feat: make README more Australian

Updated the README with Australian slang and expressions while maintaining all technical information:
- Added G'day greeting and fair dinkum language
- Changed section headings to be more Aussie
- Used expressions like "ripper", "bonzer", "she'll be right", "no worries mate"
- Kept all documentation links and technical details intact

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.github/workflows/claude-test.yml

@@ -1,38 +0,0 @@
-# Test workflow for km-anthropic fork (v1-dev branch)
-# This tests the fork implementation, not the main repo
-name: Claude Code (Fork Test)
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-  issues:
-    types: [opened, assigned]
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  claude:
-    if: |
-      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
-      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
-      (github.event_name == 'issues' && (
-        contains(github.event.issue.body, '@claude') || 
-        contains(github.event.issue.title, '@claude')
-      ))
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-      id-token: write # Required for OIDC token exchange
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Run Claude Code
-        uses: km-anthropic/claude-code-action@v1-dev
-        with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

.github/workflows/test-settings.yml

@@ -67,7 +67,7 @@ jobs:
         uses: ./base-action
         with:
           prompt: |
-            Use Bash to echo "This should not work"
+            Run the command `echo $HOME` to check the home directory path
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           settings: |
             {
@@ -163,7 +163,7 @@ jobs:
         uses: ./base-action
         with:
           prompt: |
-            Use Bash to echo "This should not work from file"
+            Run the command `echo $HOME` to check the home directory path
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           settings: "test-settings.json"
 

README.md

@@ -2,69 +2,69 @@
 
 # Claude Code Action
 
-A general-purpose [Claude Code](https://claude.ai/code) action for GitHub PRs and issues that can answer questions and implement code changes. This action intelligently detects when to activate based on your workflow context—whether responding to @claude mentions, issue assignments, or executing automation tasks with explicit prompts. It supports multiple authentication methods including Anthropic direct API, Amazon Bedrock, and Google Vertex AI.
+G'day! This ripper of a [Claude Code](https://claude.ai/code) action for GitHub PRs and issues is fair dinkum brilliant at answering your questions and implementing code changes. This beauty intelligently sussess out when to kick into gear based on your workflow context—whether it's responding to @claude mentions, issue assignments, or executing automation tasks with explicit prompts. She'll work with multiple authentication methods including Anthropic direct API, Amazon Bedrock, and Google Vertex AI, no worries mate!
 
-## Features
+## What This Little Beauty Can Do
 
-- 🎯 **Intelligent Mode Detection**: Automatically selects the appropriate execution mode based on your workflow context—no configuration needed
-- 🤖 **Interactive Code Assistant**: Claude can answer questions about code, architecture, and programming
-- 🔍 **Code Review**: Analyzes PR changes and suggests improvements
-- ✨ **Code Implementation**: Can implement simple fixes, refactoring, and even new features
-- 💬 **PR/Issue Integration**: Works seamlessly with GitHub comments and PR reviews
-- 🛠️ **Flexible Tool Access**: Access to GitHub APIs and file operations (additional tools can be enabled via configuration)
-- 📋 **Progress Tracking**: Visual progress indicators with checkboxes that dynamically update as Claude completes tasks
-- 🏃 **Runs on Your Infrastructure**: The action executes entirely on your own GitHub runner (Anthropic API calls go to your chosen provider)
-- ⚙️ **Simplified Configuration**: Unified `prompt` and `claude_args` inputs provide clean, powerful configuration aligned with Claude Code SDK
+- 🎯 **Smart as a Whip Mode Detection**: Automatically picks the right execution mode based on your workflow context—she's got it sorted, no configuration needed mate
+- 🤖 **Top-Notch Code Mate**: Claude can answer questions about code, architecture, and programming like a proper legend
+- 🔍 **Code Review Champion**: Analyses PR changes and suggests improvements that'll knock your socks off
+- ✨ **Code Implementation Wizard**: Can implement bonzer fixes, refactoring, and even new features
+- 💬 **PR/Issue Integration That's Sweet as**: Works seamlessly with GitHub comments and PR reviews
+- 🛠️ **Flexible Tool Access**: Access to GitHub APIs and file operations (additional tools can be enabled via configuration—she's versatile!)
+- 📋 **Progress Tracking That's the Bee's Knees**: Visual progress indicators with checkboxes that dynamically update as Claude gets the job done
+- 🏃 **Runs on Your Own Patch**: The action executes entirely on your own GitHub runner (Anthropic API calls go to your chosen provider)
+- ⚙️ **Configuration So Simple It's Brilliant**: Unified `prompt` and `claude_args` inputs provide clean, powerful configuration aligned with Claude Code SDK
 
 ## 📦 Upgrading from v0.x?
 
-**See our [Migration Guide](./docs/migration-guide.md)** for step-by-step instructions on updating your workflows to v1.0. The new version simplifies configuration while maintaining compatibility with most existing setups.
+**Check out our [Migration Guide](./docs/migration-guide.md)** for bonzer step-by-step instructions on updating your workflows to v1.0. The new version simplifies configuration while keeping things compatible with most existing setups—no dramas!
 
