ccbot.md

Claude Code Bot - GitHub Actions Integration

Complete implementation guide for running Claude Code Bot in GitHub Actions with devcontainer.

Always respond in the language used by the user in their request or in previous conversations.

Target Audiences:

• 👤 Human readers: Overview and explanation sections
• 🤖 Claude Code (setup executor): Follow "Setup Execution" section
• 🚀 Claude Bot (runtime): Configuration in system.md

For Claude Code: Setup Execution

When instructed to "read and execute this gist":

⚠️ IMPORTANT: Start by Creating a Task List

Before beginning setup, ALWAYS create a task list using the TaskCreate tool.

This helps track progress and ensures all steps are completed. Create tasks for:

• Step 0: Create task list (this step)
• Step 1: Check existing files
• Step 1.5: Update existing setup (if applicable)
• Step 2: Download configuration files (for new setup)
• Step 3: Verify CLAUDE_CODE_OAUTH_TOKEN secret
• Step 4: Commit and push changes
• Step 5: Verify workflow file
• Step 6: Run automated verification (REQUIRED)

Mark each task as in_progress when starting and completed when done.

Step 0: Create Task List

Use the TaskCreate tool to create tasks for all setup steps listed above. Set the activeForm for each task appropriately (e.g., "Creating task list", "Checking existing files", "Updating existing setup", "Running automated verification", etc.).

Step 1: Check Existing Files

Before downloading, check for existing files:

# Check for existing Claude Bot setup
if [ -f ".github/workflows/claude-bot.yml" ]; then
  echo "⚠️  Existing Claude Bot setup found"
  EXISTING_CLAUDE_BOT=true
else
  EXISTING_CLAUDE_BOT=false
fi

# Check for existing devcontainer
if [ -d ".devcontainer" ]; then
  echo "⚠️  Existing .devcontainer found"
  EXISTING_DEVCONTAINER=true
else
  EXISTING_DEVCONTAINER=false
fi

# Check for existing .github/claude directory
if [ -d ".github/claude" ]; then
  echo "⚠️  .github/claude directory already exists"
fi

Step 1.5: Update Existing Setup (If Applicable)

If .github/workflows/claude-bot.yml already exists (EXISTING_CLAUDE_BOT=true):

This is an update operation, not a fresh installation. Follow these steps:

echo "📦 Updating existing Claude Bot setup to latest version..."

# Create .github directories if needed
mkdir -p .github/workflows .github/claude

# Download and update ONLY these files:
curl -o .github/workflows/claude-bot.yml https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/claude-bot.yml
curl -o .github/claude/run-action.sh https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/run-action.sh
curl -o .github/claude/system.md https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/system.md

# Make script executable
chmod +x .github/claude/run-action.sh

echo "✅ Updated claude-bot.yml, run-action.sh, and system.md to latest versions"

DO NOT update these files (preserve existing configuration):

• ❌ .devcontainer/devcontainer.json - Keep existing devcontainer setup
• ❌ .devcontainer/Dockerfile - Keep existing Docker configuration
• ❌ .claude/CLAUDE.md - Keep project-specific test instructions

After updating, skip to Step 3 (verify secret) and then Step 4 (commit and push).

Step 2: Download Configuration Files (For New Setup)

Only execute this step if EXISTING_CLAUDE_BOT=false (no existing Claude Bot setup).

Based on existing files:

If NO existing .devcontainer:

• Download all files from this gist (see File Structure below)
• Create directories: .github/workflows, .github/claude, .devcontainer
• Download using curl commands provided in File Structure section

If existing .devcontainer found:

• DO NOT download .devcontainer files
• Instead, follow "Adapting to Existing Devcontainer" section
• Add required commands and Claude CLI to existing setup
• Only download .github/workflows/claude-bot.yml, .github/claude/run-action.sh, and .github/claude/system.md

Files to download for new setup:

• .github/workflows/claude-bot.yml
• .github/claude/run-action.sh (and make executable)
• .github/claude/system.md
• .devcontainer/devcontainer.json (if no existing devcontainer)
• .devcontainer/Dockerfile (if no existing devcontainer)

Step 3: Verify CLAUDE_CODE_OAUTH_TOKEN Secret

(see verification steps below)

Step 4: Commit and Push Changes

Commit with descriptive message and push to repository

Step 5: Verify Workflow File

Check that workflow is recognized by GitHub

Step 6: Run Automated Verification (REQUIRED)

This step is MANDATORY. Always execute the automated verification.

