Summary
The code-review@claude-code-plugins plugin runs successfully as a GitHub Actions check but does not post any PR review comments when the project's .claude/settings.json restricts tool permissions. There is no error or warning — the workflow completes with a green check, making it impossible to tell that the review output was lost.
Steps to Reproduce
-
Set up claude-code-review.yml workflow with the code-review plugin as documented:
- uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
plugins: 'code-review@claude-code-plugins'
prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
-
Have a .claude/settings.json with a restrictive permissions.allow list (e.g., only Edit and Write on specific paths — no Bash, Read, Grep, or Glob):
{
"permissions": {
"allow": [
"Edit(src/**)",
"Write(src/**)"
]
}
}
-
Open a PR. The code review workflow runs, completes successfully, but posts zero comments.
Expected Behavior
Either:
- The plugin documents its required tool permissions so users know what to add
- The plugin declares/requests the permissions it needs automatically
- The workflow surfaces a clear error when the plugin cannot post comments due to permission denials (e.g., a warning comment on the PR, or a failed check with a descriptive message)
Actual Behavior
- Workflow completes with status
success
- No PR comments are posted
- The only clue is
"permission_denials_count": 17 in the workflow logs (from the JSON result output), which is easy to miss:
{
"type": "result",
"subtype": "success",
"is_error": false,
"duration_ms": 580811,
"num_turns": 19,
"total_cost_usd": 2.08,
"permission_denials_count": 17
}
Workaround
Add a settings input to the workflow to grant the tools the plugin needs:
settings: |
{
"permissions": {
"allow": [
"Bash(gh:*)",
"Bash(git diff:*)",
"Bash(git log:*)",
"Bash(git show:*)",
"Read",
"Glob",
"Grep"
]
}
}Impact
- ~$2 per review run with no visible output
- Users have no way to know something is wrong without digging into raw workflow logs
- The
@claude mention workflow (which posts comments via the action's own code, not through Claude's tools) works fine with the same project settings, making the discrepancy confusing
Summary
The
code-review@claude-code-pluginsplugin runs successfully as a GitHub Actions check but does not post any PR review comments when the project's.claude/settings.jsonrestricts tool permissions. There is no error or warning — the workflow completes with a green check, making it impossible to tell that the review output was lost.Steps to Reproduce
Set up
claude-code-review.ymlworkflow with the code-review plugin as documented:Have a
.claude/settings.jsonwith a restrictivepermissions.allowlist (e.g., onlyEditandWriteon specific paths — noBash,Read,Grep, orGlob):{ "permissions": { "allow": [ "Edit(src/**)", "Write(src/**)" ] } }Open a PR. The code review workflow runs, completes successfully, but posts zero comments.
Expected Behavior
Either:
Actual Behavior
success"permission_denials_count": 17in the workflow logs (from the JSON result output), which is easy to miss:{ "type": "result", "subtype": "success", "is_error": false, "duration_ms": 580811, "num_turns": 19, "total_cost_usd": 2.08, "permission_denials_count": 17 }Workaround
Add a
settingsinput to the workflow to grant the tools the plugin needs:Impact
@claudemention workflow (which posts comments via the action's own code, not through Claude's tools) works fine with the same project settings, making the discrepancy confusing