chore: update Claude workflows to use stable version and enhance permissions

[Crunchyman-ralph]

What type of PR is this?

• 🐛 Bug fix
• ✨ Feature
• 🔌 Integration
• 📝 Docs
• 🧹 Refactor
• Other:

Description

Related Issues

How to Test This

# Example commands or steps

Expected result:

Contributor Checklist

• Created changeset: npm run changeset
• Tests pass: npm test
• Format check passes: npm run format-check (or npm run format to fix)
• Addressed CodeRabbit comments (if any)
• Linked related issues (if any)
• Manually tested the changes

Changelog Entry

---

For Maintainers

• PR title follows conventional commits
• Target branch correct
• Labels added
• Milestone assigned (if applicable)

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflows to use the latest Claude action version.
  • Refined workflow configurations with improved environment variable handling and permission settings.
  • Enhanced automation framework for internal development processes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: c1231c6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Three GitHub Actions workflows are updated to use Claude Code Action v1 instead of beta, with environment variables added to the trigger workflow, configuration parameters refactored, and permissions elevated from read to write for content access.

Changes

Cohort / File(s)	Summary
Claude documentation workflows .github/workflows/claude-docs-trigger.yml, .github/workflows/claude-docs-updater.yml	Trigger workflow adds four environment variables (COMMIT_SHA, COMMIT_MSG, CHANGED_FILES, COMMIT_DIFF) to replace inline expressions. Updater workflow upgrades Claude Code Action from beta to v1, removes timeout/mode/experimental_allowed_domains config, replaces per-run params with claude_args, and expands prompt content with detailed task guidance.
Main Claude workflow .github/workflows/claude.yml	Elevates workflow permissions for contents, pull-requests, and issues from read to write. Updates Claude Code Action usage from beta to v1.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Action version upgrades (beta → v1) across workflows require verification of compatibility
• Environment variable refactoring in the trigger workflow should be validated for correct passing to downstream workflow
• Permission elevation changes should be reviewed for security implications

Possibly related PRs

• chore: add a bunch of automations #1132: Updates existing Claude-related workflows to use claude-action v1 and adjust inputs/env vars, directly related to the same files and action modifications in this PR.
• feat: add Claude documentation updater workflow #1130: Modifies .github/workflows/claude-docs-updater.yml to switch from beta to v1 and changes inputs/prompt, affecting the same workflow file.
• Chore: improve docs updater CI #1155: Both PRs modify the same GitHub Actions workflows (claude-docs-trigger.yml and claude-docs-updater.yml), changing how commit data is passed between trigger and updater and updating Claude action usage.

Suggested reviewers

• eyaltoledano
• maxtuzz

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: updating Claude workflows to stable v1 and enhancing permissions across three workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ralph/chore/update.claude.workflows.to.v1

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd6903f and c1231c6.

📒 Files selected for processing (3)

• .github/workflows/claude-docs-trigger.yml (1 hunks)
• .github/workflows/claude-docs-updater.yml (1 hunks)
• .github/workflows/claude.yml (2 hunks)

🧰 Additional context used

🧠 Learnings (9)

📓 Common learnings

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1444
File: apps/cli/src/utils/auto-update/changelog.ts:103-111
Timestamp: 2025-11-25T18:32:29.828Z
Learning: The claude-task-master project uses a custom changelog format with PR numbers and author acknowledgements in the pattern `- [#PR](...) Thanks [author]! - Description`, which is parsed by the regex in apps/cli/src/utils/auto-update/changelog.ts.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1232
File: packages/build-config/package.json:14-15
Timestamp: 2025-09-22T19:45:13.323Z
Learning: In the eyaltoledano/claude-task-master repository, Crunchyman-ralph intentionally omits version fields from internal packages (like tm/build-config) to prevent changesets from releasing new versions for these packages. This is the desired behavior for internal tooling packages that should not be published or versioned independently.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1232
File: packages/tm-core/package.json:50-51
Timestamp: 2025-09-22T19:45:04.337Z
Learning: In the eyaltoledano/claude-task-master project, Crunchyman-ralph intentionally omits version fields from internal/private packages in package.json files to prevent changesets from releasing new versions of these packages while still allowing them to be processed for dependency updates. The changesets warnings about missing versions are acceptable as they don't break the process and achieve the desired behavior of only releasing public packages.