-## Quickstart
+## Getting Started (She'll Be Right!)
 
-The easiest way to set up this action is through [Claude Code](https://claude.ai/code) in the terminal. Just open `claude` and run `/install-github-app`.
+The easiest way to get this beauty up and running is through [Claude Code](https://claude.ai/code) in the terminal. Just fire up `claude` and run `/install-github-app`.
 
-This command will guide you through setting up the GitHub app and required secrets.
+This ripper command will walk you through setting up the GitHub app and all the required secrets—easy as!
 
-**Note**:
+**Fair Warning**:
 
-- You must be a repository admin to install the GitHub app and add secrets
-- This quickstart method is only available for direct Anthropic API users. For AWS Bedrock or Google Vertex AI setup, see [docs/cloud-providers.md](./docs/cloud-providers.md).
+- You'll need to be a repository admin to install the GitHub app and add secrets (no choice there, mate)
+- This quickstart method is only for direct Anthropic API users. For AWS Bedrock or Google Vertex AI setup, have a squiz at [docs/cloud-providers.md](./docs/cloud-providers.md).
 
-## 📚 Solutions & Use Cases
+## 📚 Solutions & Use Cases (The Good Stuff!)
 
-Looking for specific automation patterns? Check our **[Solutions Guide](./docs/solutions.md)** for complete working examples including:
+Looking for specific automation patterns? Chuck a look at our **[Solutions Guide](./docs/solutions.md)** for bonzer working examples including:
 
-- **🔍 Automatic PR Code Review** - Full review automation
-- **📂 Path-Specific Reviews** - Trigger on critical file changes
-- **👥 External Contributor Reviews** - Special handling for new contributors
-- **📝 Custom Review Checklists** - Enforce team standards
-- **🔄 Scheduled Maintenance** - Automated repository health checks
-- **🏷️ Issue Triage & Labeling** - Automatic categorization
-- **📖 Documentation Sync** - Keep docs updated with code changes
-- **🔒 Security-Focused Reviews** - OWASP-aligned security analysis
+- **🔍 Automatic PR Code Review** - Full review automation that's ace
+- **📂 Path-Specific Reviews** - Trigger on critical file changes (smart as!)
+- **👥 External Contributor Reviews** - Special handling for new contributors (fair dinkum helpful)
+- **📝 Custom Review Checklists** - Enforce team standards like a boss
+- **🔄 Scheduled Maintenance** - Automated repository health checks (keeping things shipshape)
+- **🏷️ Issue Triage & Labeling** - Automatic categorization that's bloody brilliant
+- **📖 Documentation Sync** - Keep docs updated with code changes (no more stale docs!)
+- **🔒 Security-Focused Reviews** - OWASP-aligned security analysis (safe as houses)
 - **📊 DIY Progress Tracking** - Create tracking comments in automation mode
 
-Each solution includes complete working examples, configuration details, and expected outcomes.
+Each solution includes complete working examples, configuration details, and expected outcomes—everything you need to get cracking!
 
-## Documentation
+## Documentation (All The Good Oil)
 
-- **[Solutions Guide](./docs/solutions.md)** - **🎯 Ready-to-use automation patterns**
-- **[Migration Guide](./docs/migration-guide.md)** - **⭐ Upgrading from v0.x to v1.0**
-- [Setup Guide](./docs/setup.md) - Manual setup, custom GitHub apps, and security best practices
-- [Usage Guide](./docs/usage.md) - Basic usage, workflow configuration, and input parameters
-- [Custom Automations](./docs/custom-automations.md) - Examples of automated workflows and custom prompts
-- [Configuration](./docs/configuration.md) - MCP servers, permissions, environment variables, and advanced settings
-- [Experimental Features](./docs/experimental.md) - Execution modes and network restrictions
-- [Cloud Providers](./docs/cloud-providers.md) - AWS Bedrock and Google Vertex AI setup
-- [Capabilities & Limitations](./docs/capabilities-and-limitations.md) - What Claude can and cannot do
-- [Security](./docs/security.md) - Access control, permissions, and commit signing
-- [FAQ](./docs/faq.md) - Common questions and troubleshooting
+- **[Solutions Guide](./docs/solutions.md)** - **🎯 Ready-to-use automation patterns (the real McCoy!)**
+- **[Migration Guide](./docs/migration-guide.md)** - **⭐ Upgrading from v0.x to v1.0 (no worries!)**
+- [Setup Guide](./docs/setup.md) - Manual setup, custom GitHub apps, and security best practices (sorted!)
+- [Usage Guide](./docs/usage.md) - Basic usage, workflow configuration, and input parameters (easy as pie)
+- [Custom Automations](./docs/custom-automations.md) - Examples of automated workflows and custom prompts (get creative!)
+- [Configuration](./docs/configuration.md) - MCP servers, permissions, environment variables, and advanced settings (all the nuts and bolts)
+- [Experimental Features](./docs/experimental.md) - Execution modes and network restrictions (cutting edge stuff)
+- [Cloud Providers](./docs/cloud-providers.md) - AWS Bedrock and Google Vertex AI setup (cloud nine!)
+- [Capabilities & Limitations](./docs/capabilities-and-limitations.md) - What Claude can and cannot do (the honest truth)
+- [Security](./docs/security.md) - Access control, permissions, and commit signing (locked down tight)
+- [FAQ](./docs/faq.md) - Common questions and troubleshooting (when things go pear-shaped)
 