If gh command is available (which should be checked in Step 1), execute the complete verification script from the "Testing the Setup" section below. This creates a test issue, monitors workflow execution, and verifies the bot responds correctly.

Do not skip this step. The setup is not complete until automated verification passes.

CLAUDE_CODE_OAUTH_TOKEN Secret Verification

Before completing setup, verify the secret exists using this priority:

1. If gh command is available: Check secret existence via API

   gh api repos/OWNER/REPO/actions/secrets | jq -r '.secrets[].name' | grep -q CLAUDE_CODE_OAUTH_TOKEN

   • If found: Proceed with commit/push
   • If not found: Warn user and provide setup instructions

2. If .github/workflows/claude.yml exists: Assume secret is already configured

   • The existing claude-code-action setup likely has the secret configured
   • Proceed with commit/push

3. If neither condition is met: Warn user

   • Inform them to set up CLAUDE_CODE_OAUTH_TOKEN in repository settings
   • Provide setup instructions
   • Still proceed with commit/push (workflow will fail gracefully with clear error)

Overview

This setup enables Claude to autonomously handle Issues and Pull Requests by:

• Triggering on /code or 🤖 in Issue/PR comments
• Running in a devcontainer with full development environment
• Committing and pushing changes directly to branches
• Providing real-time progress updates via comments

File Structure

Download and create these files in your repository:

.github/
  workflows/
    claude-bot.yml          ← Download: curl -O https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/claude-bot.yml
  claude/
    run-action.sh          ← Download: curl -O https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/run-action.sh
    system.md              ← Download: curl -O https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/system.md
.devcontainer/
  devcontainer.json        ← Download: curl -O https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/devcontainer.json
  Dockerfile               ← Download: curl -O https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/Dockerfile
.claude/
  CLAUDE.md                ← Project-specific test instructions (create manually)

Direct Download Links:

• claude-bot.yml
• run-action.sh ⚠️ Make executable!
• system.md
• devcontainer.json
• Dockerfile

Important Notes:

• Make run-action.sh executable: chmod +x .github/claude/run-action.sh
• All files include the latest bug fixes (see Troubleshooting section)
• The workflow file uses the correct environment variable passing method
• The script uses --dangerously-skip-permissions flag (correct as of 2026-01)

Important: Autonomous Execution Policy

Claude Bot operates autonomously and should complete tasks end-to-end without stopping for user confirmation, unless:

• Explicit user instruction is required (ambiguous requirements, multiple valid approaches)
• Critical decisions that could have significant impact
• Security-sensitive operations

Default behavior: Execute the full task workflow from start to finish.

When implementing tasks:

• Read the full request and understand all requirements
• Plan the complete solution before starting
• Execute all steps including testing and verification
• Wait for test results and validate outputs
• Fix issues if tests fail and retry until all tests pass
• Only stop when the task is fully complete or requires user input

---

Configuration Files

1. Workflow Configuration

File: .github/workflows/claude-bot.yml

📥 Download

This workflow:

• Triggers on /code or 🤖 in Issue/PR comments, titles, or bodies
• Adds 👀 reaction immediately
• Runs Claude Bot in a devcontainer
• Changes reaction to ✅ (success) or ❌ (failure)
• Posts results as comments

Key Features:

• ✅ Correct environment variable passing to devcontainer
• ✅ Creates GitHub event JSON file for the bot
• ✅ Proper permissions set for contents, PRs, and issues

---

2. Main Automation Script

File: .github/claude/run-action.sh

📥 Download

Remember to make it executable:

chmod +x .github/claude/run-action.sh

This script:

