Summary
The FAQ entry Why won't Claude rebase my branch? tells users they can grant rebase capability by adding --allowedTools "Bash(git rebase:*)" to claude_args. This does not work — Claude still refuses every rebase request with the canned "I can only create and push commits" message, even when the tool is explicitly allowed.
Root cause
src/create-prompt/index.ts:848 unconditionally injects this line into Claude's system prompt:
- Perform branch operations (cannot merge branches, rebase, or perform other git operations beyond creating and pushing commits)
There is no conditional based on the contents of --allowedTools. The model follows the system prompt rather than its tool list. The system prompt's softer override clause — "If a user asks for something outside these capabilities (and you have no other tools provided), politely explain..." — is apparently the intended escape hatch, but it's too vague for the model to act on, and there's no machinery in the action to actually conditionalize the CANNOT bullet.
Reproduction
Workflow:
- uses: anthropics/claude-code-action@v1.0.112
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
use_commit_signing: "true"
claude_args: |
--model claude-opus-4-6
--allowedTools "Bash(git:*)"
--allowedTools "Bash(git rebase:*)"
Comment on a PR: @claude rebase
Result: canned refusal. Model's own reasoning trace (visible in the run log):
"thinking": "The user is asking me to rebase the PR branch onto develop. Let me check
my capabilities - according to the instructions, I cannot perform branch operations
like rebase. Let me update the comment to explain this limitation and provide a
workaround."
Receipt run: https://github.com/ProdigyEMS/prodigy/actions/runs/25382815592 (private repo, but the relevant evidence is excerpted above).
Suggested fix
Make the CANNOT bullet conditional on --allowedTools. Two reasonable shapes:
Option A — fix the existing pattern:
Drop the bullet from the system prompt when the user has explicitly opted in via Bash(git rebase:*) (or a wildcard like Bash(git:*) paired with intent). Pros: backwards-compatible, FAQ already documents this exact opt-in. Cons: requires parsing claude_args to detect intent.
Option B — add a dedicated input:
Add an enable_branch_operations: true (or similar) action input. When set, omit the CANNOT bullet and add a CAN-do counterpart. Pros: explicit, easy to detect. Cons: another input surface, FAQ would need updating.
Either way, also worth updating the FAQ entry to reflect the actual mechanism — multiple users (myself included) have followed the current FAQ guidance and assumed it was working.
Workaround for users in the meantime
The action's own bot suggests it: rebase locally, or use a CLI-side skill (e.g. Claude Code CLI's /rebase-pr if you have it set up). The GitHub Action route is currently a dead end for rebases.
Summary
The FAQ entry Why won't Claude rebase my branch? tells users they can grant rebase capability by adding
--allowedTools "Bash(git rebase:*)"toclaude_args. This does not work — Claude still refuses every rebase request with the canned "I can only create and push commits" message, even when the tool is explicitly allowed.Root cause
src/create-prompt/index.ts:848unconditionally injects this line into Claude's system prompt:There is no conditional based on the contents of
--allowedTools. The model follows the system prompt rather than its tool list. The system prompt's softer override clause — "If a user asks for something outside these capabilities (and you have no other tools provided), politely explain..." — is apparently the intended escape hatch, but it's too vague for the model to act on, and there's no machinery in the action to actually conditionalize the CANNOT bullet.Reproduction
Workflow:
Comment on a PR:
@claude rebaseResult: canned refusal. Model's own reasoning trace (visible in the run log):
Receipt run: https://github.com/ProdigyEMS/prodigy/actions/runs/25382815592 (private repo, but the relevant evidence is excerpted above).
Suggested fix
Make the CANNOT bullet conditional on
--allowedTools. Two reasonable shapes:Option A — fix the existing pattern:
Drop the bullet from the system prompt when the user has explicitly opted in via
Bash(git rebase:*)(or a wildcard likeBash(git:*)paired with intent). Pros: backwards-compatible, FAQ already documents this exact opt-in. Cons: requires parsingclaude_argsto detect intent.Option B — add a dedicated input:
Add an
enable_branch_operations: true(or similar) action input. When set, omit the CANNOT bullet and add a CAN-do counterpart. Pros: explicit, easy to detect. Cons: another input surface, FAQ would need updating.Either way, also worth updating the FAQ entry to reflect the actual mechanism — multiple users (myself included) have followed the current FAQ guidance and assumed it was working.
Workaround for users in the meantime
The action's own bot suggests it: rebase locally, or use a CLI-side skill (e.g. Claude Code CLI's
/rebase-prif you have it set up). The GitHub Action route is currently a dead end for rebases.