From bc1fae0b1c134524bb657f7cc79615fb43baf78b Mon Sep 17 00:00:00 2001 From: Adam Friedmann Date: Thu, 12 Feb 2026 09:30:27 +0200 Subject: [PATCH] fix: readme-check tool permissions and prompt clarity The Claude agent's tool calls were silently denied during PR #72: - Agent used Edit (not in allowed-tools) instead of Write - Agent chained git commands with && which didn't match individual patterns - Bare git push (no args) didn't match Bash(git push *) Fixes: - Add Edit to allowed-tools alongside Write - Add Bash(git push) for bare git push without args - Instruct agent to run git commands as separate Bash calls - Only post PR comment after confirming git push succeeded Co-authored-by: Cursor --- .github/workflows/readme-check.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/readme-check.yml b/.github/workflows/readme-check.yml index 5f51bee..2f03ae5 100644 --- a/.github/workflows/readme-check.yml +++ b/.github/workflows/readme-check.yml @@ -50,7 +50,15 @@ jobs: RULES: 1. If everything matches: If the PR number line above has a number, run: gh pr comment --body "README check ran. README is up to date." If it is empty (manual run), print "README check ran. README is up to date." to the terminal and exit. - 2. If you find discrepancies: Update README.md with the correct content (use the Write tool). If the PR number line above has a number (i.e. this is a PR-triggered run), commit and push the fix: git config user.name "github-actions[bot]"; git config user.email "github-actions[bot]@users.noreply.github.com"; git add README.md; git commit -m "docs: update README to match skills (skill table, install, or links)"; git push. Then post one short comment with gh pr comment --body "..." summarizing what was fixed (e.g. "README check ran. N issue(s) found and applied: [brief list]. README.md has been updated in this branch."; escape the body for the shell). If the PR number is empty (manual/workflow_dispatch run), do NOT run git push. Instead, print the summary of discrepancies to the terminal so the user can review them. + 2. If you find discrepancies: Update README.md with the correct content (use the Write or Edit tool). If the PR number line above has a number (i.e. this is a PR-triggered run), commit and push the fix by running each git command as a SEPARATE Bash call (do NOT chain with && or ;): + - git config user.name "github-actions[bot]" + - git config user.email "github-actions[bot]@users.noreply.github.com" + - git add README.md + - git commit -m "docs: update README to match skills (skill table, install, or links)" + - git push + Then post one short comment with gh pr comment --body "..." summarizing what was fixed (e.g. "README check ran. N issue(s) found and applied: [brief list]. README.md has been updated in this branch."; escape the body for the shell). + IMPORTANT: Only post the comment AFTER confirming that git push succeeded. If any step failed, say so in the comment. + If the PR number is empty (manual/workflow_dispatch run), do NOT run git push. Instead, print the summary of discrepancies to the terminal so the user can review them. 3. The PR comment or terminal output must only state that the check ran and the conclusion. Do not paste full diffs or long suggestion lists. - claude_args: '--allowed-tools Read Glob Grep Write "Bash(gh pr comment:*)" "Bash(git config *)" "Bash(git add *)" "Bash(git commit *)" "Bash(git push *)"' + claude_args: '--allowed-tools Read Glob Grep Write Edit "Bash(gh pr comment:*)" "Bash(git config *)" "Bash(git add *)" "Bash(git commit *)" "Bash(git push)" "Bash(git push *)"' allowed_bots: 'claude[bot]'