feat: improve autofix suggestion detection for PR comments

Add detection logic to recognize actionable suggestions in PR comments, even when
they come from bot accounts like claude[bot]. This addresses the issue where the
autofix workflow incorrectly classified clear bug fix suggestions as not actionable.

New features:
- detectActionableSuggestion(): Analyzes comment body for actionable patterns
- Detects GitHub inline committable suggestions (```suggestion blocks)
- Detects clear bug fix language patterns (e.g., "should be", "change to", "replace with")
- Detects code alternatives and fix recommendations
- Returns confidence level (high/medium/low) and reason for the determination
- checkContainsActionableSuggestion(): Context-aware wrapper for GitHub events
- checkContainsTriggerOrActionableSuggestion(): Combined trigger and suggestion check
- checkIsActionableForAutofix(): Convenience function for autofix workflows
- extractSuggestionCode(): Extracts code from GitHub suggestion blocks

This enables workflows to automatically apply suggestions from code review comments,
improving the developer experience for PR reviews.

action.yml

@@ -23,6 +23,10 @@ inputs:
     description: "The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)"
     required: false
     default: "claude/"
+  branch_name_template:
+    description: "Template for branch naming. Available variables: {{prefix}}, {{entityType}}, {{entityNumber}}, {{timestamp}}, {{sha}}, {{label}}, {{description}}. {{label}} will be first label from the issue/PR, or {{entityType}} as a fallback. {{description}} will be the first 5 words of the issue/PR title in kebab-case. Default: '{{prefix}}{{entityType}}-{{entityNumber}}-{{timestamp}}'"
+    required: false
+    default: ""
   allowed_bots:
     description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots."
     required: false
@@ -178,6 +182,7 @@ runs:
         LABEL_TRIGGER: ${{ inputs.label_trigger }}
         BASE_BRANCH: ${{ inputs.base_branch }}
         BRANCH_PREFIX: ${{ inputs.branch_prefix }}
+        BRANCH_NAME_TEMPLATE: ${{ inputs.branch_name_template }}
         OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
         ALLOWED_BOTS: ${{ inputs.allowed_bots }}
         ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }}
@@ -208,7 +213,7 @@ runs:
 
         # Install Claude Code if no custom executable is provided
         if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
-          CLAUDE_CODE_VERSION="2.0.76"
+          CLAUDE_CODE_VERSION="2.1.4"
           echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
           for attempt in 1 2 3; do
             echo "Installation attempt $attempt..."

base-action/action.yml

@@ -124,7 +124,7 @@ runs:
         PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
       run: |
         if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
-          CLAUDE_CODE_VERSION="2.0.76"
+          CLAUDE_CODE_VERSION="2.1.4"
           echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
           for attempt in 1 2 3; do
             echo "Installation attempt $attempt..."

base-action/bun.lock

@@ -6,7 +6,7 @@
       "name": "@anthropic-ai/claude-code-base-action",
       "dependencies": {
         "@actions/core": "^1.10.1",
-        "@anthropic-ai/claude-agent-sdk": "^0.1.76",
+        "@anthropic-ai/claude-agent-sdk": "^0.2.4",
         "shell-quote": "^1.8.3",
       },
       "devDependencies": {
@@ -27,7 +27,7 @@
 
     "@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
 
-    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.1.76", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^3.24.1 || ^4.0.0" } }, "sha512-s7RvpXoFaLXLG7A1cJBAPD8ilwOhhc/12fb5mJXRuD561o4FmPtQ+WRfuy9akMmrFRfLsKv8Ornw3ClGAPL2fw=="],
+    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.4", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-5RpMO8aLEwuAd8h7/QHMCKzdVSihZCtHGnouPp+Isvc7zPzQXKb6GvUitkbs3wIBgIbXA/vXQmIi126uw9qo0A=="],
 
     "@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
 

base-action/package.json

@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@anthropic-ai/claude-agent-sdk": "^0.1.76",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.4",
     "shell-quote": "^1.8.3"
   },
   "devDependencies": {

base-action/test/mcp-test/package.json

@@ -2,6 +2,6 @@
   "name": "mcp-test",
   "version": "1.0.0",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.11.0"
+    "@modelcontextprotocol/sdk": "^1.24.0"
   }
 }

bun.lock

@@ -7,7 +7,7 @@
       "dependencies": {
         "@actions/core": "^1.10.1",
         "@actions/github": "^6.0.1",
-        "@anthropic-ai/claude-agent-sdk": "^0.1.76",
+        "@anthropic-ai/claude-agent-sdk": "^0.2.4",
         "@modelcontextprotocol/sdk": "^1.11.0",
         "@octokit/graphql": "^8.2.2",
         "@octokit/rest": "^21.1.1",
@@ -37,7 +37,7 @@
 
     "@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
 
-    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.1.76", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^3.24.1 || ^4.0.0" } }, "sha512-s7RvpXoFaLXLG7A1cJBAPD8ilwOhhc/12fb5mJXRuD561o4FmPtQ+WRfuy9akMmrFRfLsKv8Ornw3ClGAPL2fw=="],
+    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.4", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-5RpMO8aLEwuAd8h7/QHMCKzdVSihZCtHGnouPp+Isvc7zPzQXKb6GvUitkbs3wIBgIbXA/vXQmIi126uw9qo0A=="],
 
     "@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
 

package.json

@@ -12,7 +12,7 @@
   "dependencies": {
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.1",
-    "@anthropic-ai/claude-agent-sdk": "^0.1.76",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.4",
     "@modelcontextprotocol/sdk": "^1.11.0",
     "@octokit/graphql": "^8.2.2",
     "@octokit/rest": "^21.1.1",

src/github/api/queries/github.ts

@@ -18,6 +18,11 @@ export const PR_QUERY = `
         additions
         deletions
         state
+        labels(first: 1) {
+          nodes {
+            name
+          }
+        }
         commits(first: 100) {
           totalCount
           nodes {
@@ -101,6 +106,11 @@ export const ISSUE_QUERY = `
         updatedAt
         lastEditedAt
         state
+        labels(first: 1) {
+          nodes {
+            name
+          }
+        }
         comments(first: 100) {
           nodes {
             id

src/github/context.ts

@@ -88,6 +88,7 @@ type BaseContext = {
     labelTrigger: string;
     baseBranch?: string;
     branchPrefix: string;
+    branchNameTemplate?: string;
     useStickyComment: boolean;
     useCommitSigning: boolean;
     sshSigningKey: string;
@@ -145,6 +146,7 @@ export function parseGitHubContext(): GitHubContext {
       labelTrigger: process.env.LABEL_TRIGGER ?? "",
       baseBranch: process.env.BASE_BRANCH,
       branchPrefix: process.env.BRANCH_PREFIX ?? "claude/",
+      branchNameTemplate: process.env.BRANCH_NAME_TEMPLATE,
       useStickyComment: process.env.USE_STICKY_COMMENT === "true",
       useCommitSigning: process.env.USE_COMMIT_SIGNING === "true",
       sshSigningKey: process.env.SSH_SIGNING_KEY || "",

src/github/data/fetcher.ts

@@ -3,6 +3,8 @@ import type { Octokits } from "../api/client";
 import { ISSUE_QUERY, PR_QUERY, USER_QUERY } from "../api/queries/github";
 import {
   isIssueCommentEvent,
+  isIssuesEvent,
+  isPullRequestEvent,
   isPullRequestReviewEvent,
   isPullRequestReviewCommentEvent,
   type ParsedGitHubContext,
@@ -40,6 +42,31 @@ export function extractTriggerTimestamp(
   return undefined;
 }
 
+/**
+ * Extracts the original title from the GitHub webhook payload.
+ * This is the title as it existed when the trigger event occurred.
+ *
+ * @param context - Parsed GitHub context from webhook
+ * @returns The original title string or undefined if not available
+ */
+export function extractOriginalTitle(
+  context: ParsedGitHubContext,
+): string | undefined {
+  if (isIssueCommentEvent(context)) {
+    return context.payload.issue?.title;
+  } else if (isPullRequestEvent(context)) {
+    return context.payload.pull_request?.title;
+  } else if (isPullRequestReviewEvent(context)) {
+    return context.payload.pull_request?.title;
+  } else if (isPullRequestReviewCommentEvent(context)) {
+    return context.payload.pull_request?.title;
+  } else if (isIssuesEvent(context)) {
+    return context.payload.issue?.title;
+  }
+
+  return undefined;
+}
+
 /**
  * Filters comments to only include those that existed in their final state before the trigger time.
  * This prevents malicious actors from editing comments after the trigger to inject harmful content.
@@ -146,6 +173,7 @@ type FetchDataParams = {
   isPR: boolean;
   triggerUsername?: string;
   triggerTime?: string;
+  originalTitle?: string;
 };
 
 export type GitHubFileWithSHA = GitHubFile & {
@@ -169,6 +197,7 @@ export async function fetchGitHubData({
   isPR,
   triggerUsername,
   triggerTime,
+  originalTitle,
 }: FetchDataParams): Promise<FetchDataResult> {
   const [owner, repo] = repository.split("/");
   if (!owner || !repo) {
@@ -354,6 +383,11 @@ export async function fetchGitHubData({
     triggerDisplayName = await fetchUserDisplayName(octokits, triggerUsername);
   }
 
