Describe the bug
When a PR targets the repository's default branch (e.g., dev, main, master), the gh CLI and mcp__github_inline_comment__create_inline_comment tools become unavailable inside the anthropics/claude-code-action, despite being explicitly listed in the allowedTools. However, these same tools work fine when the PR targets a non-default branch.
The action reports: "Since neither gh CLI nor the MCP inline comment tool is available in this environment, I'll report findings directly." and shows permission_denials for tool use attempts.
To Reproduce
Create a workflow using anthropics/claude-code-action with allowedTools including Bash(gh *) and mcp__github_inline_comment__create_inline_comment
Open a PR against the default branch and trigger the action
Claude agent gets permission denied when trying to use these tools OR reports tools unavailable
Open another PR against a non-default branch (e.g., staging, dev-test) with the identical workflow
The same tools now work fine
Expected behavior
The allowedTools list should be honored consistently regardless of which branch the PR targets. If a tool is in the allowlist, it should be available whether the PR targets the default branch or any other branch.
Screenshots
From run https://github.com/Ada-Corp-AI/ada/actions/runs/24470634592?pr=3731:
PR comment states: "Since neither gh CLI nor the MCP inline comment tool is available in this environment"
JSON output shows permission_denials array with denied Bash commands
Same workflow succeeds on PRs targeting non-default branches
Workflow yml file
- name: Run Claude Code Review
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.CLAUDE_API_KEY }}
github_token: ${{ secrets.GITHUB_TOKEN }}
prompt: |
[SYSTEM] You are a code reviewer...
Run /gh-security-review command
claude_args: >
--model claude-sonnet-4-6
--allowedTools "Bash(git *),Bash(gh *),WebSearch,mcp__github_inline_comment__create_inline_comment,Read,Write,Edit,Glob,Grep"
API Provider
Anthropic First-Party API (default)
AWS Bedrock
GCP Vertex
Additional context
Tools are physically available in the runner environment (verified in other workflow steps)
All other workflow steps execute successfully
This restriction appears to be at the Claude SDK/Agent level, not in the action configuration itself
The action code does not have branch-specific tool filtering logic
The behavior is consistent and reproducible: always fails for default branch, always works for non-default branches
Describe the bug
When a PR targets the repository's default branch (e.g., dev, main, master), the gh CLI and mcp__github_inline_comment__create_inline_comment tools become unavailable inside the anthropics/claude-code-action, despite being explicitly listed in the allowedTools. However, these same tools work fine when the PR targets a non-default branch.
The action reports: "Since neither gh CLI nor the MCP inline comment tool is available in this environment, I'll report findings directly." and shows permission_denials for tool use attempts.
To Reproduce
Create a workflow using anthropics/claude-code-action with allowedTools including Bash(gh *) and mcp__github_inline_comment__create_inline_comment
Open a PR against the default branch and trigger the action
Claude agent gets permission denied when trying to use these tools OR reports tools unavailable
Open another PR against a non-default branch (e.g., staging, dev-test) with the identical workflow
The same tools now work fine
Expected behavior
The allowedTools list should be honored consistently regardless of which branch the PR targets. If a tool is in the allowlist, it should be available whether the PR targets the default branch or any other branch.
Screenshots
From run https://github.com/Ada-Corp-AI/ada/actions/runs/24470634592?pr=3731:
PR comment states: "Since neither gh CLI nor the MCP inline comment tool is available in this environment"
JSON output shows permission_denials array with denied Bash commands
Same workflow succeeds on PRs targeting non-default branches
Workflow yml file
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.CLAUDE_API_KEY }}
github_token: ${{ secrets.GITHUB_TOKEN }}
prompt: |
[SYSTEM] You are a code reviewer...
Run /gh-security-review command
claude_args: >
--model claude-sonnet-4-6
--allowedTools "Bash(git *),Bash(gh *),WebSearch,mcp__github_inline_comment__create_inline_comment,Read,Write,Edit,Glob,Grep"
API Provider
Anthropic First-Party API (default)
AWS Bedrock
GCP Vertex
Additional context
Tools are physically available in the runner environment (verified in other workflow steps)
All other workflow steps execute successfully
This restriction appears to be at the Claude SDK/Agent level, not in the action configuration itself
The action code does not have branch-specific tool filtering logic
The behavior is consistent and reproducible: always fails for default branch, always works for non-default branches