chore: update claude-code-base-action to v0.0.24

All tests for this repo can be run with `bun test` - the test-local.sh script was a holdover from the base action repo.

Fixes #172

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>

.github/workflows/issue-triage.yml

@@ -32,7 +32,7 @@ jobs:
                   "--rm",
                   "-e",
                   "GITHUB_PERSONAL_ACCESS_TOKEN",
-                  "ghcr.io/github/github-mcp-server:sha-7aced2b"
+                  "ghcr.io/github/github-mcp-server:sha-6d69797"
                 ],
                 "env": {
                   "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/release.yml

@@ -0,0 +1,138 @@
+name: Create Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: "Dry run (only show what would be created)"
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    outputs:
+      next_version: ${{ steps.next_version.outputs.next_version }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get latest tag
+        id: get_latest_tag
+        run: |
+          # Get only version tags (v + number pattern)
+          latest_tag=$(git tag -l 'v[0-9]*' | sort -V | tail -1 || echo "v0.0.0")
+          if [ -z "$latest_tag" ]; then
+            latest_tag="v0.0.0"
+          fi
+          echo "latest_tag=$latest_tag" >> $GITHUB_OUTPUT
+          echo "Latest tag: $latest_tag"
+
+      - name: Calculate next version
+        id: next_version
+        run: |
+          latest_tag="${{ steps.get_latest_tag.outputs.latest_tag }}"
+          # Remove 'v' prefix and split by dots
+          version=${latest_tag#v}
+          IFS='.' read -ra VERSION_PARTS <<< "$version"
+
+          # Increment patch version
+          major=${VERSION_PARTS[0]:-0}
+          minor=${VERSION_PARTS[1]:-0}
+          patch=${VERSION_PARTS[2]:-0}
+          patch=$((patch + 1))
+
+          next_version="v${major}.${minor}.${patch}"
+          echo "next_version=$next_version" >> $GITHUB_OUTPUT
+          echo "Next version: $next_version"
+
+      - name: Display dry run info
+        if: ${{ inputs.dry_run }}
+        run: |
+          echo "🔍 DRY RUN MODE"
+          echo "Would create tag: ${{ steps.next_version.outputs.next_version }}"
+          echo "From commit: ${{ github.sha }}"
+          echo "Previous tag: ${{ steps.get_latest_tag.outputs.latest_tag }}"
+
+      - name: Create and push tag
+        if: ${{ !inputs.dry_run }}
+        run: |
+          next_version="${{ steps.next_version.outputs.next_version }}"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          git tag -a "$next_version" -m "Release $next_version"
+          git push origin "$next_version"
+
+      - name: Create Release
+        if: ${{ !inputs.dry_run }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          next_version="${{ steps.next_version.outputs.next_version }}"
+
+          gh release create "$next_version" \
+            --title "$next_version" \
+            --generate-notes \
+            --latest=false # We want to keep beta as the latest
+
+  update-beta-tag:
+    needs: create-release
+    if: ${{ !inputs.dry_run }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Update beta tag
+        run: |
+          # Get the latest version tag
+          VERSION=$(git tag -l 'v[0-9]*' | sort -V | tail -1)
+
+          # Update the beta tag to point to this release
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git tag -fa beta -m "Update beta tag to ${VERSION}"
+          git push origin beta --force
+
+      - name: Update beta release to be latest
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # Update beta release to be marked as latest
+          gh release edit beta --latest
+
+  update-major-tag:
+    needs: create-release
+    if: ${{ !inputs.dry_run }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Update major version tag
+        run: |
+          next_version="${{ needs.create-release.outputs.next_version }}"
+          # Extract major version (e.g., v0 from v0.0.20)
+          major_version=$(echo "$next_version" | cut -d. -f1)
+
+          # Update the major version tag to point to this release
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git tag -fa "$major_version" -m "Update $major_version tag to $next_version"
+          git push origin "$major_version" --force
+
+          echo "Updated $major_version tag to point to $next_version"

CONTRIBUTING.md

@@ -50,20 +50,6 @@ Thank you for your interest in contributing to Claude Code Action! This document
    bun test
    ```
 
