refactor: unify action into single composite step with run.ts entrypoint

CLAUDE.md

@@ -1,136 +1,44 @@
 # CLAUDE.md
 
-This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
-
-## Development Tools
-
-- Runtime: Bun 1.2.11
-- TypeScript with strict configuration
-
-## Common Development Tasks
-
-### Available npm/bun scripts from package.json:
+## Commands
 
 ```bash
-# Test
-bun test
-
-# Formatting
-bun run format          # Format code with prettier
-bun run format:check    # Check code formatting
-
-# Type checking
-bun run typecheck       # Run TypeScript type checker
+bun test                # Run tests
+bun run typecheck       # TypeScript type checking
+bun run format          # Format with prettier
+bun run format:check    # Check formatting
 ```
 
-## Architecture Overview
-
-This is a GitHub Action that enables Claude to interact with GitHub PRs and issues. The action operates in two main phases:
-
-### Phase 1: Preparation (`src/entrypoints/prepare.ts`)
-
-1. **Authentication Setup**: Establishes GitHub token via OIDC or GitHub App
-2. **Permission Validation**: Verifies actor has write permissions
-3. **Trigger Detection**: Uses mode-specific logic to determine if Claude should respond
-4. **Context Creation**: Prepares GitHub context and initial tracking comment
-
-### Phase 2: Execution (`base-action/`)
-
-The `base-action/` directory contains the core Claude Code execution logic, which serves a dual purpose:
-
-- **Standalone Action**: Published separately as `@anthropic-ai/claude-code-base-action` for direct use
-- **Inner Logic**: Used internally by this GitHub Action after preparation phase completes
-
-Execution steps:
+## What This Is
 
-1. **MCP Server Setup**: Installs and configures GitHub MCP server for tool access
-2. **Prompt Generation**: Creates context-rich prompts from GitHub data
-3. **Claude Integration**: Executes via multiple providers (Anthropic API, AWS Bedrock, Google Vertex AI)
-4. **Result Processing**: Updates comments and creates branches/PRs as needed
-
-### Key Architectural Components
-
-#### Mode System (`src/modes/`)
-
-- **Tag Mode** (`tag/`): Responds to `@claude` mentions and issue assignments
-- **Agent Mode** (`agent/`): Direct execution when explicit prompt is provided
-- Extensible registry pattern in `modes/registry.ts`
-
-#### GitHub Integration (`src/github/`)
-
-- **Context Parsing** (`context.ts`): Unified GitHub event handling
-- **Data Fetching** (`data/fetcher.ts`): Retrieves PR/issue data via GraphQL/REST
-- **Data Formatting** (`data/formatter.ts`): Converts GitHub data to Claude-readable format
-- **Branch Operations** (`operations/branch.ts`): Handles branch creation and cleanup
-- **Comment Management** (`operations/comments/`): Creates and updates tracking comments
-
-#### MCP Server Integration (`src/mcp/`)
-
-- **GitHub Actions Server** (`github-actions-server.ts`): Workflow and CI access
-- **GitHub Comment Server** (`github-comment-server.ts`): Comment operations
-- **GitHub File Operations** (`github-file-ops-server.ts`): File system access
-- Auto-installation and configuration in `install-mcp-server.ts`
-
-#### Authentication & Security (`src/github/`)
-
-- **Token Management** (`token.ts`): OIDC token exchange and GitHub App authentication
-- **Permission Validation** (`validation/permissions.ts`): Write access verification
-- **Actor Validation** (`validation/actor.ts`): Human vs bot detection
-
-### Project Structure
-
-```
-src/
-├── entrypoints/           # Action entry points
-│   ├── prepare.ts         # Main preparation logic
-│   ├── update-comment-link.ts  # Post-execution comment updates
-│   └── format-turns.ts    # Claude conversation formatting
-├── github/               # GitHub integration layer
-│   ├── api/              # REST/GraphQL clients
-│   ├── data/             # Data fetching and formatting
-│   ├── operations/       # Branch, comment, git operations
-│   ├── validation/       # Permission and trigger validation
-│   └── utils/            # Image downloading, sanitization
-├── modes/                # Execution modes
-│   ├── tag/              # @claude mention mode
-│   ├── agent/            # Automation mode
-│   └── registry.ts       # Mode selection logic
-├── mcp/                  # MCP server implementations
-├── prepare/              # Preparation orchestration
-└── utils/                # Shared utilities
-```
+A GitHub Action that lets Claude respond to `@claude` mentions on issues/PRs (tag mode) or run tasks via `prompt` input (agent mode). Mode is auto-detected: if `prompt` is provided, it's agent mode; if triggered by a comment/issue event with `@claude`, it's tag mode. See `src/modes/registry.ts`.
 
