);
expect(pullRequestTargetPrompt).toContain(
"<trigger_context>pull request opened</trigger_context>",
);
// Both should contain PR-specific instructions
expect(pullRequestPrompt).toContain(
"Always push to the existing branch when triggered on a PR",
);
expect(pullRequestTargetPrompt).toContain(
"Always push to the existing branch when triggered on a PR",
);
});
test("should handle pull_request_target in agent mode with custom prompt", () => {
const envVars: PreparedContext = {
repository: "test/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
prompt: "Review this pull_request_target PR for security issues",
eventData: {
eventName: "pull_request_target",
eventAction: "opened",
isPR: true,
prNumber: "789",
},
};
// Use agent mode which passes through the prompt as-is
const mockAgentMode: Mode = {
name: "agent",
description: "Agent mode",
shouldTrigger: () => true,
prepareContext: (context) => ({
mode: "agent",
githubContext: context,
}),
getAllowedTools: () => [],
getDisallowedTools: () => [],
shouldCreateTrackingComment: () => true,
generatePrompt: (context) => context.prompt || "default prompt",
prepare: async () => ({
commentId: 123,
branchInfo: {
baseBranch: "main",
currentBranch: "main",
claudeBranch: undefined,
},
mcpConfig: "{}",
}),
};
const prompt = generatePrompt(
envVars,
mockGitHubData,
false,
mockAgentMode,
);
expect(prompt).toBe(
"Review this pull_request_target PR for security issues",
);
});
test("should handle pull_request_target with no custom prompt", () => {
const envVars: PreparedContext = {
repository: "test/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "synchronize",
isPR: true,
prNumber: "456",
},
};
const prompt = generatePrompt(
envVars,
mockGitHubData,
false,
mockTagMode,
);
// Should generate default prompt structure
expect(prompt).toContain("<event_type>PULL_REQUEST</event_type>");
expect(prompt).toContain("<pr_number>456</pr_number>");
expect(prompt).toContain(
"Always push to the existing branch when triggered on a PR",
);
});
});
describe("pull_request_target vs pull_request behavior consistency", () => {
test("should produce identical event processing for both event types", () => {
const baseEventData = {
eventAction: "opened",
isPR: true,
prNumber: "100",
};
const pullRequestEvent: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
...baseEventData,
eventName: "pull_request",
isPR: true,
prNumber: "100",
},
};
const pullRequestTargetEvent: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
...baseEventData,
eventName: "pull_request_target",
isPR: true,
prNumber: "100",
},
};
// Both should have identical event type detection
const prResult = getEventTypeAndContext(pullRequestEvent);
const prtResult = getEventTypeAndContext(pullRequestTargetEvent);
expect(prResult.eventType).toBe(prtResult.eventType);
expect(prResult.triggerContext).toBe(prtResult.triggerContext);
});
test("should handle edge cases in pull_request_target events", () => {
// Test with minimal event data
const minimalContext: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
isPR: true,
prNumber: "1",
},
};
const result = getEventTypeAndContext(minimalContext);
expect(result.eventType).toBe("PULL_REQUEST");
expect(result.triggerContext).toBe("pull request event");
// Should not throw when generating prompt
expect(() => {
generatePrompt(minimalContext, mockGitHubData, false, mockTagMode);
}).not.toThrow();
});
test("should handle all valid pull_request_target actions", () => {
const actions = ["opened", "synchronize", "reopened", "closed", "edited"];
actions.forEach((action) => {
const context: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: action,
isPR: true,
prNumber: "1",
},
};
const result = getEventTypeAndContext(context);
expect(result.eventType).toBe("PULL_REQUEST");
expect(result.triggerContext).toBe(`pull request ${action}`);
});
});
});
describe("security considerations for pull_request_target", () => {
test("should maintain same prompt structure regardless of event source", () => {
// Test that external PRs don't get different treatment in prompts
const internalPR: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request",
eventAction: "opened",
isPR: true,
prNumber: "1",
},
};
const externalPR: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "opened",
isPR: true,
prNumber: "1",
},
};
const internalPrompt = generatePrompt(
internalPR,
mockGitHubData,
false,
mockTagMode,
);
const externalPrompt = generatePrompt(
externalPR,
mockGitHubData,
false,
mockTagMode,
);
// Should have same tool access patterns
expect(
internalPrompt.includes("mcp__github_comment__update_claude_comment"),
).toBe(
externalPrompt.includes("mcp__github_comment__update_claude_comment"),
);
// Should have same branch handling instructions
expect(
internalPrompt.includes(
"Always push to the existing branch when triggered on a PR",
),
).toBe(
externalPrompt.includes(
"Always push to the existing branch when triggered on a PR",
),
);
});
});
});