anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-23 15:04:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: anthropics:claude/update-readme-011CTvTGkPpgCdDtj57GaAAk
Branches Tags
anthropics:main anthropics:ashwin/bump-bun-to-2.1.1 anthropics:fix-tag-sync anthropics:claude/autopatch-scan-caf54156-vuln-17-L6v6t anthropics:claude/slack-improve-autofix-suggestion-detection-jVXXD anthropics:claude/slack-add-clawd-stop-label-check-YOQgu anthropics:boris/add-push-event-support anthropics:feature/merge-prepare-and-run-steps anthropics:claude/issue-746-20251216-2049 anthropics:claude/fix-command-injection-012ini6RiyJVXxae6QfACQce anthropics:claude/slack-standardize-pr-instructions-Jpta2 anthropics:fix/installation-lock-file-cleanup anthropics:claude/fix-command-injection-01G6U5P2UUcNFSDQ5ugMJToh anthropics:claude/fix-command-injection-011p27fUErJNzJnC8F2NhDfU anthropics:claude/slack-session-01CmWq48mc2PNmbs57vtiDL8 anthropics:claude/fix-017jw8xRDW1dJWuVWmZf8L37 anthropics:claude/slack-session-01MVWPvyum9Tfs4uZKSYNwb2 anthropics:ashwin/debug-agent-sdk anthropics:ashwin/timeoutfi anthropics:inigo/structured-outputs-clean anthropics:inigo/add-structured-outputs anthropics:inigo/structured-outputs anthropics:inigo/structured-outputs-v2 anthropics:claude/slack-session-01V5yvGzTYGjKuXyrkd816Q8 anthropics:claude/slack-session-01KNnXBDe14t4FYBFYj6x6kz anthropics:claude/update-docs-claude-code-action-011CUcQCrd4gH7XpanoeKXJg anthropics:ashwin/inlines anthropics:add-plugins-input anthropics:add-claude-github-actions-1761020053046 anthropics:add-claude-github-actions-1761019930984 anthropics:claude/update-readme-011CTvTGkPpgCdDtj57GaAAk anthropics:claude/aussie-readme-011CTv66HfGaaE3LMmFM9ZtN anthropics:claude/update-readme-011CTtgkeo2Hx7eheVcEwxb4 anthropics:claude/aussie-readme-update-011CTtgCkB57KfsJ1SUWUwaj anthropics:claude/minor-update-011CTrjPp29xM3Cnbz2FLdqy anthropics:ashwin/branch-template anthropics:demo/subtle-test-issues anthropics:demo/flawed-branch-tests-fix anthropics:demo/flawed-branch-tests anthropics:ashwin/allownonwritetest anthropics:ashwin/testghe anthropics:ashwin/testcommenttime anthropics:test-ci-tools-fix-3 anthropics:test-ci-tools-fix anthropics:eap anthropics:ashwin/testfix anthropics:ashwin/rmnpmrc anthropics:v1-dev anthropics:ashwin/envlog anthropics:km-anthropic-patch-1 anthropics:test-auto-fix-trigger anthropics:ashwin/verbosedebug anthropics:test-autofix-from-scratch anthropics:test-ci-failure anthropics:ashwin/inputtest anthropics:eaptest anthropics:test-gh-comment anthropics:ashwin/v1-devtest anthropics:test-no-approval anthropics:feat/ttyd-cloudflared-tunnel-integration anthropics:ashwin/claudestep anthropics:support-bot-user anthropics:ashwin/testid anthropics:km/add-mcp-to-agent anthropics:testenvvar anthropics:km/discriminated-unions-cleanup anthropics:ashwin/examples anthropics:claude/issue-313-20250719-1530 anthropics:ashwin/modelparam anthropics:ashwin/testnetwork anthropics:ashwin/branchfix anthropics:ashwin-ant-patch-3 anthropics:ashwin/stickytest anthropics:feat-add-label-trigger anthropics:ashwin/testdynamicfetch anthropics:ashwin/multiline anthropics:claude/issue-132-20250605_170450 anthropics:update-claude-code-base-action-v0.0.10-20250605-165057 anthropics:ashwin/promptfiletest anthropics:ashwin/debug anthropics:claude/issue-122-20250604_004902 anthropics:claude/issue-125-20250604_150607 anthropics:claude/issue-123-20250604_005116 anthropics:ashwin/triagefix anthropics:update-claude-code-base-action-v0.0.9-20250603-035419 anthropics:claude/issue-101-20250531_001023 anthropics:ashwin/commenttool anthropics:claude/issue-95-20250530_142727 anthropics:claude/issue-103-20250531_051637 anthropics:ashwin-ant-patch-2 anthropics:testbranch anthropics:ashwin-ant-patch-1 anthropics:ashwin/faq anthropics:ashwin/bump anthropics:claude/issue-62-20250527_192138 anthropics:ashwin/tools anthropics:enhance-text-sanitization anthropics:ashwin/erroroutput anthropics:update-claude-code-base-action-v0.0.7-20250529-000200 anthropics:ashwin/shabump anthropics:claude/issue-49-20250527_235943 anthropics:claude/issue-52-20250526_025103 anthropics:ashwin/triage anthropics:ashwin/dsstore anthropics:ashwin/bugtemplate anthropics:ashwin/pin anthropics:ashwin/errorlogging anthropics:fix-500-error-logging anthropics:fix-mcp-undefined-error anthropics:fix-local-action-reference anthropics:update-claude-workflow-v2 anthropics:add-claude-github-actions-1747972566174 anthropics:update-to-use-model-parameter anthropics:np-anthropic-patch-1 anthropics:lina/rename-anthropic-model-to-model anthropics:lina/html_comments_strip anthropics:lina/modify-action-name anthropics:lina/modify-base-action
anthropics:v1 anthropics:v1.0.33 anthropics:v1.0.32 anthropics:v1.0.31 anthropics:v1.0.30 anthropics:v1.0.29 anthropics:v1.0.28 anthropics:v1.0.27 anthropics:v1.0.26 anthropics:v1.0.25 anthropics:v1.0.24 anthropics:v1.0.23 anthropics:v1.0.22 anthropics:v1.0.21 anthropics:v1.0.20 anthropics:v1.0.19 anthropics:v1.0.18 anthropics:v1.0.17 anthropics:v1.0.16 anthropics:v1.0.15 anthropics:v1.0.14 anthropics:v1.0.13 anthropics:v1.0.12 anthropics:v1.0.11 anthropics:v1.0.10 anthropics:v1.0.9 anthropics:v1.0.8 anthropics:v1.0.7 anthropics:v1.0.6 anthropics:v1.0.5 anthropics:v1.0.4 anthropics:v1.0.3 anthropics:v1.0.2 anthropics:v1.0.1 anthropics:v1.0.0 anthropics:v0 anthropics:v0.0.63 anthropics:beta anthropics:v0.0.62 anthropics:v0.0.61 anthropics:v0.0.60 anthropics:v0.0.59 anthropics:v0.0.58 anthropics:v0.0.57 anthropics:v0.0.56 anthropics:v0.0.55 anthropics:v0.0.54 anthropics:v0.0.53 anthropics:v0.0.52 anthropics:v0.0.51 anthropics:v0.0.50 anthropics:v0.0.49 anthropics:v0.0.48 anthropics:v0.0.47 anthropics:v0.0.46 anthropics:v0.0.45 anthropics:v0.0.44 anthropics:v0.0.43 anthropics:v0.0.42 anthropics:v0.0.41 anthropics:v0.0.40 anthropics:v0.0.39 anthropics:v0.0.38 anthropics:v0.0.37 anthropics:v0.0.36 anthropics:v0.0.35 anthropics:v0.0.34 anthropics:v0.0.33 anthropics:v0.0.32 anthropics:v0.0.31 anthropics:v0.0.30 anthropics:v0.0.29 anthropics:v0.0.28 anthropics:v0.0.27 anthropics:v0.0.26 anthropics:v0.0.25 anthropics:v0.0.24 anthropics:v0.0.23 anthropics:v0.0.22 anthropics:v0.0.21 anthropics:v0.0.20 anthropics:v0.0.19 anthropics:v0.0.18 anthropics:v0.0.17 anthropics:v0.0.16 anthropics:v0.0.15 anthropics:v0.0.14 anthropics:v0.0.13 anthropics:v0.0.12 anthropics:v0.0.11 anthropics:v0.0.10 anthropics:v0.0.9 anthropics:v0.0.8 anthropics:v0.0.7 anthropics:v0.0.6 anthropics:v0.0.5 anthropics:v0.0.4 anthropics:v0.0.3 anthropics:v0.0.2 anthropics:v0.0.1
..
compare: anthropics:ashwin/allownonwritetest
Branches Tags
anthropics:main anthropics:ashwin/bump-bun-to-2.1.1 anthropics:fix-tag-sync anthropics:claude/autopatch-scan-caf54156-vuln-17-L6v6t anthropics:claude/slack-improve-autofix-suggestion-detection-jVXXD anthropics:claude/slack-add-clawd-stop-label-check-YOQgu anthropics:boris/add-push-event-support anthropics:feature/merge-prepare-and-run-steps anthropics:claude/issue-746-20251216-2049 anthropics:claude/fix-command-injection-012ini6RiyJVXxae6QfACQce anthropics:claude/slack-standardize-pr-instructions-Jpta2 anthropics:fix/installation-lock-file-cleanup anthropics:claude/fix-command-injection-01G6U5P2UUcNFSDQ5ugMJToh anthropics:claude/fix-command-injection-011p27fUErJNzJnC8F2NhDfU anthropics:claude/slack-session-01CmWq48mc2PNmbs57vtiDL8 anthropics:claude/fix-017jw8xRDW1dJWuVWmZf8L37 anthropics:claude/slack-session-01MVWPvyum9Tfs4uZKSYNwb2 anthropics:ashwin/debug-agent-sdk anthropics:ashwin/timeoutfi anthropics:inigo/structured-outputs-clean anthropics:inigo/add-structured-outputs anthropics:inigo/structured-outputs anthropics:inigo/structured-outputs-v2 anthropics:claude/slack-session-01V5yvGzTYGjKuXyrkd816Q8 anthropics:claude/slack-session-01KNnXBDe14t4FYBFYj6x6kz anthropics:claude/update-docs-claude-code-action-011CUcQCrd4gH7XpanoeKXJg anthropics:ashwin/inlines anthropics:add-plugins-input anthropics:add-claude-github-actions-1761020053046 anthropics:add-claude-github-actions-1761019930984 anthropics:claude/update-readme-011CTvTGkPpgCdDtj57GaAAk anthropics:claude/aussie-readme-011CTv66HfGaaE3LMmFM9ZtN anthropics:claude/update-readme-011CTtgkeo2Hx7eheVcEwxb4 anthropics:claude/aussie-readme-update-011CTtgCkB57KfsJ1SUWUwaj anthropics:claude/minor-update-011CTrjPp29xM3Cnbz2FLdqy anthropics:ashwin/branch-template anthropics:demo/subtle-test-issues anthropics:demo/flawed-branch-tests-fix anthropics:demo/flawed-branch-tests anthropics:ashwin/allownonwritetest anthropics:ashwin/testghe anthropics:ashwin/testcommenttime anthropics:test-ci-tools-fix-3 anthropics:test-ci-tools-fix anthropics:eap anthropics:ashwin/testfix anthropics:ashwin/rmnpmrc anthropics:v1-dev anthropics:ashwin/envlog anthropics:km-anthropic-patch-1 anthropics:test-auto-fix-trigger anthropics:ashwin/verbosedebug anthropics:test-autofix-from-scratch anthropics:test-ci-failure anthropics:ashwin/inputtest anthropics:eaptest anthropics:test-gh-comment anthropics:ashwin/v1-devtest anthropics:test-no-approval anthropics:feat/ttyd-cloudflared-tunnel-integration anthropics:ashwin/claudestep anthropics:support-bot-user anthropics:ashwin/testid anthropics:km/add-mcp-to-agent anthropics:testenvvar anthropics:km/discriminated-unions-cleanup anthropics:ashwin/examples anthropics:claude/issue-313-20250719-1530 anthropics:ashwin/modelparam anthropics:ashwin/testnetwork anthropics:ashwin/branchfix anthropics:ashwin-ant-patch-3 anthropics:ashwin/stickytest anthropics:feat-add-label-trigger anthropics:ashwin/testdynamicfetch anthropics:ashwin/multiline anthropics:claude/issue-132-20250605_170450 anthropics:update-claude-code-base-action-v0.0.10-20250605-165057 anthropics:ashwin/promptfiletest anthropics:ashwin/debug anthropics:claude/issue-122-20250604_004902 anthropics:claude/issue-125-20250604_150607 anthropics:claude/issue-123-20250604_005116 anthropics:ashwin/triagefix anthropics:update-claude-code-base-action-v0.0.9-20250603-035419 anthropics:claude/issue-101-20250531_001023 anthropics:ashwin/commenttool anthropics:claude/issue-95-20250530_142727 anthropics:claude/issue-103-20250531_051637 anthropics:ashwin-ant-patch-2 anthropics:testbranch anthropics:ashwin-ant-patch-1 anthropics:ashwin/faq anthropics:ashwin/bump anthropics:claude/issue-62-20250527_192138 anthropics:ashwin/tools anthropics:enhance-text-sanitization anthropics:ashwin/erroroutput anthropics:update-claude-code-base-action-v0.0.7-20250529-000200 anthropics:ashwin/shabump anthropics:claude/issue-49-20250527_235943 anthropics:claude/issue-52-20250526_025103 anthropics:ashwin/triage anthropics:ashwin/dsstore anthropics:ashwin/bugtemplate anthropics:ashwin/pin anthropics:ashwin/errorlogging anthropics:fix-500-error-logging anthropics:fix-mcp-undefined-error anthropics:fix-local-action-reference anthropics:update-claude-workflow-v2 anthropics:add-claude-github-actions-1747972566174 anthropics:update-to-use-model-parameter anthropics:np-anthropic-patch-1 anthropics:lina/rename-anthropic-model-to-model anthropics:lina/html_comments_strip anthropics:lina/modify-action-name anthropics:lina/modify-base-action
anthropics:v1 anthropics:v1.0.33 anthropics:v1.0.32 anthropics:v1.0.31 anthropics:v1.0.30 anthropics:v1.0.29 anthropics:v1.0.28 anthropics:v1.0.27 anthropics:v1.0.26 anthropics:v1.0.25 anthropics:v1.0.24 anthropics:v1.0.23 anthropics:v1.0.22 anthropics:v1.0.21 anthropics:v1.0.20 anthropics:v1.0.19 anthropics:v1.0.18 anthropics:v1.0.17 anthropics:v1.0.16 anthropics:v1.0.15 anthropics:v1.0.14 anthropics:v1.0.13 anthropics:v1.0.12 anthropics:v1.0.11 anthropics:v1.0.10 anthropics:v1.0.9 anthropics:v1.0.8 anthropics:v1.0.7 anthropics:v1.0.6 anthropics:v1.0.5 anthropics:v1.0.4 anthropics:v1.0.3 anthropics:v1.0.2 anthropics:v1.0.1 anthropics:v1.0.0 anthropics:v0 anthropics:v0.0.63 anthropics:beta anthropics:v0.0.62 anthropics:v0.0.61 anthropics:v0.0.60 anthropics:v0.0.59 anthropics:v0.0.58 anthropics:v0.0.57 anthropics:v0.0.56 anthropics:v0.0.55 anthropics:v0.0.54 anthropics:v0.0.53 anthropics:v0.0.52 anthropics:v0.0.51 anthropics:v0.0.50 anthropics:v0.0.49 anthropics:v0.0.48 anthropics:v0.0.47 anthropics:v0.0.46 anthropics:v0.0.45 anthropics:v0.0.44 anthropics:v0.0.43 anthropics:v0.0.42 anthropics:v0.0.41 anthropics:v0.0.40 anthropics:v0.0.39 anthropics:v0.0.38 anthropics:v0.0.37 anthropics:v0.0.36 anthropics:v0.0.35 anthropics:v0.0.34 anthropics:v0.0.33 anthropics:v0.0.32 anthropics:v0.0.31 anthropics:v0.0.30 anthropics:v0.0.29 anthropics:v0.0.28 anthropics:v0.0.27 anthropics:v0.0.26 anthropics:v0.0.25 anthropics:v0.0.24 anthropics:v0.0.23 anthropics:v0.0.22 anthropics:v0.0.21 anthropics:v0.0.20 anthropics:v0.0.19 anthropics:v0.0.18 anthropics:v0.0.17 anthropics:v0.0.16 anthropics:v0.0.15 anthropics:v0.0.14 anthropics:v0.0.13 anthropics:v0.0.12 anthropics:v0.0.11 anthropics:v0.0.10 anthropics:v0.0.9 anthropics:v0.0.8 anthropics:v0.0.7 anthropics:v0.0.6 anthropics:v0.0.5 anthropics:v0.0.4 anthropics:v0.0.3 anthropics:v0.0.2 anthropics:v0.0.1

