"Claude Code Review workflow"

Clarifies which permissions are currently used (Contents, Pull Requests, Issues) versus those requested for planned future features (Discussions, Actions, Checks, Workflows).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: oven-sh/setup-bun@v2
         with:
@@ -24,7 +24,7 @@ jobs:
   prettier:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: oven-sh/setup-bun@v1
         with:
@@ -39,7 +39,7 @@ jobs:
   typecheck:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: oven-sh/setup-bun@v2
         with:

.github/workflows/claude-code-review.yml

@@ -0,0 +1,57 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Please review this pull request and provide feedback on:
+            - Code quality and best practices
+            - Potential bugs or issues
+            - Performance considerations
+            - Security concerns
+            - Test coverage
+
+            Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
+
+            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
+
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
+          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
+

.github/workflows/claude-review.yml

@@ -13,7 +13,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 1
 

.github/workflows/claude.yml

@@ -23,6 +23,7 @@ jobs:
       pull-requests: read
       issues: read
       id-token: write
+      actions: read # Required for Claude to read CI results on PRs
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -34,6 +35,16 @@ jobs:
         uses: anthropics/claude-code-action@v1
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          claude_args: |
-            --allowedTools "Bash(bun install),Bash(bun test:*),Bash(bun run format),Bash(bun typecheck)"
-            --model "claude-opus-4-1-20250805"
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
+

.github/workflows/issue-triage.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/release.yml

@@ -19,7 +19,7 @@ jobs:
       next_version: ${{ steps.next_version.outputs.next_version }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -91,7 +91,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -116,7 +116,7 @@ jobs:
     environment: production
     steps:
       - name: Checkout base-action repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: anthropics/claude-code-base-action
           token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}

README.md

@@ -1,70 +1,70 @@
 ![Claude Code Action responding to a comment](https://github.com/user-attachments/assets/1d60c2e9-82ed-4ee5-b749-f9e021c85f4d)
 
-# Claude Code Action 🇦🇺
+# Claude Code Action
 
-G'day mate! This is a fair dinkum [Claude Code](https://claude.ai/code) action for GitHub PRs and issues that'll help you out with questions and implement code changes like a proper legend. This ripper of an action is smart enough to know when to jump in based on your workflow context—whether you're giving it a bell with @claude mentions, chucking it an issue assignment, or running automation tasks with explicit prompts. She'll work with multiple authentication methods including Anthropic direct API, Amazon Bedrock, and Google Vertex AI. Beauty!
+A general-purpose [Claude Code](https://claude.ai/code) action for GitHub PRs and issues that can answer questions and implement code changes. This action intelligently detects when to activate based on your workflow context—whether responding to @claude mentions, issue assignments, or executing automation tasks with explicit prompts. It supports multiple authentication methods including Anthropic direct API, Amazon Bedrock, and Google Vertex AI.
 
-## What's the Go? (Features)
+## Features
 
-- 🎯 **Smart as a Whip Mode Detection**: Automatically picks the right execution mode based on your workflow context—no mucking about with config needed
-- 🤖 **Interactive Code Mate**: Claude's your coding buddy who can answer questions about code, architecture, and programming like nobody's business
-- 🔍 **Code Review Champion**: Takes a squiz at your PR changes and suggests improvements that'll knock your socks off
-- ✨ **Code Implementation Wizard**: Can bang out simple fixes, refactoring, and even new features faster than you can say "Bob's your uncle"
-- 💬 **PR/Issue Integration Bonza**: Works like a dream with GitHub comments and PR reviews
-- 🛠️ **Flexible Tool Access**: Gets stuck into GitHub APIs and file operations (additional tools can be cranked up via configuration)
-- 📋 **Progress Tracking Beaut**: Visual progress indicators with checkboxes that update dynamically as Claude smashes through tasks
-- 🏃 **Runs on Your Turf**: The action runs entirely on your own GitHub runner (Anthropic API calls go to your chosen provider)
-- ⚙️ **No-Fuss Configuration**: Unified `prompt` and `claude_args` inputs provide clean, powerful configuration that's aligned with Claude Code SDK
+- 🎯 **Intelligent Mode Detection**: Automatically selects the appropriate execution mode based on your workflow context—no configuration needed
+- 🤖 **Interactive Code Assistant**: Claude can answer questions about code, architecture, and programming
+- 🔍 **Code Review**: Analyzes PR changes and suggests improvements
+- ✨ **Code Implementation**: Can implement simple fixes, refactoring, and even new features
+- 💬 **PR/Issue Integration**: Works seamlessly with GitHub comments and PR reviews
+- 🛠️ **Flexible Tool Access**: Access to GitHub APIs and file operations (additional tools can be enabled via configuration)
+- 📋 **Progress Tracking**: Visual progress indicators with checkboxes that dynamically update as Claude completes tasks
+- 🏃 **Runs on Your Infrastructure**: The action executes entirely on your own GitHub runner (Anthropic API calls go to your chosen provider)
+- ⚙️ **Simplified Configuration**: Unified `prompt` and `claude_args` inputs provide clean, powerful configuration aligned with Claude Code SDK
 
