Describe the bug
The claude-review workflow run that is triggered by a commit pushed by claude[bot] itself fails with:
Action failed with error: Workflow initiated by non-human actor: claude (type: Bot).
Add bot to allowed_bots list or use '*' to allow all bots.
This is the action's own anti-loop guard refusing to run when triggered by its own previous invocation. The scenario is benign and intentional — Claude was invoked via @claude to address review feedback, made a commit, pushed it — but the result is a permanent red required check on the PR, because the downstream pull_request event that fired on the bot's push gets blocked by the same workflow's actor policy.
Repro
- Open a PR. Trigger Claude Code review with
@claude in a comment.
- Claude reviews, identifies an issue, posts inline / top-level review comment.
- Reply
@claude asking it to address the finding. The action commits and pushes the fix on the PR branch (Claude bot is the commit author / pusher).
- The push triggers a fresh
pull_request event → claude-review workflow run.
- That run aborts with the "non-human actor" error. The PR is left with a failing required check that wasn't caused by anything substantive in the diff.
Concrete instance
Expected behavior
When claude-review runs on a pull_request event triggered by claude[bot]'s own push, the action should either:
- Skip silently with a passing status — log "triggered by claude[bot]'s own commit, skipping to avoid loop, prior review still applies" and exit 0. This preserves required-check enforcement without forever-red PRs.
- Allow the run when the bot is
claude[bot] specifically (the action's own identity), via a default allow rather than requiring the repo owner to add it to allowed_bots.
Option 1 is probably safer (avoids actual loops if a future bot push would trigger different review content).
Workaround used in the meantime
Leaving the red check on the PR and treating it as a documented infrastructure-level override at merge time. This breaks the "required checks must be green" merge policy and forces a manual decision per affected PR.
- #1133 is about
allowed_bots bypassing the actor check but failing on checkWritePermissions for Copilot, resulting in a 404. Distinct error path.
- #1284 is about
checkHumanActor crashing with 404 for Copilot specifically. Distinct error path.
This issue is about the clean actor-policy refusal path for claude[bot] (no 404, no permission error — the policy itself blocks the run). Both linked issues are about Copilot's odd GITHUB_ACTOR value; mine is about the action's own bot identity.
Suggested code location
src/github/validation/actor.ts checkHumanActor — special-case claude[bot] (or the action's own bot login as resolved at runtime) to either silently pass or no-op the workflow.
Versions
- Action:
anthropics/claude-code-action@v1
- Repository: public, individual-owned (
geniuskamo)
- Workflow file:
.github/workflows/claude-review.yml in the affected repo
Describe the bug
The
claude-reviewworkflow run that is triggered by a commit pushed byclaude[bot]itself fails with:This is the action's own anti-loop guard refusing to run when triggered by its own previous invocation. The scenario is benign and intentional — Claude was invoked via
@claudeto address review feedback, made a commit, pushed it — but the result is a permanent red required check on the PR, because the downstreampull_requestevent that fired on the bot's push gets blocked by the same workflow's actor policy.Repro
@claudein a comment.@claudeasking it to address the finding. The action commits and pushes the fix on the PR branch (Claude bot is the commit author / pusher).pull_requestevent →claude-reviewworkflow run.Concrete instance
aaba458288b56ff95dc6dfab2690ac521037f5fd(authorclaude[bot] <41898282+claude[bot]@users.noreply.github.com>)Expected behavior
When
claude-reviewruns on apull_requestevent triggered byclaude[bot]'s own push, the action should either:claude[bot]specifically (the action's own identity), via a default allow rather than requiring the repo owner to add it toallowed_bots.Option 1 is probably safer (avoids actual loops if a future bot push would trigger different review content).
Workaround used in the meantime
Leaving the red check on the PR and treating it as a documented infrastructure-level override at merge time. This breaks the "required checks must be green" merge policy and forces a manual decision per affected PR.
Why this is not #1133 or #1284
allowed_botsbypassing the actor check but failing oncheckWritePermissionsfor Copilot, resulting in a 404. Distinct error path.checkHumanActorcrashing with 404 for Copilot specifically. Distinct error path.This issue is about the clean actor-policy refusal path for
claude[bot](no 404, no permission error — the policy itself blocks the run). Both linked issues are about Copilot's oddGITHUB_ACTORvalue; mine is about the action's own bot identity.Suggested code location
src/github/validation/actor.tscheckHumanActor— special-caseclaude[bot](or the action's own bot login as resolved at runtime) to either silently pass or no-op the workflow.Versions
anthropics/claude-code-action@v1geniuskamo).github/workflows/claude-review.ymlin the affected repo