Merge pull request #14 from ai4curation/allow-oauth

allow oauth

Author: cmungall

.claude/settings.json

@@ -0,0 +1,14 @@
+{
+  "permissions": {
+    "allow": [
+        "Bash(*)",
+        "Edit",
+        "MultiEdit",
+        "NotebookEdit",
+        "FileEdit",
+        "WebFetch",
+        "WebSearch",
+        "Write"
+    ]
+  }
+}

.github/actions/claude-code-action/action.yml

@@ -7,10 +7,13 @@ inputs:
     required: true
   anthropic_api_key:
     description: "Anthropic API key"
-    required: true
+    required: false
   cborg_api_key:
     description: "CBORG API key"
-    required: true
+    required: false
+  claude_code_oauth_token:
+    description: "Claude Code OAuth token"
+    required: false
   prompt:
     description: "The prompt to send to Claude Code"
     required: false
@@ -90,6 +93,7 @@ runs:
       shell: bash
       id: prepare_prompt
       run: |
+
         # Check if either prompt or prompt_file is provided
         if [ -z "${{ inputs.prompt }}" ] && [ -z "${{ inputs.prompt_file }}" ]; then
           echo "::error::Neither 'prompt' nor 'prompt_file' was provided. At least one is required."
@@ -125,6 +129,14 @@ runs:
       shell: bash
       id: run_claude
       run: |
+
+        if [ ! -z "${{ inputs.claude_code_oauth_token }}" ]; then
+          echo CLAUDE AUTH TOKEN IS NOT SET
+        else
+          echo CLAUDE AUTH TOKEN IS SET
+          export ANTHROPIC_API_KEY=
+        fi
+
         ALLOWED_TOOLS_ARG=""
         if [ ! -z "${{ inputs.allowed_tools }}" ]; then
           ALLOWED_TOOLS_ARG="--allowedTools ${{ inputs.allowed_tools }}"
@@ -135,15 +147,15 @@ runs:
 
         if [ -z "${{ inputs.output_file }}" ]; then
           # Run Claude Code and output to console
-          timeout $timeout_seconds claude \
+          claude \
             -p \
             --verbose \
             --output-format stream-json \
             "$(cat ${{ env.PROMPT_PATH }})" \
             ${{ inputs.allowed_tools != '' && format('--allowedTools "{0}"', inputs.allowed_tools) || '' }}
         else
           # Run Claude Code and tee output to console and file
-          timeout $timeout_seconds claude \
+          claude \
             -p \
             --verbose \
             --output-format stream-json \
@@ -160,8 +172,9 @@ runs:
         fi
       
       env:
-        ANTHROPIC_API_KEY: "."
-        ANTHROPIC_AUTH_TOKEN: ${{ inputs.cborg_api_key }}
+        ANTHROPIC_API_KEY: ${{ inputs.anthropic_api_key }}
+        # ANTHROPIC_AUTH_TOKEN: ${{ inputs.cborg_api_key }}
+        CLAUDE_CODE_OAUTH_TOKEN: ${{ inputs.claude_code_oauth_token }}
         GITHUB_TOKEN: ${{ inputs.github_token }}
-        ANTHROPIC_BASE_URL: "https://api.cborg.lbl.gov"
-        DISABLE_NON_ESSENTIAL_MODEL_CALLS: "1"
+        # ANTHROPIC_BASE_URL: "https://api.cborg.lbl.gov"
+        # DISABLE_NON_ESSENTIAL_MODEL_CALLS: "1"

.github/actions/claude-issue-summarize-action/action.yml

@@ -8,10 +8,13 @@ inputs:
     default: "5"
   anthropic_api_key:
     description: "Anthropic API key"
-    required: true
+    required: false
   cborg_api_key:
     description: "CBORG API key"
-    required: true
+    required: false
+  claude_code_oauth_token:
+    description: "Claude Code OAuth token"
+    required: false
   github_token:
     description: "GitHub token with repo and issues permissions"
     required: true
@@ -22,7 +25,7 @@ runs:
     - name: Checkout repository code
       uses: actions/checkout@v4
       with:
-        fetch-depth: 0
+        ref: ${{ github.ref }}
 
     - name: Create prompt file
       shell: bash
@@ -70,5 +73,6 @@ runs:
         install_artl_mcp: "true"
         timeout_minutes: ${{ inputs.timeout_minutes }}
         anthropic_api_key: ${{ inputs.anthropic_api_key }}
+        claude_code_oauth_token: ${{ inputs.claude_code_oauth_token }}
         cborg_api_key: ${{ inputs.cborg_api_key }}
         github_token: ${{ inputs.github_token }}

.github/actions/claude-issue-triage-action/action.yml

@@ -8,7 +8,10 @@ inputs:
     default: "5"
   anthropic_api_key:
     description: "Anthropic API key"
-    required: true
+    required: false
+  claude_code_oauth_token:
+    description: "Claude Code OAuth token"
+    required: false
   cborg_api_key:
     description: "CBORG API key"
     required: true
@@ -22,7 +25,7 @@ runs:
     - name: Checkout repository code
       uses: actions/checkout@v4
       with:
-        fetch-depth: 0
+        ref: ${{ github.ref }}
 
