Add allowed_tools input parameter and enable MCP file ops for agent mode

- Add allowed_tools input to action.yml so workflows can specify allowed tools
- Pass allowed_tools to prepare step via environment variable
- Update agent mode to use allowed_tools when building claude_args
- Add GitHub file ops MCP server to agent mode when use_commit_signing is enabled
- This allows agent mode (used by auto-fix workflows) to write and commit files

.claude/agents/deep-thinker.md

@@ -0,0 +1,31 @@
+---
+name: deep-thinker
+description: A subagent that performs deep analysis with extended thinking
+tools:
+  - "*"
+proactive: false
+---
+
+# Deep Thinker Subagent
+
+You are a specialized subagent designed to perform deep, thorough analysis of complex problems using extended thinking capabilities.
+
+## Your Purpose
+
+You excel at:
+- Breaking down complex problems into smaller components
+- Analyzing trade-offs and implications
+- Providing comprehensive, well-reasoned solutions
+- Exploring edge cases and potential issues
+
+## Instructions
+
+When given a task:
+1. Use extended thinking to thoroughly analyze the problem
+2. Consider multiple approaches and their trade-offs
+3. Identify potential issues or edge cases
+4. Provide a detailed, well-structured response
+
+## Important
+
+Always think deeply before responding. Take your time to ensure thoroughness and accuracy in your analysis.

.claude/commands/fix-ci-commit.md

@@ -0,0 +1,54 @@
+---
+description: Fix CI failures and commit changes (for use when branch already exists)
+allowed_tools: "*"
+---
+
+# Fix CI Failures and Commit
+
+You are on a branch that was created to fix CI failures. Your task is to fix the issues and commit the changes.
+
+## CI Failure Information
+
+$ARGUMENTS
+
+## Your Tasks
+
+1. **Analyze the failures** - Understand what went wrong from the logs
+2. **Fix the issues** - Make the necessary code changes
+3. **Commit your fixes** - Use git to commit all changes
+
+## Step-by-Step Instructions
+
+### 1. Fix the Issues
+
+Based on the error logs:
+- Fix syntax errors
+- Fix formatting issues  
+- Fix test failures
+- Fix any other CI problems
+
+### 2. Commit Your Changes (REQUIRED)
+
+After fixing ALL issues, you MUST:
+
+Use the `mcp__github_file_ops__commit_files` tool to commit all your changes with a descriptive message like:
+
+```
+Fix CI failures
+
+- Fixed syntax errors
+- Fixed formatting issues  
+- Fixed test failures
+[List actual fixes made]
+```
+
+**IMPORTANT**: You MUST use the MCP file ops tool to commit your changes. The workflow expects you to commit your changes.
+
+### 3. Verify (Optional)
+
+If possible, run verification commands:
+- `bun run format:check` for formatting
+- `bun test` for tests
+- `bun run typecheck` for TypeScript
+
+Begin by analyzing the failure logs and then fix the issues.

.claude/commands/fix-ci.md

@@ -0,0 +1,67 @@
+---
+description: Analyze and fix CI failures by examining logs and making targeted fixes
+allowed_tools: "*"
+---
+
+# Fix CI Failures
+
+You are tasked with analyzing CI failure logs and fixing the issues. Follow these steps:
+
+## Context Provided
+
+$ARGUMENTS
+
+## Step 1: Analyze the Failure
+
+Parse the provided CI failure information to understand:
+- Which jobs failed and why
+- The specific error messages and stack traces
+- Whether failures are test-related, build-related, or linting issues
+
+## Step 2: Search and Understand the Codebase
+
+Use search tools to locate the failing code:
+- Search for the failing test names or functions
+- Find the source files mentioned in error messages
+- Review related configuration files (package.json, tsconfig.json, etc.)
+
+## Step 3: Apply Targeted Fixes
+
+Make minimal, focused changes:
+- **For test failures**: Determine if the test or implementation needs fixing
+- **For type errors**: Fix type definitions or correct the code logic
+- **For linting issues**: Apply formatting using the project's tools
+- **For build errors**: Resolve dependency or configuration issues
+- **For missing imports**: Add the necessary imports or install packages
+
+Requirements:
+- Only fix the actual CI failures, avoid unrelated changes
+- Follow existing code patterns and conventions
+- Ensure changes are production-ready, not temporary hacks
+- Preserve existing functionality while fixing issues
+
+## Step 4: Commit Changes
+
+After applying ALL fixes:
+1. Use the `mcp__github_file_ops__commit_files` tool to commit your changes
+2. Include a descriptive commit message explaining what was fixed
+3. Document which CI jobs/tests were addressed in the commit message
+4. Important: Use the MCP file ops tool, not git commands directly
+
+## Step 5: Verify Fixes Locally
+
+Run available verification commands:
+- Execute the failing tests locally to confirm they pass
+- Run the project's lint command (check package.json for scripts)
+- Run type checking if available
+- Execute any build commands to ensure compilation succeeds
+
+## Important Guidelines
+
+- Focus exclusively on fixing the reported CI failures
+- Maintain code quality and follow the project's established patterns
+- If a fix requires significant refactoring, document why it's necessary
+- When multiple solutions exist, choose the simplest one that maintains code quality
+- Add clear comments only if the fix is non-obvious
+
+Begin by analyzing the failure details provided above.

.claude/commands/review.md

@@ -0,0 +1,22 @@
+---
+allowed-tools: Bash(gh pr comment:*), Bash(gh pr diff:*), Bash(gh pr view:*), Read, Glob, Grep
+description: Code review a pull request
+---
+
+Review the current pull request and provide feedback.
+
+1. Use `gh pr view` to get the PR details and `gh pr diff` to see the changes
+2. Look for potential bugs, issues, or improvements
+3. Always post a comment with your findings using `gh pr comment`
+
+Format your comment like this:
+
+## Code Review
+
+[Your feedback here - be specific and constructive]
+
+- If you find issues, describe them clearly
+- If everything looks good, say so
+- Link to specific lines when relevant
+
+🤖 Generated with [Claude Code](https://claude.ai/code)

.github/workflows/auto-fix-ci-inline.yml

@@ -0,0 +1,177 @@
+name: Auto Fix CI Failures (Inline)
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+
+permissions:
+  contents: write
+  pull-requests: write
+  actions: read
+  issues: write
+
+jobs:
+  auto-fix:
+    if: |
+      github.event.workflow_run.conclusion == 'failure' &&
+      github.event.workflow_run.name != 'Auto Fix CI Failures' &&
+      github.event.workflow_run.name != 'Auto Fix CI Failures (Inline)'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup git
+        run: |
+          git config --global user.name "claude[bot]"
+          git config --global user.email "198276+claude[bot]@users.noreply.github.com"
+
+      - name: Create fix branch
+        id: branch
+        run: |
+          BRANCH_NAME="claude-auto-fix-ci-${{ github.event.workflow_run.head_branch }}-${{ github.run_id }}"
+          git checkout -b "$BRANCH_NAME"
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: Get CI failure details
+        id: failure_details
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const run = await github.rest.actions.getWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }}
+            });
+            
+            const jobs = await github.rest.actions.listJobsForWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }}
+            });
+            
+            const failedJobs = jobs.data.jobs.filter(job => job.conclusion === 'failure');
+            
+            let errorLogs = [];
+            for (const job of failedJobs) {
+              const logs = await github.rest.actions.downloadJobLogsForWorkflowRun({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                job_id: job.id
+              });
+              errorLogs.push({
+                jobName: job.name,
+                logs: logs.data
+              });
+            }
+            
+            return {
+              runUrl: run.data.html_url,
+              failedJobs: failedJobs.map(j => j.name),
+              errorLogs: errorLogs
+            };
+
+      - name: Fix CI failures with Claude
+        uses: anthropics/claude-code-action@v1-dev
+        with:
+          prompt: |
+            You are tasked with analyzing CI failure logs and fixing the issues. Follow these steps:
+            
+            ## Context Provided
+            
+            Failed CI Run: ${{ fromJSON(steps.failure_details.outputs.result).runUrl }}
+            Failed Jobs: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs, ', ') }}
+            
+            Error logs:
+            ${{ toJSON(fromJSON(steps.failure_details.outputs.result).errorLogs) }}
+            
+            ## Step 1: Analyze the Failure
+            
+            Parse the provided CI failure information to understand:
+            - Which jobs failed and why
+            - The specific error messages and stack traces
+            - Whether failures are test-related, build-related, or linting issues
+            
+            ## Step 2: Search and Understand the Codebase
+            