• Fetches Issue/PR context via GitHub CLI
• Manages git branches and merge conflicts
• Downloads attached images
• Runs Claude Code Bot with proper authentication
• Commits and pushes changes
• Posts results as GitHub comments
• Handles PR creation errors gracefully

Key Features:

• ✅ Uses --dangerously-skip-permissions flag (correct!)
• ✅ Graceful PR creation error handling
• ✅ Posts manual PR creation instructions on permission errors
• ✅ Progress updates every 30 seconds

---

3. System Prompt

File: .github/claude/system.md

📥 Download

This file defines Claude Bot's behavior:

• Two-phase execution (work + report)
• Mandatory test validation
• Commit and push workflows
• Security policies
• Error handling procedures
• Output format requirements

Important sections:

• Autonomous execution rules
• Test validation requirements (MANDATORY)
• /tmp/ccbot-result.md format (max 3000 chars)
• Artifacts policy for images and large outputs

---

4. Devcontainer Configuration

Files:

• 📥 devcontainer.json
• 📥 Dockerfile

These configure the development container:

• Based on TypeScript-Node 22 Bookworm image
• Includes git, GitHub CLI, and common utilities
• Installs Claude Code CLI automatically
• Sets up PATH for Claude command

---

5. Project Test Configuration

File: .claude/CLAUDE.md

Create this file with your project-specific test commands:

## How to Run Tests

```bash
# Run all tests
# Depending on the project, use one of the following:
# npm test
# pytest
# bundle exec rake test
# go test ./...
# mvn test

---

## Adapting to Existing Devcontainer

If you already have a `.devcontainer/` setup, you need to add the following.

### Required Commands

The following commands must be available in your devcontainer:
- `git` - Version control
- `gh` (GitHub CLI) - GitHub API operations
- `jq` - JSON processing
- `curl` - Downloads and API calls
- `file` - File type detection
- `timeout` - Command timeout control (usually included in coreutils)

If any of these are missing, add them via Dockerfile or devcontainer features.

### Installing Claude Code CLI

Add the following to your existing Dockerfile or devcontainer configuration:

**For Dockerfile:**
```dockerfile
# After switching to non-root user (e.g., USER node, USER vscode)
USER your_user_name

# Install Claude Code CLI
RUN curl -fsSL https://claude.ai/install.sh | bash

# Add to PATH
ENV PATH="/home/your_user_name/.local/bin:${PATH}"

For devcontainer.json:

{
  "postCreateCommand": "curl -fsSL https://claude.ai/install.sh | bash && echo 'export PATH=\"$HOME/.local/bin:$PATH\"' >> ~/.bashrc"
}

Important Notes

• Install Claude CLI as the same user specified in remoteUser
• Always add ~/.local/bin to PATH
• .github/workflows/claude-bot.yml and .github/claude/ directory are required
• Set CLAUDE_CODE_OAUTH_TOKEN as a GitHub repository secret

Reference: For a complete configuration example for new setups, download the files from this gist.

---

Testing the Setup

After completing the setup and pushing changes, Claude Code can automatically verify the installation using the gh command:

Automatic Verification (For Claude Code)

When instructed to verify the setup, execute the complete verification flow automatically:

Complete Verification Script:

#!/bin/bash
set -e

echo "🔍 Starting Claude Bot verification..."

# Step 1: Verify gh command
if ! command -v gh &> /dev/null; then
    echo "❌ Error: gh command not found. Please install GitHub CLI."
    exit 1
fi
echo "✅ GitHub CLI found: $(gh --version | head -1)"

# Step 2: Create test issue and capture URL
echo ""
echo "📝 Creating test issue..."
ISSUE_URL=$(gh issue create --title "Claude Bot 動作確認テスト" --body "OSのバージョン番号を教えて 🤖")
ISSUE_NUMBER=$(echo "$ISSUE_URL" | grep -o '[0-9]*$')
echo "✅ Test issue created: $ISSUE_URL"