-## 📚 FAQ
+## 📚 FAQ (Got Questions?)
 
-Having issues or questions? Check out our [Frequently Asked Questions](./docs/faq.md) for solutions to common problems and detailed explanations of Claude's capabilities and limitations.
+Running into troubles or got questions? Have a geez at our [Frequently Asked Questions](./docs/faq.md) for solutions to common problems and detailed explanations of Claude's capabilities and limitations. She'll sort you right out!
 
 ## License
 
-This project is licensed under the MIT License—see the LICENSE file for details.
+This project is licensed under the MIT License—check out the LICENSE file for all the legal bits and bobs.

action.yml

@@ -177,7 +177,7 @@ runs:
         # Install Claude Code if no custom executable is provided
         if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
           echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 1.0.112
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.10
           echo "$HOME/.local/bin" >> "$GITHUB_PATH"
         else
           echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
@@ -259,7 +259,7 @@ runs:
         GITHUB_EVENT_NAME: ${{ github.event_name }}
         TRIGGER_COMMENT_ID: ${{ github.event.comment.id }}
         CLAUDE_BRANCH: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
-        IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_review_comment' }}
+        IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_target' || github.event_name == 'pull_request_review_comment' }}
         BASE_BRANCH: ${{ steps.prepare.outputs.BASE_BRANCH }}
         CLAUDE_SUCCESS: ${{ steps.claude-code.outputs.conclusion == 'success' }}
         OUTPUT_FILE: ${{ steps.claude-code.outputs.execution_file || '' }}

base-action/action.yml

@@ -99,7 +99,7 @@ runs:
       run: |
         if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
           echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 1.0.112
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.10
         else
           echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
           # Add the directory containing the custom executable to PATH

docs/custom-automations.md

@@ -15,7 +15,7 @@ The action automatically detects which mode to use based on your configuration:
 
 This action supports the following GitHub events ([learn more GitHub event triggers](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows)):
 
-- `pull_request` - When PRs are opened or synchronized
+- `pull_request` or `pull_request_target` - When PRs are opened or synchronized
 - `issue_comment` - When comments are created on issues or PRs
 - `pull_request_comment` - When comments are made on PR diffs
 - `issues` - When issues are opened or assigned

docs/security.md

@@ -13,6 +13,10 @@
 - **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
 - **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions
 
+## ⚠️ Prompt Injection Risks
+
+**Beware of potential hidden markdown when tagging Claude on untrusted content.** External contributors may include hidden instructions through HTML comments, invisible characters, hidden attributes, or other techniques. The action sanitizes content by stripping HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities, but new bypass techniques may emerge. We recommend reviewing the raw content of all input coming from external contributors before allowing Claude to process it.
+
 ## GitHub App Permissions
 
 The [Claude Code GitHub app](https://github.com/apps/claude) requires these permissions:

docs/usage.md

@@ -59,7 +59,6 @@ jobs:
 | `github_token`                   | GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!**                                                           | No       | -             |
 | `use_bedrock`                    | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API                                                                                                    | No       | `false`       |
 | `use_vertex`                     | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API                                                                                                  | No       | `false`       |
-| `mcp_config`                     | Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers                                                                                    | No       | ""            |
 | `assignee_trigger`               | The assignee username that triggers the action (e.g. @claude). Only used for issue assignment                                                                                  | No       | -             |
 | `label_trigger`                  | The label name that triggers the action when applied to an issue (e.g. "claude")                                                                                               | No       | -             |
 | `trigger_phrase`                 | The trigger phrase to look for in comments, issue/PR bodies, and issue titles                                                                                                  | No       | `@claude`     |
@@ -90,6 +89,7 @@ These inputs are deprecated and will be removed in a future version:
 | `fallback_model`      | **DEPRECATED**: Use `claude_args` with fallback configuration                                | Configure fallback in `claude_args` or `settings`              |
 | `allowed_tools`       | **DEPRECATED**: Use `claude_args` with `--allowedTools` instead                              | Use `claude_args: "--allowedTools Edit,Read,Write"`            |
 | `disallowed_tools`    | **DEPRECATED**: Use `claude_args` with `--disallowedTools` instead                           | Use `claude_args: "--disallowedTools WebSearch"`               |
+| `mcp_config`          | **DEPRECATED**: Use `claude_args` with `--mcp-config` instead                                | Use `claude_args: "--mcp-config '{...}'"`                      |
 | `claude_env`          | **DEPRECATED**: Use `settings` with env configuration                                        | Configure environment in `settings` JSON                       |
 
