Security fix to address potential prompt injection attack vector where
malicious issue content could exploit gh api/comment permissions to
exfiltrate the ANTHROPIC_API_KEY.
Changes:
- Remove gh api:* and gh issue comment:* from dedupe command allowed-tools
- Command now outputs structured JSON to /tmp/dedupe-result.json
- Comment posting moved to isolated workflow step without API key access
- Added URL validation to prevent injection in comment content
The Claude Code step can now only read issues (gh issue view/search/list),
while comment posting happens in a separate step that only has GITHUB_TOKEN.
Update all Claude Code GitHub Action workflows to use the latest Sonnet 4.5 model (claude-sonnet-4-5-20250929) instead of the default Sonnet 4.0 model. This provides improved performance and capabilities for:
- Issue commenting and PR reviews (claude.yml)
- Automated issue triage (claude-issue-triage.yml)
- Duplicate issue detection (claude-dedupe-issues.yml)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Log events when issues are closed as duplicates in auto-close script
- Log events when duplicate comments are added via dedupe workflow
- Log events when new issues are created
- Follow existing pattern from code review reactions workflow
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
The backfill-duplicate-comments script was failing because it tried to trigger
claude-dedupe-issues.yml via workflow_dispatch, but that workflow only had an
issues trigger. Added workflow_dispatch with issue_number input and updated the
prompt to use either event or input issue number.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