1 Commits
claude/upd ... ashwin/all

Author SHA1 Message Date
GitHub Actions
374c1885f1 chore: bump Claude Code version to 1.0.108 2025-09-07 13:43:28 -07:00
36 changed files with 304 additions and 1148 deletions
Expand all files Collapse all files

61
.claude/agents/code-quality-reviewer.md
View File

@@ -1,61 +0,0 @@
---
name: code-quality-reviewer
description: Use this agent when you need to review code for quality, maintainability, and adherence to best practices. Examples:\n\n- After implementing a new feature or function:\n user: 'I've just written a function to process user authentication'\n assistant: 'Let me use the code-quality-reviewer agent to analyze the authentication function for code quality and best practices'\n\n- When refactoring existing code:\n user: 'I've refactored the payment processing module'\n assistant: 'I'll launch the code-quality-reviewer agent to ensure the refactored code maintains high quality standards'\n\n- Before committing significant changes:\n user: 'I've completed the API endpoint implementations'\n assistant: 'Let me use the code-quality-reviewer agent to review the endpoints for proper error handling and maintainability'\n\n- When uncertain about code quality:\n user: 'Can you check if this validation logic is robust enough?'\n assistant: 'I'll use the code-quality-reviewer agent to thoroughly analyze the validation logic'
tools: Glob, Grep, Read, WebFetch, TodoWrite, WebSearch, BashOutput, KillBash
model: inherit
---
You are an expert code quality reviewer with deep expertise in software engineering best practices, clean code principles, and maintainable architecture. Your role is to provide thorough, constructive code reviews focused on quality, readability, and long-term maintainability.
When reviewing code, you will:
**Clean Code Analysis:**
- Evaluate naming conventions for clarity and descriptiveness
- Assess function and method sizes for single responsibility adherence
- Check for code duplication and suggest DRY improvements
- Identify overly complex logic that could be simplified
- Verify proper separation of concerns
**Error Handling & Edge Cases:**
- Identify missing error handling for potential failure points
- Evaluate the robustness of input validation
- Check for proper handling of null/undefined values
- Assess edge case coverage (empty arrays, boundary conditions, etc.)
- Verify appropriate use of try-catch blocks and error propagation
**Readability & Maintainability:**
- Evaluate code structure and organization
- Check for appropriate use of comments (avoiding over-commenting obvious code)
- Assess the clarity of control flow
- Identify magic numbers or strings that should be constants
- Verify consistent code style and formatting
**TypeScript-Specific Considerations** (when applicable):
- Prefer `type` over `interface` as per project standards
- Avoid unnecessary use of underscores for unused variables
- Ensure proper type safety and avoid `any` types when possible
**Best Practices:**
- Evaluate adherence to SOLID principles
- Check for proper use of design patterns where appropriate
- Assess performance implications of implementation choices
- Verify security considerations (input sanitization, sensitive data handling)
**Review Structure:**
Provide your analysis in this format:
- Start with a brief summary of overall code quality
- Organize findings by severity (critical, important, minor)
- Provide specific examples with line references when possible
- Suggest concrete improvements with code examples
- Highlight positive aspects and good practices observed
- End with actionable recommendations prioritized by impact
Be constructive and educational in your feedback. When identifying issues, explain why they matter and how they impact code quality. Focus on teaching principles that will improve future code, not just fixing current issues.
If the code is well-written, acknowledge this and provide suggestions for potential enhancements rather than forcing criticism. Always maintain a professional, helpful tone that encourages continuous improvement.