+  // Use the original title from the webhook payload if provided
+  if (originalTitle !== undefined) {
+    contextData.title = originalTitle;
+  }
+
   return {
     contextData,
     comments,

src/github/data/formatter.ts

@@ -14,7 +14,8 @@ export function formatContext(
 ): string {
   if (isPR) {
     const prData = contextData as GitHubPullRequest;
-    return `PR Title: ${prData.title}
+    const sanitizedTitle = sanitizeContent(prData.title);
+    return `PR Title: ${sanitizedTitle}
 PR Author: ${prData.author.login}
 PR Branch: ${prData.headRefName} -> ${prData.baseRefName}
 PR State: ${prData.state}
@@ -24,7 +25,8 @@ Total Commits: ${prData.commits.totalCount}
 Changed Files: ${prData.files.nodes.length} files`;
   } else {
     const issueData = contextData as GitHubIssue;
-    return `Issue Title: ${issueData.title}
+    const sanitizedTitle = sanitizeContent(issueData.title);
+    return `Issue Title: ${sanitizedTitle}
 Issue Author: ${issueData.author.login}
 Issue State: ${issueData.state}`;
   }

src/github/operations/branch.ts

@@ -6,12 +6,22 @@
  * - For Issues: Create a new branch
  */
 
+import { $ } from "bun";
 import { execFileSync } from "child_process";
 import * as core from "@actions/core";
 import type { ParsedGitHubContext } from "../context";
 import type { GitHubPullRequest } from "../types";
 import type { Octokits } from "../api/client";
 import type { FetchDataResult } from "../data/fetcher";
+import { generateBranchName } from "../../utils/branch-template";
+
+/**
+ * Extracts the first label from GitHub data, or returns undefined if no labels exist
+ */
+function extractFirstLabel(githubData: FetchDataResult): string | undefined {
+  const labels = githubData.contextData.labels?.nodes;
+  return labels && labels.length > 0 ? labels[0]?.name : undefined;
+}
 
 /**
  * Validates a git branch name against a strict whitelist pattern.
@@ -125,7 +135,7 @@ export async function setupBranch(
 ): Promise<BranchInfo> {
   const { owner, repo } = context.repository;
   const entityNumber = context.entityNumber;
-  const { baseBranch, branchPrefix } = context.inputs;
+  const { baseBranch, branchPrefix, branchNameTemplate } = context.inputs;
   const isPR = context.isPR;
 
   if (isPR) {
@@ -191,17 +201,8 @@ export async function setupBranch(
   // Generate branch name for either an issue or closed/merged PR
   const entityType = isPR ? "pr" : "issue";
 
-  // Create Kubernetes-compatible timestamp: lowercase, hyphens only, shorter format
-  const now = new Date();
-  const timestamp = `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}-${String(now.getHours()).padStart(2, "0")}${String(now.getMinutes()).padStart(2, "0")}`;
-
-  // Ensure branch name is Kubernetes-compatible:
-  // - Lowercase only
-  // - Alphanumeric with hyphens
-  // - No underscores
-  // - Max 50 chars (to allow for prefixes)
-  const branchName = `${branchPrefix}${entityType}-${entityNumber}-${timestamp}`;
-  const newBranch = branchName.toLowerCase().substring(0, 50);
+  // Get the SHA of the source branch to use in template
+  let sourceSHA: string | undefined;
 
   try {
     // Get the SHA of the source branch to verify it exists
@@ -211,8 +212,46 @@ export async function setupBranch(
       ref: `heads/${sourceBranch}`,
     });
 
-    const currentSHA = sourceBranchRef.data.object.sha;
-    console.log(`Source branch SHA: ${currentSHA}`);
+    sourceSHA = sourceBranchRef.data.object.sha;
+    console.log(`Source branch SHA: ${sourceSHA}`);
+
+    // Extract first label from GitHub data
+    const firstLabel = extractFirstLabel(githubData);
+
+    // Extract title from GitHub data
+    const title = githubData.contextData.title;
+
+    // Generate branch name using template or default format
+    let newBranch = generateBranchName(
+      branchNameTemplate,
+      branchPrefix,
+      entityType,
+      entityNumber,
+      sourceSHA,
+      firstLabel,
+      title,
+    );
+
+    // Check if generated branch already exists on remote
+    try {
+      await $`git ls-remote --exit-code origin refs/heads/${newBranch}`.quiet();
+
+      // If we get here, branch exists (exit code 0)
+      console.log(
+        `Branch '${newBranch}' already exists, falling back to default format`,
+      );
+      newBranch = generateBranchName(
+        undefined, // Force default template
+        branchPrefix,
+        entityType,
+        entityNumber,
+        sourceSHA,
+        firstLabel,
+        title,
+      );
+    } catch {
+      // Branch doesn't exist (non-zero exit code), continue with generated name
+    }
 
     // For commit signing, defer branch creation to the file ops server
     if (context.inputs.useCommitSigning) {

src/github/types.ts

@@ -63,6 +63,11 @@ export type GitHubPullRequest = {
   additions: number;
   deletions: number;
   state: string;
+  labels: {
+    nodes: Array<{
+      name: string;
+    }>;
+  };
   commits: {
     totalCount: number;
     nodes: Array<{
@@ -88,6 +93,11 @@ export type GitHubIssue = {
   updatedAt?: string;
   lastEditedAt?: string;
   state: string;
+  labels: {
+    nodes: Array<{
+      name: string;
+    }>;
+  };
   comments: {
     nodes: GitHubComment[];
   };

src/github/validation/trigger.ts

@@ -10,6 +10,11 @@ import {
   isPullRequestReviewCommentEvent,
 } from "../context";
 import type { ParsedGitHubContext } from "../context";
+import {
+  detectActionableSuggestion,
+  isCommentActionableForAutofix,
+  type ActionableSuggestionResult,
+} from "../../utils/detect-actionable-suggestion";
 
 export function checkContainsTrigger(context: ParsedGitHubContext): boolean {
   const {
@@ -146,3 +151,89 @@ export async function checkTriggerAction(context: ParsedGitHubContext) {
   core.setOutput("contains_trigger", containsTrigger.toString());
   return containsTrigger;
 }
+
+/**
+ * Checks if the context contains an actionable suggestion that can be automatically fixed.
+ * This is useful for autofix workflows that want to respond to code review suggestions,
+ * even when they come from bot accounts like claude[bot].
+ *
+ * @param context - The parsed GitHub context
+ * @returns Detection result with confidence level and reason
+ */
+export function checkContainsActionableSuggestion(
+  context: ParsedGitHubContext,
+): ActionableSuggestionResult {
+  // Extract comment body based on event type
+  let commentBody: string | undefined;
+
+  if (isPullRequestReviewCommentEvent(context)) {
+    commentBody = context.payload.comment.body;
+  } else if (isIssueCommentEvent(context)) {
+    commentBody = context.payload.comment.body;
+  } else if (isPullRequestReviewEvent(context)) {
+    commentBody = context.payload.review.body ?? undefined;
+  }
+
+  return detectActionableSuggestion(commentBody);
+}
+
+/**
+ * Enhanced trigger check that also considers actionable suggestions.
+ * This function first checks for the standard trigger phrase, and if not found,
+ * optionally checks for actionable suggestions when `checkSuggestions` is true.
+ *
+ * @param context - The parsed GitHub context
+ * @param checkSuggestions - Whether to also check for actionable suggestions (default: false)
+ * @returns Whether the action should be triggered
+ */
+export function checkContainsTriggerOrActionableSuggestion(
+  context: ParsedGitHubContext,
+  checkSuggestions: boolean = false,
+): boolean {
+  // First, check for standard trigger
+  if (checkContainsTrigger(context)) {
+    return true;
+  }
+
+  // If checkSuggestions is enabled, also check for actionable suggestions
+  if (checkSuggestions) {
+    const suggestionResult = checkContainsActionableSuggestion(context);
+    if (suggestionResult.isActionable) {
+      console.log(
+        `Comment contains actionable suggestion: ${suggestionResult.reason} (confidence: ${suggestionResult.confidence})`,
+      );
+      return true;
+    }
+  }
+
+  return false;
+}
+
+/**
+ * Checks if a PR comment is actionable for autofix purposes.
+ * This is a convenience function for workflows that want to automatically
+ * apply suggestions from code review comments.
+ *
+ * @param context - The parsed GitHub context
+ * @returns Whether the comment should be treated as actionable for autofix
+ */
+export function checkIsActionableForAutofix(
+  context: ParsedGitHubContext,
+): boolean {
+  // Only applicable to PR review comment events
+  if (!isPullRequestReviewCommentEvent(context)) {
+    return false;
+  }
+
+  const commentBody = context.payload.comment.body;
+  const authorUsername = context.payload.comment.user?.login;
+
+  return isCommentActionableForAutofix(commentBody, authorUsername);
+}
+
+// Re-export the types and functions from the utility module for convenience
+export {
+  detectActionableSuggestion,
+  isCommentActionableForAutofix,
+  type ActionableSuggestionResult,
+} from "../../utils/detect-actionable-suggestion";

src/mcp/github-file-ops-server.ts

@@ -4,11 +4,12 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
 import { readFile, stat } from "fs/promises";
-import { join } from "path";
+import { resolve } from "path";
 import { constants } from "fs";
 import fetch from "node-fetch";
 import { GITHUB_API_URL } from "../github/api/config";
 import { retryWithBackoff } from "../utils/retry";
+import { validatePathWithinRepo } from "./path-validation";
 
 type GitHubRef = {
   object: {
@@ -213,12 +214,18 @@ server.tool(
         throw new Error("GITHUB_TOKEN environment variable is required");
       }
 
