fix: require explicit acknowledgment for wildcard write permission bypass

SECURITY FIX: Addresses authorization_bypass vulnerability (LOW severity)

The allowed_non_write_users='*' configuration previously bypassed write
permission checks for all users with only a warning. This created a
security misconfiguration risk.

Changes:
- Added new input 'bypass_write_permission_check_acknowledgment' required
  when using wildcard (*)
- Modified checkWritePermissions() to throw error if wildcard used without
  explicit acknowledgment flag
- Updated all documentation (security.md, usage.md) with new requirement
- Updated example workflows to include acknowledgment flag
- Added tests for new validation behavior

This prevents accidental security misconfigurations while maintaining the
feature for intentional use cases like issue triage workflows.

Affected file: src/github/validation/permissions.ts:27
Category: authorization_bypass
Severity: LOW

.claude/commands/label-issue.md

@@ -17,7 +17,6 @@ TASK OVERVIEW:
 1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.
 
 2. Next, use gh commands to get context about the issue:
-
    - Use `gh issue view ${{ github.event.issue.number }}` to retrieve the current issue's details
    - Use `gh search issues` to find similar issues that might provide context for proper categorization
    - You have access to these Bash commands:
@@ -27,7 +26,6 @@ TASK OVERVIEW:
      - Bash(gh search:\*) - to search for similar issues
 
 3. Analyze the issue content, considering:
-
    - The issue title and description
    - The type of issue (bug report, feature request, question, etc.)
    - Technical areas mentioned
@@ -36,7 +34,6 @@ TASK OVERVIEW:
    - Components affected
 
 4. Select appropriate labels from the available labels list provided above:
-
    - Choose labels that accurately reflect the issue's nature
    - Be specific but comprehensive
    - IMPORTANT: Add a priority label (P1, P2, or P3) based on the label descriptions from gh label list

.github/workflows/issue-triage.yml

@@ -24,4 +24,5 @@ jobs:
           prompt: "/label-issue REPO: ${{ github.repository }} ISSUE_NUMBER${{ github.event.issue.number }}"
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           allowed_non_write_users: "*" # Required for issue triage workflow, if users without repo write access create issues
+          bypass_write_permission_check_acknowledgment: true # Required when using wildcard
           github_token: ${{ secrets.GITHUB_TOKEN }}

action.yml

@@ -35,6 +35,10 @@ inputs:
     description: "Comma-separated list of usernames to allow without write permissions, or '*' to allow all users. Only works when github_token input is provided. WARNING: Use with extreme caution - this bypasses security checks and should only be used for workflows with very limited permissions (e.g., issue labeling)."
     required: false
     default: ""
+  bypass_write_permission_check_acknowledgment:
+    description: "REQUIRED when using allowed_non_write_users='*'. Set to 'true' to explicitly acknowledge the security implications of bypassing write permission checks for all users. This flag serves as a safeguard against accidental security misconfigurations."
+    required: false
+    default: "false"
 
   # Claude Code configuration
   prompt:
@@ -186,6 +190,7 @@ runs:
         OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
         ALLOWED_BOTS: ${{ inputs.allowed_bots }}
         ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }}
+        BYPASS_WRITE_PERMISSION_CHECK_ACKNOWLEDGMENT: ${{ inputs.bypass_write_permission_check_acknowledgment }}
         GITHUB_RUN_ID: ${{ github.run_id }}
         USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
         DEFAULT_WORKFLOW_TOKEN: ${{ github.token }}
@@ -213,7 +218,7 @@ runs:
 
         # Install Claude Code if no custom executable is provided
         if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
-          CLAUDE_CODE_VERSION="2.1.4"
+          CLAUDE_CODE_VERSION="2.1.6"
           echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
           for attempt in 1 2 3; do
             echo "Installation attempt $attempt..."

base-action/CONTRIBUTING.md

@@ -57,7 +57,6 @@ Thank you for your interest in contributing to Claude Code Base Action! This doc
    ```
 
    This script:
-
    - Installs `act` if not present (requires Homebrew on macOS)
    - Runs the GitHub Action workflow locally using Docker
    - Requires your `ANTHROPIC_API_KEY` to be set

base-action/README.md

@@ -86,7 +86,7 @@ Add the following to your workflow file:
 ## Inputs
 
 | Input                     | Description                                                                                                            | Required | Default                      |
-| ------------------------- | ----------------------------------------------------------------------------------------------------------------------- | -------- | ---------------------------- |
+| ------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------- | ---------------------------- |
 | `prompt`                  | The prompt to send to Claude Code                                                                                      | No\*     | ''                           |
 | `prompt_file`             | Path to a file containing the prompt to send to Claude Code                                                            | No\*     | ''                           |
 | `allowed_tools`           | Comma-separated list of allowed tools for Claude Code to use                                                           | No       | ''                           |
@@ -490,7 +490,6 @@ This example shows how to use OIDC authentication with GCP Vertex AI:
 To securely use your Anthropic API key:
 