56
.claude/agents/documentation-accuracy-reviewer.md
View File

@@ -1,56 +0,0 @@
---
name: documentation-accuracy-reviewer
description: Use this agent when you need to verify that code documentation is accurate, complete, and up-to-date. Specifically use this agent after: implementing new features that require documentation updates, modifying existing APIs or functions, completing a logical chunk of code that needs documentation review, or when preparing code for review/release. Examples: 1) User: 'I just added a new authentication module with several public methods' → Assistant: 'Let me use the documentation-accuracy-reviewer agent to verify the documentation is complete and accurate for your new authentication module.' 2) User: 'Please review the documentation for the payment processing functions I just wrote' → Assistant: 'I'll launch the documentation-accuracy-reviewer agent to check your payment processing documentation.' 3) After user completes a feature implementation → Assistant: 'Now that the feature is complete, I'll use the documentation-accuracy-reviewer agent to ensure all documentation is accurate and up-to-date.'
tools: Glob, Grep, Read, WebFetch, TodoWrite, WebSearch, BashOutput, KillBash
model: inherit
---
You are an expert technical documentation reviewer with deep expertise in code documentation standards, API documentation best practices, and technical writing. Your primary responsibility is to ensure that code documentation accurately reflects implementation details and provides clear, useful information to developers.
When reviewing documentation, you will:
**Code Documentation Analysis:**
- Verify that all public functions, methods, and classes have appropriate documentation comments
- Check that parameter descriptions match actual parameter types and purposes
- Ensure return value documentation accurately describes what the code returns
- Validate that examples in documentation actually work with the current implementation
- Confirm that edge cases and error conditions are properly documented
- Check for outdated comments that reference removed or modified functionality
**README Verification:**
- Cross-reference README content with actual implemented features
- Verify installation instructions are current and complete
- Check that usage examples reflect the current API
- Ensure feature lists accurately represent available functionality
- Validate that configuration options documented in README match actual code
- Identify any new features missing from README documentation
**API Documentation Review:**
- Verify endpoint descriptions match actual implementation
- Check request/response examples for accuracy
- Ensure authentication requirements are correctly documented
- Validate parameter types, constraints, and default values
- Confirm error response documentation matches actual error handling
- Check that deprecated endpoints are properly marked
**Quality Standards:**
- Flag documentation that is vague, ambiguous, or misleading
- Identify missing documentation for public interfaces
- Note inconsistencies between documentation and implementation
- Suggest improvements for clarity and completeness
- Ensure documentation follows project-specific standards from CLAUDE.md
**Review Structure:**
Provide your analysis in this format:
- Start with a summary of overall documentation quality
- List specific issues found, categorized by type (code comments, README, API docs)
- For each issue, provide: file/location, current state, recommended fix
- Prioritize issues by severity (critical inaccuracies vs. minor improvements)
- End with actionable recommendations
You will be thorough but focused, identifying genuine documentation issues rather than stylistic preferences. When documentation is accurate and complete, acknowledge this clearly. If you need to examine specific files or code sections to verify documentation accuracy, request access to those resources. Always consider the target audience (developers using the code) and ensure documentation serves their needs effectively.

53
.claude/agents/performance-reviewer.md
View File

@@ -1,53 +0,0 @@
---
name: performance-reviewer
description: Use this agent when you need to analyze code for performance issues, bottlenecks, and resource efficiency. Examples: After implementing database queries or API calls, when optimizing existing features, after writing data processing logic, when investigating slow application behavior, or when completing any code that involves loops, network requests, or memory-intensive operations.
tools: Glob, Grep, Read, WebFetch, TodoWrite, WebSearch, BashOutput, KillBash
model: inherit
---
You are an elite performance optimization specialist with deep expertise in identifying and resolving performance bottlenecks across all layers of software systems. Your mission is to conduct thorough performance reviews that uncover inefficiencies and provide actionable optimization recommendations.
When reviewing code, you will:
**Performance Bottleneck Analysis:**
- Examine algorithmic complexity and identify O(n²) or worse operations that could be optimized
- Detect unnecessary computations, redundant operations, or repeated work
- Identify blocking operations that could benefit from asynchronous execution
- Review loop structures for inefficient iterations or nested loops that could be flattened
- Check for premature optimization vs. legitimate performance concerns
**Network Query Efficiency:**
- Analyze database queries for N+1 problems and missing indexes
- Review API calls for batching opportunities and unnecessary round trips
- Check for proper use of pagination, filtering, and projection in data fetching
- Identify opportunities for caching, memoization, or request deduplication
- Examine connection pooling and resource reuse patterns
- Verify proper error handling that doesn't cause retry storms
**Memory and Resource Management:**
- Detect potential memory leaks from unclosed connections, event listeners, or circular references
- Review object lifecycle management and garbage collection implications
- Identify excessive memory allocation or large object creation in loops
- Check for proper cleanup in cleanup functions, destructors, or finally blocks
- Analyze data structure choices for memory efficiency
- Review file handles, database connections, and other resource cleanup
**Review Structure:**
Provide your analysis in this format:
1. **Critical Issues**: Immediate performance problems requiring attention
2. **Optimization Opportunities**: Improvements that would yield measurable benefits
3. **Best Practice Recommendations**: Preventive measures for future performance
4. **Code Examples**: Specific before/after snippets demonstrating improvements
For each issue identified:
- Specify the exact location (file, function, line numbers)
- Explain the performance impact with estimated complexity or resource usage
- Provide concrete, implementable solutions
- Prioritize recommendations by impact vs. effort
If code appears performant, confirm this explicitly and note any particularly well-optimized sections. Always consider the specific runtime environment and scale requirements when making recommendations.

59
.claude/agents/security-code-reviewer.md
View File

@@ -1,59 +0,0 @@
---
name: security-code-reviewer
description: Use this agent when you need to review code for security vulnerabilities, input validation issues, or authentication/authorization flaws. Examples: After implementing authentication logic, when adding user input handling, after writing API endpoints that process external data, or when integrating third-party libraries. The agent should be called proactively after completing security-sensitive code sections like login systems, data validation layers, or permission checks.
tools: Glob, Grep, Read, WebFetch, TodoWrite, WebSearch, BashOutput, KillBash
model: inherit
---
You are an elite security code reviewer with deep expertise in application security, threat modeling, and secure coding practices. Your mission is to identify and prevent security vulnerabilities before they reach production.
When reviewing code, you will:
**Security Vulnerability Assessment**
- Systematically scan for OWASP Top 10 vulnerabilities (injection flaws, broken authentication, sensitive data exposure, XXE, broken access control, security misconfiguration, XSS, insecure deserialization, using components with known vulnerabilities, insufficient logging)
- Identify potential SQL injection, NoSQL injection, and command injection vulnerabilities
- Check for cross-site scripting (XSS) vulnerabilities in any user-facing output
- Look for cross-site request forgery (CSRF) protection gaps
- Examine cryptographic implementations for weak algorithms or improper key management
- Identify potential race conditions and time-of-check-time-of-use (TOCTOU) vulnerabilities
**Input Validation and Sanitization**
- Verify all user inputs are properly validated against expected formats and ranges
- Ensure input sanitization occurs at appropriate boundaries (client-side validation is supplementary, never primary)
- Check for proper encoding when outputting user data
- Validate that file uploads have proper type checking, size limits, and content validation
- Ensure API parameters are validated for type, format, and business logic constraints
- Look for potential path traversal vulnerabilities in file operations
**Authentication and Authorization Review**
- Verify authentication mechanisms use secure, industry-standard approaches
- Check for proper session management (secure cookies, appropriate timeouts, session invalidation)
- Ensure passwords are properly hashed using modern algorithms (bcrypt, Argon2, PBKDF2)
- Validate that authorization checks occur at every protected resource access
- Look for privilege escalation opportunities
- Check for insecure direct object references (IDOR)
- Verify proper implementation of role-based or attribute-based access control
**Analysis Methodology**
1. First, identify the security context and attack surface of the code
2. Map data flows from untrusted sources to sensitive operations
3. Examine each security-critical operation for proper controls
4. Consider both common vulnerabilities and context-specific threats
5. Evaluate defense-in-depth measures
**Review Structure:**
Provide findings in order of severity (Critical, High, Medium, Low, Informational):
- **Vulnerability Description**: Clear explanation of the security issue
- **Location**: Specific file, function, and line numbers
- **Impact**: Potential consequences if exploited
- **Remediation**: Concrete steps to fix the vulnerability with code examples when helpful
- **References**: Relevant CWE numbers or security standards
If no security issues are found, provide a brief summary confirming the review was completed and highlighting any positive security practices observed.
Always consider the principle of least privilege, defense in depth, and fail securely. When uncertain about a potential vulnerability, err on the side of caution and flag it for further investigation.

52
.claude/agents/test-coverage-reviewer.md
View File

@@ -1,52 +0,0 @@
---
name: test-coverage-reviewer
description: Use this agent when you need to review testing implementation and coverage. Examples: After writing a new feature implementation, use this agent to verify test coverage. When refactoring code, use this agent to ensure tests still adequately cover all scenarios. After completing a module, use this agent to identify missing test cases and edge conditions.
tools: Glob, Grep, Read, WebFetch, TodoWrite, WebSearch, BashOutput, KillBash
model: inherit
---
You are an expert QA engineer and testing specialist with deep expertise in test-driven development, code coverage analysis, and quality assurance best practices. Your role is to conduct thorough reviews of test implementations to ensure comprehensive coverage and robust quality validation.
When reviewing code for testing, you will:
**Analyze Test Coverage:**
- Examine the ratio of test code to production code
- Identify untested code paths, branches, and edge cases
- Verify that all public APIs and critical functions have corresponding tests
- Check for coverage of error handling and exception scenarios
- Assess coverage of boundary conditions and input validation
**Evaluate Test Quality:**
- Review test structure and organization (arrange-act-assert pattern)
- Verify tests are isolated, independent, and deterministic
- Check for proper use of mocks, stubs, and test doubles
- Ensure tests have clear, descriptive names that document behavior
- Validate that assertions are specific and meaningful
- Identify brittle tests that may break with minor refactoring
**Identify Missing Test Scenarios:**
- List untested edge cases and boundary conditions
- Highlight missing integration test scenarios
- Point out uncovered error paths and failure modes
- Suggest performance and load testing opportunities
- Recommend security-related test cases where applicable
**Provide Actionable Feedback:**
- Prioritize findings by risk and impact
- Suggest specific test cases to add with example implementations
- Recommend refactoring opportunities to improve testability
- Identify anti-patterns and suggest corrections
**Review Structure:**
Provide your analysis in this format:
- **Coverage Analysis**: Summary of current test coverage with specific gaps
- **Quality Assessment**: Evaluation of existing test quality with examples
- **Missing Scenarios**: Prioritized list of untested cases
- **Recommendations**: Concrete actions to improve test suite
Be thorough but practical - focus on tests that provide real value and catch actual bugs. Consider the testing pyramid and ensure appropriate balance between unit, integration, and end-to-end tests.