-## Important Implementation Notes
+## How It Runs
 
-### Authentication Flow
+Single entrypoint: `src/entrypoints/run.ts` orchestrates everything — prepare (auth, permissions, trigger check, branch/comment creation), install Claude Code CLI, execute Claude via `base-action/` functions (imported directly, not subprocess), then cleanup (update tracking comment, write step summary). SSH signing cleanup and token revocation are separate `always()` steps in `action.yml`.
 
-- Uses GitHub OIDC token exchange for secure authentication
-- Supports custom GitHub Apps via `APP_ID` and `APP_PRIVATE_KEY`
-- Falls back to official Claude GitHub App if no custom app provided
+`base-action/` is also published standalone as `@anthropic-ai/claude-code-base-action`. Don't break its public API. It reads config from `INPUT_`-prefixed env vars (set by `action.yml`), not from action inputs directly.
 
-### MCP Server Architecture
+## Key Concepts
 
-- Each MCP server has specific GitHub API access patterns
-- Servers are auto-installed in `~/.claude/mcp/github-{type}-server/`
-- Configuration merged with user-provided MCP config via `mcp_config` input
+**Auth priority**: `github_token` input (user-provided) > GitHub App OIDC token (default). The `claude_code_oauth_token` and `anthropic_api_key` are for the Claude API, not GitHub. Token setup lives in `src/github/token.ts`.
 
-### Mode System Design
+**Mode lifecycle**: Modes implement `shouldTrigger()` → `prepare()` → `prepareContext()` → `getSystemPrompt()`. The registry in `src/modes/registry.ts` picks the mode based on event type and inputs. To add a new mode, implement the `Mode` type from `src/modes/types.ts` and register it.
 
-- Modes implement `Mode` interface with `shouldTrigger()` and `prepare()` methods
-- Registry validates mode compatibility with GitHub event types
-- Agent mode triggers when explicit prompt is provided
+**Prompt construction**: `src/prepare/` builds the prompt by fetching GitHub data (`src/github/data/fetcher.ts`), formatting it as markdown (`src/github/data/formatter.ts`), and writing it to a temp file. The prompt includes issue/PR body, comments, diff, and CI status. This is the most important part of the action — it's what Claude sees.
 
-### Comment Threading
+## Things That Will Bite You
 
-- Single tracking comment updated throughout execution
-- Progress indicated via dynamic checkboxes
-- Links to job runs and created branches/PRs
-- Sticky comment option for consolidated PR comments
+- **Strict TypeScript**: `noUnusedLocals` and `noUnusedParameters` are enabled. Typecheck will fail on unused variables.
+- **Discriminated unions for GitHub context**: `GitHubContext` is a union type — call `isEntityContext(context)` before accessing entity-specific fields like `context.issue` or `context.pullRequest`.
+- **Token lifecycle matters**: The GitHub App token is obtained early and revoked in a separate `always()` step in `action.yml`. If you move token revocation into `run.ts`, it won't run if the process crashes. Same for SSH signing cleanup.
+- **Error phase attribution**: The catch block in `run.ts` uses `prepareCompleted` to distinguish prepare failures from execution failures. The tracking comment shows different messages for each.
+- **`action.yml` outputs reference step IDs**: Outputs like `execution_file`, `branch_name`, `github_token` reference `steps.run.outputs.*`. If you rename the step ID, update the outputs section too.
+- **Integration testing** happens in a separate repo (`install-test`), not here. The tests in this repo are unit tests.
 
 ## Code Conventions
 
-- Use Bun-specific TypeScript configuration with `moduleResolution: "bundler"`
-- Strict TypeScript with `noUnusedLocals` and `noUnusedParameters` enabled
-- Prefer explicit error handling with detailed error messages
-- Use discriminated unions for GitHub context types
-- Implement retry logic for GitHub API operations via `utils/retry.ts`
+- Runtime is Bun, not Node. Use `bun test`, not `jest`.
+- `moduleResolution: "bundler"` — imports don't need `.js` extensions.
+- GitHub API calls should use retry logic (`src/utils/retry.ts`).
+- MCP servers are auto-installed at runtime to `~/.claude/mcp/github-{type}-server/`.

action.yml

@@ -137,19 +137,19 @@ inputs:
 outputs:
   execution_file:
     description: "Path to the Claude Code execution output file"
-    value: ${{ steps.claude-code.outputs.execution_file }}
+    value: ${{ steps.run.outputs.execution_file }}
   branch_name:
     description: "The branch created by Claude Code for this execution"
-    value: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
+    value: ${{ steps.run.outputs.branch_name }}
   github_token:
     description: "The GitHub token used by the action (Claude App token if available)"
-    value: ${{ steps.prepare.outputs.github_token }}
+    value: ${{ steps.run.outputs.github_token }}
   structured_output:
     description: "JSON string containing all structured output fields when --json-schema is provided in claude_args. Use fromJSON() to parse: fromJSON(steps.id.outputs.structured_output).field_name"
-    value: ${{ steps.claude-code.outputs.structured_output }}
+    value: ${{ steps.run.outputs.structured_output }}
   session_id:
     description: "The Claude Code session ID that can be used with --resume to continue this conversation"
-    value: ${{ steps.claude-code.outputs.session_id }}
+    value: ${{ steps.run.outputs.session_id }}
 
 runs:
   using: "composite"
@@ -178,12 +178,13 @@ runs:
         cd ${GITHUB_ACTION_PATH}
         bun install
 