 1. Add your API key as a repository secret:
-
    - Go to your repository's Settings
    - Navigate to "Secrets and variables" → "Actions"
    - Click "New repository secret"

base-action/action.yml

@@ -124,7 +124,7 @@ runs:
         PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
       run: |
         if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
-          CLAUDE_CODE_VERSION="2.1.4"
+          CLAUDE_CODE_VERSION="2.1.6"
           echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
           for attempt in 1 2 3; do
             echo "Installation attempt $attempt..."

base-action/bun.lock

@@ -6,7 +6,7 @@
       "name": "@anthropic-ai/claude-code-base-action",
       "dependencies": {
         "@actions/core": "^1.10.1",
-        "@anthropic-ai/claude-agent-sdk": "^0.2.4",
+        "@anthropic-ai/claude-agent-sdk": "^0.2.6",
         "shell-quote": "^1.8.3",
       },
       "devDependencies": {
@@ -27,7 +27,7 @@
 
     "@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
 
-    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.4", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-5RpMO8aLEwuAd8h7/QHMCKzdVSihZCtHGnouPp+Isvc7zPzQXKb6GvUitkbs3wIBgIbXA/vXQmIi126uw9qo0A=="],
+    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.6", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-lwswHo6z/Kh9djafk2ajPju62+VqHwJ23gueG1alfaLNK4GRYHgCROfiX6/wlxAd8sRvgTo6ry1hNzkyz7bOpw=="],
 
     "@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
 

base-action/package.json

@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@anthropic-ai/claude-agent-sdk": "^0.2.4",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.6",
     "shell-quote": "^1.8.3"
   },
   "devDependencies": {

bun.lock

@@ -7,7 +7,7 @@
       "dependencies": {
         "@actions/core": "^1.10.1",
         "@actions/github": "^6.0.1",
-        "@anthropic-ai/claude-agent-sdk": "^0.2.4",
+        "@anthropic-ai/claude-agent-sdk": "^0.2.6",
         "@modelcontextprotocol/sdk": "^1.11.0",
         "@octokit/graphql": "^8.2.2",
         "@octokit/rest": "^21.1.1",
@@ -37,7 +37,7 @@
 
     "@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
 
-    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.4", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-5RpMO8aLEwuAd8h7/QHMCKzdVSihZCtHGnouPp+Isvc7zPzQXKb6GvUitkbs3wIBgIbXA/vXQmIi126uw9qo0A=="],
+    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.6", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-lwswHo6z/Kh9djafk2ajPju62+VqHwJ23gueG1alfaLNK4GRYHgCROfiX6/wlxAd8sRvgTo6ry1hNzkyz7bOpw=="],
 
     "@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
 

docs/configuration.md

@@ -116,7 +116,6 @@ The `additional_permissions` input allows Claude to access GitHub Actions workfl
 To allow Claude to view workflow run results, job logs, and CI status:
 
 1. **Grant the necessary permission to your GitHub token**:
-
    - When using the default `GITHUB_TOKEN`, add the `actions: read` permission to your workflow:
 
    ```yaml

docs/migration-guide.md

@@ -228,12 +228,10 @@ jobs:
 The action now automatically detects the appropriate mode:
 
 1. **If `prompt` is provided** → Runs in **automation mode**
-
    - Executes immediately without waiting for @claude mentions
    - Perfect for scheduled tasks, PR automation, etc.
 
 2. **If no `prompt` but @claude is mentioned** → Runs in **interactive mode**
-
    - Waits for and responds to @claude mentions
    - Creates tracking comments with progress
 

docs/security.md

@@ -7,6 +7,7 @@
 - **⚠️ Non-Write User Access (RISKY)**: The `allowed_non_write_users` parameter allows bypassing the write permission requirement. **This is a significant security risk and should only be used for workflows with extremely limited permissions** (e.g., issue labeling workflows that only have `issues: write` permission). This feature:
   - Only works when `github_token` is provided as input (not with GitHub App authentication)
   - Accepts either a comma-separated list of specific usernames or `*` to allow all users
+  - **When using the wildcard (`*`)**, you MUST also set `bypass_write_permission_check_acknowledgment: true` to explicitly acknowledge the security implications. Without this flag, the action will fail as a safeguard against accidental security misconfigurations
   - **Should be used with extreme caution** as it bypasses the primary security mechanism of this action
   - Is designed for automation workflows where user permissions are already restricted by the workflow's permission scope
 - **Token Permissions**: The GitHub app receives only a short-lived token scoped specifically to the repository it's operating in
@@ -75,14 +76,12 @@ Commits will show as verified and attributed to the GitHub account that owns the
    ```
 
 2. Add the **public key** to your GitHub account:
-
    - Go to GitHub → Settings → SSH and GPG keys
    - Click "New SSH key"
    - Select **Key type: Signing Key** (important)
    - Paste the contents of `~/.ssh/signing_key.pub`
 
 3. Add the **private key** to your repository secrets:
-
    - Go to your repo → Settings → Secrets and variables → Actions
    - Create a new secret named `SSH_SIGNING_KEY`
    - Paste the contents of `~/.ssh/signing_key`

docs/setup.md

@@ -31,27 +31,23 @@ The fastest way to create a custom GitHub App is using our pre-configured manife
    **🚀 [Download the Quick Setup Tool](./create-app.html)** (Right-click → "Save Link As" or "Download Linked File")
 
    After downloading, open `create-app.html` in your web browser:
-
    - **For Personal Accounts:** Click the "Create App for Personal Account" button
    - **For Organizations:** Enter your organization name and click "Create App for Organization"
 
    The tool will automatically configure all required permissions and submit the manifest.
 
    Alternatively, you can use the manifest file directly:
-
    - Use the [`github-app-manifest.json`](../github-app-manifest.json) file from this repository
    - Visit https://github.com/settings/apps/new (for personal) or your organization's app settings
    - Look for the "Create from manifest" option and paste the JSON content
 
 2. **Complete the creation flow:**
-
    - GitHub will show you a preview of the app configuration
    - Confirm the app name (you can customize it)
    - Click "Create GitHub App"
    - The app will be created with all required permissions automatically configured
 
 3. **Generate and download a private key:**
-
    - After creating the app, you'll be redirected to the app settings
    - Scroll down to "Private keys"
    - Click "Generate a private key"
@@ -64,7 +60,6 @@ The fastest way to create a custom GitHub App is using our pre-configured manife
 If you prefer to configure the app manually or need custom permissions:
 
 1. **Create a new GitHub App:**
-
    - Go to https://github.com/settings/apps (for personal apps) or your organization's settings
    - Click "New GitHub App"
    - Configure the app with these minimum permissions:
@@ -77,19 +72,16 @@ If you prefer to configure the app manually or need custom permissions:
    - Create the app
 
 2. **Generate and download a private key:**
-
    - After creating the app, scroll down to "Private keys"
    - Click "Generate a private key"
    - Download the `.pem` file (keep this secure!)
 
 3. **Install the app on your repository:**
-
    - Go to the app's settings page
    - Click "Install App"
    - Select the repositories where you want to use Claude
 
 4. **Add the app credentials to your repository secrets:**
-
    - Go to your repository's Settings → Secrets and variables → Actions
    - Add these secrets:
      - `APP_ID`: Your GitHub App's ID (found in the app settings)
@@ -138,7 +130,6 @@ For more information on creating GitHub Apps, see the [GitHub documentation](htt
 To securely use your Anthropic API key:
 
 1. Add your API key as a repository secret:
-
    - Go to your repository's Settings
    - Navigate to "Secrets and variables" → "Actions"
    - Click "New repository secret"

docs/usage.md

@@ -53,7 +53,7 @@ jobs:
 ## Inputs
 
 | Input                                          | Description                                                                                                                                                                            | Required | Default       |
-| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------- |
+| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------- |
 | `anthropic_api_key`                            | Anthropic API key (required for direct API, not needed for Bedrock/Vertex)                                                                                                             | No\*     | -             |
 | `claude_code_oauth_token`                      | Claude Code OAuth token (alternative to anthropic_api_key)                                                                                                                             | No\*     | -             |
 | `prompt`                                       | Instructions for Claude. Can be a direct prompt or custom template for automation workflows                                                                                            | No       | -             |
@@ -77,6 +77,7 @@ jobs:
 | `bot_name`                                     | GitHub username to use for git operations (defaults to Claude's bot name). Required with `ssh_signing_key` for verified commits                                                        | No       | `claude[bot]` |
 | `allowed_bots`                                 | Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots                                                                        | No       | ""            |
 | `allowed_non_write_users`                      | **⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md)         | No       | ""            |
+| `bypass_write_permission_check_acknowledgment` | **REQUIRED** when using `allowed_non_write_users='*'`. Set to `true` to explicitly acknowledge security implications. Prevents accidental security misconfigurations                   | No       | `false`       |
 | `path_to_claude_code_executable`               | Optional path to a custom Claude Code executable. Skips automatic installation. Useful for Nix, custom containers, or specialized environments                                         | No       | ""            |
 | `path_to_bun_executable`                       | Optional path to a custom Bun executable. Skips automatic Bun installation. Useful for Nix, custom containers, or specialized environments                                             | No       | ""            |
 | `plugin_marketplaces`                          | Newline-separated list of Claude Code plugin marketplace Git URLs to install from (e.g., see example in workflow above). Marketplaces are added before plugin installation             | No       | ""            |

examples/issue-triage.yml

@@ -26,4 +26,5 @@ jobs:
 