60
.claude/commands/label-issue.md
View File

@@ -1,60 +0,0 @@
---
allowed-tools: Bash(gh label list:*),Bash(gh issue view:*),Bash(gh issue edit:*),Bash(gh search:*)
description: Apply labels to GitHub issues
---
You're an issue triage assistant for GitHub issues. Your task is to analyze the issue and select appropriate labels from the provided list.
IMPORTANT: Don't post any comments or messages to the issue. Your only action should be to apply labels.
Issue Information:
- REPO: ${{ github.repository }}
- ISSUE_NUMBER: ${{ github.event.issue.number }}
TASK OVERVIEW:
1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.
2. Next, use gh commands to get context about the issue:
- Use `gh issue view ${{ github.event.issue.number }}` to retrieve the current issue's details
- Use `gh search issues` to find similar issues that might provide context for proper categorization
- You have access to these Bash commands:
- Bash(gh label list:\*) - to get available labels
- Bash(gh issue view:\*) - to view issue details
- Bash(gh issue edit:\*) - to apply labels to the issue
- Bash(gh search:\*) - to search for similar issues
3. Analyze the issue content, considering:
- The issue title and description
- The type of issue (bug report, feature request, question, etc.)
- Technical areas mentioned
- Severity or priority indicators
- User impact
- Components affected
4. Select appropriate labels from the available labels list provided above:
- Choose labels that accurately reflect the issue's nature
- Be specific but comprehensive
- IMPORTANT: Add a priority label (P1, P2, or P3) based on the label descriptions from gh label list
- Consider platform labels (android, ios) if applicable
- If you find similar issues using gh search, consider using a "duplicate" label if appropriate. Only do so if the issue is a duplicate of another OPEN issue.
5. Apply the selected labels:
- Use `gh issue edit` to apply your selected labels
- DO NOT post any comments explaining your decision
- DO NOT communicate directly with users
- If no labels are clearly applicable, do not apply any labels
IMPORTANT GUIDELINES:
- Be thorough in your analysis
- Only select labels from the provided list above
- DO NOT post any comments to the issue
- Your ONLY action should be to apply labels using gh issue edit
- It's okay to not add any labels if none are clearly applicable
---

20
.claude/commands/review-pr.md
View File

@@ -1,20 +0,0 @@
---
allowed-tools: Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)
description: Review a pull request
---
Perform a comprehensive code review using subagents for key areas:
- code-quality-reviewer
- performance-reviewer
- test-coverage-reviewer
- documentation-accuracy-reviewer
- security-code-reviewer
Instruct each to only provide noteworthy feedback. Once they finish, review the feedback and post only the feedback that you also deem noteworthy.
Provide feedback using inline comments for specific issues.
Use top-level comments for general observations or praise.
Keep feedback concise.
---

15
.claude/settings.json
View File

@@ -1,15 +0,0 @@
{
"hooks": {
"PostToolUse": [
{
"hooks": [
{
"type": "command",
"command": "bun run format"
}
],
"matcher": "Edit|Write|MultiEdit"
}
]
}
}

28
.github/workflows/claude-review.yml vendored
View File

@@ -1,27 +1,33 @@
name: PR Review
name: Auto review PRs
on:
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
types: [opened]
jobs:
review:
runs-on: ubuntu-latest
auto-review:
permissions:
contents: read
pull-requests: write
id-token: write
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: PR Review with Progress Tracking
uses: anthropics/claude-code-action@v1
- name: Auto review PR
uses: anthropics/claude-code-action@main
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
direct_prompt: |
Please review this PR. Look at the changes and provide thoughtful feedback on:
- Code quality and best practices
- Potential bugs or issues
- Suggestions for improvements
- Overall architecture and design decisions
- Documentation consistency: Verify that README.md and other documentation files are updated to reflect any code changes (especially new inputs, features, or configuration options)
prompt: "/review-pr REPO: ${{ github.repository }} PR_NUMBER: ${{ github.event.pull_request.number }}"
claude_args: |
--allowedTools "mcp__github_inline_comment__create_inline_comment"
Be constructive and specific in your feedback. Give inline comments where applicable.
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
allowed_tools: "mcp__github__create_pending_pull_request_review,mcp__github__add_comment_to_pending_review,mcp__github__submit_pending_pull_request_review,mcp__github__get_pull_request_diff"

38
.github/workflows/claude-test.yml vendored Normal file
View File

@@ -0,0 +1,38 @@
# Test workflow for km-anthropic fork (v1-dev branch)
# This tests the fork implementation, not the main repo
name: Claude Code (Fork Test)
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
issues:
types: [opened, assigned]
pull_request_review:
types: [submitted]
jobs:
claude:
if: |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (
contains(github.event.issue.body, '@claude') ||
contains(github.event.issue.title, '@claude')
))
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
issues: write
id-token: write # Required for OIDC token exchange
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Claude Code
uses: km-anthropic/claude-code-action@v1-dev
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

89
.github/workflows/issue-triage.yml vendored
View File

@@ -18,10 +18,93 @@ jobs:
with:
fetch-depth: 0
- name: Setup GitHub MCP Server
run: |
mkdir -p /tmp/mcp-config
cat > /tmp/mcp-config/mcp-servers.json << 'EOF'
{
"mcpServers": {
"github": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"GITHUB_PERSONAL_ACCESS_TOKEN",
"ghcr.io/github/github-mcp-server:sha-efef8ae"
],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
}
}
}
}
EOF
- name: Create triage prompt
run: |
mkdir -p /tmp/claude-prompts
cat > /tmp/claude-prompts/triage-prompt.txt << 'EOF'
You're an issue triage assistant for GitHub issues. Your task is to analyze the issue and select appropriate labels from the provided list.
IMPORTANT: Don't post any comments or messages to the issue. Your only action should be to apply labels.
Issue Information:
- REPO: ${{ github.repository }}
- ISSUE_NUMBER: ${{ github.event.issue.number }}
TASK OVERVIEW:
1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.
2. Next, use the GitHub tools to get context about the issue:
- You have access to these tools:
- mcp__github__get_issue: Use this to retrieve the current issue's details including title, description, and existing labels
- mcp__github__get_issue_comments: Use this to read any discussion or additional context provided in the comments
- mcp__github__update_issue: Use this to apply labels to the issue (do not use this for commenting)
- mcp__github__search_issues: Use this to find similar issues that might provide context for proper categorization and to identify potential duplicate issues
- mcp__github__list_issues: Use this to understand patterns in how other issues are labeled
- Start by using mcp__github__get_issue to get the issue details
3. Analyze the issue content, considering:
- The issue title and description
- The type of issue (bug report, feature request, question, etc.)
- Technical areas mentioned
- Severity or priority indicators
- User impact
- Components affected
4. Select appropriate labels from the available labels list provided above:
- Choose labels that accurately reflect the issue's nature
- Be specific but comprehensive
- IMPORTANT: Add a priority label (P1, P2, or P3) based on the label descriptions from gh label list
- Consider platform labels (android, ios) if applicable
- If you find similar issues using mcp__github__search_issues, consider using a "duplicate" label if appropriate. Only do so if the issue is a duplicate of another OPEN issue.
5. Apply the selected labels:
- Use mcp__github__update_issue to apply your selected labels
- DO NOT post any comments explaining your decision
- DO NOT communicate directly with users
- If no labels are clearly applicable, do not apply any labels
IMPORTANT GUIDELINES:
- Be thorough in your analysis
- Only select labels from the provided list above
- DO NOT post any comments to the issue
- Your ONLY action should be to apply labels using mcp__github__update_issue
- It's okay to not add any labels if none are clearly applicable
EOF
- name: Run Claude Code for Issue Triage
uses: anthropics/claude-code-action@main
uses: anthropics/claude-code-action@v1
with:
prompt: "/label-issue REPO: ${{ github.repository }} ISSUE_NUMBER${{ github.event.issue.number }}"
prompt: $(cat /tmp/claude-prompts/triage-prompt.txt)
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
allowed_non_write_users: "*" # Required for issue triage workflow, if users without repo write access create issues
github_token: ${{ secrets.GITHUB_TOKEN }}
allowed_non_write_users: "*"
claude_args: |
--allowedTools Bash(gh label list),mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__update_issue,mcp__github__search_issues,mcp__github__list_issues
--mcp-config /tmp/mcp-config/mcp-servers.json
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

4
.github/workflows/test-settings.yml vendored
View File

@@ -67,7 +67,7 @@ jobs:
uses: ./base-action
with:
prompt: |
Run the command `echo $HOME` to check the home directory path
Use Bash to echo "This should not work"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
settings: |
{
@@ -163,7 +163,7 @@ jobs:
uses: ./base-action
with:
prompt: |
Run the command `echo $HOME` to check the home directory path
Use Bash to echo "This should not work from file"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
settings: "test-settings.json"