-## 📦 Moving House from v0.x?
+## 📦 Upgrading from v0.x?
 
-**Chuck a look at our [Migration Guide](./docs/migration-guide.md)** for step-by-step instructions on updating your workflows to v1.0. The new version makes configuration a piece of piss while keeping things sweet with most existing setups.
+**See our [Migration Guide](./docs/migration-guide.md)** for step-by-step instructions on updating your workflows to v1.0. The new version simplifies configuration while maintaining compatibility with most existing setups.
 
-## Getting Started (Quick Smart!)
+## Quickstart
 
-The easiest way to get this action up and running is through [Claude Code](https://claude.ai/code) in the terminal. Just fire up `claude` and run `/install-github-app`.
+The easiest way to set up this action is through [Claude Code](https://claude.ai/code) in the terminal. Just open `claude` and run `/install-github-app`.
 
-This little beauty will walk you through setting up the GitHub app and all the secrets you need.
+This command will guide you through setting up the GitHub app and required secrets.
 
-**Fair Warning**:
+**Note**:
 
-- You'll need to be a repository admin to install the GitHub app and add secrets (no worries if you're the boss!)
-- This quickstart method is only for direct Anthropic API users. If you're using AWS Bedrock or Google Vertex AI, have a sticky beak at [docs/cloud-providers.md](./docs/cloud-providers.md).
+- You must be a repository admin to install the GitHub app and add secrets
+- This quickstart method is only available for direct Anthropic API users. For AWS Bedrock or Google Vertex AI setup, see [docs/cloud-providers.md](./docs/cloud-providers.md).
 
-## 📚 Solutions & Ripper Use Cases
+## 📚 Solutions & Use Cases
 
-Looking for specific automation patterns? Have a captain cook at our **[Solutions Guide](./docs/solutions.md)** for complete working examples including:
+Looking for specific automation patterns? Check our **[Solutions Guide](./docs/solutions.md)** for complete working examples including:
 
-- **🔍 Automatic PR Code Review** - Full review automation that's the cat's pyjamas
-- **📂 Path-Specific Reviews** - Triggers when critical files get a touch-up
-- **👥 External Contributor Reviews** - Special treatment for the new kids on the block
-- **📝 Custom Review Checklists** - Keep your team standards tighter than a fish's backside
-- **🔄 Scheduled Maintenance** - Automated repository health checks that run like clockwork
-- **🏷️ Issue Triage & Labeling** - Automatic categorization that sorts things faster than a sheepdog
-- **📖 Documentation Sync** - Keeps docs updated with code changes, no dramas
-- **🔒 Security-Focused Reviews** - OWASP-aligned security analysis that's tough as nails
+- **🔍 Automatic PR Code Review** - Full review automation
+- **📂 Path-Specific Reviews** - Trigger on critical file changes
+- **👥 External Contributor Reviews** - Special handling for new contributors
+- **📝 Custom Review Checklists** - Enforce team standards
+- **🔄 Scheduled Maintenance** - Automated repository health checks
+- **🏷️ Issue Triage & Labeling** - Automatic categorization
+- **📖 Documentation Sync** - Keep docs updated with code changes
+- **🔒 Security-Focused Reviews** - OWASP-aligned security analysis
 - **📊 DIY Progress Tracking** - Create tracking comments in automation mode
 
-Each solution comes with the full monty—working examples, configuration details, and what you can expect to see.
+Each solution includes complete working examples, configuration details, and expected outcomes.
 
