The claude-code-base-action doesn't support OAuth authentication. This change bypasses the base action entirely and runs Claude Code directly.
Changes:
- Add Node.js setup step
- Add Claude Code installation step
- Replace uses: claude-code-base-action with direct shell script execution
- Handle OAuth by not setting ANTHROPIC_API_KEY when using OAuth
- Set up MCP configuration manually
- Simplify environment variables to only what's needed
This allows OAuth credentials to be used properly since Claude Code will check the credentials file when ANTHROPIC_API_KEY is empty.
The claude-code-base-action doesn't support OAuth authentication and requires ANTHROPIC_API_KEY when not using cloud providers.
This workaround tells the base action we're using Bedrock when OAuth is specified, which bypasses the API key validation. Since no AWS credentials are provided, Claude Code will fall back to checking for OAuth credentials in the file.
Changes:
- Set use_bedrock=true when anthropic_api_key=='use-oauth'
- Set USE_BEDROCK=true in environment to match
- Pass empty string as anthropic_api_key to base action
Don't pass 'use-oauth' value to the base action when using OAuth authentication. This allows Claude Code to properly detect and use the OAuth credentials file instead of trying to use 'use-oauth' as an API key.
The OAuth setup was checking for ANTHROPIC_API_KEY === 'use-oauth', but the modified action.yml sets it to empty string when using OAuth. Updated to check for empty API key instead.
This allows the OAuth credentials to be properly written to the container when using Claude Code MAX authentication.
- Add FAQ.md with sections on triggering, authentication, capabilities, and troubleshooting
- Document key limitations including workflow access, PR creation, and CI results visibility
- Include workarounds for common issues like automated workflows and test result access
- Cover security considerations and best practices for safe usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* Add enhanced text sanitization
* Format code with prettier
* Refactor tests to remove redundancy and improve structure
- Remove redundant 'mixed input patterns' test from sanitizer.test.ts
- Consolidate integration tests into 2 focused real-world scenarios
- Add HTML comment stripping to sanitizeContent function
- Update test expectations to match sanitization behavior
- Maintain full coverage with fewer, more focused tests
* Fix prettier formatting
* Remove rendered.html from repository
* Remove test-markdown.json and update .gitignore
* Revert .gitignore changes
The workflow was using 'mcp_config_file' which is not a valid parameter for
the claude-code-base-action. The correct parameter name is 'mcp_config' as
defined in the action.yml file.
This fix ensures that the MCP server configuration is properly passed to the
action, allowing the GitHub MCP server to be correctly initialized.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add base_branch input to specify source branch for new Claude branches
- Add base_branch input parameter to action.yml allowing users to specify which branch to use as source
- Update setupBranch function to accept and use the base branch parameter
- Defaults to repository default branch if no base branch is specified
- Addresses issue #62 for better branch control
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
* perf: optimize setupBranch to avoid unnecessary default branch fetch
Only fetch repository default branch when actually needed:
- Skip initial fetch when baseBranch is provided
- Fetch default branch at end only for return value and GitHub Actions output
- Eliminates unnecessary API call when users specify base branch
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
* fix: properly handle base branch throughout the action workflow
- Fix TypeScript error where defaultBranch was used before being assigned
- Replace DEFAULT_BRANCH with BASE_BRANCH in subsequent workflow steps
- Update PR creation and branch comparison to use the actual base branch
- Ensure custom base_branch input is respected in all operations
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: move BASE_BRANCH env reading into parseGitHubContext
- Move BASE_BRANCH environment variable reading into parseGitHubContext for consistency
- Update setupBranch to use context.inputs.baseBranch instead of process.env
- Fix test descriptions to correctly reference BASE_BRANCH instead of DEFAULT_BRANCH
- Update test environment setup to use BASE_BRANCH
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
* feat: display detailed error messages when prepare step fails
- Capture prepare step errors in action.yml (up to 2000 chars)
- Add error details to comment update with collapsible section
- Handle both prepare and Claude execution failures separately
- Add test coverage for error detail display
This helps users debug issues like git errors, permission problems,
and branch creation failures more easily.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: simplify error capture to show clean error messages only
- Remove complex shell script that captured full output logs
- Use core.setOutput in prepare.ts to pass clean error message directly
- Avoid exposing potentially sensitive information from logs
- Show only the actual error message (e.g. 'Failed to fetch issue data')
This provides cleaner, more readable error messages without the risk
of exposing sensitive information from debug logs.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: simplify error display to show clean error messages only
- Remove collapsible <details> section for error messages
- Display errors in simple code blocks since messages are now clean and short
- Makes error messages more direct and readable
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat: allow user override of hardcoded disallowed tools
Allow users to override hardcoded disallowed tools (WebSearch, WebFetch) by including them in their allowed_tools configuration. This provides users with the ability to control tool access based on their security requirements.
Changes:
- Modified buildDisallowedToolsString() to accept allowedTools parameter
- Added logic to filter out hardcoded disallowed tools if present in allowed tools
- Updated function call site to pass allowedTools
- Added comprehensive test coverage for override behavior
- Maintains backward compatibility
Resolves#49
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
* prettier
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