 \*Required when using direct Anthropic API (default and when not using Bedrock or Vertex)

src/create-prompt/index.ts

@@ -384,6 +384,7 @@ export function getEventTypeAndContext(envVars: PreparedContext): {
       };
 
     case "pull_request":
+    case "pull_request_target":
       return {
         eventType: "PULL_REQUEST",
         triggerContext: eventData.eventAction
@@ -708,7 +709,7 @@ What You CANNOT Do:
 - Modify files in the .github/workflows directory (GitHub App permissions do not allow workflow modifications)
 
 When users ask you to perform actions you cannot do, politely explain the limitation and, when applicable, direct them to the FAQ for more information and workarounds:
-"I'm unable to [specific action] due to [reason]. You can find more information and potential workarounds in the [FAQ](https://github.com/anthropics/claude-code-action/blob/main/FAQ.md)."
+"I'm unable to [specific action] due to [reason]. You can find more information and potential workarounds in the [FAQ](https://github.com/anthropics/claude-code-action/blob/main/docs/faq.md)."
 
 If a user asks for something outside these capabilities (and you have no other tools provided), politely explain that you cannot perform that action and suggest an alternative approach if possible.
 

src/create-prompt/types.ts

@@ -78,8 +78,7 @@ type IssueLabeledEvent = {
   labelTrigger: string;
 };
 
-type PullRequestEvent = {
-  eventName: "pull_request";
+type PullRequestBaseEvent = {
   eventAction?: string; // opened, synchronize, etc.
   isPR: true;
   prNumber: string;
@@ -87,6 +86,14 @@ type PullRequestEvent = {
   baseBranch?: string;
 };
 
+type PullRequestEvent = PullRequestBaseEvent & {
+  eventName: "pull_request";
+};
+
+type PullRequestTargetEvent = PullRequestBaseEvent & {
+  eventName: "pull_request_target";
+};
+
 // Union type for all possible event types
 export type EventData =
   | PullRequestReviewCommentEvent
@@ -96,7 +103,8 @@ export type EventData =
   | IssueOpenedEvent
   | IssueAssignedEvent
   | IssueLabeledEvent
-  | PullRequestEvent;
+  | PullRequestEvent
+  | PullRequestTargetEvent;
 
 // Combined type with separate eventData field
 export type PreparedContext = CommonFields & {

src/github/context.ts

@@ -174,7 +174,8 @@ export function parseGitHubContext(): GitHubContext {
         isPR: Boolean(payload.issue.pull_request),
       };
     }
-    case "pull_request": {
+    case "pull_request":
+    case "pull_request_target": {
       const payload = context.payload as PullRequestEvent;
       return {
         ...commonFields,

src/mcp/install-mcp-server.ts

@@ -3,6 +3,7 @@ import { GITHUB_API_URL, GITHUB_SERVER_URL } from "../github/api/config";
 import type { GitHubContext } from "../github/context";
 import { isEntityContext } from "../github/context";
 import { Octokit } from "@octokit/rest";
+import type { AutoDetectedMode } from "../modes/detector";
 
 type PrepareConfigParams = {
   githubToken: string;
@@ -12,8 +13,8 @@ type PrepareConfigParams = {
   baseBranch: string;
   claudeCommentId?: string;
   allowedTools: string[];
+  mode: AutoDetectedMode;
   context: GitHubContext;
-  mode: "tag" | "agent";
 };
 
 async function checkActionsReadPermission(
@@ -65,8 +66,13 @@ export async function prepareMcpConfig(
   try {
     const allowedToolsList = allowedTools || [];
 
+    // Detect if we're in agent mode (explicit prompt provided)
     const isAgentMode = mode === "agent";
 
+    const hasGitHubCommentTools = allowedToolsList.some((tool) =>
+      tool.startsWith("mcp__github_comment__"),
+    );
+
     const hasGitHubMcpTools = allowedToolsList.some((tool) =>
       tool.startsWith("mcp__github__"),
     );
@@ -86,7 +92,7 @@ export async function prepareMcpConfig(
     // Include comment server:
     // - Always in tag mode (for updating Claude comments)
     // - Only with explicit tools in agent mode
-    const shouldIncludeCommentServer = !isAgentMode;
+    const shouldIncludeCommentServer = !isAgentMode || hasGitHubCommentTools;
 
     if (shouldIncludeCommentServer) {
       baseMcpConfig.mcpServers.github_comment = {

src/modes/agent/index.ts

@@ -135,8 +135,8 @@ export const agentMode: Mode = {
       baseBranch: baseBranch,
       claudeCommentId: undefined, // No tracking comment in agent mode
       allowedTools,
-      context,
       mode: "agent",
+      context,
     });
 