+            Use search tools to locate the failing code:
+            - Search for the failing test names or functions
+            - Find the source files mentioned in error messages
+            - Review related configuration files (package.json, tsconfig.json, etc.)
+            
+            ## Step 3: Apply Targeted Fixes
+            
+            Make minimal, focused changes:
+            - **For test failures**: Determine if the test or implementation needs fixing
+            - **For type errors**: Fix type definitions or correct the code logic
+            - **For linting issues**: Apply formatting using the project's tools
+            - **For build errors**: Resolve dependency or configuration issues
+            - **For missing imports**: Add the necessary imports or install packages
+            
+            Requirements:
+            - Only fix the actual CI failures, avoid unrelated changes
+            - Follow existing code patterns and conventions
+            - Ensure changes are production-ready, not temporary hacks
+            - Preserve existing functionality while fixing issues
+            
+            ## Step 4: Commit Changes
+            
+            After applying ALL fixes:
+            1. Stage all modified files with `git add -A` 
+            2. Commit with: `git commit -m "Fix CI failures: prettier formatting and syntax errors"`
+            3. Important: You MUST commit your changes - the branch already exists
+            
+            ## Step 5: Verify Fixes Locally
+            
+            Run available verification commands:
+            - Execute the failing tests locally to confirm they pass
+            - Run the project's lint command (check package.json for scripts)
+            - Run type checking if available
+            - Execute any build commands to ensure compilation succeeds
+            
+            ## Important Guidelines
+            
+            - Focus exclusively on fixing the reported CI failures
+            - Maintain code quality and follow the project's established patterns
+            - If a fix requires significant refactoring, document why it's necessary
+            - When multiple solutions exist, choose the simplest one that maintains code quality
+            
+            Begin by analyzing the failure details provided above.
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          timeout_minutes: "30"
+          use_sticky_comment: "true"
+          use_commit_signing: "true"
+          allowed_tools: "Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash,mcp__github_file_ops__commit_files,mcp__github_file_ops__delete_files"
+          claude_args: "--max-turns 15"
+
+      - name: Push fix branch
+        if: success()
+        run: |
+          git push origin ${{ steps.branch.outputs.branch_name }}
+
+      - name: Create pull request comment
+        if: success()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const branchName = '${{ steps.branch.outputs.branch_name }}';
+            const baseBranch = '${{ github.event.workflow_run.head_branch }}';
+            const prUrl = `https://github.com/${context.repo.owner}/${context.repo.repo}/compare/${baseBranch}...${branchName}?quick_pull=1`;
+            
+            const issueNumber = ${{ github.event.workflow_run.pull_requests[0] && github.event.workflow_run.pull_requests[0].number || 'null' }};
+            
+            if (issueNumber) {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: issueNumber,
+                body: `## 🤖 CI Auto-Fix Available\n\nClaude has analyzed the CI failures and prepared fixes.\n\n[**→ Create pull request to fix CI**](${prUrl})\n\n_This fix was generated automatically based on the [failed CI run](${{ fromJSON(steps.failure_details.outputs.result).runUrl }})._`
+              });
+            }