-      const processedFiles = files.map((filePath) => {
-        if (filePath.startsWith("/")) {
-          return filePath.slice(1);
-        }
-        return filePath;
-      });
+      // Validate all paths are within repository root and get full/relative paths
+      const resolvedRepoDir = resolve(REPO_DIR);
+      const validatedFiles = await Promise.all(
+        files.map(async (filePath) => {
+          const fullPath = await validatePathWithinRepo(filePath, REPO_DIR);
+          // Calculate the relative path for the git tree entry
+          // Use the original filePath (normalized) for the git path, not the symlink-resolved path
+          const normalizedPath = resolve(resolvedRepoDir, filePath);
+          const relativePath = normalizedPath.slice(resolvedRepoDir.length + 1);
+          return { fullPath, relativePath };
+        }),
+      );
 
       // 1. Get the branch reference (create if doesn't exist)
       const baseSha = await getOrCreateBranchRef(
@@ -247,18 +254,14 @@ server.tool(
 
       // 3. Create tree entries for all files
       const treeEntries = await Promise.all(
-        processedFiles.map(async (filePath) => {
-          const fullPath = filePath.startsWith("/")
-            ? filePath
-            : join(REPO_DIR, filePath);
-
+        validatedFiles.map(async ({ fullPath, relativePath }) => {
           // Get the proper file mode based on file permissions
           const fileMode = await getFileMode(fullPath);
 
           // Check if file is binary (images, etc.)
           const isBinaryFile =
             /\.(png|jpg|jpeg|gif|webp|ico|pdf|zip|tar|gz|exe|bin|woff|woff2|ttf|eot)$/i.test(
-              filePath,
+              relativePath,
             );
 
           if (isBinaryFile) {
@@ -284,7 +287,7 @@ server.tool(
             if (!blobResponse.ok) {
               const errorText = await blobResponse.text();
               throw new Error(
-                `Failed to create blob for ${filePath}: ${blobResponse.status} - ${errorText}`,
+                `Failed to create blob for ${relativePath}: ${blobResponse.status} - ${errorText}`,
               );
             }
 
@@ -292,7 +295,7 @@ server.tool(
 
             // Return tree entry with blob SHA
             return {
-              path: filePath,
+              path: relativePath,
               mode: fileMode,
               type: "blob",
               sha: blobData.sha,
@@ -301,7 +304,7 @@ server.tool(
             // For text files, include content directly in tree
             const content = await readFile(fullPath, "utf-8");
             return {
-              path: filePath,
+              path: relativePath,
               mode: fileMode,
               type: "blob",
               content: content,
@@ -421,7 +424,9 @@ server.tool(
           author: newCommitData.author.name,
           date: newCommitData.author.date,
         },
-        files: processedFiles.map((path) => ({ path })),
+        files: validatedFiles.map(({ relativePath }) => ({
+          path: relativePath,
+        })),
         tree: {
           sha: treeData.sha,
         },

src/mcp/path-validation.ts

@@ -0,0 +1,64 @@
+import { realpath } from "fs/promises";
+import { resolve, sep } from "path";
+
+/**
+ * Validates that a file path resolves within the repository root.
+ * Prevents path traversal attacks via "../" sequences and symlinks.
+ * @param filePath - The file path to validate (can be relative or absolute)
+ * @param repoRoot - The repository root directory
+ * @returns The resolved absolute path (with symlinks resolved) if valid
+ * @throws Error if the path resolves outside the repository root
+ */
+export async function validatePathWithinRepo(
+  filePath: string,
+  repoRoot: string,
+): Promise<string> {
+  // First resolve the path string (handles .. and . segments)
+  const initialPath = resolve(repoRoot, filePath);
+
+  // Resolve symlinks to get the real path
+  // This prevents symlink attacks where a link inside the repo points outside
+  let resolvedRoot: string;
+  let resolvedPath: string;
+
+  try {
+    resolvedRoot = await realpath(repoRoot);
+  } catch {
+    throw new Error(`Repository root '${repoRoot}' does not exist`);
+  }
+
+  try {
+    resolvedPath = await realpath(initialPath);
+  } catch {
+    // File doesn't exist yet - fall back to checking the parent directory
+    // This handles the case where we're creating a new file
+    const parentDir = resolve(initialPath, "..");
+    try {
+      const resolvedParent = await realpath(parentDir);
+      if (
+        resolvedParent !== resolvedRoot &&
+        !resolvedParent.startsWith(resolvedRoot + sep)
+      ) {
+        throw new Error(
+          `Path '${filePath}' resolves outside the repository root`,
+        );
+      }
+      // Parent is valid, return the initial path since file doesn't exist yet
+      return initialPath;
+    } catch {
+      throw new Error(
+        `Path '${filePath}' resolves outside the repository root`,
+      );
+    }
+  }
+
+  // Path must be within repo root (or be the root itself)
+  if (
+    resolvedPath !== resolvedRoot &&
+    !resolvedPath.startsWith(resolvedRoot + sep)
+  ) {
+    throw new Error(`Path '${filePath}' resolves outside the repository root`);
+  }
+
+  return resolvedPath;
+}

src/modes/agent/parse-tools.ts

@@ -1,22 +1,33 @@
 export function parseAllowedTools(claudeArgs: string): string[] {
   // Match --allowedTools or --allowed-tools followed by the value
   // Handle both quoted and unquoted values
+  // Use /g flag to find ALL occurrences, not just the first one
   const patterns = [
-    /--(?:allowedTools|allowed-tools)\s+"([^"]+)"/, // Double quoted
-    /--(?:allowedTools|allowed-tools)\s+'([^']+)'/, // Single quoted
-    /--(?:allowedTools|allowed-tools)\s+([^\s]+)/, // Unquoted
+    /--(?:allowedTools|allowed-tools)\s+"([^"]+)"/g, // Double quoted
+    /--(?:allowedTools|allowed-tools)\s+'([^']+)'/g, // Single quoted
+    /--(?:allowedTools|allowed-tools)\s+([^'"\s][^\s]*)/g, // Unquoted (must not start with quote)
   ];
 
+  const tools: string[] = [];
+  const seen = new Set<string>();
+
   for (const pattern of patterns) {
-    const match = claudeArgs.match(pattern);
-    if (match && match[1]) {
-      // Don't return if the value starts with -- (another flag)
-      if (match[1].startsWith("--")) {
-        return [];
+    for (const match of claudeArgs.matchAll(pattern)) {
+      if (match[1]) {
+        // Don't add if the value starts with -- (another flag)
+        if (match[1].startsWith("--")) {
+          continue;
+        }
+        for (const tool of match[1].split(",")) {
+          const trimmed = tool.trim();
+          if (trimmed && !seen.has(trimmed)) {
+            seen.add(trimmed);
+            tools.push(trimmed);
+          }
+        }
       }
-      return match[1].split(",").map((t) => t.trim());
     }
   }
 
-  return [];
+  return tools;
 }

src/modes/tag/index.ts

@@ -12,6 +12,7 @@ import { prepareMcpConfig } from "../../mcp/install-mcp-server";
 import {
   fetchGitHubData,
   extractTriggerTimestamp,
+  extractOriginalTitle,
 } from "../../github/data/fetcher";
 import { createPrompt, generateDefaultPrompt } from "../../create-prompt";
 import { isEntityContext } from "../../github/context";
@@ -78,6 +79,7 @@ export const tagMode: Mode = {
     const commentId = commentData.id;
 
     const triggerTime = extractTriggerTimestamp(context);
+    const originalTitle = extractOriginalTitle(context);
 
     const githubData = await fetchGitHubData({
       octokits: octokit,
@@ -86,6 +88,7 @@ export const tagMode: Mode = {
       isPR: context.isPR,
       triggerUsername: context.actor,
       triggerTime,
+      originalTitle,
     });
 