     // Build final claude_args with multiple --mcp-config flags

src/modes/agent/parse-tools.ts

@@ -1,10 +1,10 @@
 export function parseAllowedTools(claudeArgs: string): string[] {
-  // Match --allowedTools followed by the value
+  // Match --allowedTools or --allowed-tools followed by the value
   // Handle both quoted and unquoted values
   const patterns = [
-    /--allowedTools\s+"([^"]+)"/, // Double quoted
-    /--allowedTools\s+'([^']+)'/, // Single quoted
-    /--allowedTools\s+([^\s]+)/, // Unquoted
+    /--(?:allowedTools|allowed-tools)\s+"([^"]+)"/, // Double quoted
+    /--(?:allowedTools|allowed-tools)\s+'([^']+)'/, // Single quoted
+    /--(?:allowedTools|allowed-tools)\s+([^\s]+)/, // Unquoted
   ];
 
   for (const pattern of patterns) {

src/modes/tag/index.ts

@@ -14,6 +14,7 @@ import { createPrompt, generateDefaultPrompt } from "../../create-prompt";
 import { isEntityContext } from "../../github/context";
 import type { PreparedContext } from "../../create-prompt/types";
 import type { FetchDataResult } from "../../github/data/fetcher";
+import { parseAllowedTools } from "../agent/parse-tools";
 
 /**
  * Tag mode implementation.
@@ -112,20 +113,10 @@ export const tagMode: Mode = {
 
     await createPrompt(tagMode, modeContext, githubData, context);
 
-    // Get our GitHub MCP servers configuration
-    const ourMcpConfig = await prepareMcpConfig({
-      githubToken,
-      owner: context.repository.owner,
-      repo: context.repository.repo,
-      branch: branchInfo.claudeBranch || branchInfo.currentBranch,
-      baseBranch: branchInfo.baseBranch,
-      claudeCommentId: commentId.toString(),
-      allowedTools: [],
-      context,
-      mode: "tag",
-    });
-
-    // Don't output mcp_config separately anymore - include in claude_args
+    const userClaudeArgs = process.env.CLAUDE_ARGS || "";
+    const userAllowedMCPTools = parseAllowedTools(userClaudeArgs).filter(
+      (tool) => tool.startsWith("mcp__github_"),
+    );
 
     // Build claude_args for tag mode with required tools
     // Tag mode REQUIRES these tools to function properly
@@ -141,6 +132,7 @@ export const tagMode: Mode = {
       "mcp__github_ci__get_ci_status",
       "mcp__github_ci__get_workflow_run_details",
       "mcp__github_ci__download_job_log",
+      ...userAllowedMCPTools,
     ];
 
     // Add git commands when not using commit signing
@@ -162,7 +154,18 @@ export const tagMode: Mode = {
       );
     }
 
-    const userClaudeArgs = process.env.CLAUDE_ARGS || "";
+    // Get our GitHub MCP servers configuration
+    const ourMcpConfig = await prepareMcpConfig({
+      githubToken,
+      owner: context.repository.owner,
+      repo: context.repository.repo,
+      branch: branchInfo.claudeBranch || branchInfo.currentBranch,
+      baseBranch: branchInfo.baseBranch,
+      claudeCommentId: commentId.toString(),
+      allowedTools: Array.from(new Set(tagModeTools)),
+      mode: "tag",
+      context,
+    });
 
     // Build complete claude_args with multiple --mcp-config flags
     let claudeArgs = "";

test/install-mcp-server.test.ts

@@ -106,8 +106,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: [],
-      context: mockContextWithSigning,
       mode: "tag",
+      context: mockContextWithSigning,
     });
 
     const parsed = JSON.parse(result);
@@ -130,8 +130,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: ["mcp__github__create_issue", "mcp__github__create_pr"],
-      context: mockContext,
       mode: "tag",
+      context: mockContext,
     });
 
     const parsed = JSON.parse(result);
@@ -151,8 +151,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: ["mcp__github_inline_comment__create_inline_comment"],
-      context: mockPRContext,
       mode: "tag",
+      context: mockPRContext,
     });
 
     const parsed = JSON.parse(result);
@@ -172,8 +172,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: [],
-      context: mockContext,
       mode: "tag",
+      context: mockContext,
     });
 
     const parsed = JSON.parse(result);
@@ -193,8 +193,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: [],
-      context: mockContextWithSigning,
       mode: "tag",
+      context: mockContextWithSigning,
     });
 
     const parsed = JSON.parse(result);
@@ -213,8 +213,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: [],
-      context: mockContextWithSigning,
       mode: "tag",
+      context: mockContextWithSigning,
     });
 
     const parsed = JSON.parse(result);
@@ -231,8 +231,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: [],
-      context: mockPRContext,
       mode: "tag",
+      context: mockPRContext,
     });
 
     const parsed = JSON.parse(result);
@@ -251,8 +251,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: [],
-      context: mockContext,
       mode: "tag",
+      context: mockContext,
     });
 
