This repository was archived by the owner on Dec 29, 2025. It is now read-only.
Sync with upstream #2
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tional (#353) * feat: add agent mode for automation scenarios - Add agent mode that always triggers without checking for mentions - Implement Mode interface with support for mode-specific tool configuration - Add getAllowedTools() and getDisallowedTools() methods to Mode interface - Simplify tests by combining related test cases - Update documentation and examples to include agent mode - Fix TypeScript imports to prevent circular dependencies Agent mode is designed for automation and workflow_dispatch scenarios where Claude should always run without requiring trigger phrases. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Minor update to readme (from @main to @beta) * Since workflow_dispatch isn't in the base action, update the examples accordingly * minor formatting issue * Update to say beta instead of main * Fix missed tracking comment to be false * add schedule & workflow dispatch paths. Also make prepare logic conditional * tests * Add test workflow for workflow_dispatch functionality * Update workflow to use correct branch reference * remove test workflow dispatch file * minor lint update * update workflow dispatch agent example * minor lint update * refactor: simplify prepare logic with mode-specific implementations * ensure tag mode can't work with workflow dispatch and schedule tasks * simplify: remove workflow_dispatch/schedule from create-prompt - Remove workflow_dispatch and schedule event handling from create-prompt since agent mode doesn't use the standard prompt generation flow - Enforce mode compatibility at selection time in the registry instead of runtime validation in tag mode - Add explanatory comment in agent mode about why prompt file is needed - Update tests to reflect simplified event handling This reduces code duplication and makes the separation between tag mode (entity-based events) and agent mode (automation events) clearer. * simplify PR by making agent mode only work with workflow dispatch and schedule events * remove unnecessary changes * remove unnecessary changes from PR - Revert update-comment-link.ts changes (agent mode doesn't use this) - Revert create-initial.ts changes (agent mode doesn't create comments) - Remove unused default-branch.ts file - Revert install-mcp-server.ts changes (agent mode uses minimal MCP) These files are only used by tag mode for entity-based events, not needed for workflow_dispatch/schedule support via agent mode. * fix: handle optional entityNumber for TypeScript - Add runtime checks in files that require entityNumber - These files are only used by tag mode which always has entityNumber - Agent mode (workflow_dispatch/schedule) doesn't use these files * linting update --------- Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
* feat: add agent mode for automation scenarios - Add agent mode that always triggers without checking for mentions - Implement Mode interface with support for mode-specific tool configuration - Add getAllowedTools() and getDisallowedTools() methods to Mode interface - Simplify tests by combining related test cases - Update documentation and examples to include agent mode - Fix TypeScript imports to prevent circular dependencies Agent mode is designed for automation and workflow_dispatch scenarios where Claude should always run without requiring trigger phrases. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Minor update to readme (from @main to @beta) * Since workflow_dispatch isn't in the base action, update the examples accordingly * minor formatting issue * Update to say beta instead of main * Fix missed tracking comment to be false * add schedule & workflow dispatch paths. Also make prepare logic conditional * tests * Add test workflow for workflow_dispatch functionality * Update workflow to use correct branch reference * remove test workflow dispatch file * minor lint update * update workflow dispatch agent example * minor lint update * refactor: simplify prepare logic with mode-specific implementations * ensure tag mode can't work with workflow dispatch and schedule tasks * simplify: remove workflow_dispatch/schedule from create-prompt - Remove workflow_dispatch and schedule event handling from create-prompt since agent mode doesn't use the standard prompt generation flow - Enforce mode compatibility at selection time in the registry instead of runtime validation in tag mode - Add explanatory comment in agent mode about why prompt file is needed - Update tests to reflect simplified event handling This reduces code duplication and makes the separation between tag mode (entity-based events) and agent mode (automation events) clearer. * simplify PR by making agent mode only work with workflow dispatch and schedule events * remove unnecessary changes * remove unnecessary changes from PR - Revert update-comment-link.ts changes (agent mode doesn't use this) - Revert create-initial.ts changes (agent mode doesn't create comments) - Remove unused default-branch.ts file - Revert install-mcp-server.ts changes (agent mode uses minimal MCP) These files are only used by tag mode for entity-based events, not needed for workflow_dispatch/schedule support via agent mode. * fix: handle optional entityNumber for TypeScript - Add runtime checks in files that require entityNumber - These files are only used by tag mode which always has entityNumber - Agent mode (workflow_dispatch/schedule) doesn't use these files * linting update * refactor: implement discriminated unions for GitHub contexts Split ParsedGitHubContext into entity-specific and automation contexts: - ParsedGitHubContext: For entity events (issues/PRs) with required entityNumber and isPR - AutomationContext: For workflow_dispatch/schedule events without entity fields - GitHubContext: Union type for all contexts This eliminates ~20 null checks throughout the codebase and provides better type safety. Entity-specific code paths are now guaranteed to have the required fields. Co-Authored-By: Claude <noreply@anthropic.com> * update comment * More robust type checking * refactor: improve discriminated union implementation based on review feedback - Use eventName checks instead of 'in' operator for more robust type guards - Remove unnecessary type assertions - TypeScript's control flow analysis works correctly - Remove redundant runtime checks for entityNumber and isPR - Simplify code by using context directly after type guard Co-Authored-By: Claude <noreply@anthropic.com> * some structural simplification * refactor: further simplify discriminated union implementation - Add event name constants to reduce duplication - Derive EntityEventName and AutomationEventName types from constants - Use isAutomationContext consistently in agent mode and registry - Simplify parseGitHubContext by removing redundant type assertions - Extract payload casts to variables for cleaner code Co-Authored-By: Claude <noreply@anthropic.com> * bun format * specify the type * minor linting update again --------- Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
* docs: enhance CLAUDE.md with comprehensive architecture overview - Add detailed two-phase execution architecture documentation - Document mode system (tag/agent) and extensible registry pattern - Include comprehensive GitHub integration layer breakdown - Add MCP server architecture and authentication flow details - Document branch strategy, comment threading, and code conventions - Provide complete project structure with component descriptions 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * docs: clarify base-action dual purpose and remove branch strategy - Explain base-action serves as both standalone published action and internal logic - Remove branch strategy section as requested - Improve architecture documentation clarity --------- Co-authored-by: Claude <noreply@anthropic.com>
…368) * feat: ignore minimized comments * fix tests
Update add_pull_request_review_comment_to_pending_review to add_comment_to_pending_review following upstream change in github/github-mcp-server#697 - Update .github/workflows/claude-review.yml - Update examples/claude-auto-review.yml
* chore: remove empty xml tags * format
* fix: Include cache tokens in the stats * Update format-turns.ts * fix test * format
* feat: add review mode for PR code reviews - Add 'review' as a new execution mode in action.yml - Use default GitHub Action token (ACTIONS_TOKEN) for review mode - Create review mode implementation with GitHub MCP tools included by default - Move review-specific prompt to review mode's generatePrompt method - Add comprehensive review workflow instructions for inline comments - Fix type safety with proper mode validation - Keep agent mode's simple inline prompt handling * docs: add review mode example workflow * update sample workflow * fix: update review mode example to use @beta tag * fix: enable automatic triggering for review mode on PR events * fix: export allowed tools environment variables in review mode The GitHub MCP tools were not being properly allowed because review mode wasn't exporting the ALLOWED_TOOLS environment variable like agent mode does. This caused all GitHub MCP tool calls to be blocked with permission errors. * feat: add review mode workflow for testing * fix: use INPUT_ prefix for allowed/disallowed tools environment variables The base action expects INPUT_ALLOWED_TOOLS and INPUT_DISALLOWED_TOOLS (following GitHub Actions input naming convention) but we were exporting them without the INPUT_ prefix. This was causing the tools to not be properly allowed in the base action. * fix: add explicit review tool names and additional workflow permissions - Add explicit tool names in case wildcards aren't working properly - Add statuses and checks write permissions to workflow - Include both github and github_comment MCP server tools * refactor: consolidate review workflows and use review mode - Update claude-review.yml to use review mode instead of direct_prompt - Use km-anthropic fork action - Remove duplicate claude-review-mode.yml workflow - Add synchronize event to review PR updates - Update permissions for review mode (remove id-token, add pull-requests/issues write) * feat: enhance review mode to provide detailed tracking comment summary - Update review mode prompt to explicitly request detailed summaries - Include issue counts, key findings, and recommendations in tracking comment - Ensure users can see complete review overview without checking each inline comment * Revert "refactor: consolidate review workflows and use review mode" This reverts commit 54ca948. * fix: address PR review feedback for review mode - Make generatePrompt required in Mode interface - Implement generatePrompt in all modes (tag, agent, review) - Remove unnecessary git/branch operations from review mode - Restrict review mode triggers to specific PR actions - Fix type safety issues by removing any types - Update tests to support new Mode interface * test: update mode registry tests to include review mode * chore: run prettier formatting * fix: make mode parameter required in generatePrompt function Remove optional mode parameter since the function throws an error when mode is not provided. This makes the type signature consistent with the actual behavior. * fix: remove last any type and update README with review mode - Remove