-2. **Integration Tests** (using GitHub Actions locally):
-
-   ```bash
-   ./test-local.sh
-   ```
-
-   This script:
-
-   - Installs `act` if not present (requires Homebrew on macOS)
-   - Runs the GitHub Action workflow locally using Docker
-   - Requires your `ANTHROPIC_API_KEY` to be set
-
-   On Apple Silicon Macs, the script automatically adds the `--container-architecture linux/amd64` flag to avoid compatibility issues.
-
 ## Pull Request Process
 
 1. Create a new branch from `main`:
@@ -103,13 +89,7 @@ Thank you for your interest in contributing to Claude Code Action! This document
 
 When modifying the action:
 
-1. Test locally with the test script:
-
-   ```bash
-   ./test-local.sh
-   ```
-
-2. Test in a real GitHub Actions workflow by:
+1. Test in a real GitHub Actions workflow by:
    - Creating a test repository
    - Using your branch as the action source:
      ```yaml

README.md

@@ -149,6 +149,40 @@ For MCP servers that require sensitive information like API keys or tokens, use
     # ... other inputs
 ```
 
+#### Using Python MCP Servers with uv
+
+For Python-based MCP servers managed with `uv`, you need to specify the directory containing your server:
+
+```yaml
+- uses: anthropics/claude-code-action@beta
+  with:
+    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+    mcp_config: |
+      {
+        "mcpServers": {
+          "my-python-server": {
+            "type": "stdio",
+            "command": "uv",
+            "args": [
+              "--directory",
+              "${{ github.workspace }}/path/to/server/",
+              "run",
+              "server_file.py"
+            ]
+          }
+        }
+      }
+    allowed_tools: "my-python-server__<tool_name>" # Replace <tool_name> with your server's tool names
+    # ... other inputs
+```
+
+For example, if your Python MCP server is at `mcp_servers/weather.py`, you would use:
+
+```yaml
+"args":
+  ["--directory", "${{ github.workspace }}/mcp_servers/", "run", "weather.py"]
+```
+
 **Important**:
 
 - Always use GitHub Secrets (`${{ secrets.SECRET_NAME }}`) for sensitive values like API keys, tokens, or passwords. Never hardcode secrets directly in the workflow file.
@@ -347,8 +381,15 @@ Claude does **not** have access to execute arbitrary Bash commands by default. I
 ```yaml
 - uses: anthropics/claude-code-action@beta
   with:
-    allowed_tools: "Bash(npm install),Bash(npm run test),Edit,Replace,NotebookEditCell"
-    disallowed_tools: "TaskOutput,KillTask"
+    allowed_tools: |
+      Bash(npm install)
+      Bash(npm run test)
+      Edit
+      Replace
+      NotebookEditCell
+    disallowed_tools: |
+      TaskOutput
+      KillTask
     # ... other inputs
 ```
 

action.yml

@@ -110,7 +110,7 @@ runs:
     - name: Run Claude Code
       id: claude-code
       if: steps.prepare.outputs.contains_trigger == 'true'
-      uses: anthropics/claude-code-base-action@ebd8558e902b3db132e89863de49565fcb9aec46 # v0.0.19
+      uses: anthropics/claude-code-base-action@f382bd1ea00f26043eb461ebabebe0d850572a71 # v0.0.24
       with:
         prompt_file: ${{ runner.temp }}/claude-prompts/claude-prompt.txt
         allowed_tools: ${{ env.ALLOWED_TOOLS }}

example-dispatch-workflow.yml

@@ -0,0 +1,73 @@
+name: Claude Task Executor
+
+on:
+  repository_dispatch:
+    types: [claude-task]
+
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
+  id-token: write # Required for OIDC authentication
+
+jobs:
+  execute-claude-task:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Execute Claude Task
+        uses: anthropics/claude-code-action@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          # Base branch for creating task branches
+          base_branch: main
+          # Optional: Custom instructions for Claude
+          custom_instructions: |
+            Follow the CLAUDE.md guidelines strictly.
+            Commit changes with descriptive messages.
+          # Optional: Tool restrictions
+          allowed_tools: |
+            file_editor
+            bash_command
+            github_comment
+            mcp__github__create_or_update_file