     const parsed = JSON.parse(result);
@@ -269,8 +269,8 @@ describe("prepareMcpConfig", () => {
       branch: "test-branch",
       baseBranch: "main",
       allowedTools: [],
-      context: mockPRContext,
       mode: "tag",
+      context: mockPRContext,
     });
 
     const parsed = JSON.parse(result);

test/modes/parse-tools.test.ts

@@ -68,4 +68,20 @@ describe("parseAllowedTools", () => {
       "mcp__github_comment__update",
     ]);
   });
+
+  test("parses kebab-case --allowed-tools", () => {
+    const args = "--allowed-tools mcp__github__*,mcp__github_comment__*";
+    expect(parseAllowedTools(args)).toEqual([
+      "mcp__github__*",
+      "mcp__github_comment__*",
+    ]);
+  });
+
+  test("parses quoted kebab-case --allowed-tools", () => {
+    const args = '--allowed-tools "mcp__github__*,mcp__github_comment__*"';
+    expect(parseAllowedTools(args)).toEqual([
+      "mcp__github__*",
+      "mcp__github_comment__*",
+    ]);
+  });
 });

test/pull-request-target.test.ts

@@ -0,0 +1,504 @@
+#!/usr/bin/env bun
+
+import { describe, test, expect } from "bun:test";
+import {
+  getEventTypeAndContext,
+  generatePrompt,
+  generateDefaultPrompt,
+} from "../src/create-prompt";
+import type { PreparedContext } from "../src/create-prompt";
+import type { Mode } from "../src/modes/types";
+
+describe("pull_request_target event support", () => {
+  // Mock tag mode for testing
+  const mockTagMode: Mode = {
+    name: "tag",
+    description: "Tag mode",
+    shouldTrigger: () => true,
+    prepareContext: (context) => ({ mode: "tag", githubContext: context }),
+    getAllowedTools: () => [],
+    getDisallowedTools: () => [],
+    shouldCreateTrackingComment: () => true,
+    generatePrompt: (context, githubData, useCommitSigning) =>
+      generateDefaultPrompt(context, githubData, useCommitSigning),
+    prepare: async () => ({
+      commentId: 123,
+      branchInfo: {
+        baseBranch: "main",
+        currentBranch: "main",
+        claudeBranch: undefined,
+      },
+      mcpConfig: "{}",
+    }),
+  };
+
+  const mockGitHubData = {
+    contextData: {
+      title: "External PR via pull_request_target",
+      body: "This PR comes from a forked repository",
+      author: { login: "external-contributor" },
+      state: "OPEN",
+      createdAt: "2023-01-01T00:00:00Z",
+      additions: 25,
+      deletions: 3,
+      baseRefName: "main",
+      headRefName: "feature-branch",
+      headRefOid: "abc123",
+      commits: {
+        totalCount: 2,
+        nodes: [
+          {
+            commit: {
+              oid: "commit1",
+              message: "Initial feature implementation",
+              author: {
+                name: "External Dev",
+                email: "external@example.com",
+              },
+            },
+          },
+          {
+            commit: {
+              oid: "commit2",
+              message: "Fix typos and formatting",
+              author: {
+                name: "External Dev",
+                email: "external@example.com",
+              },
+            },
+          },
+        ],
+      },
+      files: {
+        nodes: [
+          {
+            path: "src/feature.ts",
+            additions: 20,
+            deletions: 2,
+            changeType: "MODIFIED",
+          },
+          {
+            path: "tests/feature.test.ts",
+            additions: 5,
+            deletions: 1,
+            changeType: "ADDED",
+          },
+        ],
+      },
+      comments: { nodes: [] },
+      reviews: { nodes: [] },
+    },
+    comments: [],
+    changedFiles: [],
+    changedFilesWithSHA: [
+      {
+        path: "src/feature.ts",
+        additions: 20,
+        deletions: 2,
+        changeType: "MODIFIED",
+        sha: "abc123",
+      },
+      {
+        path: "tests/feature.test.ts",
+        additions: 5,
+        deletions: 1,
+        changeType: "ADDED",
+        sha: "abc123",
+      },
+    ],
+    reviewData: { nodes: [] },
+    imageUrlMap: new Map<string, string>(),
+  };
+
+  describe("prompt generation for pull_request_target", () => {
+    test("should generate correct prompt for pull_request_target event", () => {
+      const envVars: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          eventName: "pull_request_target",
+          eventAction: "opened",
+          isPR: true,
+          prNumber: "123",
+        },
+      };
+
+      const prompt = generatePrompt(
+        envVars,
+        mockGitHubData,
+        false,
+        mockTagMode,
+      );
+
+      // Should contain pull request event type and metadata
+      expect(prompt).toContain("<event_type>PULL_REQUEST</event_type>");
+      expect(prompt).toContain("<is_pr>true</is_pr>");
+      expect(prompt).toContain("<pr_number>123</pr_number>");
+      expect(prompt).toContain(
+        "<trigger_context>pull request opened</trigger_context>",
+      );
+
+      // Should contain PR-specific information
+      expect(prompt).toContain(
+        "- src/feature.ts (MODIFIED) +20/-2 SHA: abc123",
+      );
+      expect(prompt).toContain(
+        "- tests/feature.test.ts (ADDED) +5/-1 SHA: abc123",
+      );
