chore: bump Claude Code version to 1.0.108

The GitHub comment MCP server was being included in agent mode even when no comment tools were explicitly allowed. This fix ensures the server is only included in tag mode where it's always needed for updating Claude comments.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Claude <noreply@anthropic.com>

.github/workflows/issue-triage.yml

@@ -11,7 +11,6 @@ jobs:
     permissions:
       contents: read
       issues: write
-      id-token: write
 
     steps:
       - name: Checkout repository
@@ -102,6 +101,8 @@ jobs:
         with:
           prompt: $(cat /tmp/claude-prompts/triage-prompt.txt)
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          allowed_non_write_users: "*"
           claude_args: |
             --allowedTools Bash(gh label list),mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__update_issue,mcp__github__search_issues,mcp__github__list_issues
             --mcp-config /tmp/mcp-config/mcp-servers.json

action.yml

@@ -27,6 +27,10 @@ inputs:
     description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots."
     required: false
     default: ""
+  allowed_non_write_users:
+    description: "Comma-separated list of usernames to allow without write permissions, or '*' to allow all users. Only works when github_token input is provided. WARNING: Use with extreme caution - this bypasses security checks and should only be used for workflows with very limited permissions (e.g., issue labeling)."
+    required: false
+    default: ""
 
   # Claude Code configuration
   prompt:
@@ -148,6 +152,7 @@ runs:
         BRANCH_PREFIX: ${{ inputs.branch_prefix }}
         OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
         ALLOWED_BOTS: ${{ inputs.allowed_bots }}
+        ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }}
         GITHUB_RUN_ID: ${{ github.run_id }}
         USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
         DEFAULT_WORKFLOW_TOKEN: ${{ github.token }}
@@ -172,7 +177,7 @@ runs:
         # Install Claude Code if no custom executable is provided
         if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
           echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 1.0.107
+          curl -fsSL https://claude.ai/install.sh | bash -s 1.0.108
           echo "$HOME/.local/bin" >> "$GITHUB_PATH"
         else
           echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"

base-action/action.yml

@@ -99,7 +99,7 @@ runs:
       run: |
         if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
           echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 1.0.107
+          curl -fsSL https://claude.ai/install.sh | bash -s 1.0.108
         else
           echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
           # Add the directory containing the custom executable to PATH

docs/custom-automations.md

@@ -21,7 +21,7 @@ This action supports the following GitHub events ([learn more GitHub event trigg
 - `issues` - When issues are opened or assigned
 - `pull_request_review` - When PR reviews are submitted
 - `pull_request_review_comment` - When comments are made on PR reviews
-- `repository_dispatch` - Custom events triggered via API (coming soon)
+- `repository_dispatch` - Custom events triggered via API
 - `workflow_dispatch` - Manual workflow triggers (coming soon)
 
 ## Automated Documentation Updates

docs/security.md

@@ -4,6 +4,11 @@
 
 - **Repository Access**: The action can only be triggered by users with write access to the repository
 - **Bot User Control**: By default, GitHub Apps and bots cannot trigger this action for security reasons. Use the `allowed_bots` parameter to enable specific bots or all bots
+- **⚠️ Non-Write User Access (RISKY)**: The `allowed_non_write_users` parameter allows bypassing the write permission requirement. **This is a significant security risk and should only be used for workflows with extremely limited permissions** (e.g., issue labeling workflows that only have `issues: write` permission). This feature:
+  - Only works when `github_token` is provided as input (not with GitHub App authentication)
+  - Accepts either a comma-separated list of specific usernames or `*` to allow all users
+  - **Should be used with extreme caution** as it bypasses the primary security mechanism of this action
+  - Is designed for automation workflows where user permissions are already restricted by the workflow's permission scope
 - **Token Permissions**: The GitHub app receives only a short-lived token scoped specifically to the repository it's operating in
 - **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
 - **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions

docs/usage.md

@@ -48,7 +48,7 @@ jobs:
 ## Inputs
 
 | Input                          | Description                                                                                                                                                                    | Required | Default       |
-| ------------------------------ | -------------------------------------------------------------------------------------------------------------------- | -------- | ------------- |
+| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------------- |
 | `anthropic_api_key`            | Anthropic API key (required for direct API, not needed for Bedrock/Vertex)                                                                                                     | No\*     | -             |
 | `claude_code_oauth_token`      | Claude Code OAuth token (alternative to anthropic_api_key)                                                                                                                     | No\*     | -             |
 | `prompt`                       | Instructions for Claude. Can be a direct prompt or custom template for automation workflows                                                                                    | No       | -             |
@@ -71,6 +71,7 @@ jobs:
 | `bot_id`                       | GitHub user ID to use for git operations (defaults to Claude's bot ID)                                                                                                         | No       | `41898282`    |
 | `bot_name`                     | GitHub username to use for git operations (defaults to Claude's bot name)                                                                                                      | No       | `claude[bot]` |
 | `allowed_bots`                 | Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots                                                                | No       | ""            |
+| `allowed_non_write_users`      | **⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md) | No       | ""            |
 
