From 8236f8ccadae6fea0c38798aa8416393d4717f70 Mon Sep 17 00:00:00 2001 From: Dan Barr <6922515+danbarr@users.noreply.github.com> Date: Tue, 30 Jun 2026 16:48:38 -0400 Subject: [PATCH] Stop Slack notify step from loading project config claude-code-action defaults to settingSources user+project+local, so the checkout step (added for restoreConfigFromBase) pulls this repo's CLAUDE.md and .claude/ into context. That config describes unrelated doc-review workflows the tool allowlist denies, which likely explains the persistent permission denials even after the allowedTools fix. Scope this step to user settings only. --- .github/workflows/autogen-docs-notify.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/autogen-docs-notify.yml b/.github/workflows/autogen-docs-notify.yml index 9b5e037f..6adc0f71 100644 --- a/.github/workflows/autogen-docs-notify.yml +++ b/.github/workflows/autogen-docs-notify.yml @@ -123,6 +123,12 @@ jobs: --model claude-opus-4-7 --max-turns 30 --allowedTools "Bash(gh:*),Write" + # This step's only job is composing a JSON summary from + # `gh pr view` output -- it has no use for this repo's own + # CLAUDE.md/.claude project config, and loading it just + # invites Claude to wander into unrelated workflows that + # the tool allowlist above denies. + --setting-sources user prompt: | You are running in GitHub Actions with no interactive user. Follow these steps exactly and do NOT ask clarifying