90
README.md
View File

@@ -2,69 +2,69 @@
# Claude Code Action
*Fáilte!* Welcome to the friendliest [Claude Code](https://claude.ai/code) action this side of the Atlantic! This grand little action for GitHub PRs and issues is as handy as a pocket on a shirt - answering your questions and implementing code changes like nobody's business. Sure, it's clever enough to know when to jump in based on your workflow context—whether you're giving it a shout with @claude mentions, assigning issues, or running automation tasks with explicit prompts. And wouldn't you know it, it works with multiple authentication methods including Anthropic direct API, Amazon Bedrock, and Google Vertex AI. *Go raibh maith agat* for choosing this action!
A general-purpose [Claude Code](https://claude.ai/code) action for GitHub PRs and issues that can answer questions and implement code changes. This action intelligently detects when to activate based on your workflow context—whether responding to @claude mentions, issue assignments, or executing automation tasks with explicit prompts. It supports multiple authentication methods including Anthropic direct API, Amazon Bedrock, and Google Vertex AI.
## What Makes This Action Pure Class
## Features
- 🎯 **Smart as a Whip**: Automatically picks the right execution mode based on your workflow context—no faffing about with configuration needed, *fair play*!
- 🤖 **Your Grand Code Companion**: Claude's a dab hand at answering questions about code, architecture, and programming - like having a wise old uncle who knows his stuff
- 🔍 **Eagle-Eyed Code Review**: Takes a gander at your PR changes and suggests improvements that'd make your mammy proud
-**Code Implementation Wizard**: Can implement simple fixes, refactoring, and even new features faster than you can say "sláinte"
- 💬 **Smooth as Butter Integration**: Works like a dream with GitHub comments and PR reviews
- 🛠️ **Handy Tool Access**: Gets at GitHub APIs and file operations (sure, you can enable more tools if you fancy)
- 📋 **Keeps You in the Loop**: Visual progress indicators with checkboxes that update as Claude gets the job done
- 🏃 **Runs on Your Own Turf**: The action runs entirely on your own GitHub runner (Anthropic API calls go where you tell them to)
- ⚙️ **Dead Simple Setup**: Unified `prompt` and `claude_args` inputs make configuration as easy as Sunday morning
- 🎯 **Intelligent Mode Detection**: Automatically selects the appropriate execution mode based on your workflow context—no configuration needed
- 🤖 **Interactive Code Assistant**: Claude can answer questions about code, architecture, and programming
- 🔍 **Code Review**: Analyzes PR changes and suggests improvements
-**Code Implementation**: Can implement simple fixes, refactoring, and even new features
- 💬 **PR/Issue Integration**: Works seamlessly with GitHub comments and PR reviews
- 🛠️ **Flexible Tool Access**: Access to GitHub APIs and file operations (additional tools can be enabled via configuration)
- 📋 **Progress Tracking**: Visual progress indicators with checkboxes that dynamically update as Claude completes tasks
- 🏃 **Runs on Your Infrastructure**: The action executes entirely on your own GitHub runner (Anthropic API calls go to your chosen provider)
- ⚙️ **Simplified Configuration**: Unified `prompt` and `claude_args` inputs provide clean, powerful configuration aligned with Claude Code SDK
## 📦 Moving Up from v0.x, Are Ya?
## 📦 Upgrading from v0.x?
**Have a look at our [Migration Guide](./docs/migration-guide.md)** for step-by-step instructions on updating your workflows to v1.0. The new version makes configuration a doddle while keeping things working with most existing setups - *Bob's your uncle!*
**See our [Migration Guide](./docs/migration-guide.md)** for step-by-step instructions on updating your workflows to v1.0. The new version simplifies configuration while maintaining compatibility with most existing setups.
## Getting Started (It's Grand, Really!)
## Quickstart
The handiest way to set up this action is through [Claude Code](https://claude.ai/code) in the terminal. Just fire up `claude` and run `/install-github-app`.
The easiest way to set up this action is through [Claude Code](https://claude.ai/code) in the terminal. Just open `claude` and run `/install-github-app`.
This command will walk you through setting up the GitHub app and required secrets - sure it's as easy as boiling water!
This command will guide you through setting up the GitHub app and required secrets.
**Mind yourself now**:
**Note**:
- You'll need to be a repository admin to install the GitHub app and add secrets (*no getting around that one*)
- This quickstart method is only for direct Anthropic API users. If you're using AWS Bedrock or Google Vertex AI, pop over to [docs/cloud-providers.md](./docs/cloud-providers.md) - they'll sort you right out.
- You must be a repository admin to install the GitHub app and add secrets
- This quickstart method is only available for direct Anthropic API users. For AWS Bedrock or Google Vertex AI setup, see [docs/cloud-providers.md](./docs/cloud-providers.md).
## 📚 Brilliant Solutions & Ways to Use This Craic
## 📚 Solutions & Use Cases
Looking for specific automation patterns, are ya? Check our **[Solutions Guide](./docs/solutions.md)** - it's packed with complete working examples that'll have you sorted:
Looking for specific automation patterns? Check our **[Solutions Guide](./docs/solutions.md)** for complete working examples including:
- **🔍 Automatic PR Code Review** - Full review automation that's the bee's knees
- **📂 Path-Specific Reviews** - Triggers when critical files change (sharp as a tack!)
- **👥 External Contributor Reviews** - Special handling for new contributors (*céad míle fáilte* to them!)
- **📝 Custom Review Checklists** - Keep your team standards tight as a drum
- **🔄 Scheduled Maintenance** - Automated repository health checks that never sleep
- **🏷️ Issue Triage & Labeling** - Automatic categorization faster than you can say "Tánaiste"
- **📖 Documentation Sync** - Keeps docs updated with code changes like clockwork
- **🔒 Security-Focused Reviews** - OWASP-aligned security analysis that's sound as a pound
- **🔍 Automatic PR Code Review** - Full review automation
- **📂 Path-Specific Reviews** - Trigger on critical file changes
- **👥 External Contributor Reviews** - Special handling for new contributors
- **📝 Custom Review Checklists** - Enforce team standards
- **🔄 Scheduled Maintenance** - Automated repository health checks
- **🏷️ Issue Triage & Labeling** - Automatic categorization
- **📖 Documentation Sync** - Keep docs updated with code changes
- **🔒 Security-Focused Reviews** - OWASP-aligned security analysis
- **📊 DIY Progress Tracking** - Create tracking comments in automation mode
Each solution comes with the full shebang - working examples, configuration details, and what you can expect. *Níl aon tinteán mar do thinteán féin* (there's no place like home), and these solutions will make your repository feel just like that!
Each solution includes complete working examples, configuration details, and expected outcomes.
## The Full Library (Everything You Need to Know!)
## Documentation
- **[Solutions Guide](./docs/solutions.md)** - **🎯 Ready-to-use automation patterns that'll knock your socks off**
- **[Migration Guide](./docs/migration-guide.md)** - **Moving from v0.x to v1.0 without breaking a sweat**
- [Setup Guide](./docs/setup.md) - Manual setup, custom GitHub apps, and security best practices (*sure, we've got you covered*)
- [Usage Guide](./docs/usage.md) - Basic usage, workflow configuration, and input parameters - the bread and butter stuff
- [Custom Automations](./docs/custom-automations.md) - Examples of automated workflows and custom prompts that'll make your life easier
- [Configuration](./docs/configuration.md) - MCP servers, permissions, environment variables, and all the fancy advanced settings
- [Experimental Features](./docs/experimental.md) - Execution modes and network restrictions for the adventurous types
- [Cloud Providers](./docs/cloud-providers.md) - AWS Bedrock and Google Vertex AI setup (*for those who like their clouds with a bit of style*)
- [Capabilities & Limitations](./docs/capabilities-and-limitations.md) - What Claude can and cannot do (we're keeping it real here)
- [Security](./docs/security.md) - Access control, permissions, and commit signing (*safe as houses*)
- [FAQ](./docs/faq.md) - Common questions and troubleshooting for when things go a bit sideways
- **[Solutions Guide](./docs/solutions.md)** - **🎯 Ready-to-use automation patterns**
- **[Migration Guide](./docs/migration-guide.md)** - **Upgrading from v0.x to v1.0**
- [Setup Guide](./docs/setup.md) - Manual setup, custom GitHub apps, and security best practices
- [Usage Guide](./docs/usage.md) - Basic usage, workflow configuration, and input parameters
- [Custom Automations](./docs/custom-automations.md) - Examples of automated workflows and custom prompts
- [Configuration](./docs/configuration.md) - MCP servers, permissions, environment variables, and advanced settings
- [Experimental Features](./docs/experimental.md) - Execution modes and network restrictions
- [Cloud Providers](./docs/cloud-providers.md) - AWS Bedrock and Google Vertex AI setup
- [Capabilities & Limitations](./docs/capabilities-and-limitations.md) - What Claude can and cannot do
- [Security](./docs/security.md) - Access control, permissions, and commit signing
- [FAQ](./docs/faq.md) - Common questions and troubleshooting
## 📚 Questions? We've Got Answers!
## 📚 FAQ
Having a bit of trouble or just curious about something? Take a gander at our [Frequently Asked Questions](./docs/faq.md) for solutions to common problems and detailed explanations of Claude's capabilities and limitations. Sure, we've probably answered it already - *great minds think alike!*
Having issues or questions? Check out our [Frequently Asked Questions](./docs/faq.md) for solutions to common problems and detailed explanations of Claude's capabilities and limitations.
## License
This project is licensed under the MIT License—see the LICENSE file for all the legal bits and bobs. *Slán go fóill!* (goodbye for now!)
This project is licensed under the MIT License—see the LICENSE file for details.

5
action.yml
View File

@@ -177,7 +177,7 @@ runs:
# Install Claude Code if no custom executable is provided
if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
echo "Installing Claude Code..."
curl -fsSL https://claude.ai/install.sh | bash -s 2.0.10
curl -fsSL https://claude.ai/install.sh | bash -s 1.0.108
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
else
echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
@@ -223,7 +223,6 @@ runs:
ANTHROPIC_API_KEY: ${{ inputs.anthropic_api_key }}
CLAUDE_CODE_OAUTH_TOKEN: ${{ inputs.claude_code_oauth_token }}
ANTHROPIC_BASE_URL: ${{ env.ANTHROPIC_BASE_URL }}
ANTHROPIC_CUSTOM_HEADERS: ${{ env.ANTHROPIC_CUSTOM_HEADERS }}
CLAUDE_CODE_USE_BEDROCK: ${{ inputs.use_bedrock == 'true' && '1' || '' }}
CLAUDE_CODE_USE_VERTEX: ${{ inputs.use_vertex == 'true' && '1' || '' }}
@@ -259,7 +258,7 @@ runs:
GITHUB_EVENT_NAME: ${{ github.event_name }}
TRIGGER_COMMENT_ID: ${{ github.event.comment.id }}
CLAUDE_BRANCH: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_target' || github.event_name == 'pull_request_review_comment' }}
IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_review_comment' }}
BASE_BRANCH: ${{ steps.prepare.outputs.BASE_BRANCH }}
CLAUDE_SUCCESS: ${{ steps.claude-code.outputs.conclusion == 'success' }}
OUTPUT_FILE: ${{ steps.claude-code.outputs.execution_file || '' }}

2
base-action/CLAUDE.md
View File

@@ -50,7 +50,7 @@ This is a GitHub Action that allows running Claude Code within GitHub workflows.
- Unit tests for configuration logic
- Integration tests for prompt preparation
- Full workflow tests in `.github/workflows/test-base-action.yml`
- Full workflow tests in `.github/workflows/test-action.yml`
## Important Technical Details

3
base-action/action.yml
View File

@@ -99,7 +99,7 @@ runs:
run: |
if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
echo "Installing Claude Code..."
curl -fsSL https://claude.ai/install.sh | bash -s 2.0.10
curl -fsSL https://claude.ai/install.sh | bash -s 1.0.108
else
echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
# Add the directory containing the custom executable to PATH
@@ -131,7 +131,6 @@ runs:
ANTHROPIC_API_KEY: ${{ inputs.anthropic_api_key }}
CLAUDE_CODE_OAUTH_TOKEN: ${{ inputs.claude_code_oauth_token }}
ANTHROPIC_BASE_URL: ${{ env.ANTHROPIC_BASE_URL }}
ANTHROPIC_CUSTOM_HEADERS: ${{ env.ANTHROPIC_CUSTOM_HEADERS }}
# Only set provider flags if explicitly true, since any value (including "false") is truthy
CLAUDE_CODE_USE_BEDROCK: ${{ inputs.use_bedrock == 'true' && '1' || '' }}
CLAUDE_CODE_USE_VERTEX: ${{ inputs.use_vertex == 'true' && '1' || '' }}

2
base-action/test-local.sh
View File

@@ -9,4 +9,4 @@ fi
# Run the test workflow locally
# You'll need to provide your ANTHROPIC_API_KEY
echo "Running action locally with act..."
act push --secret ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" -W .github/workflows/test-base-action.yml --container-architecture linux/amd64
act push --secret ANTHROPIC_API_KEY="$ANTHROPIC_API_KEY" -W .github/workflows/test-action.yml --container-architecture linux/amd64

28
docs/configuration.md
View File

@@ -343,31 +343,3 @@ Many individual input parameters have been consolidated into `claude_args` or `s
| `mcp_config` | Use `claude_args: "--mcp-config '{...}'"` |
| `direct_prompt` | Use `prompt` input instead |
| `override_prompt` | Use `prompt` with GitHub context variables |
## Custom Executables for Specialized Environments
For specialized environments like Nix, custom container setups, or other package management systems where the default installation doesn't work, you can provide your own executables:
### Custom Claude Code Executable
Use `path_to_claude_code_executable` to provide your own Claude Code binary instead of using the automatically installed version:
```yaml
- uses: anthropics/claude-code-action@v1
with:
path_to_claude_code_executable: "/path/to/custom/claude"
# ... other inputs
```
### Custom Bun Executable
Use `path_to_bun_executable` to provide your own Bun runtime instead of the default installation:
```yaml
- uses: anthropics/claude-code-action@v1
with:
path_to_bun_executable: "/path/to/custom/bun"
# ... other inputs
```
**Important**: Using incompatible versions may cause the action to fail. Ensure your custom executables are compatible with the action's requirements.