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           allowed_non_write_users: "*" # Required for issue triage workflow, if users without repo write access create issues
+          bypass_write_permission_check_acknowledgment: true # Required when using wildcard
           github_token: ${{ secrets.GITHUB_TOKEN }}

package.json

@@ -12,7 +12,7 @@
   "dependencies": {
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.1",
-    "@anthropic-ai/claude-agent-sdk": "^0.2.4",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.6",
     "@modelcontextprotocol/sdk": "^1.11.0",
     "@octokit/graphql": "^8.2.2",
     "@octokit/rest": "^21.1.1",

src/entrypoints/prepare.ts

@@ -37,6 +37,7 @@ async function run() {
         context,
         context.inputs.allowedNonWriteUsers,
         githubTokenProvided,
+        context.inputs.bypassWritePermissionCheckAcknowledgment,
       );
       if (!hasWritePermissions) {
         throw new Error(

src/github/context.ts

@@ -96,6 +96,7 @@ type BaseContext = {
     botName: string;
     allowedBots: string;
     allowedNonWriteUsers: string;
+    bypassWritePermissionCheckAcknowledgment: boolean;
     trackProgress: boolean;
     includeFixLinks: boolean;
   };
@@ -154,6 +155,8 @@ export function parseGitHubContext(): GitHubContext {
       botName: process.env.BOT_NAME ?? CLAUDE_BOT_LOGIN,
       allowedBots: process.env.ALLOWED_BOTS ?? "",
       allowedNonWriteUsers: process.env.ALLOWED_NON_WRITE_USERS ?? "",
+      bypassWritePermissionCheckAcknowledgment:
+        process.env.BYPASS_WRITE_PERMISSION_CHECK_ACKNOWLEDGMENT === "true",
       trackProgress: process.env.TRACK_PROGRESS === "true",
       includeFixLinks: process.env.INCLUDE_FIX_LINKS === "true",
     },

src/github/validation/permissions.ts

@@ -8,6 +8,7 @@ import type { Octokit } from "@octokit/rest";
  * @param context - The GitHub context
  * @param allowedNonWriteUsers - Comma-separated list of users allowed without write permissions, or '*' for all
  * @param githubTokenProvided - Whether github_token was provided as input (not from app)
+ * @param bypassAcknowledgment - Explicit acknowledgment required when using wildcard (*)
  * @returns true if the actor has write permissions, false otherwise
  */
 export async function checkWritePermissions(
@@ -15,6 +16,7 @@ export async function checkWritePermissions(
   context: ParsedGitHubContext,
   allowedNonWriteUsers?: string,
   githubTokenProvided?: boolean,
+  bypassAcknowledgment?: boolean,
 ): Promise<boolean> {
   const { repository, actor } = context;
 
@@ -25,6 +27,17 @@ export async function checkWritePermissions(
     if (allowedNonWriteUsers && githubTokenProvided) {
       const allowedUsers = allowedNonWriteUsers.trim();
       if (allowedUsers === "*") {
+        if (!bypassAcknowledgment) {
+          core.error(
+            `❌ SECURITY ERROR: Attempting to bypass write permission checks for all users with allowed_non_write_users='*' without explicit acknowledgment. ` +
+              `This is a critical security misconfiguration. To proceed, you must set bypass_write_permission_check_acknowledgment='true' ` +
+              `to explicitly acknowledge the security implications.`,
+          );
+          throw new Error(
+            "Cannot bypass write permission checks with wildcard (*) without explicit acknowledgment. " +
+              "Set bypass_write_permission_check_acknowledgment='true' to acknowledge security implications.",
+          );
+        }
         core.warning(
           `⚠️ SECURITY WARNING: Bypassing write permission check for ${actor} due to allowed_non_write_users='*'. This should only be used for workflows with very limited permissions.`,
         );

src/github/validation/trigger.ts

@@ -10,11 +10,6 @@ import {
   isPullRequestReviewCommentEvent,
 } from "../context";
 import type { ParsedGitHubContext } from "../context";
-import {
-  detectActionableSuggestion,
-  isCommentActionableForAutofix,
-  type ActionableSuggestionResult,
-} from "../../utils/detect-actionable-suggestion";
 