     // Setup branch

src/utils/branch-template.ts

@@ -0,0 +1,99 @@
+#!/usr/bin/env bun
+
+/**
+ * Branch name template parsing and variable substitution utilities
+ */
+
+const NUM_DESCRIPTION_WORDS = 5;
+
+/**
+ * Extracts the first 5 words from a title and converts them to kebab-case
+ */
+function extractDescription(
+  title: string,
+  numWords: number = NUM_DESCRIPTION_WORDS,
+): string {
+  if (!title || title.trim() === "") {
+    return "";
+  }
+
+  return title
+    .trim()
+    .split(/\s+/)
+    .slice(0, numWords) // Only first `numWords` words
+    .join("-")
+    .toLowerCase()
+    .replace(/[^a-z0-9-]/g, "") // Remove non-alphanumeric except hyphens
+    .replace(/-+/g, "-") // Replace multiple hyphens with single
+    .replace(/^-|-$/g, ""); // Remove leading/trailing hyphens
+}
+
+export interface BranchTemplateVariables {
+  prefix: string;
+  entityType: string;
+  entityNumber: number;
+  timestamp: string;
+  sha?: string;
+  label?: string;
+  description?: string;
+}
+
+/**
+ * Replaces template variables in a branch name template
+ * Template format: {{variableName}}
+ */
+export function applyBranchTemplate(
+  template: string,
+  variables: BranchTemplateVariables,
+): string {
+  let result = template;
+
+  // Replace each variable
+  Object.entries(variables).forEach(([key, value]) => {
+    const placeholder = `{{${key}}}`;
+    const replacement = value ? String(value) : "";
+    result = result.replaceAll(placeholder, replacement);
+  });
+
+  return result;
+}
+
+/**
+ * Generates a branch name from the provided `template` and set of `variables`. Uses a default format if the template is empty or produces an empty result.
+ */
+export function generateBranchName(
+  template: string | undefined,
+  branchPrefix: string,
+  entityType: string,
+  entityNumber: number,
+  sha?: string,
+  label?: string,
+  title?: string,
+): string {
+  const now = new Date();
+
+  const variables: BranchTemplateVariables = {
+    prefix: branchPrefix,
+    entityType,
+    entityNumber,
+    timestamp: `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}-${String(now.getHours()).padStart(2, "0")}${String(now.getMinutes()).padStart(2, "0")}`,
+    sha: sha?.substring(0, 8), // First 8 characters of SHA
+    label: label || entityType, // Fall back to entityType if no label
+    description: title ? extractDescription(title) : undefined,
+  };
+
+  if (template?.trim()) {
+    const branchName = applyBranchTemplate(template, variables);
+
+    // Some templates could produce empty results- validate
+    if (branchName.trim().length > 0) return branchName;
+
+    console.log(
+      `Branch template '${template}' generated empty result, falling back to default format`,
+    );
+  }
+
+  const branchName = `${branchPrefix}${entityType}-${entityNumber}-${variables.timestamp}`;
+  // Kubernetes compatible: lowercase, max 50 chars, alphanumeric and hyphens only
+  return branchName.toLowerCase().substring(0, 50);
+}

src/utils/detect-actionable-suggestion.ts

@@ -0,0 +1,213 @@
+#!/usr/bin/env bun
+
+/**
+ * Detects if a PR comment contains actionable suggestions that can be automatically fixed.
+ *
+ * This module identifies:
+ * 1. GitHub inline committable suggestions (```suggestion blocks)
+ * 2. Clear bug fix suggestions with specific patterns
+ * 3. Code fix recommendations with explicit changes
+ */
+
+/**
+ * Patterns that indicate a comment contains a GitHub inline committable suggestion.
+ * These are code blocks that GitHub renders with a "Commit suggestion" button.
+ */
+const COMMITTABLE_SUGGESTION_PATTERN = /```suggestion\b[\s\S]*?```/i;
+
+/**
+ * Patterns that indicate a clear, actionable bug fix suggestion.
+ * These phrases typically precede concrete fix recommendations.
+ */
+const BUG_FIX_PATTERNS = [
+  // Direct fix suggestions
+  /\bshould\s+(?:be|use|return|change\s+to)\b/i,
+  /\bchange\s+(?:this\s+)?to\b/i,
+  /\breplace\s+(?:this\s+)?with\b/i,
+  /\buse\s+(?:this\s+)?instead\b/i,
+  /\binstead\s+of\s+.*?,?\s*use\b/i,
+
+  // Bug identification with fix
+  /\b(?:bug|issue|error|problem):\s*.*(?:fix|change|update|replace)/i,
+  /\bfix(?:ed)?\s+by\s+(?:chang|replac|updat)/i,
+  /\bto\s+fix\s+(?:this|the)\b/i,
+
+  // Explicit code changes
+  /\bthe\s+(?:correct|proper|right)\s+(?:code|syntax|value|approach)\s+(?:is|would\s+be)\b/i,
+  /\bshould\s+(?:read|look\s+like)\b/i,
+
+  // Missing/wrong patterns
+  /\bmissing\s+(?:a\s+)?(?:semicolon|bracket|parenthesis|quote|import|return|await)\b/i,
+  /\bextra\s+(?:semicolon|bracket|parenthesis|quote)\b/i,
+  /\bwrong\s+(?:type|value|variable|import|parameter)\b/i,
+  /\btypo\s+(?:in|here)\b/i,
+];
+
+/**
+ * Patterns that suggest code alternatives (less strong than direct fixes but still actionable).
+ */
+const CODE_ALTERNATIVE_PATTERNS = [
+  /```[\w]*\n[\s\S]+?\n```/, // Any code block (might contain the fix)
+  /\b(?:try|consider)\s+(?:using|changing|replacing)\b/i,
+  /\bhere'?s?\s+(?:the|a)\s+(?:fix|solution|correction)\b/i,
+  /\b(?:correct|fixed|updated)\s+(?:version|code|implementation)\b/i,
+];
+
+export interface ActionableSuggestionResult {
+  /** Whether the comment contains an actionable suggestion */
+  isActionable: boolean;
+  /** Whether the comment contains a GitHub inline committable suggestion */
+  hasCommittableSuggestion: boolean;
+  /** Whether the comment contains clear bug fix language */
+  hasBugFixSuggestion: boolean;
+  /** Whether the comment contains code alternatives */
+  hasCodeAlternative: boolean;
+  /** Confidence level: 'high', 'medium', or 'low' */
+  confidence: "high" | "medium" | "low";
+  /** Reason for the determination */
+  reason: string;
+}
+
+/**
+ * Detects if a comment contains actionable suggestions that can be automatically fixed.
+ *
+ * @param commentBody - The body of the PR comment to analyze
+ * @returns Object with detection results and confidence level
+ *
+ * @example
+ * ```ts
+ * const result = detectActionableSuggestion("```suggestion\nfixed code\n```");
+ * // { isActionable: true, hasCommittableSuggestion: true, confidence: 'high', ... }
+ *
+ * const result2 = detectActionableSuggestion("You should use `const` instead of `let` here");
+ * // { isActionable: true, hasBugFixSuggestion: true, confidence: 'medium', ... }
+ * ```
+ */
+export function detectActionableSuggestion(
+  commentBody: string | undefined | null,
+): ActionableSuggestionResult {
+  if (!commentBody) {
+    return {
+      isActionable: false,
+      hasCommittableSuggestion: false,
+      hasBugFixSuggestion: false,
+      hasCodeAlternative: false,
+      confidence: "low",
+      reason: "Empty or missing comment body",
+    };
+  }
+
+  // Check for GitHub inline committable suggestion (highest confidence)
+  const hasCommittableSuggestion =
+    COMMITTABLE_SUGGESTION_PATTERN.test(commentBody);
+  if (hasCommittableSuggestion) {
+    return {
+      isActionable: true,
+      hasCommittableSuggestion: true,
+      hasBugFixSuggestion: false,
+      hasCodeAlternative: false,
+      confidence: "high",
+      reason: "Contains GitHub inline committable suggestion (```suggestion)",
+    };
+  }
+
+  // Check for clear bug fix patterns (medium-high confidence)
+  const matchedBugFixPattern = BUG_FIX_PATTERNS.find((pattern) =>
+    pattern.test(commentBody),
+  );
+  if (matchedBugFixPattern) {
+    // Higher confidence if also contains a code block
+    const hasCodeBlock = CODE_ALTERNATIVE_PATTERNS[0].test(commentBody);
+    return {
+      isActionable: true,
+      hasCommittableSuggestion: false,
+      hasBugFixSuggestion: true,
+      hasCodeAlternative: hasCodeBlock,
+      confidence: hasCodeBlock ? "high" : "medium",
+      reason: hasCodeBlock
+        ? "Contains clear bug fix suggestion with code example"
+        : "Contains clear bug fix suggestion",
+    };
+  }
+
+  // Check for code alternatives (medium confidence)
+  const matchedAlternativePattern = CODE_ALTERNATIVE_PATTERNS.find((pattern) =>
+    pattern.test(commentBody),
+  );
+  if (matchedAlternativePattern) {
+    return {
+      isActionable: true,
+      hasCommittableSuggestion: false,
+      hasBugFixSuggestion: false,
+      hasCodeAlternative: true,
+      confidence: "medium",
+      reason: "Contains code alternative or fix suggestion",
+    };
+  }
+
+  return {
+    isActionable: false,
+    hasCommittableSuggestion: false,
+    hasBugFixSuggestion: false,
+    hasCodeAlternative: false,
+    confidence: "low",
+    reason: "No actionable suggestion patterns detected",
+  };
+}
+
+/**
+ * Checks if a comment should be treated as actionable for autofix purposes,
+ * even if it comes from a bot account like claude[bot].
+ *
+ * This is particularly useful for workflows that want to automatically apply
+ * suggestions from code review comments.
+ *
+ * @param commentBody - The body of the PR comment
+ * @param authorUsername - The username of the comment author
+ * @returns Whether the comment should be treated as actionable
+ */
+export function isCommentActionableForAutofix(
+  commentBody: string | undefined | null,
+  authorUsername?: string,
+): boolean {
+  const result = detectActionableSuggestion(commentBody);
+
+  // If it's already clearly actionable (high confidence), return true
+  if (result.confidence === "high") {
+    return true;
+  }
+
+  // For medium confidence, be more lenient
+  if (result.confidence === "medium" && result.isActionable) {
+    return true;
+  }
+
+  return false;
+}
+
+/**
+ * Extracts the suggested code from a GitHub inline committable suggestion block.
+ *
+ * @param commentBody - The body of the PR comment
+ * @returns The suggested code content, or null if no suggestion block found
+ *
+ * @example
+ * ```ts
+ * const code = extractSuggestionCode("```suggestion\nconst x = 1;\n```");
+ * // "const x = 1;"
+ * ```
+ */
+export function extractSuggestionCode(
+  commentBody: string | undefined | null,
+): string | null {
+  if (!commentBody) {
+    return null;
+  }
+
+  const match = commentBody.match(/```suggestion\b\n?([\s\S]*?)```/i);
+  if (match && match[1] !== undefined) {
+    return match[1].trim();
+  }
+
+  return null;
+}