 ### Deprecated Inputs
 

examples/issue-triage.yml

@@ -10,7 +10,6 @@ jobs:
     permissions:
       contents: read
       issues: write
-      id-token: write
 
     steps:
       - name: Checkout repository
@@ -72,5 +71,6 @@ jobs:
             - It's okay to not add any labels if none are clearly applicable
 
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           claude_args: |
             --allowedTools "Bash(gh label list),mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__update_issue,mcp__github__search_issues,mcp__github__list_issues"

src/entrypoints/prepare.ts

@@ -30,9 +30,13 @@ async function run() {
 
     // Step 3: Check write permissions (only for entity contexts)
     if (isEntityContext(context)) {
+      // Check if github_token was provided as input (not from app)
+      const githubTokenProvided = !!process.env.OVERRIDE_GITHUB_TOKEN;
       const hasWritePermissions = await checkWritePermissions(
         octokit.rest,
         context,
+        context.inputs.allowedNonWriteUsers,
+        githubTokenProvided,
       );
       if (!hasWritePermissions) {
         throw new Error(

src/github/context.ts

@@ -26,6 +26,20 @@ export type WorkflowDispatchEvent = {
   workflow: string;
 };
 
+export type RepositoryDispatchEvent = {
+  action: string;
+  client_payload?: Record<string, any>;
+  repository: {
+    name: string;
+    owner: {
+      login: string;
+    };
+  };
+  sender: {
+    login: string;
+  };
+};
+
 export type ScheduleEvent = {
   action?: never;
   schedule?: string;
@@ -48,6 +62,7 @@ const ENTITY_EVENT_NAMES = [
 
 const AUTOMATION_EVENT_NAMES = [
   "workflow_dispatch",
+  "repository_dispatch",
   "schedule",
   "workflow_run",
 ] as const;
@@ -78,6 +93,7 @@ type BaseContext = {
     botId: string;
     botName: string;
     allowedBots: string;
+    allowedNonWriteUsers: string;
     trackProgress: boolean;
   };
 };
@@ -95,10 +111,14 @@ export type ParsedGitHubContext = BaseContext & {
   isPR: boolean;
 };
 
-// Context for automation events (workflow_dispatch, schedule, workflow_run)
+// Context for automation events (workflow_dispatch, repository_dispatch, schedule, workflow_run)
 export type AutomationContext = BaseContext & {
   eventName: AutomationEventName;
-  payload: WorkflowDispatchEvent | ScheduleEvent | WorkflowRunEvent;
+  payload:
+    | WorkflowDispatchEvent
+    | RepositoryDispatchEvent
+    | ScheduleEvent
+    | WorkflowRunEvent;
 };
 
 // Union type for all contexts
@@ -128,6 +148,7 @@ export function parseGitHubContext(): GitHubContext {
       botId: process.env.BOT_ID ?? String(CLAUDE_APP_BOT_ID),
       botName: process.env.BOT_NAME ?? CLAUDE_BOT_LOGIN,
       allowedBots: process.env.ALLOWED_BOTS ?? "",
+      allowedNonWriteUsers: process.env.ALLOWED_NON_WRITE_USERS ?? "",
       trackProgress: process.env.TRACK_PROGRESS === "true",
     },
   };
@@ -190,6 +211,13 @@ export function parseGitHubContext(): GitHubContext {
         payload: context.payload as unknown as WorkflowDispatchEvent,
       };
     }
+    case "repository_dispatch": {
+      return {
+        ...commonFields,
+        eventName: "repository_dispatch",
+        payload: context.payload as unknown as RepositoryDispatchEvent,
+      };
+    }
     case "schedule": {
       return {
         ...commonFields,

