Check comment author for organization membership in both issue-fix and issue-analyze modes

Author: phernandez

.github/workflows/claude-full.yml

@@ -49,12 +49,14 @@ jobs:
         run: |
           ISSUE_NUMBER="${{ github.event.issue.number }}"
           FEEDBACK="${{ github.event.comment.body }}"
+          COMMENT_AUTHOR="${{ github.event.comment.user.login }}"
           # Remove the "claude:" prefix
           FEEDBACK="${FEEDBACK#claude:}"
           # Remove newlines from feedback to prevent GitHub Actions output issues
           FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')"
           echo "number=${ISSUE_NUMBER}" >> $GITHUB_OUTPUT
           echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT
+          echo "comment_author=${COMMENT_AUTHOR}" >> $GITHUB_OUTPUT
       
       - name: Process with Claude Code for issue analysis
         uses: basicmachines-co/[email protected]
@@ -68,6 +70,7 @@ jobs:
           anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
           github-token: ${{ github.token }}
           personal-access-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          comment-author: ${{ steps.issue.outputs.comment_author }}
 
       - name: Upload claude output artifacts
         if: always()
@@ -105,12 +108,14 @@ jobs:
         run: |
           ISSUE_NUMBER="${{ github.event.issue.number }}"
           FEEDBACK="${{ github.event.comment.body }}"
+          COMMENT_AUTHOR="${{ github.event.comment.user.login }}"
           # Remove the "claude-fix:" prefix
           FEEDBACK="${FEEDBACK#claude-fix:}"
           # Remove newlines from feedback to prevent GitHub Actions output issues
           FEEDBACK_CLEANED="$(echo "$FEEDBACK" | tr '\n' ' ')"
           echo "number=${ISSUE_NUMBER}" >> $GITHUB_OUTPUT
           echo "feedback=${FEEDBACK_CLEANED}" >> $GITHUB_OUTPUT
+          echo "comment_author=${COMMENT_AUTHOR}" >> $GITHUB_OUTPUT
       
       - name: Process with Claude Code for issue fix
         uses: basicmachines-co/[email protected]
@@ -126,6 +131,7 @@ jobs:
           anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
           github-token: ${{ github.token }}
           personal-access-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          comment-author: ${{ steps.issue.outputs.comment_author }}
 
       - name: Upload claude output artifacts
         if: always()

action.yml

@@ -65,6 +65,9 @@ inputs:
   personal-access-token:
     description: 'Optional personal access token for commits, to override the default GitHub token'
     required: false
+  comment-author:
+    description: 'The GitHub username of the person who made the comment'
+    required: false
   output-file:
     description: 'Path to write the output to (for direct mode)'
     required: false
@@ -121,11 +124,11 @@ runs:
       shell: bash
       run: |
         chmod +x ${{ github.action_path }}/scripts/issue-fix-mode.sh
-        ${{ github.action_path }}/scripts/issue-fix-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.branch-prefix }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.issue-label }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" "${{ inputs.personal-access-token }}"
+        ${{ github.action_path }}/scripts/issue-fix-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.branch-prefix }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.issue-label }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" "${{ inputs.personal-access-token }}" "${{ inputs.comment-author }}"
         
     - name: Process Issue Analysis
       if: inputs.mode == 'issue-analyze'
       shell: bash
       run: |
         chmod +x ${{ github.action_path }}/scripts/issue-analyze-mode.sh
-        ${{ github.action_path }}/scripts/issue-analyze-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}"
+        ${{ github.action_path }}/scripts/issue-analyze-mode.sh "${{ inputs.issue-number }}" "${{ inputs.repo-owner }}" "${{ inputs.repo-name }}" "${{ inputs.anthropic-api-key }}" "${{ inputs.github-token }}" "${{ inputs.debug-mode }}" "${{ inputs.feedback }}" "${{ inputs.require-org-membership }}" "${{ inputs.organization }}" "${{ inputs.personal-access-token }}" "${{ inputs.comment-author }}"

scripts/issue-analyze-mode.sh

@@ -13,6 +13,7 @@ FEEDBACK=$7
 REQUIRE_ORG_MEMBERSHIP=${8:-"true"}
 ORGANIZATION=${9:-$REPO_OWNER}
 PERSONAL_ACCESS_TOKEN=${10:-$GITHUB_TOKEN}
+COMMENT_AUTHOR=${11:-""}
 
 # Enable debug mode if requested
 if [[ "$DEBUG_MODE" == "true" ]]; then
@@ -108,25 +109,34 @@ ISSUE_AUTHOR=$(echo "$ISSUE_DETAILS" | jq -r '.author.login')
 
 # Check if user is a member of the organization if required
 if [[ "$REQUIRE_ORG_MEMBERSHIP" == "true" ]]; then
-  echo "Checking if $ISSUE_AUTHOR is a member of organization $ORGANIZATION"
+  # Use the comment author for the org membership check if provided, otherwise fall back to issue author
+  CHECK_USER="${COMMENT_AUTHOR:-$ISSUE_AUTHOR}"
+  echo "Checking if $CHECK_USER is a member of organization $ORGANIZATION"
+  
+  # Debug output
+  echo "Comment Author: $COMMENT_AUTHOR"
+  echo "Issue Author: $ISSUE_AUTHOR"
+  echo "User being checked: $CHECK_USER"
 
   # Temporarily use the personal access token for org membership check if provided
   if [[ "$PERSONAL_ACCESS_TOKEN" != "$GITHUB_TOKEN" ]]; then
+    echo "Using Personal Access Token for organization membership check"
     # Save current token auth
     TEMP_AUTH=$(gh auth status 2>&1 | grep "Logged in")
     # Switch to personal token for org check
     echo "$PERSONAL_ACCESS_TOKEN" | gh auth login --with-token
-    ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true)
+    ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true)
     # Switch back to github token
     echo "$GITHUB_TOKEN" | gh auth login --with-token
   else
-    ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$ISSUE_AUTHOR --silent -i || true)
+    echo "Using GitHub Token for organization membership check"
+    ORG_CHECK=$(gh api -X GET /orgs/$ORGANIZATION/members/$CHECK_USER --silent -i || true)
   fi
 
   STATUS_CODE=$(echo "$ORG_CHECK" | head -n 1 | cut -d' ' -f2)
 
   if [[ "$STATUS_CODE" != "204" ]]; then
-    echo "User $ISSUE_AUTHOR is not a member of organization $ORGANIZATION. Skipping Claude analysis."
+    echo "User $CHECK_USER is not a member of organization $ORGANIZATION. Skipping Claude analysis."
 
     # Leave a comment on the issue explaining why the analysis is skipped
     ISSUE_COMMENT=$(cat <<EOF
@@ -147,7 +157,7 @@ EOF
     echo "Exiting due to non-organization member request"
     exit 0
   else
-    echo "User $ISSUE_AUTHOR is a member of organization $ORGANIZATION. Proceeding with Claude analysis."
+    echo "User $CHECK_USER is a member of organization $ORGANIZATION. Proceeding with Claude analysis."
   fi
 fi