When mcpJsonChanged is true, delete enableAllProjectMcpServers from the
merged settings object so user-provided INPUT_SETTINGS cannot re-enable
it and bypass the check. Also fix the stale positional arg in the
standalone base-action call site and add test coverage for the bypass case.
- Use octokit.rest.paginate() to fetch all pages of PR changed files,
preventing attackers from padding PRs with 100+ files to push .mcp.json
off the first page
- Change catch block to fail closed (mcpJsonChanged=true) so MCP servers
are not auto-approved when the API call fails
When a PR modifies .mcp.json, the checked-out working directory contains a
version that may differ from the base branch. Blindly setting
enableAllProjectMcpServers=true in that context auto-approves those MCP
servers without the user having reviewed them.
Fix: before calling setupClaudeCodeSettings, check whether .mcp.json changed
in the triggering PR using the GitHub REST API (pulls.listFiles). If it did,
pass mcpJsonChanged=true to suppress the enableAllProjectMcpServers=true
override. When .mcp.json is unmodified (the common case), behaviour is
unchanged.
- Add mcpJsonChanged parameter to setupClaudeCodeSettings
- Add PR file-list check in src/entrypoints/run.ts
- Update tests: update existing override test, add two new mcpJsonChanged=true tests
Reverts the following commits:
- f669191 fix: use unique local branch names for PR checkout to avoid conflicts (#931)
- 21e3fe0 Fix PR checkout to support fork PRs (#851)
Simplifies PR branch checkout back to using headRefName directly instead
of the pr-{number} local branch naming scheme introduced in #931 and the
GitHub pull ref fetch approach introduced in #851.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The previous implementation used the PR's original branch name when
fetching, which could conflict with existing local or remote branches
of the same name. This caused checkout failures for PRs with common
branch names like 'main' or 'feature/xyz'.
Changes:
- Use 'pr-{number}' format for local branch names (e.g., pr-385)
- Preserve original branch name for logging purposes
- Add detailed logging showing original -> local branch mapping
This ensures uniqueness since PR numbers are unique per repository,
while maintaining support for both same-repo and fork PRs via
GitHub's pull/{number}/head refs.
Fixes the issue introduced in #851 where fork PR support was added.
Co-authored-by: Yi-Cheng Wang <yicheng.wang@heph-ai.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace `Bash(git add:*)` syntax with `Bash(git add *)` in default
tool permissions for tag mode and create-prompt. The colon-prefixed
wildcard syntax is deprecated and causes SDK validation errors.
Closes#856
Co-authored-by: Dave-London <hello@os4us.org>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Use GitHub's PR refs (pull/NUMBER/head) instead of fetching branch
by name. This works for both same-repo and fork PRs because GitHub
automatically creates these refs in the base repository for all PRs.
The branch name doesn't exist on origin for fork PRs, causing:
fatal: couldn't find remote ref <branch-name>
Using pull/${entityNumber}/head:${branchName} fetches the PR head
and creates a local branch with the correct name.
Fixes issues with tag mode failing on fork PRs.
Use `bun install --production` instead of `bun install` in both
action.yml and base-action/action.yml to skip installing devDependencies
(@types/*, prettier, typescript) that are not needed at runtime.
Bun runs TypeScript natively without needing the typescript compiler
or type definition packages. This reduces installed packages from 151
to 135 and speeds up the install step.
Fixes#895
Co-authored-by: Dave-London <hello@os4us.org>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Update claude-opus-4-5 to claude-opus-4-6 in workflow
* Fix whitespace formatting in docs and commands
* Fix whitespace formatting in docs and commands
* Add claude-opus-4-6 model to PR review workflow
---------
Co-authored-by: Claude <noreply@anthropic.com>
Replace the over-engineered Mode interface/registry/detector pattern with
straightforward inline logic. There are only 2 modes (tag and agent) and
the complexity wasn't justified.
- Delete Mode interface, registry, and prepare pass-through modules
- Export prepareTagMode() and prepareAgentMode() as standalone functions
- Inline trigger checking and mode dispatch in run.ts/prepare.ts
- Change generatePrompt/createPrompt to take modeName string instead of Mode
- Remove dead code (extractGitHubContext, unused detector helpers)
- Update CLAUDE.md to reflect new architecture
* refactor: unify action into single composite step with run.ts entrypoint
Consolidate the prepare and base-action phases into a single composite
step that runs src/entrypoints/run.ts. This simplifies the action.yml
from multiple steps to one execution step, while keeping the same
behavior.
Key changes:
- Add src/entrypoints/run.ts as unified entrypoint
- Simplify action.yml to single 'Run Claude Code Action' step
- Pass all inputs via environment variables
- Update base-action to accept inputs via env vars
- Support agent mode auto-detection from prompt input
* refactor: keep SSH signing cleanup and token revocation as separate action steps
Move SSH signing key cleanup and app token revocation back to separate
composite action steps in action.yml with always() conditions, rather
than handling them inside run.ts. This keeps these cleanup concerns
as independently visible steps in the workflow.