-    - name: Prepare action
-      id: prepare
+    - name: Run Claude Code Action
+      id: run
       shell: bash
       run: |
-        bun run ${GITHUB_ACTION_PATH}/src/entrypoints/prepare.ts
+        bun run ${GITHUB_ACTION_PATH}/src/entrypoints/run.ts
       env:
+        # Prepare inputs
         MODE: ${{ inputs.mode }}
         PROMPT: ${{ inputs.prompt }}
         TRIGGER_PHRASE: ${{ inputs.trigger_phrase }}
@@ -210,73 +211,19 @@ runs:
         CLAUDE_ARGS: ${{ inputs.claude_args }}
         ALL_INPUTS: ${{ toJson(inputs) }}
 
-    - name: Install Base Action Dependencies
-      if: steps.prepare.outputs.contains_trigger == 'true'
-      shell: bash
-      env:
-        PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
-      run: |
-        echo "Installing base-action dependencies..."
-        cd ${GITHUB_ACTION_PATH}/base-action
-        bun install
-        echo "Base-action dependencies installed"
-        cd -
-
-        # Install Claude Code if no custom executable is provided
-        if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
-          CLAUDE_CODE_VERSION="2.1.31"
-          echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
-          for attempt in 1 2 3; do
-            echo "Installation attempt $attempt..."
-            if command -v timeout &> /dev/null; then
-              # Use --foreground to kill entire process group on timeout, --kill-after to send SIGKILL if SIGTERM fails
-              timeout --foreground --kill-after=10 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
-            else
-              curl -fsSL https://claude.ai/install.sh | bash -s -- "$CLAUDE_CODE_VERSION" && break
-            fi
-            if [ $attempt -eq 3 ]; then
-              echo "Failed to install Claude Code after 3 attempts"
-              exit 1
-            fi
-            echo "Installation failed, retrying..."
-            sleep 5
-          done
-          echo "Claude Code installed successfully"
-          echo "$HOME/.local/bin" >> "$GITHUB_PATH"
-        else
-          echo "Using custom Claude Code executable: $PATH_TO_CLAUDE_CODE_EXECUTABLE"
-          # Add the directory containing the custom executable to PATH
-          CLAUDE_DIR=$(dirname "$PATH_TO_CLAUDE_CODE_EXECUTABLE")
-          echo "$CLAUDE_DIR" >> "$GITHUB_PATH"
-        fi
-
-    - name: Run Claude Code
-      id: claude-code
-      if: steps.prepare.outputs.contains_trigger == 'true'
-      shell: bash
-      run: |
-
-        # Run the base-action
-        bun run ${GITHUB_ACTION_PATH}/base-action/src/index.ts
-      env:
         # Base-action inputs
-        CLAUDE_CODE_ACTION: "1"
         INPUT_PROMPT_FILE: ${{ runner.temp }}/claude-prompts/claude-prompt.txt
         INPUT_SETTINGS: ${{ inputs.settings }}
-        INPUT_CLAUDE_ARGS: ${{ steps.prepare.outputs.claude_args }}
         INPUT_EXPERIMENTAL_SLASH_COMMANDS_DIR: ${{ github.action_path }}/slash-commands
-        INPUT_ACTION_INPUTS_PRESENT: ${{ steps.prepare.outputs.action_inputs_present }}
         INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
         INPUT_PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }}
         INPUT_SHOW_FULL_OUTPUT: ${{ inputs.show_full_output }}
         INPUT_PLUGINS: ${{ inputs.plugins }}
         INPUT_PLUGIN_MARKETPLACES: ${{ inputs.plugin_marketplaces }}
+        PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
 
         # Model configuration
-        GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
-        GH_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
         NODE_VERSION: ${{ env.NODE_VERSION }}
-        DETAILED_PERMISSION_MESSAGES: "1"
 
         # Provider configuration
         ANTHROPIC_API_KEY: ${{ inputs.anthropic_api_key }}
@@ -324,62 +271,19 @@ runs:
         OTEL_LOGS_EXPORT_INTERVAL: ${{ env.OTEL_LOGS_EXPORT_INTERVAL }}
         OTEL_RESOURCE_ATTRIBUTES: ${{ env.OTEL_RESOURCE_ATTRIBUTES }}
 
