When external users (without write access) create issues, the OIDC
token exchange fails with "User does not have write access" error.
Adding explicit github_token bypasses this authentication flow.
Add release notes for v1.10.1 which includes:
- Bug fixes for skill generation project name and .claude/ directory conflicts
- Improvement for source URL in SKILL.md for remote repositories
The npm publish command was failing with ENEEDAUTH because the
setup-node action requires registry-url to be set for OIDC trusted
publishing to work properly.
- Migrate PR review prompt to slash command format (.agents/commands/git/pr-review.md)
- Fix CLI argument from --allowed-tools to --allowedTools (correct camelCase format)
- Change pull-requests permission from read to write for PR comments
- Update documentation URL to code.claude.com
The claude-code-action uses OIDC authentication to obtain GitHub tokens,
which requires the id-token: write permission. Without this permission,
the workflows fail with "Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env
variable" error.
Add automated issue labeling workflow that triggers when new issues
are opened. Claude analyzes the issue content and applies appropriate
labels without posting comments.
Add GitHub Actions workflow for npm publishing using OIDC-based trusted
publishing instead of long-lived npm tokens. This improves security by
using short-lived, cryptographically-signed tokens.
The workflow includes:
- Manual trigger with dry-run option for testing
- Full CI checks (lint, test, build) before publishing
- npm audit signatures verification
- Provenance attestation for supply chain security
Add release notes documenting:
- Bug fix for output file extension not matching style parameter (#947)
- Package size reduction by replacing tree-sitter-wasms (#942)
- Dependency updates (#944)
This release fixes an issue introduced in v1.9.0 where the output file
extension didn't automatically adjust when using --style option.
Added Node.js 25.x to the CI test matrix to ensure compatibility with the latest Node.js version.
This change updates both the `test` and `build-and-run` jobs to include Node.js 25.x alongside the existing versions (20.x, 22.x, 24.x).
Each job will now run across 12 combinations (3 OS × 4 Node.js versions).
Added comprehensive release notes for versions v1.4.1 through v1.9.0 to maintain historical documentation of all releases.
## Changes
### New Release Notes
- v1.4.1: Remote repository processing improvements
- v1.4.2: Go code processing fixes and binary file reporting
- v1.5.0: JSON output format support with jq integration
- v1.6.0: MCP output format support and worker system optimization
- v1.6.1: Fixed --stdin option hang bug
- v1.7.0: TypeScript/JavaScript config support and Azure DevOps integration
- v1.8.0: Claude Code plugins and directory structure enhancements
- v1.9.0: Repomix Explorer plugin and .ignore file support
All release notes follow the established format and style from existing releases, providing clear documentation of features, improvements, and bug fixes for each version.
- Added --comments flag to gh pr view command for more reliable comment retrieval
- Clarified suggestion format instruction to "actionable fix suggestions with code examples"
This makes the instructions clearer and ensures Claude can consistently access all PR comments.
Added structured "How to Comment" section that instructs Claude to:
- Check existing PR comments before reviewing to avoid duplicates
- Only provide new feedback or updates to previous feedback
- Use inline comments for specific code issues with suggestions
- Organize commenting approach in clear numbered steps
This prevents repetitive feedback when the workflow runs on PR updates.
Added instruction to perform a premortem analysis during PR reviews
to identify potential failure scenarios and suggest mitigations.
Includes specific examples of failure types to consider (edge cases,
integration issues, deployment risks).
The pack-repository workflow was failing with "Cannot find module 'picocolors'"
error. This occurred because repomix.config.ts imports from ./src/index.js,
which requires project dependencies to be installed.
Added a conditional step to install dependencies when package.json exists,
ensuring that config files can successfully import from local source files.
This is particularly necessary for the Repomix project itself, which uses
local source imports in its configuration.
This workflow was experimental and is no longer needed for the project's
CI/CD pipeline. The decision was made to streamline our GitHub Actions
and focus on the essential automation workflows.
Add formatting instructions to the Claude Code Review workflow to improve
readability of PR comments. The review will now show a brief summary upfront
with detailed feedback collapsed in a <details> section.
Update actions/checkout to v5.0.0 in Claude Code Review workflow
for consistency and latest features.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Pin actions/checkout and anthropics/claude-code-action to specific
commit SHAs for improved security and reproducibility:
- actions/checkout pinned to v4.3.0
- anthropics/claude-code-action pinned to v1.0.9
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