 export function checkContainsTrigger(context: ParsedGitHubContext): boolean {
   const {
@@ -151,89 +146,3 @@ export async function checkTriggerAction(context: ParsedGitHubContext) {
   core.setOutput("contains_trigger", containsTrigger.toString());
   return containsTrigger;
 }
-
-/**
- * Checks if the context contains an actionable suggestion that can be automatically fixed.
- * This is useful for autofix workflows that want to respond to code review suggestions,
- * even when they come from bot accounts like claude[bot].
- *
- * @param context - The parsed GitHub context
- * @returns Detection result with confidence level and reason
- */
-export function checkContainsActionableSuggestion(
-  context: ParsedGitHubContext,
-): ActionableSuggestionResult {
-  // Extract comment body based on event type
-  let commentBody: string | undefined;
-
-  if (isPullRequestReviewCommentEvent(context)) {
-    commentBody = context.payload.comment.body;
-  } else if (isIssueCommentEvent(context)) {
-    commentBody = context.payload.comment.body;
-  } else if (isPullRequestReviewEvent(context)) {
-    commentBody = context.payload.review.body ?? undefined;
-  }
-
-  return detectActionableSuggestion(commentBody);
-}
-
-/**
- * Enhanced trigger check that also considers actionable suggestions.
- * This function first checks for the standard trigger phrase, and if not found,
- * optionally checks for actionable suggestions when `checkSuggestions` is true.
- *
- * @param context - The parsed GitHub context
- * @param checkSuggestions - Whether to also check for actionable suggestions (default: false)
- * @returns Whether the action should be triggered
- */
-export function checkContainsTriggerOrActionableSuggestion(
-  context: ParsedGitHubContext,
-  checkSuggestions: boolean = false,
-): boolean {
-  // First, check for standard trigger
-  if (checkContainsTrigger(context)) {
-    return true;
-  }
-
-  // If checkSuggestions is enabled, also check for actionable suggestions
-  if (checkSuggestions) {
-    const suggestionResult = checkContainsActionableSuggestion(context);
-    if (suggestionResult.isActionable) {
-      console.log(
-        `Comment contains actionable suggestion: ${suggestionResult.reason} (confidence: ${suggestionResult.confidence})`,
-      );
-      return true;
-    }
-  }
-
-  return false;
-}
-
-/**
- * Checks if a PR comment is actionable for autofix purposes.
- * This is a convenience function for workflows that want to automatically
- * apply suggestions from code review comments.
- *
- * @param context - The parsed GitHub context
- * @returns Whether the comment should be treated as actionable for autofix
- */
-export function checkIsActionableForAutofix(
-  context: ParsedGitHubContext,
-): boolean {
-  // Only applicable to PR review comment events
-  if (!isPullRequestReviewCommentEvent(context)) {
-    return false;
-  }
-
-  const commentBody = context.payload.comment.body;
-  const authorUsername = context.payload.comment.user?.login;
-
-  return isCommentActionableForAutofix(commentBody, authorUsername);
-}
-
-// Re-export the types and functions from the utility module for convenience
-export {
-  detectActionableSuggestion,
-  isCommentActionableForAutofix,
-  type ActionableSuggestionResult,
-} from "../../utils/detect-actionable-suggestion";