-    - name: Update comment with job link
-      if: steps.prepare.outputs.contains_trigger == 'true' && steps.prepare.outputs.claude_comment_id && always()
-      shell: bash
-      run: |
-        bun run ${GITHUB_ACTION_PATH}/src/entrypoints/update-comment-link.ts
-      env:
-        REPOSITORY: ${{ github.repository }}
-        PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }}
-        CLAUDE_COMMENT_ID: ${{ steps.prepare.outputs.claude_comment_id }}
-        GITHUB_RUN_ID: ${{ github.run_id }}
-        GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
-        GH_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
-        GITHUB_EVENT_NAME: ${{ github.event_name }}
-        TRIGGER_COMMENT_ID: ${{ github.event.comment.id }}
-        CLAUDE_BRANCH: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
-        IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_target' || github.event_name == 'pull_request_review_comment' }}
-        BASE_BRANCH: ${{ steps.prepare.outputs.BASE_BRANCH }}
-        CLAUDE_SUCCESS: ${{ steps.claude-code.outputs.conclusion == 'success' }}
-        OUTPUT_FILE: ${{ steps.claude-code.outputs.execution_file || '' }}
-        TRIGGER_USERNAME: ${{ github.event.comment.user.login || github.event.issue.user.login || github.event.pull_request.user.login || github.event.sender.login || github.triggering_actor || github.actor || '' }}
-        PREPARE_SUCCESS: ${{ steps.prepare.outcome == 'success' }}
-        PREPARE_ERROR: ${{ steps.prepare.outputs.prepare_error || '' }}
-        USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
-        USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
-        TRACK_PROGRESS: ${{ inputs.track_progress }}
-
-    - name: Display Claude Code Report
-      if: steps.prepare.outputs.contains_trigger == 'true' && steps.claude-code.outputs.execution_file != ''
-      shell: bash
-      run: |
-        # Try to format the turns, but if it fails, dump the raw JSON
-        if bun run ${{ github.action_path }}/src/entrypoints/format-turns.ts "${{ steps.claude-code.outputs.execution_file }}" >> $GITHUB_STEP_SUMMARY 2>/dev/null; then
-          echo "Successfully formatted Claude Code report"
-        else
-          echo "## Claude Code Report (Raw Output)" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "Failed to format output (please report). Here's the raw JSON:" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo '```json' >> $GITHUB_STEP_SUMMARY
-          cat "${{ steps.claude-code.outputs.execution_file }}" >> $GITHUB_STEP_SUMMARY
-          echo '```' >> $GITHUB_STEP_SUMMARY
-        fi
-
     - name: Cleanup SSH signing key
       if: always() && inputs.ssh_signing_key != ''
       shell: bash
       run: |
         bun run ${GITHUB_ACTION_PATH}/src/entrypoints/cleanup-ssh-signing.ts
 
     - name: Revoke app token
-      if: always() && inputs.github_token == '' && steps.prepare.outputs.skipped_due_to_workflow_validation_mismatch != 'true'
+      if: always() && inputs.github_token == '' && steps.run.outputs.skipped_due_to_workflow_validation_mismatch != 'true'
       shell: bash
       run: |
         curl -L \
           -X DELETE \
           -H "Accept: application/vnd.github+json" \
-          -H "Authorization: Bearer ${{ steps.prepare.outputs.GITHUB_TOKEN }}" \
+          -H "Authorization: Bearer ${{ steps.run.outputs.github_token }}" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
           ${GITHUB_API_URL:-https://api.github.com}/installation/token

base-action/src/index.ts

@@ -28,7 +28,7 @@ async function run() {
       promptFile: process.env.INPUT_PROMPT_FILE || "",
     });
 
-    await runClaude(promptConfig.path, {
+    const result = await runClaude(promptConfig.path, {
       claudeArgs: process.env.INPUT_CLAUDE_ARGS,
       allowedTools: process.env.INPUT_ALLOWED_TOOLS,
       disallowedTools: process.env.INPUT_DISALLOWED_TOOLS,
@@ -42,6 +42,18 @@ async function run() {
         process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE,
       showFullOutput: process.env.INPUT_SHOW_FULL_OUTPUT,
     });
+
+    // Set outputs for the standalone base-action
+    core.setOutput("conclusion", result.conclusion);
+    if (result.executionFile) {
+      core.setOutput("execution_file", result.executionFile);
+    }
+    if (result.sessionId) {
+      core.setOutput("session_id", result.sessionId);
+    }
+    if (result.structuredOutput) {
+      core.setOutput("structured_output", result.structuredOutput);
+    }
   } catch (error) {
     core.setFailed(`Action failed with error: ${error}`);
     core.setOutput("conclusion", "failure");