.github/workflows/auto-fix-ci.yml

@@ -0,0 +1,119 @@
+name: Auto Fix CI Failures
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+
+permissions:
+  contents: write
+  pull-requests: write
+  actions: read
+  issues: write
+
+jobs:
+  auto-fix:
+    if: |
+      github.event.workflow_run.conclusion == 'failure' &&
+      github.event.workflow_run.name != 'Auto Fix CI Failures'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup git
+        run: |
+          git config --global user.name "claude[bot]"
+          git config --global user.email "198276+claude[bot]@users.noreply.github.com"
+
+      - name: Create fix branch
+        id: branch
+        run: |
+          BRANCH_NAME="claude-auto-fix-ci-${{ github.event.workflow_run.head_branch }}-${{ github.run_id }}"
+          git checkout -b "$BRANCH_NAME"
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+
+      - name: Get CI failure details
+        id: failure_details
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const run = await github.rest.actions.getWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }}
+            });
+            
+            const jobs = await github.rest.actions.listJobsForWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: ${{ github.event.workflow_run.id }}
+            });
+            
+            const failedJobs = jobs.data.jobs.filter(job => job.conclusion === 'failure');
+            
+            let errorLogs = [];
+            for (const job of failedJobs) {
+              const logs = await github.rest.actions.downloadJobLogsForWorkflowRun({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                job_id: job.id
+              });
+              errorLogs.push({
+                jobName: job.name,
+                logs: logs.data
+              });
+            }
+            
+            return {
+              runUrl: run.data.html_url,
+              failedJobs: failedJobs.map(j => j.name),
+              errorLogs: errorLogs
+            };
+
+      - name: Fix CI failures with Claude
+        uses: anthropics/claude-code-action@v1-dev
+        with:
+          prompt: |
+            /fix-ci-commit Failed CI Run: ${{ fromJSON(steps.failure_details.outputs.result).runUrl }}
+            Failed Jobs: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs, ', ') }}
+            
+            Error logs:
+            ${{ toJSON(fromJSON(steps.failure_details.outputs.result).errorLogs) }}
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          timeout_minutes: "30"
+          use_sticky_comment: "true"
+          use_commit_signing: "true"
+          allowed_tools: "Edit,MultiEdit,Write,Read,Glob,Grep,LS,Bash,mcp__github_file_ops__commit_files,mcp__github_file_ops__delete_files"
+          claude_args: "--max-turns 15"
+
+      - name: Push fix branch
+        if: success()
+        run: |
+          git push origin ${{ steps.branch.outputs.branch_name }}
+
+      - name: Create pull request comment
+        if: success()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const branchName = '${{ steps.branch.outputs.branch_name }}';
+            const baseBranch = '${{ github.event.workflow_run.head_branch }}';
+            const prUrl = `https://github.com/${context.repo.owner}/${context.repo.repo}/compare/${baseBranch}...${branchName}?quick_pull=1`;
+            
+            const issueNumber = ${{ github.event.workflow_run.pull_requests[0] && github.event.workflow_run.pull_requests[0].number || 'null' }};
+            
+            if (issueNumber) {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: issueNumber,
+                body: `## 🤖 CI Auto-Fix Available\n\nClaude has analyzed the CI failures and prepared fixes.\n\n[**→ Create pull request to fix CI**](${prUrl})\n\n_This fix was generated automatically based on the [failed CI run](${{ fromJSON(steps.failure_details.outputs.result).runUrl }})._`
+              });
+            }

.github/workflows/claude-auto-review.yml

@@ -0,0 +1,26 @@
+name: Auto Review PRs
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  auto-review:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+      id-token: write
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          
+      - name: Auto review PR
+        uses: anthropics/claude-code-action@v1-dev
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          prompt: /review

.github/workflows/claude.yml

@@ -31,9 +31,13 @@ jobs:
 
       - name: Run Claude Code
         id: claude
-        uses: anthropics/claude-code-action@beta
+        uses: janeapp/claude-code-action@main
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           allowed_tools: "Bash(bun install),Bash(bun test:*),Bash(bun run format),Bash(bun typecheck)"
           custom_instructions: "You have also been granted tools for editing files and running bun commands (install, run, test, typecheck) for testing your changes: bun install, bun test, bun run format, bun typecheck."
           model: "claude-opus-4-1-20250805"
+          # Testing PR 411 - sticky comment customization
+          use_sticky_comment: true
+          sticky_comment_app_bot_id: "209825114"
+          sticky_comment_app_bot_name: "claude"

action.yml

@@ -81,6 +81,10 @@ inputs:
     description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands"
     required: false
     default: "false"
+  allowed_tools:
+    description: "Comma-separated list of tools to allow Claude to use (e.g., 'Edit,MultiEdit,Write,Read'). If not set, mode defaults apply."
+    required: false
+    default: ""
   experimental_allowed_domains:
     description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected."
     required: false
@@ -130,6 +134,7 @@ runs:
         ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
         CLAUDE_ARGS: ${{ inputs.claude_args }}
         MCP_CONFIG: ${{ inputs.mcp_config }}
+        ALLOWED_TOOLS: ${{ inputs.allowed_tools }}
 