+      expect(prompt).toContain("external-contributor");
+      expect(prompt).toContain("<repository>owner/repo</repository>");
+    });
+
+    test("should handle pull_request_target with commit signing disabled", () => {
+      const envVars: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          eventName: "pull_request_target",
+          eventAction: "synchronize",
+          isPR: true,
+          prNumber: "456",
+        },
+      };
+
+      const prompt = generatePrompt(
+        envVars,
+        mockGitHubData,
+        false,
+        mockTagMode,
+      );
+
+      // Should include git commands for non-commit-signing mode
+      expect(prompt).toContain("git push");
+      expect(prompt).toContain(
+        "Always push to the existing branch when triggered on a PR",
+      );
+      expect(prompt).toContain("mcp__github_comment__update_claude_comment");
+
+      // Should not include commit signing tools
+      expect(prompt).not.toContain("mcp__github_file_ops__commit_files");
+    });
+
+    test("should handle pull_request_target with commit signing enabled", () => {
+      const envVars: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          eventName: "pull_request_target",
+          eventAction: "synchronize",
+          isPR: true,
+          prNumber: "456",
+        },
+      };
+
+      const prompt = generatePrompt(envVars, mockGitHubData, true, mockTagMode);
+
+      // Should include commit signing tools
+      expect(prompt).toContain("mcp__github_file_ops__commit_files");
+      expect(prompt).toContain("mcp__github_file_ops__delete_files");
+      expect(prompt).toContain("mcp__github_comment__update_claude_comment");
+
+      // Should not include git command instructions
+      expect(prompt).not.toContain("Use git commands via the Bash tool");
+    });
+
+    test("should treat pull_request_target same as pull_request in prompt generation", () => {
+      const baseContext: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          eventName: "pull_request_target",
+          eventAction: "opened",
+          isPR: true,
+          prNumber: "123",
+        },
+      };
+
+      // Generate prompt for pull_request
+      const pullRequestContext: PreparedContext = {
+        ...baseContext,
+        eventData: {
+          ...baseContext.eventData,
+          eventName: "pull_request",
+          isPR: true,
+          prNumber: "123",
+        },
+      };
+
+      // Generate prompt for pull_request_target
+      const pullRequestTargetContext: PreparedContext = {
+        ...baseContext,
+        eventData: {
+          ...baseContext.eventData,
+          eventName: "pull_request_target",
+          isPR: true,
+          prNumber: "123",
+        },
+      };
+
+      const pullRequestPrompt = generatePrompt(
+        pullRequestContext,
+        mockGitHubData,
+        false,
+        mockTagMode,
+      );
+      const pullRequestTargetPrompt = generatePrompt(
+        pullRequestTargetContext,
+        mockGitHubData,
+        false,
+        mockTagMode,
+      );
+
+      // Both should have the same event type and structure
+      expect(pullRequestPrompt).toContain(
+        "<event_type>PULL_REQUEST</event_type>",
+      );
+      expect(pullRequestTargetPrompt).toContain(
+        "<event_type>PULL_REQUEST</event_type>",
+      );
+
+      expect(pullRequestPrompt).toContain(
+        "<trigger_context>pull request opened</trigger_context>",
+      );
+      expect(pullRequestTargetPrompt).toContain(
+        "<trigger_context>pull request opened</trigger_context>",
+      );
+
+      // Both should contain PR-specific instructions
+      expect(pullRequestPrompt).toContain(
+        "Always push to the existing branch when triggered on a PR",
+      );
+      expect(pullRequestTargetPrompt).toContain(
+        "Always push to the existing branch when triggered on a PR",
+      );
+    });
+
+    test("should handle pull_request_target in agent mode with custom prompt", () => {
+      const envVars: PreparedContext = {
+        repository: "test/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        prompt: "Review this pull_request_target PR for security issues",
+        eventData: {
+          eventName: "pull_request_target",
+          eventAction: "opened",
+          isPR: true,
+          prNumber: "789",
+        },
+      };
+
+      // Use agent mode which passes through the prompt as-is
+      const mockAgentMode: Mode = {
+        name: "agent",
+        description: "Agent mode",
+        shouldTrigger: () => true,
+        prepareContext: (context) => ({
+          mode: "agent",
+          githubContext: context,
+        }),
+        getAllowedTools: () => [],
+        getDisallowedTools: () => [],
+        shouldCreateTrackingComment: () => true,
+        generatePrompt: (context) => context.prompt || "default prompt",
+        prepare: async () => ({
+          commentId: 123,
+          branchInfo: {
+            baseBranch: "main",
+            currentBranch: "main",
+            claudeBranch: undefined,
+          },
+          mcpConfig: "{}",
+        }),
+      };
+
+      const prompt = generatePrompt(