Learnt from: CR
Repo: eyaltoledano/claude-task-master PR: 0
File: .cursor/rules/git_workflow.mdc:0-0
Timestamp: 2025-11-24T18:00:23.032Z
Learning: Pull Request descriptions must include: Task Overview, Subtasks Completed (checklist), Implementation Details, Testing approach, Breaking Changes (if any), and Related Tasks.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1246
File: src/ai-providers/claude-code.js:40-42
Timestamp: 2025-09-29T13:33:46.952Z
Learning: Claude Code provider should use CLAUDE_CODE_API_KEY environment variable instead of automatically picking up ANTHROPIC_API_KEY to avoid conflicts, since the ai-sdk-provider-claude-code package follows standard Anthropic patterns and prioritizes API keys over OAuth authentication, which can cause unexpected API charges.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1194
File: .github/workflows/ci.yml:31-35
Timestamp: 2025-09-09T19:13:55.652Z
Learning: The claude-task-master project has only one package-lock.json file in the entire workspace (at the root level), so cache-dependency-path configuration is unnecessary for the npm cache in GitHub Actions.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1246
File: src/ai-providers/claude-code.js:40-42
Timestamp: 2025-09-29T13:33:46.952Z
Learning: Claude Code provider should use environment variable isolation to control API key access, temporarily managing ANTHROPIC_API_KEY during client creation to prevent the ai-sdk-provider-claude-code package from automatically picking up API keys intended for other providers, while allowing explicit CLAUDE_CODE_API_KEY usage as a fallback to OAuth authentication.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1178
File: packages/tm-core/src/auth/config.ts:5-7
Timestamp: 2025-09-02T21:51:27.921Z
Learning: The user Crunchyman-ralph prefers not to use node: scheme imports (e.g., 'node:os', 'node:path') for Node.js core modules and considers suggestions to change bare imports to node: scheme as too nitpicky.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1069
File: .changeset/fix-tag-complexity-detection.md:0-0
Timestamp: 2025-08-02T15:33:22.656Z
Learning: For changeset files (.changeset/*.md), Crunchyman-ralph prefers to ignore formatting nitpicks about blank lines between frontmatter and descriptions, as he doesn't mind having them and wants to avoid such comments in future reviews.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1132
File: .github/workflows/weekly-metrics-discord.yml:81-93
Timestamp: 2025-08-13T22:10:46.958Z
Learning: Crunchyman-ralph ignores YAML formatting nitpicks about trailing spaces when there's no project-specific YAML formatter configured, preferring to focus on functionality over cosmetic formatting issues.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1132
File: .github/workflows/weekly-metrics-discord.yml:81-93
Timestamp: 2025-08-13T22:10:46.958Z
Learning: Crunchyman-ralph ignores YAML formatting nitpicks about trailing spaces when there's no project-specific YAML formatter configured, preferring to focus on functionality over cosmetic formatting issues.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1105
File: scripts/modules/supported-models.json:242-254
Timestamp: 2025-08-08T11:33:15.297Z
Learning: Preference: In scripts/modules/supported-models.json, the "name" field is optional. For OpenAI entries (e.g., "gpt-5"), Crunchyman-ralph prefers omitting "name" when the id is explicit enough; avoid nitpicks requesting a "name" in such cases.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1200
File: src/ai-providers/custom-sdk/grok-cli/language-model.js:96-100
Timestamp: 2025-09-19T16:06:42.182Z
Learning: The user Crunchyman-ralph prefers to keep environment variable names explicit (like GROK_CLI_API_KEY) rather than supporting multiple aliases, to avoid overlap and ensure clear separation between different CLI implementations.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1178
File: packages/tm-core/src/subpath-exports.test.ts:6-9
Timestamp: 2025-09-03T12:45:30.724Z
Learning: The user Crunchyman-ralph prefers to avoid overly nitpicky or detailed suggestions in code reviews, especially for test coverage of minor import paths. Focus on more substantial issues rather than comprehensive coverage of all possible edge cases.

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1217
File: apps/cli/src/index.ts:16-21
Timestamp: 2025-09-18T16:35:35.147Z
Learning: The user Crunchyman-ralph considers suggestions to export types for better ergonomics (like exporting UpdateInfo type alongside related functions) as nitpicky and prefers not to implement such suggestions.

📚 Learning: 2025-11-25T18:32:29.828Z

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1444
File: apps/cli/src/utils/auto-update/changelog.ts:103-111
Timestamp: 2025-11-25T18:32:29.828Z
Learning: The claude-task-master project uses a custom changelog format with PR numbers and author acknowledgements in the pattern `- [#PR](...) Thanks [author]! - Description`, which is parsed by the regex in apps/cli/src/utils/auto-update/changelog.ts.

Applied to files:

• .github/workflows/claude-docs-updater.yml
• .github/workflows/claude.yml

📚 Learning: 2025-08-06T21:13:05.240Z

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1091
File: assets/claude/agents/task-orchestrator.md:69-78
Timestamp: 2025-08-06T21:13:05.240Z
Learning: For Claude agent instruction files in .claude/agents/ and assets/claude/agents/ directories, ignore markdownlint issues (like MD031 blanks-around-fences, MD040 fenced-code-language, MD041 missing top-level heading) as these files follow Claude's specific agent format requirements rather than standard markdown documentation conventions.

