Skip to content

Add Claude issue triage workflow#1301

Open
msrathore-db wants to merge 1 commit intodatabricks:mainfrom
msrathore-db:add-claude-issue-triage-workflow
Open

Add Claude issue triage workflow#1301
msrathore-db wants to merge 1 commit intodatabricks:mainfrom
msrathore-db:add-claude-issue-triage-workflow

Conversation

@msrathore-db
Copy link
Copy Markdown
Collaborator

@msrathore-db msrathore-db commented Mar 23, 2026

Summary

  • Adds a new label-gated GitHub Actions workflow (.github/workflows/claude-issue-triage.yml) that triggers Claude to triage issues when a collaborator adds the claude-triage label
  • Triage prompt stored in .github/ISSUE_TRIAGE_PROMPT.md for easy maintenance — Claude reads the issue, searches for related issues/PRs, analyzes relevant code, validates the issue, asks for missing details, and posts a structured summary
  • 9 defense-in-depth security layers: label gate, author_association check, API permission verification, no body interpolation in YAML (prevents shell injection), hardened prompt, tool allowlist, 20-min timeout, minimal permissions, and auto label removal

Test plan

  • Create the claude-triage label in the repo: gh label create claude-triage --description "Triggers Claude AI triage on this issue" --color "7057ff"
  • Create a test issue with normal content → add claude-triage label → verify Claude posts a structured triage comment and the label is auto-removed
  • Create a test issue with prompt injection text → add label → verify Claude posts a normal triage comment and does NOT follow injected instructions
  • Verify non-collaborators cannot trigger the workflow by adding the label

NO_CHANGELOG=true

This pull request was AI-assisted by Isaac.

@msrathore-db
Add Claude issue triage workflow with label-gated trigger
c7ff0da 
Adds a new GitHub Actions workflow that triages issues when a collaborator
adds the 'claude-triage' label. Claude reads the issue, searches for related
issues/PRs, analyzes relevant code, and posts a structured triage comment.

Security: 9 defense-in-depth layers including label gate, author_association
check, API permission verification, no body interpolation in YAML, hardened
prompt, tool allowlist, timeout, minimal permissions, and auto label removal.

Co-authored-by: Isaac
Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>
@msrathore-db msrathore-db force-pushed the add-claude-issue-triage-workflow branch from 6032609 to c7ff0da Compare March 23, 2026 13:23
samikshya-db
samikshya-db reviewed Mar 23, 2026
View reviewed changes
.github/ISSUE_TRIAGE_PROMPT.md

### Step 2: Search for Previous Occurrences

- Search for related closed/open issues using: `gh issue list --repo <repository> --search "<relevant keywords>" --state all --limit 10`
Copy link
Copy Markdown
Collaborator

@samikshya-db samikshya-db Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks very repetitive to https://github.com/databricks/databricks-jdbc/blob/main/.claude/commands/fix-github-issue.md : can we somehow link this here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samikshya-db samikshya-db samikshya-db left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msrathore-db @samikshya-db