fix(ci): Restrict allowedTools to current issue number in Claude workflows

[yamadashy]

Restrict allowedTools in Claude issue triage and similar issue workflows to only allow gh commands targeting the current issue number (${{ github.event.issue.number }}).

---

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b8c43899-bcf2-49e1-a066-1964ebfcacdb

📥 Commits

Reviewing files that changed from the base of the PR and between 8cdd5d8 and b9cbc5b.

📒 Files selected for processing (2)

• .github/workflows/claude-issue-similar.yml
• .github/workflows/claude-issue-triage.yml

---

📝 Walkthrough

Walkthrough

Two GitHub Action workflow files are updated to parameterize gh command targets using the current issue number. The claude_args configuration in claude-issue-similar.yml and claude-issue-triage.yml workflows now interpolate ${{ github.event.issue.number }} instead of using wildcard patterns, restricting tool operations to the specific issue that triggered the workflow.

Changes

Cohort / File(s)	Summary
Issue-specific tool parameterization .github/workflows/claude-issue-similar.yml, .github/workflows/claude-issue-triage.yml	Updated claude_args to replace wildcard gh command targets (gh issue view:*, gh issue edit:*) with parameterized issue numbers using ${{ github.event.issue.number }}, narrowing bash tool access scope to the triggering issue only.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Add Claude Code GitHub Workflow #876: Modifies claude_args in Claude GitHub Action workflow files to restrict allowed gh Bash tool targets, establishing the pattern extended by this PR.
• feat(ci): Add Claude issue triage and similar issues workflows #977: Directly modifies the same workflow files (claude-issue-similar.yml and claude-issue-triage.yml) with related claude_args changes.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: restricting allowedTools in Claude workflows to the current issue number.
Description check	✅ Passed	The description comprehensively covers the changes, includes background context about the security issue, shows before/after code, and completes the required checklist items.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/restrict-claude-action-allowedtools

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying repomix with    Cloudflare Pages

Latest commit:	b9cbc5b
Status:	✅  Deploy successful!
Preview URL:	https://4477b258.repomix.pages.dev
Branch Preview URL:	https://fix-restrict-claude-action-a.repomix.pages.dev

View logs

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.14%. Comparing base (8cdd5d8) to head (b9cbc5b).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1203   +/-   ##
=======================================
  Coverage   87.14%   87.14%           
=======================================
  Files         115      115           
  Lines        4310     4310           
  Branches      998      998           
=======================================
  Hits         3756     3756           
  Misses        554      554           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.