From bcb589cc9e301816f8eed451eac440914fc1fd89 Mon Sep 17 00:00:00 2001
From: Olaoluwa Osuntokun <laolu32@gmail.com>
Date: Thu, 29 Jan 2026 13:30:41 -0400
Subject: [PATCH 1/2] workflows/claude: fix PR checkout for fork PRs

When a PR originates from a fork, the PR branch doesn't exist in the
origin remote. This adds a step that uses `gh pr checkout` before
running the Claude action, which properly handles fork PRs by adding
the fork as a remote and fetching the branch from there.
---
 .github/workflows/claude.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
index d300267f18..d211eb03d3 100644
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -30,6 +30,18 @@ jobs:
         with:
           fetch-depth: 1
 
+      - name: Checkout PR branch (handles fork PRs)
+        if: github.event.issue.pull_request || github.event_name == 'pull_request_review_comment' || github.event_name == 'pull_request_review'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          if [ "${{ github.event_name }}" = "issue_comment" ]; then
+            PR_NUMBER=${{ github.event.issue.number }}
+          else
+            PR_NUMBER=${{ github.event.pull_request.number }}
+          fi
+          gh pr checkout "$PR_NUMBER"
+
       - name: Run Claude Code
         id: claude
         uses: anthropics/claude-code-action@v1

From a77b9d9b89e643a10be457cf03bf9e7b64f34bd9 Mon Sep 17 00:00:00 2001
From: Olaoluwa Osuntokun <laolu32@gmail.com>
Date: Thu, 29 Jan 2026 15:57:18 -0400
Subject: [PATCH 2/2] workflows/pr-severity: allow non-write users for
 classification

The PR severity classifier was failing for external contributors because
the claude-code-action checks that the actor has write permissions. Since
this workflow only reads PR metadata via the API and doesn't execute any
code from the PR (and has restricted tool permissions), it's safe to allow
any user to trigger classification.
---
 .github/workflows/pr-severity.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/pr-severity.yml b/.github/workflows/pr-severity.yml
index cfce023de9..dcf6677dd1 100644
--- a/.github/workflows/pr-severity.yml
+++ b/.github/workflows/pr-severity.yml
@@ -37,6 +37,11 @@ jobs:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ secrets.PR_SEVERITY_BOT_TOKEN }}
 
+          # Allow any user since this workflow only reads PR metadata via API
+          # and doesn't execute any code from the PR. Tool permissions are
+          # restricted to gh pr commands only.
+          allowed_non_write_users: "*"
+
           # Allow Claude to manage labels and post comments.
           # Keep permissions minimal to limit prompt injection risk.
           claude_args: --allowedTools "Bash(gh pr view:*)" "Bash(gh pr edit:*)" "Bash(gh pr comment:*)"