From f40f4216b2b2a36100e257dea10b9d64ae308b1b Mon Sep 17 00:00:00 2001 From: Rafael Araujo Lehmkuhl Date: Mon, 20 Apr 2026 12:01:26 -0300 Subject: [PATCH] ci: Allow Claude PR review agent to write files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The system prompt instructs the model to write the review to `review.md` before posting it via `gh pr comment --body-file`, but `Write` was not in `allowed_tools`, so every file-creation attempt was denied. Sonnet 4 coincidentally pivoted to an inline `--body` fallback; Opus 4.6 kept retrying file-write variants and exhausted `max_turns` before falling back, so no review was posted. This is safe: the job runs on the trusted base ref (never the PR head), `permissions: contents: read` prevents any repo/push writes, and the runner filesystem is ephemeral — `Write` only lets the model create scratch files like `review.md` inside the throwaway runner. --- .github/workflows/claude-pr-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-pr-review.yml b/.github/workflows/claude-pr-review.yml index d1bef6e40f..ce719b6a8f 100644 --- a/.github/workflows/claude-pr-review.yml +++ b/.github/workflows/claude-pr-review.yml @@ -51,7 +51,7 @@ jobs: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} model: "claude-opus-4-6" max_turns: "40" - allowed_tools: "Bash(gh:*),Bash(jq:*),Bash(wc:*),Bash(cat:*),Bash(head:*),Bash(tail:*),View,GlobTool,GrepTool,BatchTool" + allowed_tools: "Bash(gh:*),Bash(jq:*),Bash(wc:*),Bash(cat:*),Bash(head:*),Bash(tail:*),View,GlobTool,GrepTool,BatchTool,Write" system_prompt: | You are an automated code review agent running inside a GitHub Actions workflow for the `bluerobotics/cockpit` repository.