Add Deep Research workflow scaffold (Claude + web-search)

[github-actions]

Summary

• Add the Deep Research workflow definition at .github/workflows/gh-aw-deep-research.md.
• Add compiled and trigger workflows at .github/workflows/gh-aw-deep-research.lock.yml and .github/workflows/trigger-deep-research.yml.
• Add installable trigger/docs under gh-agent-workflows/deep-research/ and list the workflow in gh-agent-workflows/README.md.

Behavior

• Trigger: issue comments only (not PR comments), with the scaffolded trigger matching comments that start with /research.
• Engine/tools: Claude with web-search and web-fetch enabled.
• Scope: investigate local code + external sources, post an evidence-backed issue comment, and optionally create a PR.

Configuration

• Inputs: additional-instructions, setup-commands, allowed-bot-users, messages-footer, draft-prs.
• Required secret: ANTHROPIC_API_KEY.
• Safe outputs: add-comment, create-pull-request, create-issue.

Fixes #336

Generated by Update PR Body

Summary by CodeRabbit

• Documentation

  • Added comprehensive documentation for the Deep Research workflow, including setup instructions, trigger conditions, and configuration options.

• New Features

  • Introduced Deep Research workflow that can be triggered on issues via "/research" command comments, enabling AI-assisted research and analysis capabilities with configurable inputs and safe output handling.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

Adds a new "Deep Research" assistant workflow: documentation, example workflow, and full implementation as GitHub Actions workflows that run on issue comments, invoke a Claude-based agent, use Safe Inputs/Outputs and MCP gateways, and can create PRs or comments with safety checks.

Changes

Cohort / File(s)	Summary
Top-level docs gh-agent-workflows/README.md	Inserted a "Research assistants" section linking to the new Deep Research docs.
Deep Research docs & example gh-agent-workflows/deep-research/README.md, gh-agent-workflows/deep-research/example.yml	Added feature README (triggers, inputs, secrets, safe outputs) and an example workflow triggered by issue comments.
Workflow docs/entrypoint .github/workflows/gh-aw-deep-research.md	New workflow-call markdown describing inputs, secrets, concurrency, and step-by-step behavior for the Deep Research assistant.
Full workflow implementation (locked) .github/workflows/gh-aw-deep-research.lock.yml	Added the comprehensive, locked Deep Research workflow: jobs for activation, agent execution (Claude), safe_inputs/safe_outputs, detection, orchestration, logging, artifact handling, and secret redaction.
Trigger workflow .github/workflows/trigger-deep-research.yml	Added an auto-generated trigger workflow for issue_comment events (comments starting with "/research") that calls the locked Deep Research workflow and forwards ANTHROPIC_API_KEY.

Sequence Diagram(s)

sequenceDiagram
  participant User as Issue Commenter
  participant GH as GitHub (workflow trigger)
  participant Runner as Actions Runner
  participant Agent as Claude-based Agent
  participant Safe as SafeInputs/SafeOutputs MCP
  participant Repo as Repository (PRs/Comments)

  User->>GH: posts comment "/research"
  GH->>Runner: start trigger-deep-research workflow
  Runner->>Runner: activation job (context, checkout, aw_info)
  Runner->>Agent: start agent job (invoke Claude Code CLI, allowed tools)
  Agent->>Safe: request allowed tool actions via MCP
  Safe-->>Agent: validated safe outputs/inputs
  Agent->>Repo: create PR or add comment (via SafeOutputs)
  Runner->>Runner: detection & logging jobs, upload artifacts

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Clarify lock files and trigger files are auto-generated; add do-not-modify headers #335 — Related at generated trigger file/header generation and auto-generated workflow triggers.
• Add copilot to allowed bot users for comment/PR-triggered workflows #332 — Related changes to workflow trigger configuration and allowed-bot-users handling.

Suggested reviewers

• github-actions

Poem

🐰 I nibbled the docs and found a new trail,
Claude digs for clues where threads grow pale,
From comment to PR, the rabbit hops light,
Safe gates keep the carrots tucked in tight,
Hooray — research done by moonbeam and bite! 🥕🐇

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding a Deep Research workflow scaffold with Claude and web-search integration, which aligns with the PR objectives.
Linked Issues check	✅ Passed	The PR successfully addresses issue #336 by delivering a complete Deep Research workflow with Claude integration and web-search functionality, including proper documentation and installation scaffolding.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing the Deep Research workflow. Files added include documentation, example configurations, workflow definitions, and README updates—all within the scope of issue #336.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch deep-research-claude-web-search-336-8cc0e9d370cba5d1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/gh-aw-deep-research.md:
- Around line 58-62: The workflow grants only read access under the permissions
block (lines containing permissions:, contents:, issues:, pull-requests:) but
later advertises actions like add_comment, create_pull_request, and create_issue
that need write access; update the permissions entries so contents:, issues:,
and pull-requests: are set to write (or add fine-grained write scopes) instead
of read to allow those actions to succeed, keeping the permissions: and tools:
stanza intact and ensuring no broader privileges than necessary.

[github-actions]

Request changes: gh-agent-workflows/deep-research/example.yml references .github/workflows/gh-aw-deep-research.lock.yml@v0, but that lock workflow is not present in this PR, so the documented install path will fail until the lock file is added/published.

---

What is this? | From workflow: PR Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

Verdict: APPROVE. I found no new actionable issues in the current diff.

---

What is this? | From workflow: PR Review

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.