Per PR review: `--resolution --duplicates N` stored the literal "--duplicates"
as the resolution. Only consume the next arg if it isn't another flag.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The bot now posts, in one comment, optional duplicate links and/or a short
resolution note — but the note is added only when grounded (an existing
maintainer comment, a closed/merged fixing PR or issue, a release/changelog
entry, or an obvious fix); otherwise it stays silent. The read-only gh wrapper
gains pr/release lookups for grounding; the poster takes --resolution/--duplicates,
drops the base issue, neutralizes @mentions, caps length, and appends the
"please close it" line.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Per PR review: enforce "exclude the triggering issue" in the script, not just
the prompt. Filters out the base issue number (and repeats) from the args; if
nothing remains, posts nothing.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The action denied all gh/Bash calls in CI (no allowlist), so the bot never
commented. Lock tools to two wrapper scripts via --allowedTools: a read-only gh
wrapper (issue view/list, search issues) and a fixed-format comment poster that
reads the target issue from the event payload. This both unblocks the bot and
contains prompt-injection — a hijacked prompt can't run arbitrary commands,
exfiltrate the token, or post arbitrary text. Also passes GH_TOKEN so the
scripts' gh calls are authenticated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
