Skip to content

ci(triage-skill): Allow Write and remove rm permission #19397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
s1gr1d merged 1 commit into from
Feb 19, 2026
Merged

ci(triage-skill): Allow Write and remove rm permission #19397

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 8 additions & 9 deletions .claude/skills/triage-issue/SKILL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,26 +120,25 @@ If the issue is complex or the fix is unclear, skip this section and instead not

The script reads `LINEAR_CLIENT_ID` and `LINEAR_CLIENT_SECRET` from environment variables (set from GitHub Actions secrets), obtains an OAuth token, checks for duplicate triage comments, and posts the comment.
1. **Write the report body to a file** using the Write tool (not Bash). This keeps markdown completely out of shell.
- **In CI:** Write to `triage_report.md` in the repository root. The CI sandbox only allows writes inside the working directory; `/tmp` and Bash output redirection are blocked.
- **Locally:** You may use `/tmp/triage_report.md` or `triage_report.md` in the repo root.
You may use `/tmp/triage_report.md` or `triage_report.md` in the repo root to write the file.

2. **Run the script:**
Be aware that the directory structure and script path may differ between local and CI environments. Adjust accordingly.

```bash
python3 .claude/skills/triage-issue/assets/post_linear_comment.py "JS-XXXX" "triage_report.md"
```

(Use the same path you wrote to: `triage_report.md` in CI, or `/tmp/triage_report.md` locally if you used that.)

If the script fails (non-zero exit), fall back to printing the full report to the terminal.
If the script fails (non-zero exit), fall back to printing the full report to the terminal. Print the current working directory so it's clear where the script was run.

Clean up after:
3. **Not CI? Cleanup**
When run locally, without `--ci` flag, clean up after:

```bash
rm -f triage_report.md
```

(In CI only `triage_report.md` in the repo root is writable; use that path for write, script, and rm.)
```bash
rm -f tmp/triage_report.md
Copy link

@cursor cursor bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cleanup path missing leading slash for /tmp

Low Severity

The cleanup command rm -f tmp/triage_report.md uses a relative path, which refers to a tmp/ subdirectory of the working directory. The file is actually written to /tmp/triage_report.md (absolute path, per line 123 and 132). The missing leading / means the cleanup will silently fail to delete the temp file when running locally.

Fix in Cursor Fix in Web

```
Copy link

@cursor cursor bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cleanup step is logically unreachable due to contradictory condition

Low Severity

The new cleanup step 3 ("Not CI? Cleanup") is nested inside Step 8c, which only executes when --ci is set. But the step's condition says it applies "without --ci flag." Without --ci, Step 8c is never reached (default mode just prints to terminal and writes no file). With --ci, the condition tells Claude to skip cleanup. This makes cleanup completely unreachable. The old instructions performed cleanup unconditionally within Step 8c.

Fix in Cursor Fix in Web


## Important Rules

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/triage-issue.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,4 +68,4 @@ jobs:
/triage-issue ${{ steps.parse-issue.outputs.issue_number }} --ci
IMPORTANT: Do NOT wait for approval.
claude_args: |
--max-turns 20 --allowedTools "Write(~/triage_report.md),Bash(gh api *),Bash(gh pr list *),Bash(python3 .claude/skills/triage-issue/assets/post_linear_comment.py *),Bash(rm -f triage_report.md)"
--max-turns 20 --allowedTools "Write,Bash(gh api *),Bash(gh pr list *),Bash(python3 .claude/skills/triage-issue/assets/post_linear_comment.py *)"
Loading