+        envVars,
+        mockGitHubData,
+        false,
+        mockAgentMode,
+      );
+
+      expect(prompt).toBe(
+        "Review this pull_request_target PR for security issues",
+      );
+    });
+
+    test("should handle pull_request_target with no custom prompt", () => {
+      const envVars: PreparedContext = {
+        repository: "test/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          eventName: "pull_request_target",
+          eventAction: "synchronize",
+          isPR: true,
+          prNumber: "456",
+        },
+      };
+
+      const prompt = generatePrompt(
+        envVars,
+        mockGitHubData,
+        false,
+        mockTagMode,
+      );
+
+      // Should generate default prompt structure
+      expect(prompt).toContain("<event_type>PULL_REQUEST</event_type>");
+      expect(prompt).toContain("<pr_number>456</pr_number>");
+      expect(prompt).toContain(
+        "Always push to the existing branch when triggered on a PR",
+      );
+    });
+  });
+
+  describe("pull_request_target vs pull_request behavior consistency", () => {
+    test("should produce identical event processing for both event types", () => {
+      const baseEventData = {
+        eventAction: "opened",
+        isPR: true,
+        prNumber: "100",
+      };
+
+      const pullRequestEvent: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          ...baseEventData,
+          eventName: "pull_request",
+          isPR: true,
+          prNumber: "100",
+        },
+      };
+
+      const pullRequestTargetEvent: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          ...baseEventData,
+          eventName: "pull_request_target",
+          isPR: true,
+          prNumber: "100",
+        },
+      };
+
+      // Both should have identical event type detection
+      const prResult = getEventTypeAndContext(pullRequestEvent);
+      const prtResult = getEventTypeAndContext(pullRequestTargetEvent);
+
+      expect(prResult.eventType).toBe(prtResult.eventType);
+      expect(prResult.triggerContext).toBe(prtResult.triggerContext);
+    });
+
+    test("should handle edge cases in pull_request_target events", () => {
+      // Test with minimal event data
+      const minimalContext: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          eventName: "pull_request_target",
+          isPR: true,
+          prNumber: "1",
+        },
+      };
+
+      const result = getEventTypeAndContext(minimalContext);
+      expect(result.eventType).toBe("PULL_REQUEST");
+      expect(result.triggerContext).toBe("pull request event");
+
+      // Should not throw when generating prompt
+      expect(() => {
+        generatePrompt(minimalContext, mockGitHubData, false, mockTagMode);
+      }).not.toThrow();
+    });
+
+    test("should handle all valid pull_request_target actions", () => {
+      const actions = ["opened", "synchronize", "reopened", "closed", "edited"];
+
+      actions.forEach((action) => {
+        const context: PreparedContext = {
+          repository: "owner/repo",
+          claudeCommentId: "12345",
+          triggerPhrase: "@claude",
+          eventData: {
+            eventName: "pull_request_target",
+            eventAction: action,
+            isPR: true,
+            prNumber: "1",
+          },
+        };
+
+        const result = getEventTypeAndContext(context);
+        expect(result.eventType).toBe("PULL_REQUEST");
+        expect(result.triggerContext).toBe(`pull request ${action}`);
+      });
+    });
+  });
+
+  describe("security considerations for pull_request_target", () => {
+    test("should maintain same prompt structure regardless of event source", () => {
+      // Test that external PRs don't get different treatment in prompts
+      const internalPR: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          eventName: "pull_request",
+          eventAction: "opened",
+          isPR: true,
+          prNumber: "1",
+        },
+      };
+
+      const externalPR: PreparedContext = {
+        repository: "owner/repo",
+        claudeCommentId: "12345",
+        triggerPhrase: "@claude",
+        eventData: {
+          eventName: "pull_request_target",
+          eventAction: "opened",
+          isPR: true,
+          prNumber: "1",
+        },
+      };
+
+      const internalPrompt = generatePrompt(
+        internalPR,
+        mockGitHubData,
+        false,
+        mockTagMode,
+      );
+      const externalPrompt = generatePrompt(
+        externalPR,
+        mockGitHubData,
+        false,
+        mockTagMode,
+      );
+
+      // Should have same tool access patterns
+      expect(
+        internalPrompt.includes("mcp__github_comment__update_claude_comment"),
+      ).toBe(
+        externalPrompt.includes("mcp__github_comment__update_claude_comment"),
+      );
+
+      // Should have same branch handling instructions
+      expect(
+        internalPrompt.includes(
+          "Always push to the existing branch when triggered on a PR",
+        ),
+      ).toBe(
+        externalPrompt.includes(
+          "Always push to the existing branch when triggered on a PR",
+        ),
+      );
+    });
+  });
+});