+          # Optional: Anthropic API configuration
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Or use AWS Bedrock
+          # aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          # aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          # aws_region: us-east-1
+          # Or use Google Vertex AI
+          # google_credentials: ${{ secrets.GOOGLE_CREDENTIALS }}
+          # vertex_project: my-project
+          # vertex_location: us-central1
+# Example: Triggering this workflow from another service
+#
+# curl -X POST \
+#   https://api.github.com/repos/owner/repo/dispatches \
+#   -H "Authorization: token $GITHUB_TOKEN" \
+#   -H "Accept: application/vnd.github.v3+json" \
+#   -d '{
+#     "event_type": "claude-task",
+#     "client_payload": {
+#       "description": "Analyze the codebase and create a comprehensive test suite for the authentication module",
+#       "progress_endpoint": "https://api.example.com/claude/progress",
+#       "correlation_id": "task-auth-tests-2024-01-17"
+#     }
+#   }'
+#
+# The progress_endpoint will receive POST requests with:
+# {
+#   "repository": "owner/repo",
+#   "run_id": "123456789",
+#   "correlation_id": "task-auth-tests-2024-01-17",
+#   "status": "in_progress" | "completed" | "failed",
+#   "message": "Current progress description",
+#   "completed_tasks": ["task1", "task2"],
+#   "current_task": "Working on task3",
+#   "timestamp": "2024-01-17T12:00:00Z"
+# }
+#
+# Authentication: Progress updates include a GitHub OIDC token in the Authorization header

pr-summary.md

@@ -0,0 +1,118 @@
+## Summary
+
+Adds support for `repository_dispatch` events, enabling backend services to programmatically trigger Claude to perform tasks and receive progress updates via API.
+
+## Architecture
+
+```mermaid
+sequenceDiagram
+    participant Backend as Backend Service
+    participant GH as GitHub
+    participant Action as Claude Action
+    participant Claude as Claude
+    participant MCP as Progress MCP Server
+    participant API as Progress API
+
+    Backend->>GH: POST /repos/{owner}/{repo}/dispatches
+    Note over Backend,GH: Payload includes:<br/>- description (task)<br/>- progress_endpoint<br/>- correlation_id
+
+    GH->>Action: Trigger workflow<br/>(repository_dispatch)
+
+    Action->>Action: Parse dispatch payload
+    Note over Action: Extract task description,<br/>endpoint, correlation_id
+
+    Action->>MCP: Install Progress Server
+    Note over MCP: Configure with:<br/>- PROGRESS_ENDPOINT<br/>- CORRELATION_ID<br/>- GITHUB_RUN_ID
+
+    Action->>Claude: Execute task with<br/>MCP tools available
+
+    loop Task Execution
+        Claude->>MCP: update_claude_progress()
+        MCP->>MCP: Get OIDC token
+        MCP->>API: POST progress update
+        Note over API: Payload includes:<br/>- correlation_id<br/>- status<br/>- message<br/>- completed_tasks
+        API->>Backend: Forward update
+    end
+
+    Claude->>Action: Task complete
+    Action->>GH: Commit changes
+```
+
+## Key Features
+
+### 1. Repository Dispatch Support
+
+- New event handler for `repository_dispatch` events
+- Extracts task description, progress endpoint, and correlation ID from `client_payload`
+- Bypasses GitHub UI interaction for fully programmatic operation
+
+### 2. Progress Reporting MCP Server
+
+- New MCP server (`progress-server.ts`) for sending progress updates
+- OIDC authentication for secure API communication
+- Includes correlation ID in all updates for request tracking
+
+### 3. Simplified Dispatch Prompts
+
+- Focused instructions for dispatch events (no PR/issue context)
+- Clear directives: answer questions or implement changes
+- Automatic progress updates at start and completion
+
+## Implementation Details
+
+### Triggering a Dispatch
+
+```bash
+curl -X POST \
+  https://api.github.com/repos/{owner}/{repo}/dispatches \
+  -H "Authorization: token $GITHUB_TOKEN" \
+  -H "Accept: application/vnd.github.v3+json" \
+  -d '{
+    "event_type": "claude-task",
+    "client_payload": {
+      "description": "Implement a new feature that...",
+      "progress_endpoint": "https://api.example.com/progress",