-## The Good Oil (Documentation)
+## Documentation
 
-- **[Solutions Guide](./docs/solutions.md)** - **🎯 Ready-to-go automation patterns that'll make you smile**
-- **[Migration Guide](./docs/migration-guide.md)** - **⭐ Moving up from v0.x to v1.0**
-- [Setup Guide](./docs/setup.md) - Manual setup, custom GitHub apps, and security best practices (for the keen beans)
-- [Usage Guide](./docs/usage.md) - Basic usage, workflow configuration, and input parameters (the bread and butter)
-- [Custom Automations](./docs/custom-automations.md) - Examples of automated workflows and custom prompts that'll blow your mind
-- [Configuration](./docs/configuration.md) - MCP servers, permissions, environment variables, and advanced settings (for the tech heads)
-- [Experimental Features](./docs/experimental.md) - Execution modes and network restrictions (cutting edge stuff)
-- [Cloud Providers](./docs/cloud-providers.md) - AWS Bedrock and Google Vertex AI setup (for the cloud cowboys)
-- [Capabilities & Limitations](./docs/capabilities-and-limitations.md) - What Claude can and can't do (keeping it real)
-- [Security](./docs/security.md) - Access control, permissions, and commit signing (locked up tight)
-- [FAQ](./docs/faq.md) - Common questions and troubleshooting (when things go pear-shaped)
+- **[Solutions Guide](./docs/solutions.md)** - **🎯 Ready-to-use automation patterns**
+- **[Migration Guide](./docs/migration-guide.md)** - **⭐ Upgrading from v0.x to v1.0**
+- [Setup Guide](./docs/setup.md) - Manual setup, custom GitHub apps, and security best practices
+- [Usage Guide](./docs/usage.md) - Basic usage, workflow configuration, and input parameters
+- [Custom Automations](./docs/custom-automations.md) - Examples of automated workflows and custom prompts
+- [Configuration](./docs/configuration.md) - MCP servers, permissions, environment variables, and advanced settings
+- [Experimental Features](./docs/experimental.md) - Execution modes and network restrictions
+- [Cloud Providers](./docs/cloud-providers.md) - AWS Bedrock and Google Vertex AI setup
+- [Capabilities & Limitations](./docs/capabilities-and-limitations.md) - What Claude can and cannot do
+- [Security](./docs/security.md) - Access control, permissions, and commit signing
+- [FAQ](./docs/faq.md) - Common questions and troubleshooting
 
-## 📚 Got Questions? She'll Be Right!
+## 📚 FAQ
 
-Having a bit of trouble or got some questions rattling around? Have a gander at our [Frequently Asked Questions](./docs/faq.md) for solutions to common problems and detailed explanations of what Claude can and can't do. No worries, mate!
+Having issues or questions? Check out our [Frequently Asked Questions](./docs/faq.md) for solutions to common problems and detailed explanations of Claude's capabilities and limitations.
 