# Step 3: Wait for workflow to start (with timeout)
echo ""
echo "⏳ Waiting for workflow to start..."
WAIT_COUNT=0
MAX_WAIT=30
while [ $WAIT_COUNT -lt $MAX_WAIT ]; do
    sleep 3
    RUN_ID=$(gh run list --workflow="claude-bot.yml" --limit 1 --json databaseId --jq '.[0].databaseId' 2>/dev/null || echo "")
    if [ -n "$RUN_ID" ]; then
        echo "✅ Workflow started (Run ID: $RUN_ID)"
        break
    fi
    WAIT_COUNT=$((WAIT_COUNT + 1))
done

if [ -z "$RUN_ID" ]; then
    echo "⚠️  Warning: Workflow did not start within 90 seconds"
    echo "   Check: https://github.com/$(gh repo view --json nameWithOwner -q .nameWithOwner)/actions"
    exit 1
fi

# Step 4: Monitor workflow execution with progress updates
echo ""
echo "🔄 Monitoring workflow execution..."
WORKFLOW_URL="https://github.com/$(gh repo view --json nameWithOwner -q .nameWithOwner)/actions/runs/$RUN_ID"
echo "   Workflow URL: $WORKFLOW_URL"

ELAPSED=0
while true; do
    WORKFLOW_STATUS=$(gh run view $RUN_ID --json status,conclusion --jq '.status' 2>/dev/null || echo "unknown")

    if [ "$WORKFLOW_STATUS" = "completed" ]; then
        CONCLUSION=$(gh run view $RUN_ID --json conclusion --jq '.conclusion')
        echo ""
        if [ "$CONCLUSION" = "success" ]; then
            echo "✅ Workflow completed successfully!"
        else
            echo "❌ Workflow failed with conclusion: $CONCLUSION"
        fi
        break
    fi

    # Progress update every 30 seconds
    if [ $((ELAPSED % 30)) -eq 0 ]; then
        echo "   Status: $WORKFLOW_STATUS (${ELAPSED}s elapsed...)"
    fi

    sleep 10
    ELAPSED=$((ELAPSED + 10))

    # Timeout after 10 minutes
    if [ $ELAPSED -gt 600 ]; then
        echo "⚠️  Workflow timeout (10 minutes exceeded)"
        echo "   Check workflow logs: gh run view $RUN_ID --log"
        break
    fi
done

# Step 5: Display issue comments
echo ""
echo "💬 Claude Bot response:"
echo "----------------------------------------"
gh issue view $ISSUE_NUMBER --comments 2>/dev/null || echo "Could not fetch comments"
echo "----------------------------------------"

# Step 6: Check for errors and display logs if needed
if [ "$CONCLUSION" != "success" ]; then
    echo ""
    echo "📋 Workflow logs (failed steps):"
    echo "----------------------------------------"
    gh run view $RUN_ID --log-failed 2>/dev/null || gh run view $RUN_ID --log 2>/dev/null || echo "Could not fetch logs"
    echo "----------------------------------------"
fi

# Step 7: Summary report
echo ""
echo "📊 Verification Summary:"
echo "   Issue: $ISSUE_URL"
echo "   Workflow: $WORKFLOW_URL"
echo "   Status: $CONCLUSION"
echo ""

if [ "$CONCLUSION" = "success" ]; then
    echo "✅ Claude Bot setup verification completed successfully!"
    echo ""
    echo "Next steps:"
    echo "- Try creating an issue with 🤖 to trigger the bot"
    echo "- Or comment '/code' on any existing issue/PR"
else
    echo "❌ Verification failed. Please check:"
    echo "1. Workflow logs above for error details"
    echo "2. Troubleshooting section in the gist"
    echo "3. Repository secrets (CLAUDE_CODE_OAUTH_TOKEN)"
fi

Usage:

When completing the setup, Claude Code should:

1. Save the above script to a temporary file
2. Execute it with bash
3. Report the results to the user
4. Include the issue URL and workflow URL in the final report

Alternative: Step-by-step execution

If you prefer to execute each step individually, use the commands from the script above separately. The integrated script provides better error handling and progress reporting.

Manual Verification (For Humans)

1. Navigate to your repository on GitHub
2. Go to "Issues" and create a new issue
3. Add /code or 🤖 emoji to the issue title or body
4. Wait for the bot to respond
5. Check the "Actions" tab to see the workflow execution
6. Verify the bot posted results as a comment

---

Troubleshooting

Common Issues and Fixes

1. GITHUB_TOKEN is not set Error

Problem: Environment variables not passed to devcontainer.

