fix: add support for pull_request_target event #579
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…flows Add pull_request_target event support to enable Claude Code usage with forked repositories while maintaining proper security boundaries. This resolves issues with dependabot PRs and external contributions that require write permissions. Changes: - Add pull_request_target to supported GitHub events in context parsing - Update type definitions to include PullRequestTargetEvent - Modify IS_PR calculation to detect pull_request_target as PR context - Add comprehensive test coverage for pull_request_target workflows - Update documentation to reflect pull_request_target support The pull_request_target event provides the same payload structure as pull_request but runs with write permissions from the base repository, making it ideal for secure automation of external contributions. Fixes anthropics#347
ashwin-ant
approved these changes
Sep 22, 2025
Collaborator
|
Thank you! |
This was referenced Sep 25, 2025
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for pull_request_target event
Summary
This PR adds support for the
pull_request_targetGitHub event, enabling Claude Code to work with forked repositories and external contributions while maintaining propersecurity boundaries.
Problem
Users reported that Claude Code failed when triggered by
pull_request_targetevents with the error:Error: Prepare step failed with error: Unsupported event type: pull_request_target
This prevented usage with:
Solution
pull_request_targetas a supported GitHub event typePullRequestTargetEventpull_request_targetas PR contextpull_requestandpull_request_targeteventsChanges
Core Changes
src/github/context.ts: Addedpull_request_targetcase to context parsingsrc/create-prompt/index.ts: Addedpull_request_targetevent handlingsrc/create-prompt/types.ts: AddedPullRequestTargetEventtype definitionaction.yml: UpdatedIS_PRdetection to includepull_request_targetDocumentation
docs/custom-automations.md: Updated supported events listTesting
test/create-prompt.test.ts: Added test cases forpull_request_targeteventtest/pull-request-target.test.ts: Comprehensive test suite (373 lines) covering:Security Considerations
The
pull_request_targetevent runs in the context of the base repository with write permissions, making it suitable for:The implementation maintains security by using the same validation and permission checks as regular
pull_requestevents.Test Plan
pull_requestworkflowsCompatibility
This change is fully backward compatible - existing
pull_requestworkflows continue to work unchanged, whilepull_request_targetworkflows now gain Claude Code support.Closes #347
🤖 Generated with Claude Code