2
docs/custom-automations.md
View File

@@ -15,7 +15,7 @@ The action automatically detects which mode to use based on your configuration:
This action supports the following GitHub events ([learn more GitHub event triggers](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows)):
- `pull_request` or `pull_request_target` - When PRs are opened or synchronized
- `pull_request` - When PRs are opened or synchronized
- `issue_comment` - When comments are created on issues or PRs
- `pull_request_comment` - When comments are made on PR diffs
- `issues` - When issues are opened or assigned

38
docs/faq.md
View File

@@ -213,44 +213,6 @@ Check the GitHub Action log for Claude's run for the full execution trace.
The trigger uses word boundaries, so `@claude` must be a complete word. Variations like `@claude-bot`, `@claude!`, or `claude@mention` won't work unless you customize the `trigger_phrase`.
### How can I use custom executables in specialized environments?
For specialized environments like Nix, NixOS, or custom container setups where you need to provide your own executables:
**Using a custom Claude Code executable:**
```yaml
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
path_to_claude_code_executable: "/path/to/custom/claude"
# ... other inputs
```
**Using a custom Bun executable:**
```yaml
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
path_to_bun_executable: "/path/to/custom/bun"
# ... other inputs
```
**Common use cases:**
- Nix/NixOS environments where packages are managed differently
- Docker containers with pre-installed executables
- Custom build environments with specific version requirements
- Debugging specific issues with particular versions
**Important notes:**
- Using an older Claude Code version may cause problems if the action uses newer features
- Using an incompatible Bun version may cause runtime errors
- The action will skip automatic installation when custom paths are provided
- Ensure the custom executables are available in your GitHub Actions environment
## Best Practices
1. **Always specify permissions explicitly** in your workflow file

4
docs/security.md
View File

@@ -13,10 +13,6 @@
- **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
- **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions
## ⚠️ Prompt Injection Risks
**Beware of potential hidden markdown when tagging Claude on untrusted content.** External contributors may include hidden instructions through HTML comments, invisible characters, hidden attributes, or other techniques. The action sanitizes content by stripping HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities, but new bypass techniques may emerge. We recommend reviewing the raw content of all input coming from external contributors before allowing Claude to process it.
## GitHub App Permissions
The [Claude Code GitHub app](https://github.com/apps/claude) requires these permissions:

52
docs/usage.md
View File

@@ -47,32 +47,31 @@ jobs:
## Inputs
| Input | Description | Required | Default |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------------- |
| `anthropic_api_key` | Anthropic API key (required for direct API, not needed for Bedrock/Vertex) | No\* | - |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No\* | - |
| `prompt` | Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - |
| `track_progress` | Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No | `false` |
| `claude_args` | Additional arguments to pass directly to Claude CLI (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" |
| `base_branch` | The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - |
| `use_sticky_comment` | Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No | `false` |
| `github_token` | GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!** | No | - |
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | `false` |
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | `false` |
| `assignee_trigger` | The assignee username that triggers the action (e.g. @claude). Only used for issue assignment | No | - |
| `label_trigger` | The label name that triggers the action when applied to an issue (e.g. "claude") | No | - |
| `trigger_phrase` | The trigger phrase to look for in comments, issue/PR bodies, and issue titles | No | `@claude` |
| `branch_prefix` | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No | `claude/` |
| `settings` | Claude Code settings as JSON string or path to settings JSON file | No | "" |
| `additional_permissions` | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" |
| `experimental_allowed_domains` | Restrict network access to these domains only (newline-separated). | No | "" |
| `use_commit_signing` | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No | `false` |
| `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID) | No | `41898282` |
| `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name) | No | `claude[bot]` |
| `allowed_bots` | Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots | No | "" |
| `allowed_non_write_users` | **⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md) | No | "" |
| `path_to_claude_code_executable` | Optional path to a custom Claude Code executable. Skips automatic installation. Useful for Nix, custom containers, or specialized environments | No | "" |
| `path_to_bun_executable` | Optional path to a custom Bun executable. Skips automatic Bun installation. Useful for Nix, custom containers, or specialized environments | No | "" |
| Input | Description | Required | Default |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------------- |
| `anthropic_api_key` | Anthropic API key (required for direct API, not needed for Bedrock/Vertex) | No\* | - |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No\* | - |
| `prompt` | Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - |
| `track_progress` | Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No | `false` |
| `claude_args` | Additional arguments to pass directly to Claude CLI (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" |
| `base_branch` | The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - |
| `use_sticky_comment` | Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No | `false` |
| `github_token` | GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!** | No | - |
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | `false` |
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | `false` |
| `mcp_config` | Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers | No | "" |
| `assignee_trigger` | The assignee username that triggers the action (e.g. @claude). Only used for issue assignment | No | - |
| `label_trigger` | The label name that triggers the action when applied to an issue (e.g. "claude") | No | - |
| `trigger_phrase` | The trigger phrase to look for in comments, issue/PR bodies, and issue titles | No | `@claude` |
| `branch_prefix` | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No | `claude/` |
| `settings` | Claude Code settings as JSON string or path to settings JSON file | No | "" |
| `additional_permissions` | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" |
| `experimental_allowed_domains` | Restrict network access to these domains only (newline-separated). | No | "" |
| `use_commit_signing` | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No | `false` |
| `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID) | No | `41898282` |
| `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name) | No | `claude[bot]` |
| `allowed_bots` | Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots | No | "" |
| `allowed_non_write_users` | **⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md) | No | "" |
### Deprecated Inputs
@@ -89,7 +88,6 @@ These inputs are deprecated and will be removed in a future version:
| `fallback_model` | **DEPRECATED**: Use `claude_args` with fallback configuration | Configure fallback in `claude_args` or `settings` |
| `allowed_tools` | **DEPRECATED**: Use `claude_args` with `--allowedTools` instead | Use `claude_args: "--allowedTools Edit,Read,Write"` |
| `disallowed_tools` | **DEPRECATED**: Use `claude_args` with `--disallowedTools` instead | Use `claude_args: "--disallowedTools WebSearch"` |
| `mcp_config` | **DEPRECATED**: Use `claude_args` with `--mcp-config` instead | Use `claude_args: "--mcp-config '{...}'"` |
| `claude_env` | **DEPRECATED**: Use `settings` with env configuration | Configure environment in `settings` JSON |
\*Required when using direct Anthropic API (default and when not using Bedrock or Vertex)

59
examples/issue-triage.yml
View File

@@ -1,5 +1,4 @@
name: Claude Issue Triage
description: Run Claude Code for issue triage in GitHub Actions
name: Issue Triage
on:
issues:
types: [opened]
@@ -18,12 +17,60 @@ jobs:
with:
fetch-depth: 0
- name: Run Claude Code for Issue Triage
- name: Triage issue with Claude
uses: anthropics/claude-code-action@v1
with:
# NOTE: /label-issue here requires a .claude/commands/label-issue.md file in your repo (see this repo's .claude directory for an example)
prompt: "/label-issue REPO: ${{ github.repository }} ISSUE_NUMBER${{ github.event.issue.number }}"
prompt: |
You're an issue triage assistant for GitHub issues. Your task is to analyze the issue and select appropriate labels from the provided list.
IMPORTANT: Don't post any comments or messages to the issue. Your only action should be to apply labels.
Issue Information:
- REPO: ${{ github.repository }}
- ISSUE_NUMBER: ${{ github.event.issue.number }}
TASK OVERVIEW:
1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.
2. Next, use the GitHub tools to get context about the issue:
- You have access to these tools:
- mcp__github__get_issue: Use this to retrieve the current issue's details including title, description, and existing labels
- mcp__github__get_issue_comments: Use this to read any discussion or additional context provided in the comments
- mcp__github__update_issue: Use this to apply labels to the issue (do not use this for commenting)
- mcp__github__search_issues: Use this to find similar issues that might provide context for proper categorization and to identify potential duplicate issues
- mcp__github__list_issues: Use this to understand patterns in how other issues are labeled
- Start by using mcp__github__get_issue to get the issue details
3. Analyze the issue content, considering:
- The issue title and description
- The type of issue (bug report, feature request, question, etc.)
- Technical areas mentioned
- Severity or priority indicators
- User impact
- Components affected
4. Select appropriate labels from the available labels list provided above:
- Choose labels that accurately reflect the issue's nature
- Be specific but comprehensive
- Select priority labels if you can determine urgency (high-priority, med-priority, or low-priority)
- Consider platform labels (android, ios) if applicable
- If you find similar issues using mcp__github__search_issues, consider using a "duplicate" label if appropriate. Only do so if the issue is a duplicate of another OPEN issue.
5. Apply the selected labels:
- Use mcp__github__update_issue to apply your selected labels
- DO NOT post any comments explaining your decision
- DO NOT communicate directly with users
- If no labels are clearly applicable, do not apply any labels
IMPORTANT GUIDELINES:
- Be thorough in your analysis
- Only select labels from the provided list above
- DO NOT post any comments to the issue
- Your ONLY action should be to apply labels using mcp__github__update_issue
- It's okay to not add any labels if none are clearly applicable
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
allowed_non_write_users: "*" # Required for issue triage workflow, if users without repo write access create issues
github_token: ${{ secrets.GITHUB_TOKEN }}
claude_args: |
--allowedTools "Bash(gh label list),mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__update_issue,mcp__github__search_issues,mcp__github__list_issues"

4
src/create-prompt/index.ts
View File

@@ -335,7 +335,6 @@ export function prepareContext(
return {
...commonFields,
eventData,
githubContext: context,
};
}
@@ -384,7 +383,6 @@ export function getEventTypeAndContext(envVars: PreparedContext): {
};
case "pull_request":
case "pull_request_target":
return {
eventType: "PULL_REQUEST",
triggerContext: eventData.eventAction
@@ -709,7 +707,7 @@ What You CANNOT Do:
- Modify files in the .github/workflows directory (GitHub App permissions do not allow workflow modifications)
When users ask you to perform actions you cannot do, politely explain the limitation and, when applicable, direct them to the FAQ for more information and workarounds:
"I'm unable to [specific action] due to [reason]. You can find more information and potential workarounds in the [FAQ](https://github.com/anthropics/claude-code-action/blob/main/docs/faq.md)."
"I'm unable to [specific action] due to [reason]. You can find more information and potential workarounds in the [FAQ](https://github.com/anthropics/claude-code-action/blob/main/FAQ.md)."
If a user asks for something outside these capabilities (and you have no other tools provided), politely explain that you cannot perform that action and suggest an alternative approach if possible.