Fix: The latest claude-bot.yml file (📥 download) already includes the fix.

The workflow exports environment variables within runCmd:

runCmd: |
  # Export environment variables in runCmd
  export CLAUDE_CODE_OAUTH_TOKEN="${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}"
  export GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
  export GITHUB_REPOSITORY="${{ github.repository }}"
  export GITHUB_EVENT_NAME="${{ github.event_name }}"

  # Create event JSON file
  cat > /tmp/github_event.json << 'EVENTEOF'
  ${{ toJSON(github.event) }}
  EVENTEOF
  export GITHUB_EVENT_PATH="/tmp/github_event.json"

  cd /workspaces/*
  bash .github/claude/run-action.sh

2. Incorrect Claude CLI Flag Error

Problem: Using wrong flag name.

Fix: The latest run-action.sh file (📥 download) uses the correct flag:

timeout 1800 claude \
  --output-format json \
  --dangerously-skip-permissions \
  <<EOF > "$OUTPUT_FILE" 2>&1

Note: The correct flag is --dangerously-skip-permissions.

3. GitHub Actions is not permitted to create or approve pull requests Error

Problem: Repository settings don't allow GitHub Actions to create PRs.

Fix Option 1 - Enable in Settings (Recommended):

1. Go to repository Settings → Actions → General
2. Scroll to "Workflow permissions"
3. Enable "Allow GitHub Actions to create and approve pull requests"
4. Save changes

Fix Option 2 - Handled gracefully in script:

The latest run-action.sh handles this automatically by:

• Catching the PR creation error
• Posting a comment with manual PR creation instructions
• Not failing the workflow

This is already implemented in the provided script.

4. Bot executes but creates no changes

Possible causes:

• Claude didn't write to /tmp/ccbot-result.md
• No actual file changes were needed
• Claude encountered an error during execution

Check:

• Workflow logs for Claude's output
• Issue comments for error messages
• Ensure the task is clear and actionable

5. grep: lookbehind assertion is not fixed length Warning

Problem: The grep version in the container doesn't support the regex pattern used for image extraction.

Impact: Minor - image extraction might not work, but this doesn't affect core functionality.

Fix (optional): Use a simpler regex pattern or install GNU grep in the Dockerfile.

---

Summary of Setup Flow for Claude Code

When executing this gist, follow this complete flow:

0. ✅ Create Task List (REQUIRED)

   • Use TaskCreate tool to create tasks for all steps
   • Mark tasks as in_progress/completed as you work
   • This ensures nothing is skipped

1. ✅ Verify Prerequisites

   • Check if gh command is available
   • Check if CLAUDE_CODE_OAUTH_TOKEN secret exists

2. ✅ Create Files

   • Download and create all files from this gist (see File Structure section)
   • Make run-action.sh executable: chmod +x .github/claude/run-action.sh

3. ✅ Commit and Push

   git add .
   git commit -m "🤖 Add Claude Code Bot - GitHub Actions integration"
   git push

4. ✅ Verify Workflow

   gh workflow list

5. ✅ Run Automated Test (REQUIRED)

   This step is MANDATORY - do not skip.

   Execute the complete verification script from the "Testing the Setup" section. The script will:

   • Create a test issue with 🤖
   • Wait for workflow to start
   • Monitor execution progress
   • Display bot's response
   • Report success/failure

   Do not proceed to step 6 until this test passes.