+      "correlation_id": "req-123-abc"
+    }
+  }'
+```
+
+### Progress Update Payload
+
+```json
+{
+  "repository": "owner/repo",
+  "run_id": "123456789",
+  "correlation_id": "req-123-abc",
+  "status": "in_progress",
+  "message": "Implementing feature...",
+  "completed_tasks": ["Setup environment", "Created base structure"],
+  "current_task": "Writing tests",
+  "timestamp": "2024-01-17T12:00:00Z"
+}
+```
+
+## Security
+
+- **OIDC Authentication**: All progress updates use GitHub OIDC tokens
+- **Correlation IDs**: Included in request body (not URL) for security
+- **Endpoint Validation**: Progress endpoint must be explicitly provided
+- **No Credential Storage**: Tokens are generated per-request
+
+## Testing
+
+To test the repository_dispatch flow:
+
+1. Configure workflow with `repository_dispatch` trigger
+2. Send dispatch event with required payload
+3. Monitor GitHub Actions logs for execution
+4. Verify progress updates at configured endpoint
+
+## Changes
+
+- Added `repository_dispatch` event handling in `context.ts`
+- Created new `progress-server.ts` MCP server
+- Updated `isDispatch` flag across all event types
+- Modified prompt generation for dispatch events
+- Made `githubData` optional for dispatch workflows
+- Added correlation ID support throughout the pipeline

src/github/context.ts

@@ -1,6 +1,7 @@
 import * as github from "@actions/github";
 import type {
   IssuesEvent,
+  IssuesAssignedEvent,
   IssueCommentEvent,
   PullRequestEvent,
   PullRequestReviewEvent,
@@ -52,14 +53,8 @@ export function parseGitHubContext(): ParsedGitHubContext {
     inputs: {
       triggerPhrase: process.env.TRIGGER_PHRASE ?? "@claude",
       assigneeTrigger: process.env.ASSIGNEE_TRIGGER ?? "",
-      allowedTools: (process.env.ALLOWED_TOOLS ?? "")
-        .split(",")
-        .map((tool) => tool.trim())
-        .filter((tool) => tool.length > 0),
-      disallowedTools: (process.env.DISALLOWED_TOOLS ?? "")
-        .split(",")
-        .map((tool) => tool.trim())
-        .filter((tool) => tool.length > 0),
+      allowedTools: parseMultilineInput(process.env.ALLOWED_TOOLS ?? ""),
+      disallowedTools: parseMultilineInput(process.env.DISALLOWED_TOOLS ?? ""),
       customInstructions: process.env.CUSTOM_INSTRUCTIONS ?? "",
       directPrompt: process.env.DIRECT_PROMPT ?? "",
       baseBranch: process.env.BASE_BRANCH,
@@ -116,6 +111,14 @@ export function parseGitHubContext(): ParsedGitHubContext {
   }
 }
 
+export function parseMultilineInput(s: string): string[] {
+  return s
+    .split(/,|[\n\r]+/)
+    .map((tool) => tool.replace(/#.+$/, ""))
+    .map((tool) => tool.trim())
+    .filter((tool) => tool.length > 0);
+}
+
 export function isIssuesEvent(
   context: ParsedGitHubContext,
 ): context is ParsedGitHubContext & { payload: IssuesEvent } {
@@ -145,3 +148,9 @@ export function isPullRequestReviewCommentEvent(
 ): context is ParsedGitHubContext & { payload: PullRequestReviewCommentEvent } {
   return context.eventName === "pull_request_review_comment";
 }
+
+export function isIssuesAssignedEvent(
+  context: ParsedGitHubContext,
+): context is ParsedGitHubContext & { payload: IssuesAssignedEvent } {
+  return isIssuesEvent(context) && context.eventAction === "assigned";
+}

src/github/operations/branch.ts

@@ -45,9 +45,16 @@ export async function setupBranch(
 
       const branchName = prData.headRefName;
 
-      // Execute git commands to checkout PR branch (shallow fetch for performance)
-      // Fetch the branch with a depth of 20 to avoid fetching too much history, while still allowing for some context
-      await $`git fetch origin --depth=20 ${branchName}`;
+      // Determine optimal fetch depth based on PR commit count, with a minimum of 20
+      const commitCount = prData.commits.totalCount;
+      const fetchDepth = Math.max(commitCount, 20);
+
+      console.log(
+        `PR #${entityNumber}: ${commitCount} commits, using fetch depth ${fetchDepth}`,
+      );
+
+      // Execute git commands to checkout PR branch (dynamic depth based on PR size)
