You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implementation planning for #259 (overlay reachability) surfaced two unknowns that no source-reading or documentation search could resolve:
Does claude-code-action@v1 recognize Task and Skill as valid tokens in --allowedTools? Investigation found zero references to either token in the action's source, test suite, or documentation. The grammar parses them as valid strings, but recognition by the underlying SDK (@anthropic-ai/claude-agent-sdk, npm-package black box) is unverified.
Are sub-agents dispatched via Task (if recognized) able to use tools beyond the parent's allowlist? If sub-agents inherit the parent's narrow review allowlist, inquisitor cannot use Bash or Write and is functionally useless — collapsing the entire "different eyes" architectural premise.
Without empirical answers to both, the overlay images deliver no real benefit beyond a baked CLI binary and persona file — at which point we have a separate conversation about whether the overlay infrastructure is justified at all. This spike answers the existential question before we commit to #259's implementation path.
A third question rides along cheaply because the same run will produce the data:
What does $HOME/.claude/ actually contain after a real claude-code-action@v1 run? Investigation A from Make baked overlay tree (agents/skills/plugins/hooks) reachable from CLI at job runtime #259 verified the action only writes settings.json during setup, but the CLI subprocess's writes are unobservable from existing logs. A diagnostic step lists the post-run state.
What
A throwaway diagnostic PR that:
Adds a temporary diagnostic step in pr-review/action.yml that runs ls -laR $HOME/.claude/ (a) before the persona-install step, (b) after cp -a runs, (c) after claude-code-action@v1 finishes. Output goes to the run log.
Adds cp -a /opt/claude/.claude/. $HOME/.claude/ (the proposed reachability fix) gated behind a SPIKE=true env var so the change is reversible.
Adds Task,Skill,Read,Grep,Glob to the review action's --allowedTools.
Modifies the persona prompt or system prompt for the spike run to explicitly request sub-agent dispatch — e.g., "use the Task tool to dispatch the inquisitor sub-agent and have it report its available tools."
The spike branch is spike-overlay-reachability-empirical off main. No tag moves; no @v2 changes. Triggered via a test PR in mom-bot (or self-dogfood here) whose caller workflow temporarily references the spike branch SHA via glitchwerks/github-actions/.github/workflows/claude-pr-review.yml@<spike-sha>.
Measurement plan
For each spike run, capture and report:
Pre-cp $HOME/.claude/ listing — confirms the action's setup state before our copy
Whether Task tool appears in the action's available-tools advertisement to the LLM
Whether the LLM successfully invokes Task to dispatch inquisitor
If dispatched, what tools inquisitor reports as available — proves or disproves sub-agent inheritance
Final review comment posted by inquisitor (or absence thereof) — the user-visible signal
Acceptance
The spike is complete when one run of the diagnostic produces enough log output to answer:
Does Task work in non-interactive claude-code-action@v1? YES / NO / partial
Does sub-agent inheritance allow useful work, or does the parent allowlist starve the sub-agent? YES / NO / TBD
What paths under $HOME/.claude/ does the CLI subprocess write? List them.
The spike does not ship to consumers. After acceptance, the spike branch is closed without merging; findings are recorded as a comment on this issue and folded into #259's plan revision.
#259 plan revision proceeds; ALLOWED_TOOLS fix is real
YES
NO
#259 plan revision must add per-sub-agent allowlist mechanism (claude-code-action input or wrapper)
NO
n/a
Existential question for runtime overlays. If non-interactive claude-code-action@v1 cannot dispatch sub-agents, the overlay images deliver only persona + CLI caching. Re-evaluate whether overlay infrastructure is justified.
Out of scope
Any production behavior change. Spike is throwaway.
Why
Implementation planning for #259 (overlay reachability) surfaced two unknowns that no source-reading or documentation search could resolve:
claude-code-action@v1recognizeTaskandSkillas valid tokens in--allowedTools? Investigation found zero references to either token in the action's source, test suite, or documentation. The grammar parses them as valid strings, but recognition by the underlying SDK (@anthropic-ai/claude-agent-sdk, npm-package black box) is unverified.Task(if recognized) able to use tools beyond the parent's allowlist? If sub-agents inherit the parent's narrow review allowlist,inquisitorcannot useBashorWriteand is functionally useless — collapsing the entire "different eyes" architectural premise.Without empirical answers to both, the overlay images deliver no real benefit beyond a baked CLI binary and persona file — at which point we have a separate conversation about whether the overlay infrastructure is justified at all. This spike answers the existential question before we commit to #259's implementation path.
A third question rides along cheaply because the same run will produce the data:
$HOME/.claude/actually contain after a realclaude-code-action@v1run? Investigation A from Make baked overlay tree (agents/skills/plugins/hooks) reachable from CLI at job runtime #259 verified the action only writessettings.jsonduring setup, but the CLI subprocess's writes are unobservable from existing logs. A diagnostic step lists the post-run state.What
A throwaway diagnostic PR that:
pr-review/action.ymlthat runsls -laR $HOME/.claude/(a) before the persona-install step, (b) after cp -a runs, (c) afterclaude-code-action@v1finishes. Output goes to the run log.cp -a /opt/claude/.claude/. $HOME/.claude/(the proposed reachability fix) gated behind aSPIKE=trueenv var so the change is reversible.Task,Skill,Read,Grep,Globto the review action's--allowedTools.inquisitorsub-agent and have it report its available tools."The spike branch is
spike-overlay-reachability-empiricaloffmain. No tag moves; no @v2 changes. Triggered via a test PR inmom-bot(or self-dogfood here) whose caller workflow temporarily references the spike branch SHA viaglitchwerks/github-actions/.github/workflows/claude-pr-review.yml@<spike-sha>.Measurement plan
For each spike run, capture and report:
$HOME/.claude/listing — confirms the action's setup state before our copy$HOME/.claude/listing — confirms cp -a completed; counts agents/skills copied$HOME/.claude/listing — identifies what claude-code-action's CLI subprocess wrote (collision check for Make baked overlay tree (agents/skills/plugins/hooks) reachable from CLI at job runtime #259 charge 2)Tasktool appears in the action's available-tools advertisement to the LLMTaskto dispatchinquisitorinquisitorreports as available — proves or disproves sub-agent inheritanceinquisitor(or absence thereof) — the user-visible signalAcceptance
The spike is complete when one run of the diagnostic produces enough log output to answer:
Taskwork in non-interactiveclaude-code-action@v1? YES / NO / partial$HOME/.claude/does the CLI subprocess write? List them.The spike does not ship to consumers. After acceptance, the spike branch is closed without merging; findings are recorded as a comment on this issue and folded into #259's plan revision.
Decision tree on findings
claude-code-action@v1cannot dispatch sub-agents, the overlay images deliver only persona + CLI caching. Re-evaluate whether overlay infrastructure is justified.Out of scope
Related
🤖 Generated by Claude Code on behalf of @cbeaulieu-gt