test/branch-template.test.ts

@@ -0,0 +1,247 @@
+#!/usr/bin/env bun
+
+import { describe, it, expect } from "bun:test";
+import {
+  applyBranchTemplate,
+  generateBranchName,
+} from "../src/utils/branch-template";
+
+describe("branch template utilities", () => {
+  describe("applyBranchTemplate", () => {
+    it("should replace all template variables", () => {
+      const template =
+        "{{prefix}}{{entityType}}-{{entityNumber}}-{{timestamp}}";
+      const variables = {
+        prefix: "feat/",
+        entityType: "issue",
+        entityNumber: 123,
+        timestamp: "20240301-1430",
+        sha: "abcd1234",
+      };
+
+      const result = applyBranchTemplate(template, variables);
+      expect(result).toBe("feat/issue-123-20240301-1430");
+    });
+
+    it("should handle custom templates with multiple variables", () => {
+      const template =
+        "{{prefix}}fix/{{entityType}}_{{entityNumber}}_{{timestamp}}_{{sha}}";
+      const variables = {
+        prefix: "claude-",
+        entityType: "pr",
+        entityNumber: 456,
+        timestamp: "20240301-1430",
+        sha: "abcd1234",
+      };
+
+      const result = applyBranchTemplate(template, variables);
+      expect(result).toBe("claude-fix/pr_456_20240301-1430_abcd1234");
+    });
+
+    it("should handle templates with missing variables gracefully", () => {
+      const template = "{{prefix}}{{entityType}}-{{missing}}-{{entityNumber}}";
+      const variables = {
+        prefix: "feat/",
+        entityType: "issue",
+        entityNumber: 123,
+        timestamp: "20240301-1430",
+      };
+
+      const result = applyBranchTemplate(template, variables);
+      expect(result).toBe("feat/issue-{{missing}}-123");
+    });
+  });
+
+  describe("generateBranchName", () => {
+    it("should use custom template when provided", () => {
+      const template = "{{prefix}}custom-{{entityType}}_{{entityNumber}}";
+      const result = generateBranchName(template, "feature/", "issue", 123);
+
+      expect(result).toBe("feature/custom-issue_123");
+    });
+
+    it("should use default format when template is empty", () => {
+      const result = generateBranchName("", "claude/", "issue", 123);
+
+      expect(result).toMatch(/^claude\/issue-123-\d{8}-\d{4}$/);
+    });
+
+    it("should use default format when template is undefined", () => {
+      const result = generateBranchName(undefined, "claude/", "pr", 456);
+
+      expect(result).toMatch(/^claude\/pr-456-\d{8}-\d{4}$/);
+    });
+
+    it("should preserve custom template formatting (no automatic lowercase/truncation)", () => {
+      const template = "{{prefix}}UPPERCASE_Branch-Name_{{entityNumber}}";
+      const result = generateBranchName(template, "Feature/", "issue", 123);
+
+      expect(result).toBe("Feature/UPPERCASE_Branch-Name_123");
+    });
+
+    it("should not truncate custom template results", () => {
+      const template =
+        "{{prefix}}very-long-branch-name-that-exceeds-the-maximum-allowed-length-{{entityNumber}}";
+      const result = generateBranchName(template, "feature/", "issue", 123);
+
+      expect(result).toBe(
+        "feature/very-long-branch-name-that-exceeds-the-maximum-allowed-length-123",
+      );
+    });
+
+    it("should apply Kubernetes-compatible transformations to default template only", () => {
+      const result = generateBranchName(undefined, "Feature/", "issue", 123);
+
+      expect(result).toMatch(/^feature\/issue-123-\d{8}-\d{4}$/);
+      expect(result.length).toBeLessThanOrEqual(50);
+    });
+
+    it("should handle SHA in template", () => {
+      const template = "{{prefix}}{{entityType}}-{{entityNumber}}-{{sha}}";
+      const result = generateBranchName(
+        template,
+        "fix/",
+        "pr",
+        789,
+        "abcdef123456",
+      );
+
+      expect(result).toBe("fix/pr-789-abcdef12");
+    });
+
+    it("should use label in template when provided", () => {
+      const template = "{{prefix}}{{label}}/{{entityNumber}}";
+      const result = generateBranchName(
+        template,
+        "feature/",
+        "issue",
+        123,
+        undefined,
+        "bug",
+      );
+
+      expect(result).toBe("feature/bug/123");
+    });
+
+    it("should fallback to entityType when label template is used but no label provided", () => {
+      const template = "{{prefix}}{{label}}-{{entityNumber}}";
+      const result = generateBranchName(template, "fix/", "pr", 456);
+
+      expect(result).toBe("fix/pr-456");
+    });
+
+    it("should handle template with both label and entityType", () => {
+      const template = "{{prefix}}{{label}}-{{entityType}}_{{entityNumber}}";
+      const result = generateBranchName(
+        template,
+        "dev/",
+        "issue",
+        789,
+        undefined,
+        "enhancement",
+      );
+
+      expect(result).toBe("dev/enhancement-issue_789");
+    });
+
+    it("should use description in template when provided", () => {
+      const template = "{{prefix}}{{description}}/{{entityNumber}}";
+      const result = generateBranchName(
+        template,
+        "feature/",
+        "issue",
+        123,
+        undefined,
+        undefined,
+        "Fix login bug with OAuth",
+      );
+
+      expect(result).toBe("feature/fix-login-bug-with-oauth/123");
+    });
+
+    it("should handle template with multiple variables including description", () => {
+      const template =
+        "{{prefix}}{{label}}/{{description}}-{{entityType}}_{{entityNumber}}";
+      const result = generateBranchName(
+        template,
+        "dev/",
+        "issue",
+        456,
+        undefined,
+        "bug",
+        "User authentication fails completely",
+      );
+
+      expect(result).toBe(
+        "dev/bug/user-authentication-fails-completely-issue_456",
+      );
+    });
+
+    it("should handle description with special characters in template", () => {
+      const template = "{{prefix}}{{description}}-{{entityNumber}}";
+      const result = generateBranchName(
+        template,
+        "fix/",
+        "pr",
+        789,
+        undefined,
+        undefined,
+        "Add: User Registration & Email Validation",
+      );
+
+      expect(result).toBe("fix/add-user-registration-email-789");
+    });
+
+    it("should truncate descriptions to exactly 5 words", () => {
+      const result = generateBranchName(
+        "{{prefix}}{{description}}/{{entityNumber}}",
+        "feature/",
+        "issue",
+        999,
+        undefined,
+        undefined,
+        "This is a very long title with many more than five words in it",
+      );
+      expect(result).toBe("feature/this-is-a-very-long/999");
+    });
+
+    it("should handle empty description in template", () => {
+      const template = "{{prefix}}{{description}}-{{entityNumber}}";
+      const result = generateBranchName(
+        template,
+        "test/",
+        "issue",
+        101,
+        undefined,
+        undefined,
+        "",
+      );
+
+      expect(result).toBe("test/-101");
+    });
+
+    it("should fallback to default format when template produces empty result", () => {
+      const template = "{{description}}"; // Will be empty if no title provided
+      const result = generateBranchName(template, "claude/", "issue", 123);
+
+      expect(result).toMatch(/^claude\/issue-123-\d{8}-\d{4}$/);
+      expect(result.length).toBeLessThanOrEqual(50);
+    });
+
+    it("should fallback to default format when template produces only whitespace", () => {
+      const template = "  {{description}}  "; // Will be "  " if description is empty
+      const result = generateBranchName(
+        template,
+        "fix/",
+        "pr",
+        456,
+        undefined,
+        undefined,
+        "",
+      );
+
+      expect(result).toMatch(/^fix\/pr-456-\d{8}-\d{4}$/);
+      expect(result.length).toBeLessThanOrEqual(50);
+    });
+  });
+});