14
src/create-prompt/types.ts
View File

@@ -78,7 +78,8 @@ type IssueLabeledEvent = {
labelTrigger: string;
};
type PullRequestBaseEvent = {
type PullRequestEvent = {
eventName: "pull_request";
eventAction?: string; // opened, synchronize, etc.
isPR: true;
prNumber: string;
@@ -86,14 +87,6 @@ type PullRequestBaseEvent = {
baseBranch?: string;
};
type PullRequestEvent = PullRequestBaseEvent & {
eventName: "pull_request";
};
type PullRequestTargetEvent = PullRequestBaseEvent & {
eventName: "pull_request_target";
};
// Union type for all possible event types
export type EventData =
| PullRequestReviewCommentEvent
@@ -103,8 +96,7 @@ export type EventData =
| IssueOpenedEvent
| IssueAssignedEvent
| IssueLabeledEvent
| PullRequestEvent
| PullRequestTargetEvent;
| PullRequestEvent;
// Combined type with separate eventData field
export type PreparedContext = CommonFields & {

3
src/github/context.ts
View File

@@ -174,8 +174,7 @@ export function parseGitHubContext(): GitHubContext {
isPR: Boolean(payload.issue.pull_request),
};
}
case "pull_request":
case "pull_request_target": {
case "pull_request": {
const payload = context.payload as PullRequestEvent;
return {
...commonFields,

11
src/mcp/install-mcp-server.ts
View File

@@ -3,7 +3,6 @@ import { GITHUB_API_URL, GITHUB_SERVER_URL } from "../github/api/config";
import type { GitHubContext } from "../github/context";
import { isEntityContext } from "../github/context";
import { Octokit } from "@octokit/rest";
import type { AutoDetectedMode } from "../modes/detector";
type PrepareConfigParams = {
githubToken: string;
@@ -13,7 +12,6 @@ type PrepareConfigParams = {
baseBranch: string;
claudeCommentId?: string;
allowedTools: string[];
mode: AutoDetectedMode;
context: GitHubContext;
};
@@ -61,17 +59,12 @@ export async function prepareMcpConfig(
claudeCommentId,
allowedTools,
context,
mode,
} = params;
try {
const allowedToolsList = allowedTools || [];
// Detect if we're in agent mode (explicit prompt provided)
const isAgentMode = mode === "agent";
const hasGitHubCommentTools = allowedToolsList.some((tool) =>
tool.startsWith("mcp__github_comment__"),
);
const isAgentMode = !!context.inputs?.prompt;
const hasGitHubMcpTools = allowedToolsList.some((tool) =>
tool.startsWith("mcp__github__"),
@@ -92,7 +85,7 @@ export async function prepareMcpConfig(
// Include comment server:
// - Always in tag mode (for updating Claude comments)
// - Only with explicit tools in agent mode
const shouldIncludeCommentServer = !isAgentMode || hasGitHubCommentTools;
const shouldIncludeCommentServer = !isAgentMode;
if (shouldIncludeCommentServer) {
baseMcpConfig.mcpServers.github_comment = {

1
src/modes/agent/index.ts
View File

@@ -135,7 +135,6 @@ export const agentMode: Mode = {
baseBranch: baseBranch,
claudeCommentId: undefined, // No tracking comment in agent mode
allowedTools,
mode: "agent",
context,
});

8
src/modes/agent/parse-tools.ts
View File

@@ -1,10 +1,10 @@
export function parseAllowedTools(claudeArgs: string): string[] {
// Match --allowedTools or --allowed-tools followed by the value
// Match --allowedTools followed by the value
// Handle both quoted and unquoted values
const patterns = [
/--(?:allowedTools|allowed-tools)\s+"([^"]+)"/, // Double quoted
/--(?:allowedTools|allowed-tools)\s+'([^']+)'/, // Single quoted
/--(?:allowedTools|allowed-tools)\s+([^\s]+)/, // Unquoted
/--allowedTools\s+"([^"]+)"/, // Double quoted
/--allowedTools\s+'([^']+)'/, // Single quoted
/--allowedTools\s+([^\s]+)/, // Unquoted
];
for (const pattern of patterns) {

18
src/modes/detector.ts
View File

@@ -19,13 +19,7 @@ export function detectMode(context: GitHubContext): AutoDetectedMode {
// If track_progress is set for PR/issue events, force tag mode
if (context.inputs.trackProgress && isEntityContext(context)) {
if (
isPullRequestEvent(context) ||
isIssuesEvent(context) ||
isIssueCommentEvent(context) ||
isPullRequestReviewCommentEvent(context) ||
isPullRequestReviewEvent(context)
) {
if (isPullRequestEvent(context) || isIssuesEvent(context)) {
return "tag";
}
}
@@ -93,16 +87,10 @@ export function getModeDescription(mode: AutoDetectedMode): string {
function validateTrackProgressEvent(context: GitHubContext): void {
// track_progress is only valid for pull_request and issue events
const validEvents = [
"pull_request",
"issues",
"issue_comment",
"pull_request_review_comment",
"pull_request_review",
];
const validEvents = ["pull_request", "issues"];
if (!validEvents.includes(context.eventName)) {
throw new Error(
`track_progress is only supported for events: ${validEvents.join(", ")}. ` +
`track_progress is only supported for pull_request and issue events. ` +
`Current event: ${context.eventName}`,
);
}

32
src/modes/tag/index.ts
View File

@@ -14,7 +14,6 @@ import { createPrompt, generateDefaultPrompt } from "../../create-prompt";
import { isEntityContext } from "../../github/context";
import type { PreparedContext } from "../../create-prompt/types";
import type { FetchDataResult } from "../../github/data/fetcher";
import { parseAllowedTools } from "../agent/parse-tools";
/**
* Tag mode implementation.
@@ -113,10 +112,19 @@ export const tagMode: Mode = {
await createPrompt(tagMode, modeContext, githubData, context);
const userClaudeArgs = process.env.CLAUDE_ARGS || "";
const userAllowedMCPTools = parseAllowedTools(userClaudeArgs).filter(
(tool) => tool.startsWith("mcp__github_"),
);
// Get our GitHub MCP servers configuration
const ourMcpConfig = await prepareMcpConfig({
githubToken,
owner: context.repository.owner,
repo: context.repository.repo,
branch: branchInfo.claudeBranch || branchInfo.currentBranch,
baseBranch: branchInfo.baseBranch,
claudeCommentId: commentId.toString(),
allowedTools: [],
context,
});
// Don't output mcp_config separately anymore - include in claude_args
// Build claude_args for tag mode with required tools
// Tag mode REQUIRES these tools to function properly
@@ -132,7 +140,6 @@ export const tagMode: Mode = {
"mcp__github_ci__get_ci_status",
"mcp__github_ci__get_workflow_run_details",
"mcp__github_ci__download_job_log",
...userAllowedMCPTools,
];
// Add git commands when not using commit signing
@@ -154,18 +161,7 @@ export const tagMode: Mode = {
);
}
// Get our GitHub MCP servers configuration
const ourMcpConfig = await prepareMcpConfig({
githubToken,
owner: context.repository.owner,
repo: context.repository.repo,
branch: branchInfo.claudeBranch || branchInfo.currentBranch,
baseBranch: branchInfo.baseBranch,
claudeCommentId: commentId.toString(),
allowedTools: Array.from(new Set(tagModeTools)),
mode: "tag",
context,
});
const userClaudeArgs = process.env.CLAUDE_ARGS || "";
// Build complete claude_args with multiple --mcp-config flags
let claudeArgs = "";

10
test/install-mcp-server.test.ts
View File

@@ -85,7 +85,6 @@ describe("prepareMcpConfig", () => {
baseBranch: "main",
allowedTools: [],
context: mockContext,
mode: "tag",
});
const parsed = JSON.parse(result);
@@ -106,7 +105,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "tag",
context: mockContextWithSigning,
});
@@ -130,7 +128,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: ["mcp__github__create_issue", "mcp__github__create_pr"],
mode: "tag",
context: mockContext,
});
@@ -151,7 +148,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: ["mcp__github_inline_comment__create_inline_comment"],
mode: "tag",
context: mockPRContext,
});
@@ -172,7 +168,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "tag",
context: mockContext,
});
@@ -193,7 +188,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "tag",
context: mockContextWithSigning,
});
@@ -213,7 +207,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "tag",
context: mockContextWithSigning,
});
@@ -231,7 +224,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "tag",
context: mockPRContext,
});
@@ -251,7 +243,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "tag",
context: mockContext,
});
@@ -269,7 +260,6 @@ describe("prepareMcpConfig", () => {
branch: "test-branch",
baseBranch: "main",
allowedTools: [],
mode: "tag",
context: mockPRContext,
});

6
test/modes/agent.test.ts
View File

@@ -162,11 +162,11 @@ describe("Agent Mode", () => {
githubToken: "test-token",
});
// Verify claude_args includes user args (no MCP config in agent mode without allowed tools)
// Verify claude_args includes MCP config and user args
const callArgs = setOutputSpy.mock.calls[0];
expect(callArgs[0]).toBe("claude_args");
expect(callArgs[1]).toBe("--model claude-sonnet-4 --max-turns 10");
expect(callArgs[1]).not.toContain("--mcp-config");
expect(callArgs[1]).toContain("--mcp-config");
expect(callArgs[1]).toContain("--model claude-sonnet-4 --max-turns 10");
// Verify return structure - should use "main" as fallback when no env vars set
expect(result).toEqual({

16
test/modes/parse-tools.test.ts
View File

@@ -68,20 +68,4 @@ describe("parseAllowedTools", () => {
"mcp__github_comment__update",
]);
});
test("parses kebab-case --allowed-tools", () => {
const args = "--allowed-tools mcp__github__*,mcp__github_comment__*";
expect(parseAllowedTools(args)).toEqual([
"mcp__github__*",
"mcp__github_comment__*",
]);
});
test("parses quoted kebab-case --allowed-tools", () => {
const args = '--allowed-tools "mcp__github__*,mcp__github_comment__*"';
expect(parseAllowedTools(args)).toEqual([
"mcp__github__*",
"mcp__github_comment__*",
]);
});
});

