From 2e85111229847b4e84393a9d721d7a668178e079 Mon Sep 17 00:00:00 2001
From: shrwnsan <38465+shrwnsan@users.noreply.github.com>
Date: Wed, 7 Jan 2026 19:43:56 +0800
Subject: [PATCH] fix: restrict GitHub Actions wildcard permissions to current
 PR

Scope gh pr comment permissions to only the PR being reviewed
by using PR number variable instead of wildcard. Prevents
compromised workflow token from commenting on arbitrary PRs.

Resolves #2

Co-Authored-By: GLM <zai-org@users.noreply.github.com>
---
 .github/workflows/claude-code-review.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
index 205b0fe..001199e 100644
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -53,5 +53,5 @@ jobs:
 
           # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
           # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
-          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
+          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment ${{ github.event.pull_request.number }}:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'