any type cast in review mode by using isPullRequestEvent type guard - Add review mode documentation to README execution modes section - Update mode parameter description in README configuration table * mandatory bun format * fix: improve review mode GitHub suggestion format instructions - Add clear guidance on GitHub's suggestion block format - Emphasize that suggestions must only replace the specific commented lines - Add examples of correct vs incorrect suggestion formatting - Clarify when to use multi-line comments with startLine and line parameters - Guide on handling complex changes that require multiple modifications This should resolve issues where suggestions aren't directly committable. * Add missing MCP tools for experimental-review mode based on test requirements * chore: format code * docs: add experimental-review mode documentation with clear warnings * docs: remove emojis from experimental-review mode documentation * docs: clarify experimental-review mode triggers - depends on workflow configuration * minor format update * test: fix registry tests for experimental-review mode name change * refactor: clean up review mode implementation based on feedback - Remove unused parameters from generatePrompt in agent and review modes - Keep Claude comment requirement for review mode (tracking comment) - Add overridePrompt support to review mode - Remove non-existent MCP tools from review mode allowed list - Fix unused import in agent mode These changes address all review feedback while maintaining clean code and proper functionality. * fix: remove redundant update_claude_comment from review mode allowed tools The github_comment server is always included automatically, so we don't need to explicitly list mcp__github_comment__update_claude_comment in the allowed tools. * feat: review mode now uses review body instead of tracking comment - Remove tracking comment creation from review mode - Update prompt to instruct Claude to write comprehensive review in body - Remove comment ID requirement for review mode - The review submission body now serves as the main review content This makes review mode cleaner with one less comment on the PR. The review body contains all the information that would have been in the tracking comment. * add back id-token: write for example * Add PR number for context + make it mandatory to have a PR associated * add `mcp__github__add_issue_comment` tool * rename token * bun format --------- Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
…le events (#378) * docs: clarify agent mode only works with workflow_dispatch and schedule events Updates documentation to match the current implementation where agent mode is restricted to workflow_dispatch and schedule events only. This addresses the confusion reported in issues #364 and #376. Changes: - Updated README to clearly state agent mode limitations - Added explicit note that agent mode does NOT work with PR/issue events - Updated example workflows to only show supported event types - Updated CLAUDE.md internal documentation Fixes #364 Fixes #376 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * minor formatting update * update agent mode docs --------- Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
Updated all references from ACTIONS_TOKEN to DEFAULT_WORKFLOW_TOKEN to match the naming convention used in action.yml where the GitHub token is passed as DEFAULT_WORKFLOW_TOKEN environment variable.
* feat: add slash command shipping infrastructure - Created /slash-commands/ directory to store bundled slash commands - Added code-review.md slash command for automated PR reviews - Modified setup-claude-code-settings.ts to copy slash commands to ~/.claude/ - Added test coverage for slash command installation - Commands are automatically installed when the GitHub Action runs * fix: simplify slash command implementation to match codebase patterns - Reverted to using Bun's $ shell syntax consistently with the rest of the codebase - Simplified slash command copying to basic shell commands - Removed unnecessary fs/promises complexity - Maintained all functionality and test coverage - More appropriate for GitHub Action context where inputs are trusted * remove test slash command * fix: rename slash_commands_dir to experimental_slash_commands_dir - Added 'experimental' prefix as suggested by Ashwin - Updated all references in action.yml and base-action - Restored accidentally removed code-review.md file --------- Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
- Move FAQ.md to docs/faq.md - Create structured documentation files: - setup.md: Manual setup and custom GitHub app instructions - usage.md: Basic usage and workflow configuration - custom-automations.md: Automation examples - configuration.md: MCP servers and advanced settings - experimental.md: Execution modes and network restrictions - cloud-providers.md: AWS Bedrock and Google Vertex setup - capabilities-and-limitations.md: Features and constraints - security.md: Security information - Condense README.md to overview with links to detailed docs - Keep CONTRIBUTING.md, SECURITY.md, CODE_OF_CONDUCT.md at top level
Allows modes to provide custom system prompts that are appended to Claude's base system prompt. This enables mode-specific instructions without modifying the core action logic. - Add optional getSystemPrompt method to Mode interface - Implement method in all existing modes (tag, agent, review) - Update prepare.ts to call getSystemPrompt and export as env var - Wire up APPEND_SYSTEM_PROMPT in action.yml to pass to base-action All modes currently return undefined (no additional prompts), but the infrastructure is now in place for future modes to provide custom instructions.
