Summary
The AI Assistant / claude-response workflow can produce false failing checks on PRs when ordinary comments or reviews are submitted without explicitly requesting CubeBot.
Environment
- CubeSandbox version / commit: current
master
- Relevant component: GitHub Actions workflow / AI Assistant / CubeBot
Steps to Reproduce
- Open a PR in this repository.
- Submit a normal PR review or PR comment without requesting cubebot.
- Observe that the
AI Assistant / claude-response workflow can still be triggered.
- If the actor does not have write permission to the repository, the workflow fails during the Claude action permission check.
Expected Behavior
Ordinary PR comments or reviews that do not explicitly request CubeBot should not produce a failing workflow check.
If CubeBot is not requested, the workflow job should be skipped before running the Claude action.
For example:
- PR comment/review without CubeBot trigger: skipped
- Maintainer explicitly invokes CubeBot: workflow runs
- User without write access: skipped before entering the action, instead of producing a red failed check
Actual Behavior
A normal PR review/comment can trigger the workflow even when CubeBot was not requested. The Claude action then detects that no trigger phrase was matched, checks the actor permission, and fails if the actor only has read access.
This can create a misleading red check on the PR, even though the PR itself did not fail any code/test validation and did not request CubeBot.
Example log:
No trigger was met for /cubebot
Auto-detected mode: agent for event: pull_request_review
Using provided GITHUB_TOKEN for authentication
Checking permissions for actor: zyl1121
Permission level retrieved: read
Warning: Actor has insufficient permissions: read
Error: Action failed with error: Actor does not have write permissions to the repository
Error: Process completed with exit code 1.
Additional Context
The Claude action's internal write-access permission check appears to be correct, users without write access should not be allowed to run the agent.
The issue is that the GitHub Actions workflow itself is triggered too broadly, so ordinary PR comments/reviews can start the workflow job before the Claude action rejects the event. This results in false red checks on PRs.
A possible fix is to add a job-level if guard so the workflow only runs when the comment/review body explicitly contains the intended CubeBot trigger.
A possible fix is to add a job-level if guard so the workflow only runs when the comment/review body explicitly contains the intended CubeBot trigger. The guard could match the current /cubebot trigger, or use @cubebot if that is the preferred invocation style. It could also include an actor association check, such as OWNER, MEMBER, or COLLABORATOR, so unauthorized users are skipped before the Claude action starts.
Could you confirm the preferred CubeBot trigger phrase and whether an actor association check should be added at the workflow level?
Summary
The
AI Assistant / claude-responseworkflow can produce false failing checks on PRs when ordinary comments or reviews are submitted without explicitly requesting CubeBot.Environment
masterSteps to Reproduce
AI Assistant / claude-responseworkflow can still be triggered.Expected Behavior
Ordinary PR comments or reviews that do not explicitly request CubeBot should not produce a failing workflow check.
If CubeBot is not requested, the workflow job should be skipped before running the Claude action.
For example:
Actual Behavior
A normal PR review/comment can trigger the workflow even when CubeBot was not requested. The Claude action then detects that no trigger phrase was matched, checks the actor permission, and fails if the actor only has read access.
This can create a misleading red check on the PR, even though the PR itself did not fail any code/test validation and did not request CubeBot.
Example log:
Additional Context
The Claude action's internal write-access permission check appears to be correct, users without write access should not be allowed to run the agent.
The issue is that the GitHub Actions workflow itself is triggered too broadly, so ordinary PR comments/reviews can start the workflow job before the Claude action rejects the event. This results in false red checks on PRs.
A possible fix is to add a job-level if guard so the workflow only runs when the comment/review body explicitly contains the intended CubeBot trigger.
A possible fix is to add a job-level if guard so the workflow only runs when the comment/review body explicitly contains the intended CubeBot trigger. The guard could match the current
/cubebottrigger, or use@cubebotif that is the preferred invocation style. It could also include an actor association check, such asOWNER,MEMBER, orCOLLABORATOR, so unauthorized users are skipped before the Claude action starts.Could you confirm the preferred CubeBot trigger phrase and whether an actor association check should be added at the workflow level?