src/github/validation/permissions.ts

@@ -6,17 +6,43 @@ import type { Octokit } from "@octokit/rest";
  * Check if the actor has write permissions to the repository
  * @param octokit - The Octokit REST client
  * @param context - The GitHub context
+ * @param allowedNonWriteUsers - Comma-separated list of users allowed without write permissions, or '*' for all
+ * @param githubTokenProvided - Whether github_token was provided as input (not from app)
  * @returns true if the actor has write permissions, false otherwise
  */
 export async function checkWritePermissions(
   octokit: Octokit,
   context: ParsedGitHubContext,
+  allowedNonWriteUsers?: string,
+  githubTokenProvided?: boolean,
 ): Promise<boolean> {
   const { repository, actor } = context;
 
   try {
     core.info(`Checking permissions for actor: ${actor}`);
 
+    // Check if we should bypass permission checks for this user
+    if (allowedNonWriteUsers && githubTokenProvided) {
+      const allowedUsers = allowedNonWriteUsers.trim();
+      if (allowedUsers === "*") {
+        core.warning(
+          `⚠️ SECURITY WARNING: Bypassing write permission check for ${actor} due to allowed_non_write_users='*'. This should only be used for workflows with very limited permissions.`,
+        );
+        return true;
+      } else if (allowedUsers) {
+        const allowedUserList = allowedUsers
+          .split(",")
+          .map((u) => u.trim())
+          .filter((u) => u.length > 0);
+        if (allowedUserList.includes(actor)) {
+          core.warning(
+            `⚠️ SECURITY WARNING: Bypassing write permission check for ${actor} due to allowed_non_write_users configuration. This should only be used for workflows with very limited permissions.`,
+          );
+          return true;
+        }
+      }
+    }
+
     // Check if the actor is a GitHub App (bot user)
     if (actor.endsWith("[bot]")) {
       core.info(`Actor is a GitHub App: ${actor}`);

src/mcp/install-mcp-server.ts

@@ -74,10 +74,6 @@ export async function prepareMcpConfig(
       tool.startsWith("mcp__github_inline_comment__"),
     );
 
-    const hasGitHubCommentTools = allowedToolsList.some((tool) =>
-      tool.startsWith("mcp__github_comment__"),
-    );
-
     const hasGitHubCITools = allowedToolsList.some((tool) =>
       tool.startsWith("mcp__github_ci__"),
     );
@@ -89,7 +85,7 @@ export async function prepareMcpConfig(
     // Include comment server:
     // - Always in tag mode (for updating Claude comments)
     // - Only with explicit tools in agent mode
-    const shouldIncludeCommentServer = !isAgentMode || hasGitHubCommentTools;
+    const shouldIncludeCommentServer = !isAgentMode;
 
     if (shouldIncludeCommentServer) {
       baseMcpConfig.mcpServers.github_comment = {

src/modes/detector.ts

@@ -44,6 +44,10 @@ export function detectMode(context: GitHubContext): AutoDetectedMode {
 
   // Issue events
   if (isEntityContext(context) && isIssuesEvent(context)) {
+    // If prompt is provided, use agent mode (same as PR events)
+    if (context.inputs.prompt) {
+      return "agent";
+    }
     // Check for @claude mentions or labels/assignees
     if (checkContainsTrigger(context)) {
       return "tag";

test/install-mcp-server.test.ts

@@ -35,6 +35,7 @@ describe("prepareMcpConfig", () => {
       botId: String(CLAUDE_APP_BOT_ID),
       botName: CLAUDE_BOT_LOGIN,
       allowedBots: "",
+      allowedNonWriteUsers: "",
       trackProgress: false,
     },
   };

test/mockContext.ts

@@ -1,6 +1,7 @@
 import type {
   ParsedGitHubContext,
   AutomationContext,
+  RepositoryDispatchEvent,
 } from "../src/github/context";
 import type {
   IssuesEvent,
@@ -22,6 +23,7 @@ const defaultInputs = {
   botId: String(CLAUDE_APP_BOT_ID),
   botName: CLAUDE_BOT_LOGIN,
   allowedBots: "",
+  allowedNonWriteUsers: "",
   trackProgress: false,
 };
 
@@ -81,6 +83,33 @@ export const createMockAutomationContext = (
   return { ...baseContext, ...overrides, inputs: mergedInputs };
 };
 