     - name: Install Base Action Dependencies
       if: steps.prepare.outputs.contains_trigger == 'true'

base-action/src/setup-claude-code-settings.ts

@@ -79,4 +79,37 @@ export async function setupClaudeCodeSettings(
       console.log(`Slash commands directory not found or error copying: ${e}`);
     }
   }
+
+  // Copy subagent files from repository to Claude's agents directory
+  // CLAUDE_WORKING_DIR is set by the action to point to the repo being processed
+  const workingDir = process.env.CLAUDE_WORKING_DIR || process.cwd();
+  const repoAgentsDir = `${workingDir}/.claude/agents`;
+  const targetAgentsDir = `${home}/.claude/agents`;
+  
+  try {
+    const agentsDirExists = await $`test -d ${repoAgentsDir}`.quiet().nothrow();
+    if (agentsDirExists.exitCode === 0) {
+      console.log(`Found subagents directory at ${repoAgentsDir}`);
+      
+      // Create target agents directory if it doesn't exist
+      await $`mkdir -p ${targetAgentsDir}`.quiet();
+      console.log(`Created target agents directory at ${targetAgentsDir}`);
+      
+      // Copy all .md files from repo agents to Claude's agents directory
+      const copyResult = await $`cp -r ${repoAgentsDir}/*.md ${targetAgentsDir}/ 2>/dev/null`.quiet().nothrow();
+      
+      if (copyResult.exitCode === 0) {
+        // List copied agents for logging
+        const agents = await $`ls -la ${targetAgentsDir}/*.md 2>/dev/null | wc -l`.quiet().text();
+        const agentCount = parseInt(agents.trim()) || 0;
+        console.log(`Successfully copied ${agentCount} subagent(s) to ${targetAgentsDir}`);
+      } else {
+        console.log(`No subagent files found in ${repoAgentsDir}`);
+      }
+    } else {
+      console.log(`No subagents directory found at ${repoAgentsDir}`);
+    }
+  } catch (e) {
+    console.log(`Error handling subagents: ${e}`);
+  }
 }

slash-commands/fix-ci-commit.md

@@ -0,0 +1,54 @@
+---
+description: Fix CI failures and commit changes (for use when branch already exists)
+allowed_tools: "*"
+---
+
+# Fix CI Failures and Commit
+
+You are on a branch that was created to fix CI failures. Your task is to fix the issues and commit the changes.
+
+## CI Failure Information
+
+$ARGUMENTS
+
+## Your Tasks
+
+1. **Analyze the failures** - Understand what went wrong from the logs
+2. **Fix the issues** - Make the necessary code changes
+3. **Commit your fixes** - Use git to commit all changes
+
+## Step-by-Step Instructions
+
+### 1. Fix the Issues
+
+Based on the error logs:
+- Fix syntax errors
+- Fix formatting issues  
+- Fix test failures
+- Fix any other CI problems
+
+### 2. Commit Your Changes (REQUIRED)
+
+After fixing ALL issues, you MUST:
+
+Use the `mcp__github_file_ops__commit_files` tool to commit all your changes with a descriptive message like:
+
+```
+Fix CI failures
+
+- Fixed syntax errors
+- Fixed formatting issues  
+- Fixed test failures
+[List actual fixes made]
+```
+
+**IMPORTANT**: You MUST use the MCP file ops tool to commit your changes. The workflow expects you to commit your changes.
+
+### 3. Verify (Optional)
+
+If possible, run verification commands:
+- `bun run format:check` for formatting
+- `bun test` for tests
+- `bun run typecheck` for TypeScript
+
+Begin by analyzing the failure logs and then fix the issues.