src/utils/detect-actionable-suggestion.ts

@@ -1,213 +0,0 @@
-#!/usr/bin/env bun
-
-/**
- * Detects if a PR comment contains actionable suggestions that can be automatically fixed.
- *
- * This module identifies:
- * 1. GitHub inline committable suggestions (```suggestion blocks)
- * 2. Clear bug fix suggestions with specific patterns
- * 3. Code fix recommendations with explicit changes
- */
-
-/**
- * Patterns that indicate a comment contains a GitHub inline committable suggestion.
- * These are code blocks that GitHub renders with a "Commit suggestion" button.
- */
-const COMMITTABLE_SUGGESTION_PATTERN = /```suggestion\b[\s\S]*?```/i;
-
-/**
- * Patterns that indicate a clear, actionable bug fix suggestion.
- * These phrases typically precede concrete fix recommendations.
- */
-const BUG_FIX_PATTERNS = [
-  // Direct fix suggestions
-  /\bshould\s+(?:be|use|return|change\s+to)\b/i,
-  /\bchange\s+(?:this\s+)?to\b/i,
-  /\breplace\s+(?:this\s+)?with\b/i,
-  /\buse\s+(?:this\s+)?instead\b/i,
-  /\binstead\s+of\s+.*?,?\s*use\b/i,
-
-  // Bug identification with fix
-  /\b(?:bug|issue|error|problem):\s*.*(?:fix|change|update|replace)/i,
-  /\bfix(?:ed)?\s+by\s+(?:chang|replac|updat)/i,
-  /\bto\s+fix\s+(?:this|the)\b/i,
-
-  // Explicit code changes
-  /\bthe\s+(?:correct|proper|right)\s+(?:code|syntax|value|approach)\s+(?:is|would\s+be)\b/i,
-  /\bshould\s+(?:read|look\s+like)\b/i,
-
-  // Missing/wrong patterns
-  /\bmissing\s+(?:a\s+)?(?:semicolon|bracket|parenthesis|quote|import|return|await)\b/i,
-  /\bextra\s+(?:semicolon|bracket|parenthesis|quote)\b/i,
-  /\bwrong\s+(?:type|value|variable|import|parameter)\b/i,
-  /\btypo\s+(?:in|here)\b/i,
-];
-
-/**
- * Patterns that suggest code alternatives (less strong than direct fixes but still actionable).
- */
-const CODE_ALTERNATIVE_PATTERNS = [
-  /```[\w]*\n[\s\S]+?\n```/, // Any code block (might contain the fix)
-  /\b(?:try|consider)\s+(?:using|changing|replacing)\b/i,
-  /\bhere'?s?\s+(?:the|a)\s+(?:fix|solution|correction)\b/i,
-  /\b(?:correct|fixed|updated)\s+(?:version|code|implementation)\b/i,
-];
-
-export interface ActionableSuggestionResult {
-  /** Whether the comment contains an actionable suggestion */
-  isActionable: boolean;
-  /** Whether the comment contains a GitHub inline committable suggestion */
-  hasCommittableSuggestion: boolean;
-  /** Whether the comment contains clear bug fix language */
-  hasBugFixSuggestion: boolean;
-  /** Whether the comment contains code alternatives */
-  hasCodeAlternative: boolean;
-  /** Confidence level: 'high', 'medium', or 'low' */
-  confidence: "high" | "medium" | "low";
-  /** Reason for the determination */
-  reason: string;
-}
-
-/**
- * Detects if a comment contains actionable suggestions that can be automatically fixed.
- *
- * @param commentBody - The body of the PR comment to analyze
- * @returns Object with detection results and confidence level
- *
- * @example
- * ```ts
- * const result = detectActionableSuggestion("```suggestion\nfixed code\n```");
- * // { isActionable: true, hasCommittableSuggestion: true, confidence: 'high', ... }
- *
- * const result2 = detectActionableSuggestion("You should use `const` instead of `let` here");
- * // { isActionable: true, hasBugFixSuggestion: true, confidence: 'medium', ... }
- * ```
- */
-export function detectActionableSuggestion(
-  commentBody: string | undefined | null,
-): ActionableSuggestionResult {
-  if (!commentBody) {
-    return {
-      isActionable: false,
-      hasCommittableSuggestion: false,
-      hasBugFixSuggestion: false,
-      hasCodeAlternative: false,
-      confidence: "low",
-      reason: "Empty or missing comment body",
-    };
-  }
-
-  // Check for GitHub inline committable suggestion (highest confidence)
-  const hasCommittableSuggestion =
-    COMMITTABLE_SUGGESTION_PATTERN.test(commentBody);
-  if (hasCommittableSuggestion) {
-    return {
-      isActionable: true,
-      hasCommittableSuggestion: true,
-      hasBugFixSuggestion: false,
-      hasCodeAlternative: false,
-      confidence: "high",
-      reason: "Contains GitHub inline committable suggestion (```suggestion)",
-    };
-  }
-
-  // Check for clear bug fix patterns (medium-high confidence)
-  const matchedBugFixPattern = BUG_FIX_PATTERNS.find((pattern) =>
-    pattern.test(commentBody),
-  );
-  if (matchedBugFixPattern) {
-    // Higher confidence if also contains a code block
-    const hasCodeBlock = CODE_ALTERNATIVE_PATTERNS[0].test(commentBody);
-    return {
-      isActionable: true,
-      hasCommittableSuggestion: false,
-      hasBugFixSuggestion: true,
-      hasCodeAlternative: hasCodeBlock,
-      confidence: hasCodeBlock ? "high" : "medium",
-      reason: hasCodeBlock
-        ? "Contains clear bug fix suggestion with code example"
-        : "Contains clear bug fix suggestion",
-    };
-  }
-
-  // Check for code alternatives (medium confidence)
-  const matchedAlternativePattern = CODE_ALTERNATIVE_PATTERNS.find((pattern) =>
-    pattern.test(commentBody),
-  );
-  if (matchedAlternativePattern) {
-    return {
-      isActionable: true,
-      hasCommittableSuggestion: false,
-      hasBugFixSuggestion: false,
-      hasCodeAlternative: true,
-      confidence: "medium",
-      reason: "Contains code alternative or fix suggestion",
-    };
-  }
-
-  return {
-    isActionable: false,
-    hasCommittableSuggestion: false,
-    hasBugFixSuggestion: false,
-    hasCodeAlternative: false,
-    confidence: "low",
-    reason: "No actionable suggestion patterns detected",
-  };
-}
-
-/**
- * Checks if a comment should be treated as actionable for autofix purposes,
- * even if it comes from a bot account like claude[bot].
- *
- * This is particularly useful for workflows that want to automatically apply
- * suggestions from code review comments.
- *
- * @param commentBody - The body of the PR comment
- * @param authorUsername - The username of the comment author
- * @returns Whether the comment should be treated as actionable
- */
-export function isCommentActionableForAutofix(
-  commentBody: string | undefined | null,
-  authorUsername?: string,
-): boolean {
-  const result = detectActionableSuggestion(commentBody);
-
-  // If it's already clearly actionable (high confidence), return true
-  if (result.confidence === "high") {
-    return true;
-  }
-
-  // For medium confidence, be more lenient
-  if (result.confidence === "medium" && result.isActionable) {
-    return true;
-  }
-
-  return false;
-}
-
-/**
- * Extracts the suggested code from a GitHub inline committable suggestion block.
- *
- * @param commentBody - The body of the PR comment
- * @returns The suggested code content, or null if no suggestion block found
- *
- * @example
- * ```ts
- * const code = extractSuggestionCode("```suggestion\nconst x = 1;\n```");
- * // "const x = 1;"
- * ```
- */
-export function extractSuggestionCode(
-  commentBody: string | undefined | null,
-): string | null {
-  if (!commentBody) {
-    return null;
-  }
-
-  const match = commentBody.match(/```suggestion\b\n?([\s\S]*?)```/i);
-  if (match && match[1] !== undefined) {
-    return match[1].trim();
-  }
-
-  return null;
-}