* fix: address PR review feedback
- Use path.dirname() instead of manual string slicing for executable path
- Differentiate prepare vs execution errors in catch block so tracking
comment accurately reflects which phase failed
- Update CLAUDE.md architecture docs to reflect unified run.ts entrypoint
and four-phase design
* fix: address PR review feedback
- Use path.dirname() instead of manual string slicing for executable path
- Differentiate prepare vs execution errors in catch block so tracking
comment accurately reflects which phase failed
- Rewrite CLAUDE.md to focus on mental model, key concepts, and gotchas
instead of exhaustive file listings
* fix: pass OpenTelemetry environment variables to Claude Code subprocess
Environment variables set in workflow's step `env:` block were not being
passed to the Claude Code subprocess because composite actions only forward
explicitly referenced environment variables.
This fix adds references for telemetry-related environment variables:
- CLAUDE_CODE_ENABLE_TELEMETRY
- OTEL_METRICS_EXPORTER
- OTEL_LOGS_EXPORTER
- OTEL_EXPORTER_OTLP_PROTOCOL
- OTEL_EXPORTER_OTLP_ENDPOINT
- OTEL_METRIC_EXPORT_INTERVAL
- OTEL_LOGS_EXPORT_INTERVAL
- OTEL_RESOURCE_ATTRIBUTES
Co-Authored-By: 조상연[플레이스 AI] <sang-yeon.cho@navercorp.com>
Co-Authored-By: csy1204 <josang1204@gmail.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: add tests for OTEL environment variables passthrough
Verify that telemetry-related environment variables are correctly
passed through to sdkOptions.env when set in process.env.
Co-Authored-By: 조상연[플레이스 AI] <sang-yeon.cho@navercorp.com>
Co-Authored-By: csy1204 <josang1204@gmail.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add missing OTEL_EXPORTER_OTLP_HEADERS environment variable
Add OTEL_EXPORTER_OTLP_HEADERS to the list of OpenTelemetry environment
variables passed through to the Claude Code subprocess. This variable is
needed for authentication when connecting to OTLP endpoints that require
bearer tokens or other credentials.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: 조상연[플레이스 AI] <sang-yeon.cho@navercorp.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Introduced `include_comments_by_actor` and `exclude_comments_by_actor` inputs in action.yml to allow filtering of comments based on actor usernames.
- Updated context parsing to handle new input fields.
- Implemented `filterCommentsByActor` function to filter comments according to specified inclusion and exclusion patterns.
- Modified `fetchGitHubData` to apply actor filters when retrieving comments from pull requests and issues.
- Added comprehensive tests for the new filtering functionality.
This enhancement provides more control over which comments are processed based on the actor, improving the flexibility of the workflow.
* feat: send additional_permissions in token exchange request
Parse the ADDITIONAL_PERMISSIONS env var and send it as a JSON body
in the OIDC token exchange request. Permissions are merged on top of
the standard defaults (contents: write, pull_requests: write,
issues: write).
* docs: list specific available additional permissions
* refactor: consolidate CI workflows with ci-all.yml orchestrator
- Add ci-all.yml to orchestrate all CI workflows on push to main
- Update individual workflows to use workflow_call for reusability
- Remove redundant push triggers from individual test workflows
- Update release.yml to trigger on CI All workflow completion
- Auto-release on version bump commits after CI passes
Co-Authored-By: Claude <noreply@anthropic.com>
Claude-Generated-By: Claude Code (cli/claude-opus-4-5=100%)
Claude-Steers: 8
Claude-Permission-Prompts: 1
Claude-Escapes: 0
* address security review comments
---------
Co-authored-by: Claude <noreply@anthropic.com>
ssh-keygen requires a trailing newline to parse private keys correctly.
Without it, git signing fails with the confusing error:
'Couldn't load public key: No such file or directory?'
This normalizes the key to always end with a newline before writing.
Temporarily disable the release-base-action job that syncs releases
to the claude-code-base-action repository. The job checkout step
and subsequent tag/release creation steps are now commented out.
Claude-Generated-By: Claude Code (cli/claude-opus-4-5=100%)
Claude-Steers: 2
Claude-Permission-Prompts: 2
Claude-Escapes: 0
Co-authored-by: Claude <noreply@anthropic.com>
Fixes issue #641 where users were getting banned due to rapid successive
Claude runs triggered by the synchronize event.
Changes:
- Add checkHumanActor call to agent mode's prepare() method to reject
bot-triggered workflows unless explicitly allowed via allowed_bots
- Update checkHumanActor to accept GitHubContext (union type) instead
of just ParsedGitHubContext
- Add tests for bot rejection/allowance in agent mode
Claude-Generated-By: Claude Code (cli/claude-opus-4-5=100%)
Claude-Steers: 1
Claude-Permission-Prompts: 3
Claude-Escapes: 0