+export const mockRepositoryDispatchContext: AutomationContext = {
+  runId: "1234567890",
+  eventName: "repository_dispatch",
+  eventAction: undefined,
+  repository: defaultRepository,
+  actor: "automation-user",
+  payload: {
+    action: "trigger-analysis",
+    client_payload: {
+      source: "issue-detective",
+      issue_number: 42,
+      repository_name: "test-owner/test-repo",
+      analysis_type: "bug-report",
+    },
+    repository: {
+      name: "test-repo",
+      owner: {
+        login: "test-owner",
+      },
+    },
+    sender: {
+      login: "automation-user",
+    },
+  } as RepositoryDispatchEvent,
+  inputs: defaultInputs,
+};
+
 export const mockIssueOpenedContext: ParsedGitHubContext = {
   runId: "1234567890",
   eventName: "issues",

test/modes/agent.test.ts

@@ -76,6 +76,11 @@ describe("Agent Mode", () => {
     });
     expect(agentMode.shouldTrigger(scheduleContext)).toBe(false);
 
+    const repositoryDispatchContext = createMockAutomationContext({
+      eventName: "repository_dispatch",
+    });
+    expect(agentMode.shouldTrigger(repositoryDispatchContext)).toBe(false);
+
     // Should NOT trigger for entity events without prompt
     const entityEvents = [
       "issue_comment",
@@ -92,6 +97,7 @@ describe("Agent Mode", () => {
     // Should trigger for ANY event when prompt is provided
     const allEvents = [
       "workflow_dispatch",
+      "repository_dispatch",
       "schedule",
       "issue_comment",
       "pull_request",
@@ -101,7 +107,9 @@ describe("Agent Mode", () => {
 
     allEvents.forEach((eventName) => {
       const contextWithPrompt =
-        eventName === "workflow_dispatch" || eventName === "schedule"
+        eventName === "workflow_dispatch" ||
+        eventName === "repository_dispatch" ||
+        eventName === "schedule"
           ? createMockAutomationContext({
               eventName,
               inputs: { prompt: "Do something" },

test/modes/registry.test.ts

@@ -2,7 +2,11 @@ import { describe, test, expect } from "bun:test";
 import { getMode, isValidMode } from "../../src/modes/registry";
 import { agentMode } from "../../src/modes/agent";
 import { tagMode } from "../../src/modes/tag";
-import { createMockContext, createMockAutomationContext } from "../mockContext";
+import {
+  createMockContext,
+  createMockAutomationContext,
+  mockRepositoryDispatchContext,
+} from "../mockContext";
 
 describe("Mode Registry", () => {
   const mockContext = createMockContext({
@@ -50,6 +54,34 @@ describe("Mode Registry", () => {
     expect(mode.name).toBe("agent");
   });
 
+  test("getMode auto-detects agent for repository_dispatch event", () => {
+    const mode = getMode(mockRepositoryDispatchContext);
+    expect(mode).toBe(agentMode);
+    expect(mode.name).toBe("agent");
+  });
+
+  test("getMode auto-detects agent for repository_dispatch with client_payload", () => {
+    const contextWithPayload = createMockAutomationContext({
+      eventName: "repository_dispatch",
+      payload: {
+        action: "trigger-analysis",
+        client_payload: {
+          source: "external-system",
+          metadata: { priority: "high" },
+        },
+        repository: {
+          name: "test-repo",
+          owner: { login: "test-owner" },
+        },
+        sender: { login: "automation-user" },
+      },
+    });
+
+    const mode = getMode(contextWithPayload);
+    expect(mode).toBe(agentMode);
+    expect(mode.name).toBe("agent");
+  });
+
   // Removed test - legacy mode names no longer supported in v1.0
 