test/create-prompt.test.ts

@@ -61,6 +61,7 @@ describe("generatePrompt", () => {
       body: "This is a test PR",
       author: { login: "testuser" },
       state: "OPEN",
+      labels: { nodes: [] },
       createdAt: "2023-01-01T00:00:00Z",
       additions: 15,
       deletions: 5,
@@ -475,6 +476,7 @@ describe("generatePrompt", () => {
         body: "The login form is not working",
         author: { login: "testuser" },
         state: "OPEN",
+        labels: { nodes: [] },
         createdAt: "2023-01-01T00:00:00Z",
         comments: {
           nodes: [],

test/data-fetcher.test.ts

@@ -1,6 +1,7 @@
 import { describe, expect, it, jest } from "bun:test";
 import {
   extractTriggerTimestamp,
+  extractOriginalTitle,
   fetchGitHubData,
   filterCommentsToTriggerTime,
   filterReviewsToTriggerTime,
@@ -9,6 +10,7 @@ import {
 import {
   createMockContext,
   mockIssueCommentContext,
+  mockPullRequestCommentContext,
   mockPullRequestReviewContext,
   mockPullRequestReviewCommentContext,
   mockPullRequestOpenedContext,
@@ -63,6 +65,47 @@ describe("extractTriggerTimestamp", () => {
   });
 });
 
+describe("extractOriginalTitle", () => {
+  it("should extract title from IssueCommentEvent on PR", () => {
+    const title = extractOriginalTitle(mockPullRequestCommentContext);
+    expect(title).toBe("Fix: Memory leak in user service");
+  });
+
+  it("should extract title from PullRequestReviewEvent", () => {
+    const title = extractOriginalTitle(mockPullRequestReviewContext);
+    expect(title).toBe("Refactor: Improve error handling in API layer");
+  });
+
+  it("should extract title from PullRequestReviewCommentEvent", () => {
+    const title = extractOriginalTitle(mockPullRequestReviewCommentContext);
+    expect(title).toBe("Performance: Optimize search algorithm");
+  });
+
+  it("should extract title from pull_request event", () => {
+    const title = extractOriginalTitle(mockPullRequestOpenedContext);
+    expect(title).toBe("Feature: Add user authentication");
+  });
+
+  it("should extract title from issues event", () => {
+    const title = extractOriginalTitle(mockIssueOpenedContext);
+    expect(title).toBe("Bug: Application crashes on startup");
+  });
+
+  it("should return undefined for event without title", () => {
+    const context = createMockContext({
+      eventName: "issue_comment",
+      payload: {
+        comment: {
+          id: 123,
+          body: "test",
+        },
+      } as any,
+    });
+    const title = extractOriginalTitle(context);
+    expect(title).toBeUndefined();
+  });
+});
+
 describe("filterCommentsToTriggerTime", () => {
   const createMockComment = (
     createdAt: string,
@@ -945,4 +988,115 @@ describe("fetchGitHubData integration with time filtering", () => {
     );
     expect(hasPrBodyInMap).toBe(false);
   });
+
+  it("should use originalTitle when provided instead of fetched title", async () => {
+    const mockOctokits = {
+      graphql: jest.fn().mockResolvedValue({
+        repository: {
+          pullRequest: {
+            number: 123,
+            title: "Fetched Title From GraphQL",
+            body: "PR body",
+            author: { login: "author" },
+            createdAt: "2024-01-15T10:00:00Z",
+            additions: 10,
+            deletions: 5,
+            state: "OPEN",
+            commits: { totalCount: 1, nodes: [] },
+            files: { nodes: [] },
+            comments: { nodes: [] },
+            reviews: { nodes: [] },
+          },
+        },
+        user: { login: "trigger-user" },
+      }),
+      rest: jest.fn() as any,
+    };
+
+    const result = await fetchGitHubData({
+      octokits: mockOctokits as any,
+      repository: "test-owner/test-repo",
+      prNumber: "123",
+      isPR: true,
+      triggerUsername: "trigger-user",
+      originalTitle: "Original Title From Webhook",
+    });
+
+    expect(result.contextData.title).toBe("Original Title From Webhook");
+  });
+
+  it("should use fetched title when originalTitle is not provided", async () => {
+    const mockOctokits = {
+      graphql: jest.fn().mockResolvedValue({
+        repository: {
+          pullRequest: {
+            number: 123,
+            title: "Fetched Title From GraphQL",
+            body: "PR body",
+            author: { login: "author" },
+            createdAt: "2024-01-15T10:00:00Z",
+            additions: 10,
+            deletions: 5,
+            state: "OPEN",
+            commits: { totalCount: 1, nodes: [] },
+            files: { nodes: [] },
+            comments: { nodes: [] },
+            reviews: { nodes: [] },
+          },
+        },
+        user: { login: "trigger-user" },
+      }),
+      rest: jest.fn() as any,
+    };
+
+    const result = await fetchGitHubData({
+      octokits: mockOctokits as any,
+      repository: "test-owner/test-repo",
+      prNumber: "123",
+      isPR: true,
+      triggerUsername: "trigger-user",
+    });
+
+    expect(result.contextData.title).toBe("Fetched Title From GraphQL");
+  });
+
+  it("should use original title from webhook even if title was edited after trigger", async () => {
+    const mockOctokits = {
+      graphql: jest.fn().mockResolvedValue({
+        repository: {
+          pullRequest: {
+            number: 123,
+            title: "Edited Title (from GraphQL)",
+            body: "PR body",
+            author: { login: "author" },
+            createdAt: "2024-01-15T10:00:00Z",
+            lastEditedAt: "2024-01-15T12:30:00Z", // Edited after trigger
+            additions: 10,
+            deletions: 5,
+            state: "OPEN",
+            commits: { totalCount: 1, nodes: [] },
+            files: { nodes: [] },
+            comments: { nodes: [] },
+            reviews: { nodes: [] },
+          },
+        },
+        user: { login: "trigger-user" },
+      }),
+      rest: jest.fn() as any,
+    };
+
+    const result = await fetchGitHubData({
+      octokits: mockOctokits as any,
+      repository: "test-owner/test-repo",
+      prNumber: "123",
+      isPR: true,
+      triggerUsername: "trigger-user",
+      triggerTime: "2024-01-15T12:00:00Z",
+      originalTitle: "Original Title (from webhook at trigger time)",
+    });
+
+    expect(result.contextData.title).toBe(
+      "Original Title (from webhook at trigger time)",
+    );
+  });
 });

test/data-formatter.test.ts

@@ -28,6 +28,9 @@ describe("formatContext", () => {
       additions: 50,
       deletions: 30,
       state: "OPEN",
+      labels: {
+        nodes: [],
+      },
       commits: {
         totalCount: 3,
         nodes: [],
@@ -63,6 +66,9 @@ Changed Files: 2 files`,
       author: { login: "test-user" },
       createdAt: "2023-01-01T00:00:00Z",
       state: "OPEN",
+      labels: {
+        nodes: [],
+      },
       comments: {
         nodes: [],
       },

test/detect-actionable-suggestion.test.ts

@@ -0,0 +1,309 @@
+import { describe, expect, it } from "bun:test";
+import {
+  detectActionableSuggestion,
+  isCommentActionableForAutofix,
+  extractSuggestionCode,
+} from "../src/utils/detect-actionable-suggestion";
+
+describe("detectActionableSuggestion", () => {
+  describe("GitHub inline committable suggestions", () => {
+    it("should detect suggestion blocks with high confidence", () => {
+      const comment = `Here's a fix:
+\`\`\`suggestion
+const x = 1;
+\`\`\``;
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasCommittableSuggestion).toBe(true);
+      expect(result.confidence).toBe("high");
+      expect(result.reason).toContain("committable suggestion");
+    });
+
+    it("should detect suggestion blocks with multiple lines", () => {
+      const comment = `\`\`\`suggestion
+function foo() {
+  return bar();
+}
+\`\`\``;
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasCommittableSuggestion).toBe(true);
+      expect(result.confidence).toBe("high");
+    });
+
+    it("should detect suggestion blocks case-insensitively", () => {
+      const comment = `\`\`\`SUGGESTION
+const x = 1;
+\`\`\``;
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasCommittableSuggestion).toBe(true);
+    });
+
+    it("should not confuse regular code blocks with suggestion blocks", () => {
+      const comment = `\`\`\`javascript
+const x = 1;
+\`\`\``;
+      const result = detectActionableSuggestion(comment);
+      expect(result.hasCommittableSuggestion).toBe(false);
+      // But it should still detect the code alternative
+      expect(result.hasCodeAlternative).toBe(true);
+    });
+  });
+
+  describe("bug fix suggestions", () => {
+    it('should detect "should be" patterns', () => {
+      const comment = "This should be `const` instead of `let`";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+      expect(result.confidence).toBe("medium");
+    });
+
+    it('should detect "change to" patterns', () => {
+      const comment = "Change this to use async/await";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it('should detect "replace with" patterns', () => {
+      const comment = "Replace this with Array.from()";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it('should detect "use instead" patterns', () => {
+      const comment = "Use this instead of the deprecated method";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it('should detect "instead of X, use Y" patterns', () => {
+      const comment = "Instead of forEach, use map";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it('should detect "to fix this" patterns', () => {
+      const comment = "To fix this, you need to add the await keyword";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it('should detect "the correct code is" patterns', () => {
+      const comment = "The correct code would be: return null;";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it('should detect "missing semicolon" patterns', () => {
+      const comment = "Missing a semicolon at the end";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it('should detect "typo" patterns', () => {
+      const comment = "Typo here: teh should be the";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it('should detect "wrong type" patterns', () => {
+      const comment = "Wrong type here, should be string not number";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+    });
+
+    it("should have high confidence when bug fix suggestion includes code block", () => {
+      const comment = `You should use const here:
+\`\`\`javascript
+const x = 1;
+\`\`\``;
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasBugFixSuggestion).toBe(true);
+      expect(result.hasCodeAlternative).toBe(true);
+      expect(result.confidence).toBe("high");
+    });
+  });
+
+  describe("code alternatives", () => {
+    it('should detect "try using" patterns', () => {
+      const comment = "Try using Array.map() instead";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+    });
+
+    it('should detect "here\'s the fix" patterns', () => {
+      const comment = "Here's the fix for this issue";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+    });
+
+    it("should detect code blocks as potential alternatives", () => {
+      const comment = `Try this approach:
+\`\`\`
+const result = [];
+\`\`\``;
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasCodeAlternative).toBe(true);
+    });
+  });
+
+  describe("non-actionable comments", () => {
+    it("should not flag general questions", () => {
+      const comment = "Why is this returning undefined?";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(false);
+      expect(result.confidence).toBe("low");
+    });
+
+    it("should not flag simple observations", () => {
+      const comment = "This looks interesting";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(false);
+    });
+
+    it("should not flag approval comments", () => {
+      const comment = "LGTM! :+1:";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(false);
+    });
+
+    it("should handle empty comments", () => {
+      const result = detectActionableSuggestion("");
+      expect(result.isActionable).toBe(false);
+      expect(result.reason).toContain("Empty");
+    });
+
+    it("should handle null comments", () => {
+      const result = detectActionableSuggestion(null);
+      expect(result.isActionable).toBe(false);
+    });
+
+    it("should handle undefined comments", () => {
+      const result = detectActionableSuggestion(undefined);
+      expect(result.isActionable).toBe(false);
+    });
+  });
+
+  describe("edge cases", () => {
+    it("should handle comments with both suggestion block and bug fix language", () => {
+      const comment = `This should be fixed. Here's the suggestion:
+\`\`\`suggestion
+const x = 1;
+\`\`\``;
+      const result = detectActionableSuggestion(comment);
+      // Suggestion block takes precedence (high confidence)
+      expect(result.isActionable).toBe(true);
+      expect(result.hasCommittableSuggestion).toBe(true);
+      expect(result.confidence).toBe("high");
+    });
+
+    it("should handle very long comments", () => {
+      const longContent = "a".repeat(10000);
+      const comment = `${longContent}
+\`\`\`suggestion
+const x = 1;
+\`\`\``;
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+      expect(result.hasCommittableSuggestion).toBe(true);
+    });
+
+    it("should handle comments with special characters", () => {
+      const comment =
+        "You should be using `const` here! @#$%^&* Change this to `let`";
+      const result = detectActionableSuggestion(comment);
+      expect(result.isActionable).toBe(true);
+    });
+  });
+});
+
+describe("isCommentActionableForAutofix", () => {
+  it("should return true for high confidence suggestions", () => {
+    const comment = `\`\`\`suggestion
+const x = 1;
+\`\`\``;
+    expect(isCommentActionableForAutofix(comment)).toBe(true);
+  });
+
+  it("should return true for medium confidence suggestions", () => {
+    const comment = "You should use const here instead of let";
+    expect(isCommentActionableForAutofix(comment)).toBe(true);
+  });
+
+  it("should return false for non-actionable comments", () => {
+    const comment = "This looks fine to me";
+    expect(isCommentActionableForAutofix(comment)).toBe(false);
+  });
+
+  it("should handle bot authors correctly", () => {
+    const comment = `\`\`\`suggestion
+const x = 1;
+\`\`\``;
+    // Should still return true even for bot authors
+    expect(isCommentActionableForAutofix(comment, "claude[bot]")).toBe(true);
+  });
+
+  it("should handle empty comments", () => {
+    expect(isCommentActionableForAutofix("")).toBe(false);
+    expect(isCommentActionableForAutofix(null)).toBe(false);
+    expect(isCommentActionableForAutofix(undefined)).toBe(false);
+  });
+});
+
+describe("extractSuggestionCode", () => {
+  it("should extract code from suggestion block", () => {
+    const comment = `Here's a fix:
+\`\`\`suggestion
+const x = 1;
+\`\`\``;
+    expect(extractSuggestionCode(comment)).toBe("const x = 1;");
+  });
+
+  it("should extract multi-line code from suggestion block", () => {
+    const comment = `\`\`\`suggestion
+function foo() {
+  return bar();
+}
+\`\`\``;
+    expect(extractSuggestionCode(comment)).toBe(
+      "function foo() {\n  return bar();\n}",
+    );
+  });
+
+  it("should handle empty suggestion blocks", () => {
+    const comment = `\`\`\`suggestion
+\`\`\``;
+    expect(extractSuggestionCode(comment)).toBe("");
+  });
+
+  it("should return null for comments without suggestion blocks", () => {
+    const comment = "Just a regular comment";
+    expect(extractSuggestionCode(comment)).toBe(null);
+  });
+
+  it("should return null for empty comments", () => {
+    expect(extractSuggestionCode("")).toBe(null);
+    expect(extractSuggestionCode(null)).toBe(null);
+    expect(extractSuggestionCode(undefined)).toBe(null);
+  });
+
+  it("should not extract from regular code blocks", () => {
+    const comment = `\`\`\`javascript
+const x = 1;
+\`\`\``;
+    expect(extractSuggestionCode(comment)).toBe(null);
+  });
+});

test/github-file-ops-path-validation.test.ts

@@ -0,0 +1,214 @@
+import { describe, expect, it, beforeAll, afterAll } from "bun:test";
+import { validatePathWithinRepo } from "../src/mcp/path-validation";
+import { resolve } from "path";
+import { mkdir, writeFile, symlink, rm, realpath } from "fs/promises";
+import { tmpdir } from "os";
+
+describe("validatePathWithinRepo", () => {
+  // Use a real temp directory for tests that need filesystem access
+  let testDir: string;
+  let repoRoot: string;
+  let outsideDir: string;
+  // Real paths after symlink resolution (e.g., /tmp -> /private/tmp on macOS)
+  let realRepoRoot: string;
+
+  beforeAll(async () => {
+    // Create test directory structure
+    testDir = resolve(tmpdir(), `path-validation-test-${Date.now()}`);
+    repoRoot = resolve(testDir, "repo");
+    outsideDir = resolve(testDir, "outside");
+
+    await mkdir(repoRoot, { recursive: true });
+    await mkdir(resolve(repoRoot, "src"), { recursive: true });
+    await mkdir(outsideDir, { recursive: true });
+
+    // Create test files
+    await writeFile(resolve(repoRoot, "file.txt"), "inside repo");
+    await writeFile(resolve(repoRoot, "src", "main.js"), "console.log('hi')");
+    await writeFile(resolve(outsideDir, "secret.txt"), "sensitive data");
+
+    // Get real paths after symlink resolution
+    realRepoRoot = await realpath(repoRoot);
+  });
+
+  afterAll(async () => {
+    // Cleanup
+    await rm(testDir, { recursive: true, force: true });
+  });
+
+  describe("valid paths", () => {
+    it("should accept simple relative paths", async () => {
+      const result = await validatePathWithinRepo("file.txt", repoRoot);
+      expect(result).toBe(resolve(realRepoRoot, "file.txt"));
+    });
+
+    it("should accept nested relative paths", async () => {
+      const result = await validatePathWithinRepo("src/main.js", repoRoot);
+      expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
+    });
+
+    it("should accept paths with single dot segments", async () => {
+      const result = await validatePathWithinRepo("./src/main.js", repoRoot);
+      expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
+    });
+
+    it("should accept paths that use .. but resolve inside repo", async () => {
+      // src/../file.txt resolves to file.txt which is still inside repo
+      const result = await validatePathWithinRepo("src/../file.txt", repoRoot);
+      expect(result).toBe(resolve(realRepoRoot, "file.txt"));
+    });
+
+    it("should accept absolute paths within the repo root", async () => {
+      const absolutePath = resolve(repoRoot, "file.txt");
+      const result = await validatePathWithinRepo(absolutePath, repoRoot);
+      expect(result).toBe(resolve(realRepoRoot, "file.txt"));
+    });
+
+    it("should accept the repo root itself", async () => {
+      const result = await validatePathWithinRepo(".", repoRoot);
+      expect(result).toBe(realRepoRoot);
+    });
+
+    it("should handle new files (non-existent) in valid directories", async () => {
+      const result = await validatePathWithinRepo("src/newfile.js", repoRoot);
+      // For non-existent files, we validate the parent but return the initial path
+      // (can't realpath a file that doesn't exist yet)
+      expect(result).toBe(resolve(repoRoot, "src/newfile.js"));
+    });
+  });
+
+  describe("path traversal attacks", () => {
+    it("should reject simple parent directory traversal", async () => {
+      await expect(
+        validatePathWithinRepo("../outside/secret.txt", repoRoot),
+      ).rejects.toThrow(/resolves outside the repository root/);
+    });
+
+    it("should reject deeply nested parent directory traversal", async () => {
+      await expect(
+        validatePathWithinRepo("../../../etc/passwd", repoRoot),
+      ).rejects.toThrow(/resolves outside the repository root/);
+    });
+
+    it("should reject traversal hidden within path", async () => {
+      await expect(
+        validatePathWithinRepo("src/../../outside/secret.txt", repoRoot),
+      ).rejects.toThrow(/resolves outside the repository root/);
+    });
+
+    it("should reject traversal at the end of path", async () => {
+      await expect(
+        validatePathWithinRepo("src/../..", repoRoot),
+      ).rejects.toThrow(/resolves outside the repository root/);
+    });
+
+    it("should reject absolute paths outside the repo root", async () => {
+      await expect(
+        validatePathWithinRepo("/etc/passwd", repoRoot),
+      ).rejects.toThrow(/resolves outside the repository root/);
+    });
+
+    it("should reject absolute paths to sibling directories", async () => {
+      await expect(
+        validatePathWithinRepo(resolve(outsideDir, "secret.txt"), repoRoot),
+      ).rejects.toThrow(/resolves outside the repository root/);
+    });
+  });
+
+  describe("symlink attacks", () => {
+    it("should reject symlinks pointing outside the repo", async () => {
+      // Create a symlink inside the repo that points to a file outside
+      const symlinkPath = resolve(repoRoot, "evil-link");
+      await symlink(resolve(outsideDir, "secret.txt"), symlinkPath);
+
+      try {
+        // The symlink path looks like it's inside the repo, but points outside
+        await expect(
+          validatePathWithinRepo("evil-link", repoRoot),
+        ).rejects.toThrow(/resolves outside the repository root/);
+      } finally {
+        await rm(symlinkPath, { force: true });
+      }
+    });
+
+    it("should reject symlinks to parent directories", async () => {
+      // Create a symlink to the parent directory
+      const symlinkPath = resolve(repoRoot, "parent-link");
+      await symlink(testDir, symlinkPath);
+
+      try {
+        await expect(
+          validatePathWithinRepo("parent-link/outside/secret.txt", repoRoot),
+        ).rejects.toThrow(/resolves outside the repository root/);
+      } finally {
+        await rm(symlinkPath, { force: true });
+      }
+    });
+
+    it("should accept symlinks that resolve within the repo", async () => {
+      // Create a symlink inside the repo that points to another file inside
+      const symlinkPath = resolve(repoRoot, "good-link");
+      await symlink(resolve(repoRoot, "file.txt"), symlinkPath);
+
+      try {
+        const result = await validatePathWithinRepo("good-link", repoRoot);
+        // Should resolve to the actual file location
+        expect(result).toBe(resolve(realRepoRoot, "file.txt"));
+      } finally {
+        await rm(symlinkPath, { force: true });
+      }
+    });
+
+    it("should reject directory symlinks that escape the repo", async () => {
+      // Create a symlink to outside directory
+      const symlinkPath = resolve(repoRoot, "escape-dir");
+      await symlink(outsideDir, symlinkPath);
+
+      try {
+        await expect(
+          validatePathWithinRepo("escape-dir/secret.txt", repoRoot),
+        ).rejects.toThrow(/resolves outside the repository root/);
+      } finally {
+        await rm(symlinkPath, { force: true });
+      }
+    });
+  });
+
+  describe("edge cases", () => {
+    it("should handle empty path (current directory)", async () => {
+      const result = await validatePathWithinRepo("", repoRoot);
+      expect(result).toBe(realRepoRoot);
+    });
+
+    it("should handle paths with multiple consecutive slashes", async () => {
+      const result = await validatePathWithinRepo("src//main.js", repoRoot);
+      expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
+    });
+
+    it("should handle paths with trailing slashes", async () => {
+      const result = await validatePathWithinRepo("src/", repoRoot);
+      expect(result).toBe(resolve(realRepoRoot, "src"));
+    });
+
+    it("should reject prefix attack (repo root as prefix but not parent)", async () => {
+      // Create a sibling directory with repo name as prefix
+      const evilDir = repoRoot + "-evil";
+      await mkdir(evilDir, { recursive: true });
+      await writeFile(resolve(evilDir, "file.txt"), "evil");
+
+      try {
+        await expect(
+          validatePathWithinRepo(resolve(evilDir, "file.txt"), repoRoot),
+        ).rejects.toThrow(/resolves outside the repository root/);
+      } finally {
+        await rm(evilDir, { recursive: true, force: true });
+      }
+    });
+
+    it("should throw error for non-existent repo root", async () => {
+      await expect(
+        validatePathWithinRepo("file.txt", "/nonexistent/repo"),
+      ).rejects.toThrow(/does not exist/);
+    });
+  });
+});

test/modes/parse-tools.test.ts

@@ -35,12 +35,44 @@ describe("parseAllowedTools", () => {
     expect(parseAllowedTools("")).toEqual([]);
   });
 
-  test("handles duplicate --allowedTools flags", () => {
+  test("handles --allowedTools followed by another --allowedTools flag", () => {
     const args = "--allowedTools --allowedTools mcp__github__*";
-    // Should not match the first one since the value is another flag
+    // The second --allowedTools is consumed as a value of the first, then skipped.
+    // This is an edge case with malformed input - returns empty.
     expect(parseAllowedTools(args)).toEqual([]);
   });
 
+  test("parses multiple separate --allowed-tools flags", () => {
+    const args =
+      "--allowed-tools 'mcp__context7__*' --allowed-tools 'Read,Glob' --allowed-tools 'mcp__github_inline_comment__*'";
+    expect(parseAllowedTools(args)).toEqual([
+      "mcp__context7__*",
+      "Read",
+      "Glob",
+      "mcp__github_inline_comment__*",
+    ]);
+  });
+
+  test("parses multiple --allowed-tools flags on separate lines", () => {
+    const args = `--model 'claude-haiku'
+--allowed-tools 'mcp__context7__*'
+--allowed-tools 'Read,Glob,Grep'
+--allowed-tools 'mcp__github_inline_comment__create_inline_comment'`;
+    expect(parseAllowedTools(args)).toEqual([
+      "mcp__context7__*",
+      "Read",
+      "Glob",
+      "Grep",
+      "mcp__github_inline_comment__create_inline_comment",
+    ]);
+  });
+
+  test("deduplicates tools from multiple flags", () => {
+    const args =
+      "--allowed-tools 'Read,Glob' --allowed-tools 'Glob,Grep' --allowed-tools 'Read'";
+    expect(parseAllowedTools(args)).toEqual(["Read", "Glob", "Grep"]);
+  });
+
   test("handles typo --alloedTools", () => {
     const args = "--alloedTools mcp__github__*";
     expect(parseAllowedTools(args)).toEqual([]);

test/pull-request-target.test.ts

@@ -87,6 +87,7 @@ describe("pull_request_target event support", () => {
       },
       comments: { nodes: [] },
       reviews: { nodes: [] },
+      labels: { nodes: [] },
     },
     comments: [],
     changedFiles: [],