* feat: support html img tag * rm files * refactor
- Restore prompt file creation logic that was accidentally removed in PR #374 - Agent mode now creates the prompt file directly in prepare() method - Uses override_prompt or direct_prompt if available, falls back to minimal prompt - Fixes 'Prompt file does not exist' error for workflow_dispatch and schedule events - Add TODO comment to refactor this to use createPrompt in the future Fixes #403
) These git config commands are no longer needed as allowed tools since Claude should not be modifying git configuration settings. Updated the corresponding test to reflect this intentional change. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com>
- Renamed scripts/pre-push to scripts/pre-commit - Updated install-hooks.sh to install pre-commit hook - Hook now runs formatting, type checking, and tests before commit
* feat: add inline comment MCP server for experimental review mode - Create standalone inline PR comments without review workflow - Support single-line and multi-line comments - Auto-install server when in experimental review mode - Uses octokit.rest.pulls.createReviewComment() directly * docs: clarify GitHub code suggestion syntax in inline comment server Add clear documentation that suggestion blocks replace the entire selected line range and must be syntactically complete drop-in replacements. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
* chore: add --debug and retry loop to Claude Code installation Adds 2-minute timeout with up to 3 retry attempts for installation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: remove unsupported --debug flag from install script 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
* chore: remove experimental allowed domains feature Remove the experimental_allowed_domains feature which was used to restrict network access via a Squid proxy. This removes: - The input definition from action.yml - The Network Restrictions workflow step - The setup-network-restrictions.sh script - Documentation from experimental.md, usage.md, and related files - The input default from collect-inputs.ts * chore: fix formatting with prettier Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>
The GNU `timeout` command is not available on macOS. Check if it exists and use it when available, otherwise run without timeout. Also extracts the version into a CLAUDE_CODE_VERSION variable for easier maintenance. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
Add trigger-time validation for issue/PR body content to prevent attackers from exploiting a race condition where they edit the body between when an authorized user triggers @claude and when Claude processes the request. The existing filterCommentsToTriggerTime() already protected comments - this extends the same pattern to the main issue/PR body via isBodySafeToUse(). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
* feat: add Agent SDK support with USE_AGENT_SDK feature flag Add a feature-flagged code path that uses the Agent SDK instead of spawning the CLI as a subprocess. When USE_AGENT_SDK=true is set, the new SDK path is used; otherwise, existing CLI behavior is unchanged. Changes: - Add parse-sdk-options.ts for parsing ClaudeOptions into SDK format - Add run-claude-sdk.ts for SDK execution with query() function - Update run-claude.ts with feature flag check at entry point - Update update-comment-link.ts to handle both cost_usd and total_cost_usd - Add @anthropic-ai/claude-agent-sdk dependency 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * refactor: simplify SDK types by using @anthropic-ai/claude-agent-sdk types directly - Remove duplicate SdkRunOptions and McpStdioServerConfig types - Use SDK's Options and McpStdioServerConfig types directly - Return { sdkOptions, showFullOutput, hasJsonSchema } from parseSdkOptions - Remove unnecessary convertMcpServers function - Net reduction of ~70 lines 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * refactor: use extraArgs for claudeArgs pass-through to CLI Simplify option parsing by converting claudeArgs to extraArgs record and letting the SDK/CLI handle --mcp-config, --json-schema, etc. - Remove extractJsonSchema and parseMcpConfigs functions - Add parseClaudeArgsToExtraArgs for simple flag parsing - CLI handles complex args like --mcp-config directly 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * ci * refactor: remove hardcoded permission bypass flags The SDK path should match CLI path behavior - permissions are handled by the CLI itself, not hardcoded in the action. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * chore: add logging for SDK vs CLI path selection --------- Co-authored-by: Claude <noreply@anthropic.com>
* fix: `commentBody` may be `null` This handles the cases where `pull_request_review` events have no comments (`commentBody` field is `null`). In those cases, the `null` value is converted to the empty string. The issue was testing `!commentBody` which was triggerring on empty strings as well. This guard was removed (which is the fix), but for clarity, the `commentBody` field was also made optional to make it clear that the comment may be missing. * fix: bun run format
Adds a shorter, more concise prompt for tag mode that trusts the model to figure out details. Opt-in via USE_SIMPLE_PROMPT=true. The simplified prompt keeps all context data but reduces instructions from ~250 to ~70 lines. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