   test("getMode auto-detects agent mode for PR opened", () => {

test/permissions.test.ts

@@ -71,6 +71,7 @@ describe("checkWritePermissions", () => {
       botId: String(CLAUDE_APP_BOT_ID),
       botName: CLAUDE_BOT_LOGIN,
       allowedBots: "",
+      allowedNonWriteUsers: "",
       trackProgress: false,
     },
   });
@@ -175,4 +176,126 @@ describe("checkWritePermissions", () => {
       username: "test-user",
     });
   });
+
+  describe("allowed_non_write_users bypass", () => {
+    test("should bypass permission check for specific user when github_token provided", async () => {
+      const mockOctokit = createMockOctokit("read");
+      const context = createContext();
+
+      const result = await checkWritePermissions(
+        mockOctokit,
+        context,
+        "test-user,other-user",
+        true,
+      );
+
+      expect(result).toBe(true);
+      expect(coreWarningSpy).toHaveBeenCalledWith(
+        "⚠️ SECURITY WARNING: Bypassing write permission check for test-user due to allowed_non_write_users configuration. This should only be used for workflows with very limited permissions.",
+      );
+    });
+
+    test("should bypass permission check for all users with wildcard", async () => {
+      const mockOctokit = createMockOctokit("read");
+      const context = createContext();
+
+      const result = await checkWritePermissions(
+        mockOctokit,
+        context,
+        "*",
+        true,
+      );
+
+      expect(result).toBe(true);
+      expect(coreWarningSpy).toHaveBeenCalledWith(
+        "⚠️ SECURITY WARNING: Bypassing write permission check for test-user due to allowed_non_write_users='*'. This should only be used for workflows with very limited permissions.",
+      );
+    });
+
+    test("should NOT bypass permission check when user not in allowed list", async () => {
+      const mockOctokit = createMockOctokit("read");
+      const context = createContext();
+
+      const result = await checkWritePermissions(
+        mockOctokit,
+        context,
+        "other-user,another-user",
+        true,
+      );
+
+      expect(result).toBe(false);
+      expect(coreWarningSpy).toHaveBeenCalledWith(
+        "Actor has insufficient permissions: read",
+      );
+    });
+
+    test("should NOT bypass permission check when github_token not provided", async () => {
+      const mockOctokit = createMockOctokit("read");
+      const context = createContext();
+
+      const result = await checkWritePermissions(
+        mockOctokit,
+        context,
+        "test-user",
+        false,
+      );
+
+      expect(result).toBe(false);
+      expect(coreWarningSpy).toHaveBeenCalledWith(
+        "Actor has insufficient permissions: read",
+      );
+    });
+
+    test("should NOT bypass permission check when allowed_non_write_users is empty", async () => {
+      const mockOctokit = createMockOctokit("read");
+      const context = createContext();
+
+      const result = await checkWritePermissions(
+        mockOctokit,
+        context,
+        "",
+        true,
+      );
+
+      expect(result).toBe(false);
+      expect(coreWarningSpy).toHaveBeenCalledWith(
+        "Actor has insufficient permissions: read",
+      );
+    });
+
+    test("should handle whitespace in allowed_non_write_users list", async () => {
+      const mockOctokit = createMockOctokit("read");
+      const context = createContext();
+
+      const result = await checkWritePermissions(
+        mockOctokit,
+        context,
+        " test-user , other-user ",
+        true,
+      );
+
+      expect(result).toBe(true);
+      expect(coreWarningSpy).toHaveBeenCalledWith(
+        "⚠️ SECURITY WARNING: Bypassing write permission check for test-user due to allowed_non_write_users configuration. This should only be used for workflows with very limited permissions.",
+      );
+    });
+
+    test("should bypass for bot users even when allowed_non_write_users is set", async () => {
+      const mockOctokit = createMockOctokit("none");
+      const context = createContext();
+      context.actor = "test-bot[bot]";
+
+      const result = await checkWritePermissions(
+        mockOctokit,
+        context,
+        "some-user",
+        true,
+      );
+
+      expect(result).toBe(true);
+      expect(coreInfoSpy).toHaveBeenCalledWith(
+        "Actor is a GitHub App: test-bot[bot]",
+      );
+    });
+  });
 });

tests/modes/detector.test.ts

@@ -113,6 +113,33 @@ describe("detectMode with enhanced routing", () => {
 
       expect(detectMode(context)).toBe("agent");
     });
+
+    it("should use agent mode for issues with explicit prompt", () => {
+      const context: GitHubContext = {
+        ...baseContext,
+        eventName: "issues",
+        eventAction: "opened",
+        payload: { issue: { number: 1, body: "Test issue" } } as any,
+        entityNumber: 1,
+        isPR: false,
+        inputs: { ...baseContext.inputs, prompt: "Analyze this issue" },
+      };
+
+      expect(detectMode(context)).toBe("agent");
+    });
+
+    it("should use tag mode for issues with @claude mention and no prompt", () => {
+      const context: GitHubContext = {
+        ...baseContext,
+        eventName: "issues",
+        eventAction: "opened",
+        payload: { issue: { number: 1, body: "@claude help" } } as any,
+        entityNumber: 1,
+        isPR: false,
+      };
+
+      expect(detectMode(context)).toBe("tag");
+    });
   });
 
   describe("Comment Events (unchanged behavior)", () => {