From 7b93441814ce61030d3d183c0f4abda569db01f0 Mon Sep 17 00:00:00 2001
From: Olaoluwa Osuntokun <laolu32@gmail.com>
Date: Tue, 3 Feb 2026 10:22:56 -0800
Subject: [PATCH] ci: add tool constraints to pr-severity prompt

Claude keeps trying to use `gh api` to add severity labels, which gets
denied by the allowed tools restriction. Instead of retrying with the
permitted `gh pr edit --add-label` command, it silently gives up and
only posts the comment. The result is that severity comments appear on
PRs but the actual labels are never applied.

Add an explicit tool constraints section at the top of the prompt so
Claude knows upfront that only `gh pr view`, `gh pr edit`, and
`gh pr comment` are available.
---
 .github/workflows/pr-severity.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/pr-severity.yml b/.github/workflows/pr-severity.yml
index dcf6677dd1..10c672d96e 100644
--- a/.github/workflows/pr-severity.yml
+++ b/.github/workflows/pr-severity.yml
@@ -49,6 +49,18 @@ jobs:
           prompt: |
             You are a PR severity classifier for the lnd (Lightning Network Daemon) repository.
 
+            ## Tool Constraints
+
+            You ONLY have access to these commands:
+            - `gh pr view` - to read PR metadata
+            - `gh pr edit` - to add/remove labels
+            - `gh pr comment` - to post comments
+
+            You do NOT have access to `gh api`, `gh label`, or any other
+            `gh` subcommand. Do not attempt to use them. For ALL label
+            operations, use `gh pr edit` with `--add-label` or
+            `--remove-label`.
+
             ## Your Task
 
             Analyze PR #${{ github.event.pull_request.number }} and: