5d0cc745cd
* feat(inline-comment): add confirmed param + probe-pattern safety net
Subagents that inherit this tool sometimes probe it with test comments
('Test comment to see if I can create inline comments') after hitting
unrelated errors elsewhere. Recurring issue across customer PRs.
Adds two defenses:
1. confirmed param: set true to post (final review comments should pass
this). When false, buffers to a JSONL file instead of posting.
2. Probe-pattern safety net: when confirmed is omitted (backward compat
for existing prompts), the body is checked against obvious probe
patterns ('test comment', 'can i', 'does this work', etc.). Matching
calls are buffered instead of posted.
A post-run step in action.yml reports the buffered call count and bodies
as a workflow warning for diagnostics.
Backward compatibility:
- Existing single-agent prompts (no confirmed param) post normally unless
the body happens to start with a probe phrase (unlikely for real
review comments)
- The code-review skill is being updated to pass confirmed: true in its
final posting step
- Subagent probes that would previously post now harmlessly buffer
* refactor: replace probe-regex with Haiku classification in post-step
The regex approach was narrow and could miss creative probe phrasings.
Replaced with a batch Haiku classification that runs after the session
completes.
Flow:
- MCP server: confirmed !== true -> buffer to JSONL (no classification
in-band, no latency in the tool path)
- Post-step (src/entrypoints/post-buffered-inline-comments.ts): reads
buffer, sends all bodies to a single Haiku call, posts only those
classified as real review comments
- confirmed=false entries are never posted regardless of classification
Fail-open: if ANTHROPIC_API_KEY is unavailable (Bedrock/Vertex users)
or the classification call fails, posts all unconfirmed comments. This
matches pre-PR behavior where all calls posted immediately.
The post-step emits :⚠️: for each filtered comment so users can
see what was dropped and why.
* feat: add classify_inline_comments opt-out input
New action input classify_inline_comments (default 'true'). Setting to
'false' restores pre-buffering behavior: all inline comment calls post
immediately regardless of the confirmed param.
Threads through: action input -> CLASSIFY_INLINE_COMMENTS env ->
context.inputs.classifyInlineComments -> MCP server env ->
CLASSIFY_ENABLED module const.
Post-step is also gated on the input so it skips entirely when
classification is disabled.
* docs: document classify_inline_comments input and confirmed param
- usage.md: add classify_inline_comments to inputs table
- solutions.md: mention confirmed=true in the prompt example and explain
buffering/classification in the tool permissions section
Claude Code Action
A general-purpose Claude Code action for GitHub PRs and issues that can answer questions and implement code changes. This action intelligently detects when to activate based on your workflow context—whether responding to @claude mentions, issue assignments, or executing automation tasks with explicit prompts. It supports multiple authentication methods including Anthropic direct API, Amazon Bedrock, Google Vertex AI, and Microsoft Foundry.
Features
- 🎯 Intelligent Mode Detection: Automatically selects the appropriate execution mode based on your workflow context—no configuration needed
- 🤖 Interactive Code Assistant: Claude can answer questions about code, architecture, and programming
- 🔍 Code Review: Analyzes PR changes and suggests improvements
- ✨ Code Implementation: Can implement simple fixes, refactoring, and even new features
- 💬 PR/Issue Integration: Works seamlessly with GitHub comments and PR reviews
- 🛠️ Flexible Tool Access: Access to GitHub APIs and file operations (additional tools can be enabled via configuration)
- 📋 Progress Tracking: Visual progress indicators with checkboxes that dynamically update as Claude completes tasks
- 📊 Structured Outputs: Get validated JSON results that automatically become GitHub Action outputs for complex automations
- 🏃 Runs on Your Infrastructure: The action executes entirely on your own GitHub runner (Anthropic API calls go to your chosen provider)
- ⚙️ Simplified Configuration: Unified
promptandclaude_argsinputs provide clean, powerful configuration aligned with Claude Code SDK
📦 Upgrading from v0.x?
See our Migration Guide for step-by-step instructions on updating your workflows to v1.0. The new version simplifies configuration while maintaining compatibility with most existing setups.
Quickstart
The easiest way to set up this action is through Claude Code in the terminal. Just open claude and run /install-github-app.
This command will guide you through setting up the GitHub app and required secrets.
Note:
- You must be a repository admin to install the GitHub app and add secrets
- This quickstart method is only available for direct Anthropic API users. For AWS Bedrock, Google Vertex AI, or Microsoft Foundry setup, see docs/cloud-providers.md.
📚 Solutions & Use Cases
Looking for specific automation patterns? Check our Solutions Guide for complete working examples including:
- 🔍 Automatic PR Code Review - Full review automation
- 📂 Path-Specific Reviews - Trigger on critical file changes
- 👥 External Contributor Reviews - Special handling for new contributors
- 📝 Custom Review Checklists - Enforce team standards
- 🔄 Scheduled Maintenance - Automated repository health checks
- 🏷️ Issue Triage & Labeling - Automatic categorization
- 📖 Documentation Sync - Keep docs updated with code changes
- 🔒 Security-Focused Reviews - OWASP-aligned security analysis
- 📊 DIY Progress Tracking - Create tracking comments in automation mode
Each solution includes complete working examples, configuration details, and expected outcomes.
Documentation
- Solutions Guide - 🎯 Ready-to-use automation patterns
- Migration Guide - ⭐ Upgrading from v0.x to v1.0
- Setup Guide - Manual setup, custom GitHub apps, and security best practices
- Usage Guide - Basic usage, workflow configuration, and input parameters
- Custom Automations - Examples of automated workflows and custom prompts
- Configuration - MCP servers, permissions, environment variables, and advanced settings
- Experimental Features - Execution modes and network restrictions
- Cloud Providers - AWS Bedrock, Google Vertex AI, and Microsoft Foundry setup
- Capabilities & Limitations - What Claude can and cannot do
- Security - Access control, permissions, and commit signing
- FAQ - Common questions and troubleshooting
📚 FAQ
Having issues or questions? Check out our Frequently Asked Questions for solutions to common problems and detailed explanations of Claude's capabilities and limitations.
License
This project is licensed under the MIT License—see the LICENSE file for details.