+      await $`git fetch origin --depth=${fetchDepth} ${branchName}`;
       await $`git checkout ${branchName}`;
 
       console.log(`Successfully checked out PR branch for PR #${entityNumber}`);

src/github/validation/trigger.ts

@@ -3,6 +3,7 @@
 import * as core from "@actions/core";
 import {
   isIssuesEvent,
+  isIssuesAssignedEvent,
   isIssueCommentEvent,
   isPullRequestEvent,
   isPullRequestReviewEvent,
@@ -22,10 +23,10 @@ export function checkContainsTrigger(context: ParsedGitHubContext): boolean {
   }
 
   // Check for assignee trigger
-  if (isIssuesEvent(context) && context.eventAction === "assigned") {
+  if (isIssuesAssignedEvent(context)) {
     // Remove @ symbol from assignee_trigger if present
     let triggerUser = assigneeTrigger.replace(/^@/, "");
-    const assigneeUsername = context.payload.issue.assignee?.login || "";
+    const assigneeUsername = context.payload.assignee?.login || "";
 
     if (triggerUser && assigneeUsername === triggerUser) {
       console.log(`Issue assigned to trigger user '${triggerUser}'`);

src/mcp/install-mcp-server.ts

@@ -62,7 +62,7 @@ export async function prepareMcpConfig(
           "--rm",
           "-e",
           "GITHUB_PERSONAL_ACCESS_TOKEN",
-          "ghcr.io/github/github-mcp-server:sha-e9f748f", // https://github.com/github/github-mcp-server/releases/tag/v0.4.0
+          "ghcr.io/github/github-mcp-server:sha-6d69797", // https://github.com/github/github-mcp-server/releases/tag/v0.5.0
         ],
         env: {
           GITHUB_PERSONAL_ACCESS_TOKEN: githubToken,

test/github/context.test.ts

@@ -0,0 +1,57 @@
+import { describe, it, expect } from "bun:test";
+import { parseMultilineInput } from "../../src/github/context";
+
+describe("parseMultilineInput", () => {
+  it("should parse a comma-separated string", () => {
+    const input = `Bash(bun install),Bash(bun test:*),Bash(bun typecheck)`;
+    const result = parseMultilineInput(input);
+    expect(result).toEqual([
+      "Bash(bun install)",
+      "Bash(bun test:*)",
+      "Bash(bun typecheck)",
+    ]);
+  });
+
+  it("should parse multiline string", () => {
+    const input = `Bash(bun install)
+Bash(bun test:*)
+Bash(bun typecheck)`;
+    const result = parseMultilineInput(input);
+    expect(result).toEqual([
+      "Bash(bun install)",
+      "Bash(bun test:*)",
+      "Bash(bun typecheck)",
+    ]);
+  });
+
+  it("should parse comma-separated multiline line", () => {
+    const input = `Bash(bun install),Bash(bun test:*)
+Bash(bun typecheck)`;
+    const result = parseMultilineInput(input);
+    expect(result).toEqual([
+      "Bash(bun install)",
+      "Bash(bun test:*)",
+      "Bash(bun typecheck)",
+    ]);
+  });
+
+  it("should ignore comments", () => {
+    const input = `Bash(bun install),
+Bash(bun test:*) # For testing
+# For type checking
+Bash(bun typecheck)
+`;
+    const result = parseMultilineInput(input);
+    expect(result).toEqual([
+      "Bash(bun install)",
+      "Bash(bun test:*)",
+      "Bash(bun typecheck)",
+    ]);
+  });
+
+  it("should parse an empty string", () => {
+    const input = "";
+    const result = parseMultilineInput(input);
+    expect(result).toEqual([]);
+  });
+});

test/mockContext.ts

@@ -91,6 +91,12 @@ export const mockIssueAssignedContext: ParsedGitHubContext = {
   actor: "admin-user",
   payload: {
     action: "assigned",
+    assignee: {
+      login: "claude-bot",
+      id: 11111,
+      avatar_url: "https://avatars.githubusercontent.com/u/11111",
+      html_url: "https://github.com/claude-bot",
+    },
     issue: {
       number: 123,
       title: "Feature: Add dark mode support",

test/trigger-validation.test.ts

@@ -87,6 +87,11 @@ describe("checkContainsTrigger", () => {
         ...mockIssueAssignedContext,
         payload: {
           ...mockIssueAssignedContext.payload,
+          assignee: {
+            ...(mockIssueAssignedContext.payload as IssuesAssignedEvent)
+              .assignee,
+            login: "otherUser",
+          },
           issue: {
             ...(mockIssueAssignedContext.payload as IssuesAssignedEvent).issue,
             assignee: {