test/detect-actionable-suggestion.test.ts

@@ -1,309 +0,0 @@
-import { describe, expect, it } from "bun:test";
-import {
-  detectActionableSuggestion,
-  isCommentActionableForAutofix,
-  extractSuggestionCode,
-} from "../src/utils/detect-actionable-suggestion";
-
-describe("detectActionableSuggestion", () => {
-  describe("GitHub inline committable suggestions", () => {
-    it("should detect suggestion blocks with high confidence", () => {
-      const comment = `Here's a fix:
-\`\`\`suggestion
-const x = 1;
-\`\`\``;
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasCommittableSuggestion).toBe(true);
-      expect(result.confidence).toBe("high");
-      expect(result.reason).toContain("committable suggestion");
-    });
-
-    it("should detect suggestion blocks with multiple lines", () => {
-      const comment = `\`\`\`suggestion
-function foo() {
-  return bar();
-}
-\`\`\``;
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasCommittableSuggestion).toBe(true);
-      expect(result.confidence).toBe("high");
-    });
-
-    it("should detect suggestion blocks case-insensitively", () => {
-      const comment = `\`\`\`SUGGESTION
-const x = 1;
-\`\`\``;
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasCommittableSuggestion).toBe(true);
-    });
-
-    it("should not confuse regular code blocks with suggestion blocks", () => {
-      const comment = `\`\`\`javascript
-const x = 1;
-\`\`\``;
-      const result = detectActionableSuggestion(comment);
-      expect(result.hasCommittableSuggestion).toBe(false);
-      // But it should still detect the code alternative
-      expect(result.hasCodeAlternative).toBe(true);
-    });
-  });
-
-  describe("bug fix suggestions", () => {
-    it('should detect "should be" patterns', () => {
-      const comment = "This should be `const` instead of `let`";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-      expect(result.confidence).toBe("medium");
-    });
-
-    it('should detect "change to" patterns', () => {
-      const comment = "Change this to use async/await";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it('should detect "replace with" patterns', () => {
-      const comment = "Replace this with Array.from()";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it('should detect "use instead" patterns', () => {
-      const comment = "Use this instead of the deprecated method";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it('should detect "instead of X, use Y" patterns', () => {
-      const comment = "Instead of forEach, use map";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it('should detect "to fix this" patterns', () => {
-      const comment = "To fix this, you need to add the await keyword";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it('should detect "the correct code is" patterns', () => {
-      const comment = "The correct code would be: return null;";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it('should detect "missing semicolon" patterns', () => {
-      const comment = "Missing a semicolon at the end";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it('should detect "typo" patterns', () => {
-      const comment = "Typo here: teh should be the";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it('should detect "wrong type" patterns', () => {
-      const comment = "Wrong type here, should be string not number";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-    });
-
-    it("should have high confidence when bug fix suggestion includes code block", () => {
-      const comment = `You should use const here:
-\`\`\`javascript
-const x = 1;
-\`\`\``;
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasBugFixSuggestion).toBe(true);
-      expect(result.hasCodeAlternative).toBe(true);
-      expect(result.confidence).toBe("high");
-    });
-  });
-
-  describe("code alternatives", () => {
-    it('should detect "try using" patterns', () => {
-      const comment = "Try using Array.map() instead";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-    });
-
-    it('should detect "here\'s the fix" patterns', () => {
-      const comment = "Here's the fix for this issue";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-    });
-
-    it("should detect code blocks as potential alternatives", () => {
-      const comment = `Try this approach:
-\`\`\`
-const result = [];
-\`\`\``;
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasCodeAlternative).toBe(true);
-    });
-  });
-
-  describe("non-actionable comments", () => {
-    it("should not flag general questions", () => {
-      const comment = "Why is this returning undefined?";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(false);
-      expect(result.confidence).toBe("low");
-    });
-
-    it("should not flag simple observations", () => {
-      const comment = "This looks interesting";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(false);
-    });
-
-    it("should not flag approval comments", () => {
-      const comment = "LGTM! :+1:";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(false);
-    });
-
-    it("should handle empty comments", () => {
-      const result = detectActionableSuggestion("");
-      expect(result.isActionable).toBe(false);
-      expect(result.reason).toContain("Empty");
-    });
-
-    it("should handle null comments", () => {
-      const result = detectActionableSuggestion(null);
-      expect(result.isActionable).toBe(false);
-    });
-
-    it("should handle undefined comments", () => {
-      const result = detectActionableSuggestion(undefined);
-      expect(result.isActionable).toBe(false);
-    });
-  });
-
-  describe("edge cases", () => {
-    it("should handle comments with both suggestion block and bug fix language", () => {
-      const comment = `This should be fixed. Here's the suggestion:
-\`\`\`suggestion
-const x = 1;
-\`\`\``;
-      const result = detectActionableSuggestion(comment);
-      // Suggestion block takes precedence (high confidence)
-      expect(result.isActionable).toBe(true);
-      expect(result.hasCommittableSuggestion).toBe(true);
-      expect(result.confidence).toBe("high");
-    });
-
-    it("should handle very long comments", () => {
-      const longContent = "a".repeat(10000);
-      const comment = `${longContent}
-\`\`\`suggestion
-const x = 1;
-\`\`\``;
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-      expect(result.hasCommittableSuggestion).toBe(true);
-    });
-
-    it("should handle comments with special characters", () => {
-      const comment =
-        "You should be using `const` here! @#$%^&* Change this to `let`";
-      const result = detectActionableSuggestion(comment);
-      expect(result.isActionable).toBe(true);
-    });
-  });
-});
-
-describe("isCommentActionableForAutofix", () => {
-  it("should return true for high confidence suggestions", () => {
-    const comment = `\`\`\`suggestion
-const x = 1;
-\`\`\``;
-    expect(isCommentActionableForAutofix(comment)).toBe(true);
-  });
-
-  it("should return true for medium confidence suggestions", () => {
-    const comment = "You should use const here instead of let";
-    expect(isCommentActionableForAutofix(comment)).toBe(true);
-  });
-
-  it("should return false for non-actionable comments", () => {
-    const comment = "This looks fine to me";
-    expect(isCommentActionableForAutofix(comment)).toBe(false);
-  });
-
-  it("should handle bot authors correctly", () => {
-    const comment = `\`\`\`suggestion
-const x = 1;
-\`\`\``;
-    // Should still return true even for bot authors
-    expect(isCommentActionableForAutofix(comment, "claude[bot]")).toBe(true);
-  });
-
-  it("should handle empty comments", () => {
-    expect(isCommentActionableForAutofix("")).toBe(false);
-    expect(isCommentActionableForAutofix(null)).toBe(false);
-    expect(isCommentActionableForAutofix(undefined)).toBe(false);
-  });
-});
-
-describe("extractSuggestionCode", () => {
-  it("should extract code from suggestion block", () => {
-    const comment = `Here's a fix:
-\`\`\`suggestion
-const x = 1;
-\`\`\``;
-    expect(extractSuggestionCode(comment)).toBe("const x = 1;");
-  });
-
-  it("should extract multi-line code from suggestion block", () => {
-    const comment = `\`\`\`suggestion
-function foo() {
-  return bar();
-}
-\`\`\``;
-    expect(extractSuggestionCode(comment)).toBe(
-      "function foo() {\n  return bar();\n}",
-    );
-  });
-
-  it("should handle empty suggestion blocks", () => {
-    const comment = `\`\`\`suggestion
-\`\`\``;
-    expect(extractSuggestionCode(comment)).toBe("");
-  });
-
-  it("should return null for comments without suggestion blocks", () => {
-    const comment = "Just a regular comment";
-    expect(extractSuggestionCode(comment)).toBe(null);
-  });
-
-  it("should return null for empty comments", () => {
-    expect(extractSuggestionCode("")).toBe(null);
-    expect(extractSuggestionCode(null)).toBe(null);
-    expect(extractSuggestionCode(undefined)).toBe(null);
-  });
-
-  it("should not extract from regular code blocks", () => {
-    const comment = `\`\`\`javascript
-const x = 1;
-\`\`\``;
-    expect(extractSuggestionCode(comment)).toBe(null);
-  });
-});