 ## License
 
-This project is licensed under the MIT License—have a squiz at the LICENSE file for all the nitty-gritty details.
+This project is licensed under the MIT License—see the LICENSE file for details.

action.yml

@@ -177,7 +177,7 @@ runs:
         # Install Claude Code if no custom executable is provided
         if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
           echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.10
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.24
           echo "$HOME/.local/bin" >> "$GITHUB_PATH"
         else
           echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"

base-action/README.md

@@ -336,7 +336,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

base-action/action.yml

@@ -99,7 +99,7 @@ runs:
       run: |
         if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
           echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.10
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.24
         else
           echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
           # Add the directory containing the custom executable to PATH

base-action/examples/issue-triage.yml

@@ -32,7 +32,7 @@ jobs:
                   "--rm",
                   "-e",
                   "GITHUB_PERSONAL_ACCESS_TOKEN",
-                  "ghcr.io/github/github-mcp-server:sha-7aced2b"
+                  "ghcr.io/github/github-mcp-server:sha-23fa0dd"
                 ],
                 "env": {
                   "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"

docs/faq.md

@@ -127,7 +127,7 @@ For performance, Claude uses shallow clones:
 If you need full history, you can configure this in your workflow before calling Claude in the `actions/checkout` step.
 
 ```
-- uses: actions/checkout@v4
+- uses: actions/checkout@v5
   depth: 0 # will fetch full repo history
 ```
 

docs/security.md

@@ -19,11 +19,22 @@
 
 ## GitHub App Permissions
 
-The [Claude Code GitHub app](https://github.com/apps/claude) requires these permissions:
+The [Claude Code GitHub app](https://github.com/apps/claude) requests the following permissions:
 
-- **Pull Requests**: Read and write to create PRs and push changes
-- **Issues**: Read and write to respond to issues
-- **Contents**: Read and write to modify repository files
+### Currently Used Permissions
+
+- **Contents** (Read & Write): For reading repository files and creating branches
+- **Pull Requests** (Read & Write): For reading PR data and creating/updating pull requests
+- **Issues** (Read & Write): For reading issue data and updating issue comments
+
+### Permissions for Future Features
+
+The following permissions are requested but not yet actively used. These will enable planned features in future releases:
+
+- **Discussions** (Read & Write): For interaction with GitHub Discussions
+- **Actions** (Read): For accessing workflow run data and logs
+- **Checks** (Read): For reading check run results
+- **Workflows** (Read & Write): For triggering and managing GitHub Actions workflows
 
 ## Commit Signing
 

docs/solutions.md

@@ -35,7 +35,7 @@ jobs:
       pull-requests: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 1
 
@@ -89,7 +89,7 @@ jobs:
       pull-requests: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 1
 
@@ -153,7 +153,7 @@ jobs:
       pull-requests: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 1
 
@@ -211,7 +211,7 @@ jobs:
       pull-requests: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 1
 
@@ -268,7 +268,7 @@ jobs:
       pull-requests: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 1
 
@@ -344,7 +344,7 @@ jobs:
       pull-requests: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -456,7 +456,7 @@ jobs:
       pull-requests: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           fetch-depth: 0
@@ -513,7 +513,7 @@ jobs:
       security-events: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 1
 

examples/ci-failure-auto-fix.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.workflow_run.head_branch }}
           fetch-depth: 0

examples/claude.yml

@@ -26,7 +26,7 @@ jobs:
       actions: read # Required for Claude to read CI results on PRs
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 1
 

examples/issue-deduplication.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 1
 

examples/issue-triage.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

examples/manual-code-analysis.yml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 2 # Need at least 2 commits to analyze the latest
 

examples/pr-review-comprehensive.yml

@@ -16,7 +16,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 1
 

examples/pr-review-filtered-authors.yml

@@ -18,7 +18,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 1
 

examples/pr-review-filtered-paths.yml

@@ -19,7 +19,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 1
 

src/mcp/install-mcp-server.ts

@@ -209,7 +209,7 @@ export async function prepareMcpConfig(
           "GITHUB_PERSONAL_ACCESS_TOKEN",
           "-e",
           "GITHUB_HOST",
-          "ghcr.io/github/github-mcp-server:sha-efef8ae", // https://github.com/github/github-mcp-server/releases/tag/v0.9.0
+          "ghcr.io/github/github-mcp-server:sha-23fa0dd", // https://github.com/github/github-mcp-server/releases/tag/v0.17.1
         ],
         env: {
           GITHUB_PERSONAL_ACCESS_TOKEN: githubToken,