     - name: Create prompt file
       shell: bash
@@ -87,5 +90,6 @@ runs:
         install_github_mcp: "true"
         timeout_minutes: ${{ inputs.timeout_minutes }}
         anthropic_api_key: ${{ inputs.anthropic_api_key }}
+        claude_code_oauth_token: ${{ inputs.claude_code_oauth_token }}
         cborg_api_key: ${{ inputs.cborg_api_key }}
         github_token: ${{ inputs.github_token }}

.github/workflows/claude-code-review.yml

@@ -37,9 +37,9 @@ jobs:
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
 
-          # Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4.1)
-          # model: "claude-opus-4-1-20250805"
-
+          # Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4)
+          # model: "claude-opus-4-20250514"
+          
           # Direct prompt for automated review (no @claude mention needed)
           direct_prompt: |
             Please review this pull request and provide feedback on:

.github/workflows/claude-issue-summarize.yml

@@ -15,11 +15,13 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
 
       - name: Run Claude Issue summarize
         uses: ./.github/actions/claude-issue-summarize-action
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           cborg_api_key: ${{ secrets.CBORG_API_KEY }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          install_artl_mcp: "true"

.github/workflows/claude-issue-triage.yml

@@ -15,10 +15,13 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-
+        with:
+          ref: ${{ github.ref }}
+          
       - name: Run Claude Issue Triage
         uses: ./.github/actions/claude-issue-triage-action
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           cborg_api_key: ${{ secrets.CBORG_API_KEY }}
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/dragon-ai.yml

@@ -21,7 +21,11 @@ jobs:
       result: ${{ steps.check.outputs.result }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+        # this seems to be necessary to ensure actions uses the latest; see
+        # https://github.com/actions/checkout/issues/439
+        with:
+          ref: ${{ github.ref }}
 
       - name: Check for qualifying mention
         id: check
@@ -97,9 +101,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
-          fetch-depth: 0
+          ref: ${{ github.ref }}
           token: ${{ secrets.PAT_FOR_PR }}  # Use PAT for checkout to allow committing later
 
       - name: Configure Git
@@ -119,22 +123,12 @@ jobs:
         run: |
           npm install -g @anthropic-ai/claude-code
 
-
-      - name: Set up environment
-        run: |
-          echo "BRANCH_NAME=dragon_ai_agent_${{ fromJSON(needs.check-mention.outputs.result).itemNumber }}" >> $GITHUB_ENV
-          # Safely write prompt to file
-          mkdir -p /tmp/claude-input
-          echo "${{ fromJSON(needs.check-mention.outputs.result).prompt }}" > /tmp/claude-input/prompt.txt
-          
-      - name: Set up Anthropic API key and GitHub token
-        env:
-          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-          GH_TOKEN: ${{ secrets.PAT_FOR_PR }}  # Kept PAT as requested
+      
+      - name: Add tools to PATH
         run: |
-          echo "ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY" >> $GITHUB_ENV
-          echo "GH_TOKEN=$GH_TOKEN" >> $GITHUB_ENV
-          echo "LOGFIRE_SEND_TO_LOGFIRE=false" >> $GITHUB_ENV
+          echo "${{ env.TOOLS_DIR }}" >> $GITHUB_PATH
+          ls -alt ${{ github.workspace }}
+          ls -alt ${{ env.TOOLS_DIR }}
 
       - name: Install uv
         uses: astral-sh/setup-uv@v5
@@ -143,8 +137,18 @@ jobs:
         run: |
           uv venv
           source .venv/bin/activate
-        
+
+      - name: Set up environment
+        run: |
+          # Safely write prompt to file
+          mkdir -p /tmp/claude-input
+          echo "${{ fromJSON(needs.check-mention.outputs.result).prompt }}" > /tmp/claude-input/prompt.txt
+
       - name: Create structured Claude prompt
+        env:
+          CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          GH_TOKEN: ${{ secrets.PAT_FOR_PR }} 
         run: |
           cat > /tmp/claude-input/claude_prompt.txt << EOL
           You are @dragon-ai-agent.
@@ -171,13 +175,16 @@ jobs:
 
       - name: Run Claude Code in headless mode
         id: claude-response
+        env:
+          CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          # Python env
-          source .venv/bin/activate
+
+          export PATH="${{ env.TOOLS_DIR }}:$PATH"
 
           # Run Claude with proper permissions
           claude -p "$(cat /tmp/claude-input/claude_prompt.txt)" \
+            --permission-mode bypassPermissions \
             --output-format stream-json \
-            --allowedTools "Bash(git:*)" "Bash(gh:*)" "FileSystem(*)" \
             --verbose 
           

README.md

@@ -97,3 +97,16 @@ CBORG_API_KEY
 After setting up env vars:
 
 `just -f ai.just setup-ai`
+
+# FAQ
+
+## `claude-review.yml` fails PR check on first run
+
+This is normal: see this comment in the action logs:
+
+```
+Error: Failed to setup GitHub token: Error: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
+
+If you instead wish to use this action with a custom GitHub token or custom GitHub app, provide a `github_token` in the `uses` section of the app in your workflow yml file.
+Error: Process completed with exit code 1.
+```

copier.yaml

@@ -31,7 +31,7 @@ project_slug:
     {% endif %}
 
 github_handle:
-  help: github username of the author. Will be assigned as a-controller
+  help: github username of the author. Will be assigned as ai-controller
   type: str
   default: "cmungall"
 
@@ -86,7 +86,7 @@ _message_after_copy: |
     
   3. if your project is already on GitHub, and your keys are set as env vars, then run:
 
-     `just setup-ai`
+     `just -f ai.just setup-ai`