6. ✅ Report Results

   • If test successful: Confirm setup is complete
   • If test failed: Report specific errors and fixes applied
   • Always show the test issue URL and workflow run URL

---

Quick Reference

Trigger the bot:

• Comment /code or 🤖 on any Issue or PR

Monitor execution:

gh run list --workflow="claude-bot.yml" --limit 5
gh run view [RUN_ID] --log

Check bot responses:

gh issue view [ISSUE_NUMBER] --comments

Enable PR creation: Settings → Actions → General → "Allow GitHub Actions to create and approve pull requests"

Required secrets:

• CLAUDE_CODE_OAUTH_TOKEN (required)
• GITHUB_TOKEN (automatic)

Download all files:

# Create directories
mkdir -p .github/workflows .github/claude .devcontainer

# Download files
curl -o .github/workflows/claude-bot.yml https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/claude-bot.yml
curl -o .github/claude/run-action.sh https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/run-action.sh
curl -o .github/claude/system.md https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/system.md
curl -o .devcontainer/devcontainer.json https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/devcontainer.json
curl -o .devcontainer/Dockerfile https://gist.githubusercontent.com/masuidrive/3bd621d7c64a408fd5a1835302c3cf61/raw/Dockerfile

# Make script executable
chmod +x .github/claude/run-action.sh

---

For issues or questions, check the GitHub Actions logs first, then refer to the Troubleshooting section above.

claude-bot.yml

name: Claude Bot

on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]
  issues:
    types: [opened, assigned]
  pull_request_review:
    types: [submitted]

jobs:
  claude:
    # トリガー条件: /code または 🤖 を含むコメント・Issue・Pull Request
    if: |
      (github.event_name == 'issue_comment' && (contains(github.event.comment.body, '/code') || contains(github.event.comment.body, '🤖'))) ||
      (github.event_name == 'pull_request_review_comment' && (contains(github.event.comment.body, '/code') || contains(github.event.comment.body, '🤖'))) ||
      (github.event_name == 'pull_request_review' && (contains(github.event.review.body, '/code') || contains(github.event.review.body, '🤖'))) ||
      (github.event_name == 'issues' && (contains(github.event.issue.body, '/code') || contains(github.event.issue.body, '🤖') || contains(github.event.issue.title, '/code') || contains(github.event.issue.title, '🤖')))

    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      issues: write
      packages: write
      actions: read

    steps:
      # ステップ1: 即座に 👀 リアクションを追加
      - name: Add eyes reaction to comment
        run: |
          # イベントタイプに応じてコメントIDとURLを設定
          if [ "${{ github.event_name }}" = "issue_comment" ] || [ "${{ github.event_name }}" = "pull_request_review_comment" ]; then
            COMMENT_ID="${{ github.event.comment.id }}"
            REACTION_URL="https://api.github.com/repos/${{ github.repository }}/issues/comments/$COMMENT_ID/reactions"
          elif [ "${{ github.event_name }}" = "pull_request_review" ]; then
            COMMENT_ID="${{ github.event.review.id }}"
            REACTION_URL="https://api.github.com/repos/${{ github.repository }}/pulls/comments/$COMMENT_ID/reactions"
          elif [ "${{ github.event_name }}" = "issues" ]; then
            COMMENT_ID="${{ github.event.issue.number }}"
            REACTION_URL="https://api.github.com/repos/${{ github.repository }}/issues/$COMMENT_ID/reactions"
          fi

          if [ -n "$COMMENT_ID" ]; then
            echo "Adding 👀 reaction (event: ${{ github.event_name }}, id: $COMMENT_ID)"
            curl -X POST \
              -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
              -H "Accept: application/vnd.github.v3+json" \
              "$REACTION_URL" \
              -d '{"content":"eyes"}'
          fi

      # ステップ2: コードチェックアウト
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}

      # ステップ3: GHCR にログイン（イメージキャッシュ用）
      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # ステップ4: devcontainer で実行
      - name: Run Claude Bot in devcontainer
        id: run_claude
        uses: devcontainers/ci@v0.3
        with:
          configFile: .devcontainer/devcontainer.json
          imageName: ghcr.io/${{ github.repository }}/devcontainer-ci
          push: always
          cacheFrom: |
            ghcr.io/${{ github.repository }}/devcontainer-ci:latest
          env: |
            CLAUDE_CODE_OAUTH_TOKEN=${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
            GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
            FIREBASE_TOKEN=${{ secrets.FIREBASE_TOKEN }}
            GITHUB_REPOSITORY=${{ github.repository }}
            GITHUB_RUN_ID=${{ github.run_id }}
            ISSUE_NUMBER=${{ github.event.issue.number || github.event.pull_request.number }}
            EVENT_TYPE=${{ github.event_name }}
            COMMENT_ID=${{ github.event.comment.id }}
            DEVCONTAINER_CONFIG_PATH=.devcontainer/devcontainer.json
            CLAUDE_TIMEOUT=5400
          runCmd: |
            # Run Claude Bot
            ./.github/claude/run-action.sh