* fix: merge allowedTools from claudeArgs when using Agent SDK When USE_AGENT_SDK=true, the allowedTools from claudeArgs (which contains tag mode's required tools like mcp__github_comment__update_claude_comment) were being lost because parseClaudeArgsToExtraArgs converts args to a Record<string, string>, and the SDK was using sdkOptions.allowedTools (from direct options) instead of merging with extraArgs.allowedTools. This fix: - Extracts allowedTools/disallowedTools from extraArgs after parsing - Merges them with any direct options.allowedTools/disallowedTools - Removes them from extraArgs to prevent duplicate CLI flags - Passes the merged list as sdkOptions.allowedTools 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: accumulate multiple --allowedTools flags in claudeArgs When tag mode adds its --allowedTools (with MCP tools) and the user also provides --allowedTools in their claude_args, the parseClaudeArgsToExtraArgs function was only keeping the last value. This caused tag mode's required tools like mcp__github_comment__update_claude_comment to be lost. Now allowedTools and disallowedTools flags accumulate their values when they appear multiple times in claudeArgs, so both tag mode's tools and user's tools are preserved. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
Two fixes for the Agent SDK path (USE_AGENT_SDK=true):
1. Add settingSources to load filesystem settings
- Without this, CLI-installed plugins aren't available to the SDK
- Also needed to load CLAUDE.md files from the project
2. Default systemPrompt to claude_code preset
- Without an explicit systemPrompt, the SDK would use no system prompt
- Now defaults to { type: "preset", preset: "claude_code" } to match CLI behavior
Also adds logging of SDK options (excluding env) for debugging.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
…h environment variables (#729) Replace direct template expansion of user inputs in shell scripts with environment variables to prevent potential command injection attacks. Changes: - sync-base-action.yml: Use $GITHUB_EVENT_NAME and $GITHUB_ACTOR instead of template expansion - action.yml: Pass path_to_bun_executable and path_to_claude_code_executable through env vars - base-action/action.yml: Same env var changes for path inputs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
* fix: Prevent command injection in branch operations Replace Bun shell template literals with Node.js execFileSync to prevent command injection attacks via malicious branch names. Branch names from PR data (headRefName) are now validated against a strict whitelist pattern before use in git commands. Changes: - Add validateBranchName() function with strict character whitelist - Replace $`git ...` shell templates with execGit() using execFileSync - Validate all branch names before use in git operations * fix: Address review comments for branch validation security - Enhanced execGit JSDoc to explain security benefits of execFileSync - Added comprehensive branch name validation: - Leading dash check (prevents option injection) - Control characters and special git characters (~^:?*[\]) - Leading/trailing period checks - Trailing slash and consecutive slash checks - Added -- separator to git checkout commands - Added 30 unit tests for validateBranchName covering: - Valid branch names - Command injection attempts - Option injection attempts - Path traversal attempts - Git-specific invalid patterns - Control characters and edge cases 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
Change USE_AGENT_SDK to default to true instead of false. The Agent SDK path is now used by default; set USE_AGENT_SDK=false to use the CLI path. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
Add a new `session_id` output that exposes the Claude Code session ID, allowing other workflows or Claude Code instances to resume the conversation using `--resume <session_id>`. Changes: - Add parseAndSetSessionId() function to extract session_id from the system.init message in execution output - Add session_id output to both action.yml and base-action/action.yml - Add comprehensive tests for the new functionality 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
…rsing (#748) * fix: merge multiple --mcp-config flags instead of overwriting When users provide their own --mcp-config in claude_args, the action's built-in MCP servers (github_comment, github_ci, etc.) were being lost because multiple --mcp-config flags were overwriting each other. This fix: - Adds mcp-config to ACCUMULATING_FLAGS to collect all values - Changes delimiter to null character to avoid conflicts with JSON - Adds mergeMcpConfigs() to combine mcpServers objects from multiple configs - Merges inline JSON configs while preserving file path configs Fixes #745 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com> * fix: support hyphenated --allowed-tools flag and multiple values The --allowed-tools flag was not being parsed correctly when: 1. Using the hyphenated form (--allowed-tools) instead of camelCase (--allowedTools) 2. Passing multiple space-separated values after a single flag (e.g., --allowed-tools "Tool1" "Tool2" "Tool3") This fix: - Adds hyphenated variants (allowed-tools, disallowed-tools) to ACCUMULATING_FLAGS - Updates parsing to consume all consecutive non-flag values for accumulating flags - Merges values from both camelCase and hyphenated variants Fixes #746 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>
When users specify --setting-sources in claude_args (e.g., '--setting-sources user'), the action now respects that value instead of overriding it with all three sources. This fixes an issue where users who wanted to avoid in-repo configs would still have them loaded because the settingSources was hardcoded to ['user', 'project', 'local']. Fixes #749 Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
The gh CLI prefers GH_TOKEN over GITHUB_TOKEN. When a calling workflow sets GH_TOKEN in env, the action's GITHUB_TOKEN was being ignored, causing the gh CLI to use the wrong token (e.g., the default workflow token instead of an App token). This ensures Claude's gh CLI commands use the action's prepared token. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.