slash-commands/fix-ci.md

@@ -0,0 +1,67 @@
+---
+description: Analyze and fix CI failures by examining logs and making targeted fixes
+allowed_tools: "*"
+---
+
+# Fix CI Failures
+
+You are tasked with analyzing CI failure logs and fixing the issues. Follow these steps:
+
+## Context Provided
+
+$ARGUMENTS
+
+## Step 1: Analyze the Failure
+
+Parse the provided CI failure information to understand:
+- Which jobs failed and why
+- The specific error messages and stack traces
+- Whether failures are test-related, build-related, or linting issues
+
+## Step 2: Search and Understand the Codebase
+
+Use search tools to locate the failing code:
+- Search for the failing test names or functions
+- Find the source files mentioned in error messages
+- Review related configuration files (package.json, tsconfig.json, etc.)
+
+## Step 3: Apply Targeted Fixes
+
+Make minimal, focused changes:
+- **For test failures**: Determine if the test or implementation needs fixing
+- **For type errors**: Fix type definitions or correct the code logic
+- **For linting issues**: Apply formatting using the project's tools
+- **For build errors**: Resolve dependency or configuration issues
+- **For missing imports**: Add the necessary imports or install packages
+
+Requirements:
+- Only fix the actual CI failures, avoid unrelated changes
+- Follow existing code patterns and conventions
+- Ensure changes are production-ready, not temporary hacks
+- Preserve existing functionality while fixing issues
+
+## Step 4: Commit Changes
+
+After applying fixes:
+1. Use the `mcp__github_file_ops__commit_files` tool to commit your changes
+2. Include a descriptive commit message explaining what was fixed
+3. Document which CI jobs/tests were addressed in the commit message
+4. Important: Use the MCP file ops tool to commit your changes
+
+## Step 5: Verify Fixes Locally
+
+Run available verification commands:
+- Execute the failing tests locally to confirm they pass
+- Run the project's lint command (check package.json for scripts)
+- Run type checking if available
+- Execute any build commands to ensure compilation succeeds
+
+## Important Guidelines
+
+- Focus exclusively on fixing the reported CI failures
+- Maintain code quality and follow the project's established patterns
+- If a fix requires significant refactoring, document why it's necessary
+- When multiple solutions exist, choose the simplest one that maintains code quality
+- Add clear comments only if the fix is non-obvious
+
+Begin by analyzing the failure details provided above.

src/modes/agent/index.ts

@@ -83,6 +83,29 @@ export const agentMode: Mode = {
       },
     };
 
+    // Add GitHub file ops server when using commit signing
+    if (context.inputs?.useCommitSigning) {
+      mcpConfig.mcpServers["github-file-ops-server"] = {
+        command: "bun",
+        args: [
+          "run",
+          `${process.env.GITHUB_ACTION_PATH}/src/mcp/github-file-ops-server.ts`,
+        ],
+        env: {
+          GITHUB_TOKEN: githubToken || "",
+          REPO_OWNER: context.repository.owner,
+          REPO_NAME: context.repository.repo,
+          BRANCH_NAME: "", // Agent mode doesn't pre-create branches
+          BASE_BRANCH: "",
+          REPO_DIR: process.env.GITHUB_WORKSPACE || process.cwd(),
+          GITHUB_EVENT_NAME: process.env.GITHUB_EVENT_NAME || "",
+          IS_PR: "false", // Agent mode doesn't create PRs by default
+          GITHUB_API_URL:
+            process.env.GITHUB_API_URL || "https://api.github.com",
+        },
+      };
+    }
+
     // Add user-provided additional MCP config if any
     const additionalMcpConfig = process.env.MCP_CONFIG || "";
     if (additionalMcpConfig.trim()) {
@@ -101,12 +124,23 @@ export const agentMode: Mode = {
       }
     }
 
-    // Agent mode: pass through user's claude_args with MCP config
+    // Agent mode: pass through user's claude_args with MCP config and allowed_tools
     const userClaudeArgs = process.env.CLAUDE_ARGS || "";
+    const userAllowedTools = process.env.ALLOWED_TOOLS || "";
     const escapedMcpConfig = JSON.stringify(mcpConfig).replace(/'/g, "'\\''");
-    const claudeArgs =
-      `--mcp-config '${escapedMcpConfig}' ${userClaudeArgs}`.trim();
-    core.setOutput("claude_args", claudeArgs);
+    let claudeArgs = `--mcp-config '${escapedMcpConfig}'`;
+    
+    // Add allowed_tools if specified
+    if (userAllowedTools) {
+      claudeArgs += ` --allowedTools "${userAllowedTools}"`;
+    }
+    
+    // Add user's additional claude_args
+    if (userClaudeArgs) {
+      claudeArgs += ` ${userClaudeArgs}`;
+    }
+    
+    core.setOutput("claude_args", claudeArgs.trim());
 
     return {
       commentId: undefined,

test-failure.ts

@@ -0,0 +1,13 @@
+// This file intentionally has TypeScript errors to trigger CI failure
+// Testing auto-fix with MCP file ops enabled
+const testFunction = (param: string): number => {
+  // Type error: returning string instead of number
+  return "this should be a number";
+}
+
+// Syntax error: missing closing brace
+function brokenFunction() {
+  console.log("missing closing brace"
+}
+
+export { testFunction, brokenFunction };