a6888c03f2
Implement time-based filtering for GitHub comments and reviews to prevent malicious actors from editing existing comments after Claude is triggered to inject harmful content. Changes: - Add updatedAt and lastEditedAt fields to GraphQL queries - Update GitHubComment and GitHubReview types with timestamp fields - Implement filterCommentsToTriggerTime() and filterReviewsToTriggerTime() - Add extractTriggerTimestamp() to extract trigger time from webhooks - Update tag and review modes to pass trigger timestamp to data fetcher Security benefits: - Prevents comment injection attacks via post-trigger edits - Maintains chronological integrity of conversation context - Ensures only comments in their final state before trigger are processed - Backward compatible with graceful degradation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com>
Claude Code Action
A general-purpose Claude Code action for GitHub PRs and issues that can answer questions and implement code changes. This action intelligently detects when to activate based on your workflow context—whether responding to @claude mentions, issue assignments, or executing automation tasks with explicit prompts. It supports multiple authentication methods including Anthropic direct API, Amazon Bedrock, and Google Vertex AI.
Features
- 🎯 Intelligent Mode Detection: Automatically selects the appropriate execution mode based on your workflow context—no configuration needed
- 🤖 Interactive Code Assistant: Claude can answer questions about code, architecture, and programming
- 🔍 Code Review: Analyzes PR changes and suggests improvements
- ✨ Code Implementation: Can implement simple fixes, refactoring, and even new features
- 💬 PR/Issue Integration: Works seamlessly with GitHub comments and PR reviews
- 🛠️ Flexible Tool Access: Access to GitHub APIs and file operations (additional tools can be enabled via configuration)
- 📋 Progress Tracking: Visual progress indicators with checkboxes that dynamically update as Claude completes tasks
- 🏃 Runs on Your Infrastructure: The action executes entirely on your own GitHub runner (Anthropic API calls go to your chosen provider)
- ⚙️ Simplified Configuration: Unified
promptandclaude_argsinputs provide clean, powerful configuration aligned with Claude Code SDK
📦 Upgrading from v0.x?
See our Migration Guide for step-by-step instructions on updating your workflows to v1.0. The new version simplifies configuration while maintaining compatibility with most existing setups.
Quickstart
The easiest way to set up this action is through Claude Code in the terminal. Just open claude and run /install-github-app.
This command will guide you through setting up the GitHub app and required secrets.
Note:
- You must be a repository admin to install the GitHub app and add secrets
- This quickstart method is only available for direct Anthropic API users. For AWS Bedrock or Google Vertex AI setup, see docs/cloud-providers.md.
Documentation
- Migration Guide - ⭐ Upgrading from v0.x to v1.0
- Setup Guide - Manual setup, custom GitHub apps, and security best practices
- Usage Guide - Basic usage, workflow configuration, and input parameters
- Custom Automations - Examples of automated workflows and custom prompts
- Configuration - MCP servers, permissions, environment variables, and advanced settings
- Experimental Features - Execution modes and network restrictions
- Cloud Providers - AWS Bedrock and Google Vertex AI setup
- Capabilities & Limitations - What Claude can and cannot do
- Security - Access control, permissions, and commit signing
- FAQ - Common questions and troubleshooting
📚 FAQ
Having issues or questions? Check out our Frequently Asked Questions for solutions to common problems and detailed explanations of Claude's capabilities and limitations.
License
This project is licensed under the MIT License—see the LICENSE file for details.