test/permissions.test.ts

@@ -73,6 +73,7 @@ describe("checkWritePermissions", () => {
       botName: CLAUDE_BOT_LOGIN,
       allowedBots: "",
       allowedNonWriteUsers: "",
+      bypassWritePermissionCheckAcknowledgment: false,
       trackProgress: false,
       includeFixLinks: true,
     },
@@ -197,7 +198,7 @@ describe("checkWritePermissions", () => {
       );
     });
 
-    test("should bypass permission check for all users with wildcard", async () => {
+    test("should bypass permission check for all users with wildcard when acknowledgment provided", async () => {
       const mockOctokit = createMockOctokit("read");
       const context = createContext();
 
@@ -206,6 +207,7 @@ describe("checkWritePermissions", () => {
         context,
         "*",
         true,
+        true, // acknowledgment provided
       );
 
       expect(result).toBe(true);
@@ -214,6 +216,17 @@ describe("checkWritePermissions", () => {
       );
     });
 
+    test("should FAIL to bypass permission check with wildcard when acknowledgment NOT provided", async () => {
+      const mockOctokit = createMockOctokit("read");
+      const context = createContext();
+
+      await expect(
+        checkWritePermissions(mockOctokit, context, "*", true, false),
+      ).rejects.toThrow(
+        "Cannot bypass write permission checks with wildcard (*) without explicit acknowledgment",
+      );
+    });
+
     test("should NOT bypass permission check when user not in allowed list", async () => {
       const mockOctokit = createMockOctokit("read");
       const context = createContext();