Bug Description
Timeline
Root Cause
The workflow has a context passing bug:
- name: Checkout repository
uses: actions/checkout@v4
with:
# Use base branch for security - don't execute fork's .claude/commands/
ref: ${{ github.event.pull_request.base.sha }}
The problem: The workflow checks out the base branch (main) instead of the PR branch for security reasons. This means Claude Code runs in a context where:
The working directory is on main, not the PR branch
No environment variable clearly indicates which PR triggered the workflow
The prompt just says "Run the /review-agentready command on this pull request" without specifying which one
Expected Behavior
The PR review should be done for that specific PR and not others
Actual Behavior
At times we see the PR review is not scoped to the PR in question.
Possible Solution
The workflow needs to explicitly pass the PR number to Claude Code. Update the prompt:
prompt: |
Run the /review-agentready command on pull request #${{ github.event.pull_request.number }}.
Provide a comprehensive code review focusing on:
- AgentReady attribute compliance
- Security issues
- Code quality
- Best practices
Post the review as a comment on PR #${{ github.event.pull_request.number }}.
Bug Description
Timeline
Root Cause
The workflow has a context passing bug:
Expected Behavior
The PR review should be done for that specific PR and not others
Actual Behavior
At times we see the PR review is not scoped to the PR in question.
Possible Solution
The workflow needs to explicitly pass the PR number to Claude Code. Update the prompt: