From 8b8f3ca3e9006bf6347439e59011004777d8be12 Mon Sep 17 00:00:00 2001 From: jth-nw Date: Tue, 10 Mar 2026 11:10:55 -0500 Subject: [PATCH] fix: allow unrestricted Bash and Write for doc-pr review step MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The skill needs to write a temp file for the review body before posting via gh pr comment. With only Bash(vale:*) and Bash(gh:*) allowed, Claude couldn't create the temp file. Added unrestricted Bash and Write — security is enforced by permissions: contents: read. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/claude-doc-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/claude-doc-pr.yml b/.github/workflows/claude-doc-pr.yml index 2f64aab945..c060edc363 100644 --- a/.github/workflows/claude-doc-pr.yml +++ b/.github/workflows/claude-doc-pr.yml @@ -83,7 +83,7 @@ jobs: - REPO: ${{ github.repository }} - PR_NUMBER: ${{ github.event.pull_request.number }} - CHANGED_FILES: ${{ steps.changed-files.outputs.files }} - claude_args: '--allowedTools "Bash(vale:*),Bash(gh:*),Read,Glob,Grep,Skill(doc-pr),Skill(dale)"' + claude_args: '--allowedTools "Bash,Read,Write,Glob,Grep,Skill(doc-pr),Skill(dale)"' doc-followup: if: >-