Applied to files:

• .github/workflows/claude-docs-updater.yml

📚 Learning: 2025-11-24T18:05:23.901Z

Learnt from: CR
Repo: eyaltoledano/claude-task-master PR: 0
File: assets/AGENTS.md:0-0
Timestamp: 2025-11-24T18:05:23.901Z
Learning: Applies to assets/**/CLAUDE.md : Auto-generate CLAUDE.md at the project root to provide immediate Task Master context to Claude Code sessions

Applied to files:

• .github/workflows/claude-docs-updater.yml

📚 Learning: 2025-11-24T18:05:23.901Z

Learnt from: CR
Repo: eyaltoledano/claude-task-master PR: 0
File: assets/AGENTS.md:0-0
Timestamp: 2025-11-24T18:05:23.901Z
Learning: Applies to assets/.claude/settings.json : Configure Claude Code tool allowlist in `.claude/settings.json` to allow Task Master bash commands and MCP tools

Applied to files:

• .github/workflows/claude.yml

📚 Learning: 2025-09-29T13:33:46.952Z

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1246
File: src/ai-providers/claude-code.js:40-42
Timestamp: 2025-09-29T13:33:46.952Z
Learning: Claude Code provider should use CLAUDE_CODE_API_KEY environment variable instead of automatically picking up ANTHROPIC_API_KEY to avoid conflicts, since the ai-sdk-provider-claude-code package follows standard Anthropic patterns and prioritizes API keys over OAuth authentication, which can cause unexpected API charges.

Applied to files:

• .github/workflows/claude.yml

📚 Learning: 2025-09-29T13:33:46.952Z

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1246
File: src/ai-providers/claude-code.js:40-42
Timestamp: 2025-09-29T13:33:46.952Z
Learning: Claude Code provider should use environment variable isolation to control API key access, temporarily managing ANTHROPIC_API_KEY during client creation to prevent the ai-sdk-provider-claude-code package from automatically picking up API keys intended for other providers, while allowing explicit CLAUDE_CODE_API_KEY usage as a fallback to OAuth authentication.

Applied to files:

• .github/workflows/claude.yml

📚 Learning: 2025-09-29T13:33:46.952Z

Learnt from: Crunchyman-ralph
Repo: eyaltoledano/claude-task-master PR: 1246
File: src/ai-providers/claude-code.js:40-42
Timestamp: 2025-09-29T13:33:46.952Z
Learning: Claude Code provider should use environment variable isolation to temporarily manage ANTHROPIC_API_KEY during client creation: if CLAUDE_CODE_API_KEY is set, temporarily set ANTHROPIC_API_KEY to that value; if CLAUDE_CODE_API_KEY is not set but ANTHROPIC_API_KEY exists, temporarily unset ANTHROPIC_API_KEY to force OAuth mode. This prevents the ai-sdk-provider-claude-code package from accidentally using API keys intended for the regular Anthropic provider while still allowing explicit API key usage as a fallback.

Applied to files:

• .github/workflows/claude.yml

📚 Learning: 2025-11-24T18:05:02.114Z

Learnt from: CR
Repo: eyaltoledano/claude-task-master PR: 0
File: assets/.windsurfrules:0-0
Timestamp: 2025-11-24T18:05:02.114Z
Learning: Applies to assets/**/.env, .env.example, .env.local : Configure required environment variable ANTHROPIC_API_KEY for Claude API access

Applied to files:

• .github/workflows/claude.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Test

🔇 Additional comments (4)

.github/workflows/claude.yml (1)

22-24: Approved: v1 upgrade and permission enhancement.

The upgrade to anthropics/claude-code-action@v1 and the permission changes (contents, pull-requests, issues from read→write) are justified. The action needs write access to comment on issues and PRs in response to @claude mentions.

Also applies to: 34-34

.github/workflows/claude-docs-trigger.yml (1)

48-61: Approved: Environment variable refactoring.

The refactoring to pass commit metadata via environment variables rather than inline expressions is cleaner and reduces escaping complexity. The variable names align with the inputs expected by the downstream claude-docs-updater.yml workflow.

.github/workflows/claude-docs-updater.yml (2)

50-80: Approved: Expanded prompt and task clarity.

The detailed prompt with explicit instructions, task breakdown, and guidelines significantly improves Claude's ability to handle documentation updates correctly. The scope boundaries (user-facing changes only, no internal details) and checklist-style validation points are well-structured.

---

44-49: No action needed — v1 action fully supports the new parameters.

Verification confirms that anthropics/claude-code-action@v1 accepts both claude_args (for CLI passthrough) and prompt (for instructions). The workflow's use of claude_args: "--max-turns 30" aligns with documented API specifications.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}