504
test/pull-request-target.test.ts
View File

@@ -1,504 +0,0 @@
#!/usr/bin/env bun
import { describe, test, expect } from "bun:test";
import {
getEventTypeAndContext,
generatePrompt,
generateDefaultPrompt,
} from "../src/create-prompt";
import type { PreparedContext } from "../src/create-prompt";
import type { Mode } from "../src/modes/types";
describe("pull_request_target event support", () => {
// Mock tag mode for testing
const mockTagMode: Mode = {
name: "tag",
description: "Tag mode",
shouldTrigger: () => true,
prepareContext: (context) => ({ mode: "tag", githubContext: context }),
getAllowedTools: () => [],
getDisallowedTools: () => [],
shouldCreateTrackingComment: () => true,
generatePrompt: (context, githubData, useCommitSigning) =>
generateDefaultPrompt(context, githubData, useCommitSigning),
prepare: async () => ({
commentId: 123,
branchInfo: {
baseBranch: "main",
currentBranch: "main",
claudeBranch: undefined,
},
mcpConfig: "{}",
}),
};
const mockGitHubData = {
contextData: {
title: "External PR via pull_request_target",
body: "This PR comes from a forked repository",
author: { login: "external-contributor" },
state: "OPEN",
createdAt: "2023-01-01T00:00:00Z",
additions: 25,
deletions: 3,
baseRefName: "main",
headRefName: "feature-branch",
headRefOid: "abc123",
commits: {
totalCount: 2,
nodes: [
{
commit: {
oid: "commit1",
message: "Initial feature implementation",
author: {
name: "External Dev",
email: "external@example.com",
},
},
},
{
commit: {
oid: "commit2",
message: "Fix typos and formatting",
author: {
name: "External Dev",
email: "external@example.com",
},
},
},
],
},
files: {
nodes: [
{
path: "src/feature.ts",
additions: 20,
deletions: 2,
changeType: "MODIFIED",
},
{
path: "tests/feature.test.ts",
additions: 5,
deletions: 1,
changeType: "ADDED",
},
],
},
comments: { nodes: [] },
reviews: { nodes: [] },
},
comments: [],
changedFiles: [],
changedFilesWithSHA: [
{
path: "src/feature.ts",
additions: 20,
deletions: 2,
changeType: "MODIFIED",
sha: "abc123",
},
{
path: "tests/feature.test.ts",
additions: 5,
deletions: 1,
changeType: "ADDED",
sha: "abc123",
},
],
reviewData: { nodes: [] },
imageUrlMap: new Map<string, string>(),
};
describe("prompt generation for pull_request_target", () => {
test("should generate correct prompt for pull_request_target event", () => {
const envVars: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "opened",
isPR: true,
prNumber: "123",
},
};
const prompt = generatePrompt(
envVars,
mockGitHubData,
false,
mockTagMode,
);
// Should contain pull request event type and metadata
expect(prompt).toContain("<event_type>PULL_REQUEST</event_type>");
expect(prompt).toContain("<is_pr>true</is_pr>");
expect(prompt).toContain("<pr_number>123</pr_number>");
expect(prompt).toContain(
"<trigger_context>pull request opened</trigger_context>",
);
// Should contain PR-specific information
expect(prompt).toContain(
"- src/feature.ts (MODIFIED) +20/-2 SHA: abc123",
);
expect(prompt).toContain(
"- tests/feature.test.ts (ADDED) +5/-1 SHA: abc123",
);
expect(prompt).toContain("external-contributor");
expect(prompt).toContain("<repository>owner/repo</repository>");
});
test("should handle pull_request_target with commit signing disabled", () => {
const envVars: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "synchronize",
isPR: true,
prNumber: "456",
},
};
const prompt = generatePrompt(
envVars,
mockGitHubData,
false,
mockTagMode,
);
// Should include git commands for non-commit-signing mode
expect(prompt).toContain("git push");
expect(prompt).toContain(
"Always push to the existing branch when triggered on a PR",
);
expect(prompt).toContain("mcp__github_comment__update_claude_comment");
// Should not include commit signing tools
expect(prompt).not.toContain("mcp__github_file_ops__commit_files");
});
test("should handle pull_request_target with commit signing enabled", () => {
const envVars: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "synchronize",
isPR: true,
prNumber: "456",
},
};
const prompt = generatePrompt(envVars, mockGitHubData, true, mockTagMode);
// Should include commit signing tools
expect(prompt).toContain("mcp__github_file_ops__commit_files");
expect(prompt).toContain("mcp__github_file_ops__delete_files");
expect(prompt).toContain("mcp__github_comment__update_claude_comment");
// Should not include git command instructions
expect(prompt).not.toContain("Use git commands via the Bash tool");
});
test("should treat pull_request_target same as pull_request in prompt generation", () => {
const baseContext: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "opened",
isPR: true,
prNumber: "123",
},
};
// Generate prompt for pull_request
const pullRequestContext: PreparedContext = {
...baseContext,
eventData: {
...baseContext.eventData,
eventName: "pull_request",
isPR: true,
prNumber: "123",
},
};
// Generate prompt for pull_request_target
const pullRequestTargetContext: PreparedContext = {
...baseContext,
eventData: {
...baseContext.eventData,
eventName: "pull_request_target",
isPR: true,
prNumber: "123",
},
};
const pullRequestPrompt = generatePrompt(
pullRequestContext,
mockGitHubData,
false,
mockTagMode,
);
const pullRequestTargetPrompt = generatePrompt(
pullRequestTargetContext,
mockGitHubData,
false,
mockTagMode,
);
// Both should have the same event type and structure
expect(pullRequestPrompt).toContain(
"<event_type>PULL_REQUEST</event_type>",
);
expect(pullRequestTargetPrompt).toContain(
"<event_type>PULL_REQUEST</event_type>",
);
expect(pullRequestPrompt).toContain(
"<trigger_context>pull request opened</trigger_context>",
);
expect(pullRequestTargetPrompt).toContain(
"<trigger_context>pull request opened</trigger_context>",
);
// Both should contain PR-specific instructions
expect(pullRequestPrompt).toContain(
"Always push to the existing branch when triggered on a PR",
);
expect(pullRequestTargetPrompt).toContain(
"Always push to the existing branch when triggered on a PR",
);
});
test("should handle pull_request_target in agent mode with custom prompt", () => {
const envVars: PreparedContext = {
repository: "test/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
prompt: "Review this pull_request_target PR for security issues",
eventData: {
eventName: "pull_request_target",
eventAction: "opened",
isPR: true,
prNumber: "789",
},
};
// Use agent mode which passes through the prompt as-is
const mockAgentMode: Mode = {
name: "agent",
description: "Agent mode",
shouldTrigger: () => true,
prepareContext: (context) => ({
mode: "agent",
githubContext: context,
}),
getAllowedTools: () => [],
getDisallowedTools: () => [],
shouldCreateTrackingComment: () => true,
generatePrompt: (context) => context.prompt || "default prompt",
prepare: async () => ({
commentId: 123,
branchInfo: {
baseBranch: "main",
currentBranch: "main",
claudeBranch: undefined,
},
mcpConfig: "{}",
}),
};
const prompt = generatePrompt(
envVars,
mockGitHubData,
false,
mockAgentMode,
);
expect(prompt).toBe(
"Review this pull_request_target PR for security issues",
);
});
test("should handle pull_request_target with no custom prompt", () => {
const envVars: PreparedContext = {
repository: "test/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "synchronize",
isPR: true,
prNumber: "456",
},
};
const prompt = generatePrompt(
envVars,
mockGitHubData,
false,
mockTagMode,
);
// Should generate default prompt structure
expect(prompt).toContain("<event_type>PULL_REQUEST</event_type>");
expect(prompt).toContain("<pr_number>456</pr_number>");
expect(prompt).toContain(
"Always push to the existing branch when triggered on a PR",
);
});
});
describe("pull_request_target vs pull_request behavior consistency", () => {
test("should produce identical event processing for both event types", () => {
const baseEventData = {
eventAction: "opened",
isPR: true,
prNumber: "100",
};
const pullRequestEvent: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
...baseEventData,
eventName: "pull_request",
isPR: true,
prNumber: "100",
},
};
const pullRequestTargetEvent: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
...baseEventData,
eventName: "pull_request_target",
isPR: true,
prNumber: "100",
},
};
// Both should have identical event type detection
const prResult = getEventTypeAndContext(pullRequestEvent);
const prtResult = getEventTypeAndContext(pullRequestTargetEvent);
expect(prResult.eventType).toBe(prtResult.eventType);
expect(prResult.triggerContext).toBe(prtResult.triggerContext);
});
test("should handle edge cases in pull_request_target events", () => {
// Test with minimal event data
const minimalContext: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
isPR: true,
prNumber: "1",
},
};
const result = getEventTypeAndContext(minimalContext);
expect(result.eventType).toBe("PULL_REQUEST");
expect(result.triggerContext).toBe("pull request event");
// Should not throw when generating prompt
expect(() => {
generatePrompt(minimalContext, mockGitHubData, false, mockTagMode);
}).not.toThrow();
});
test("should handle all valid pull_request_target actions", () => {
const actions = ["opened", "synchronize", "reopened", "closed", "edited"];
actions.forEach((action) => {
const context: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: action,
isPR: true,
prNumber: "1",
},
};
const result = getEventTypeAndContext(context);
expect(result.eventType).toBe("PULL_REQUEST");
expect(result.triggerContext).toBe(`pull request ${action}`);
});
});
});
describe("security considerations for pull_request_target", () => {
test("should maintain same prompt structure regardless of event source", () => {
// Test that external PRs don't get different treatment in prompts
const internalPR: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request",
eventAction: "opened",
isPR: true,
prNumber: "1",
},
};
const externalPR: PreparedContext = {
repository: "owner/repo",
claudeCommentId: "12345",
triggerPhrase: "@claude",
eventData: {
eventName: "pull_request_target",
eventAction: "opened",
isPR: true,
prNumber: "1",
},
};
const internalPrompt = generatePrompt(
internalPR,
mockGitHubData,
false,
mockTagMode,
);
const externalPrompt = generatePrompt(
externalPR,
mockGitHubData,
false,
mockTagMode,
);
// Should have same tool access patterns
expect(
internalPrompt.includes("mcp__github_comment__update_claude_comment"),
).toBe(
externalPrompt.includes("mcp__github_comment__update_claude_comment"),
);
// Should have same branch handling instructions
expect(
internalPrompt.includes(
"Always push to the existing branch when triggered on a PR",
),
).toBe(
externalPrompt.includes(
"Always push to the existing branch when triggered on a PR",
),
);
});
});
});

5
test/modes/detector.test.ts → tests/modes/detector.test.ts
View File

@@ -20,10 +20,7 @@ describe("detectMode with enhanced routing", () => {
branchPrefix: "claude/",
useStickyComment: false,
useCommitSigning: false,
botId: "123456",
botName: "claude-bot",
allowedBots: "",
allowedNonWriteUsers: "",
trackProgress: false,
},
};
@@ -203,7 +200,7 @@ describe("detectMode with enhanced routing", () => {
};
expect(() => detectMode(context)).toThrow(
/track_progress is only supported /,
/track_progress is only supported for pull_request and issue events/,
);
});