Problem
When a PR modifies files under .claude/, the action's security restore overwrites them with the base branch version before the CLI runs.
This creates two problems:
- Changes to .claude/ are never reviewed
A PR can add arbitrary content to .claude/ (hooks, MCP configs, agent specs) and it will never be reviewed by any agent running through the action. Once the PR merges, the content becomes "trusted" without ever having been inspected.
- Documentation review produces false findings
When a review agent checks .claude/CLAUDE.md for accuracy, it reads the base branch version but compares against the PR's actual code.
If the PR fixes documentation issues, the review keeps flagging the old content — an unresolvable loop.
Root cause
restore-config.ts conflates two concerns:
- Execution safety: Don't execute hooks/MCP/tool permissions from untrusted PR code (correct)
- File visibility: Review agents should be able to read the PR's .claude/ files (currently blocked)
Suggested approach
Preserve the PR's .claude/ files in a read-only location (e.g., .claude-pr/) so review agents can inspect what the PR changes, while continuing to use the base branch .claude/ for execution.
Problem
When a PR modifies files under .claude/, the action's security restore overwrites them with the base branch version before the CLI runs.
This creates two problems:
A PR can add arbitrary content to .claude/ (hooks, MCP configs, agent specs) and it will never be reviewed by any agent running through the action. Once the PR merges, the content becomes "trusted" without ever having been inspected.
When a review agent checks .claude/CLAUDE.md for accuracy, it reads the base branch version but compares against the PR's actual code.
If the PR fixes documentation issues, the review keeps flagging the old content — an unresolvable loop.
Root cause
restore-config.ts conflates two concerns:
Suggested approach
Preserve the PR's .claude/ files in a read-only location (e.g., .claude-pr/) so review agents can inspect what the PR changes, while continuing to use the base branch .claude/ for execution.