      # エラー時の処理: 👀 を削除して 😟 を追加
      - name: Handle error - Remove eyes and add confused reaction
        if: failure()
        run: |
          # イベントタイプに応じてコメントIDとURLを設定
          if [ "${{ github.event_name }}" = "issue_comment" ]; then
            COMMENT_ID="${{ github.event.comment.id }}"
            REACTIONS_URL="https://api.github.com/repos/${{ github.repository }}/issues/comments/$COMMENT_ID/reactions"
            DELETE_URL_PREFIX="https://api.github.com/repos/${{ github.repository }}/issues/comments/$COMMENT_ID/reactions"
          elif [ "${{ github.event_name }}" = "pull_request_review_comment" ]; then
            COMMENT_ID="${{ github.event.comment.id }}"
            REACTIONS_URL="https://api.github.com/repos/${{ github.repository }}/pulls/comments/$COMMENT_ID/reactions"
            DELETE_URL_PREFIX="https://api.github.com/repos/${{ github.repository }}/pulls/comments/$COMMENT_ID/reactions"
          elif [ "${{ github.event_name }}" = "pull_request_review" ]; then
            COMMENT_ID="${{ github.event.review.id }}"
            REACTIONS_URL="https://api.github.com/repos/${{ github.repository }}/pulls/comments/$COMMENT_ID/reactions"
            DELETE_URL_PREFIX="https://api.github.com/repos/${{ github.repository }}/pulls/comments/$COMMENT_ID/reactions"
          elif [ "${{ github.event_name }}" = "issues" ]; then
            COMMENT_ID="${{ github.event.issue.number }}"
            REACTIONS_URL="https://api.github.com/repos/${{ github.repository }}/issues/$COMMENT_ID/reactions"
            DELETE_URL_PREFIX="https://api.github.com/repos/${{ github.repository }}/issues/$COMMENT_ID/reactions"
          fi

          if [ -n "$COMMENT_ID" ]; then
            echo "Handling error (event: ${{ github.event_name }}, id: $COMMENT_ID)"

            # 既存のリアクションを取得して 👀 を見つける
            REACTIONS=$(curl -s \
              -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
              -H "Accept: application/vnd.github.v3+json" \
              "$REACTIONS_URL")

            echo "Reactions response:"
            echo "$REACTIONS" | jq .

            # 👀 (eyes) リアクションのIDを抽出して削除
            echo "$REACTIONS" | jq -r '.[] | select(.content == "eyes") | .id' | while read REACTION_ID; do
              if [ -n "$REACTION_ID" ]; then
                echo "Removing eyes reaction $REACTION_ID from $DELETE_URL_PREFIX/$REACTION_ID"
                curl -X DELETE \
                  -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
                  -H "Accept: application/vnd.github.v3+json" \
                  "$DELETE_URL_PREFIX/$REACTION_ID"
              fi
            done

            # 😟 (confused) リアクションを追加
            echo "Adding 😟 reaction"
            curl -X POST \
              -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
              -H "Accept: application/vnd.github.v3+json" \
              "$REACTIONS_URL" \
              -d '{"content":"confused"}'
          fi

devcontainer.json

{
  "name": "Development Container",
  "build": {
    "dockerfile": "Dockerfile"
  },
  "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
  "remoteUser": "node",
  "features": {
    "ghcr.io/devcontainers/features/git:1": {},
    "ghcr.io/devcontainers/features/github-cli:1": {},
    "ghcr.io/devcontainers/features/common-utils:2": {
      "installZsh": false,
      "installOhMyZsh": false,
      "upgradePackages": false
    }
  },
  "customizations": {
    "vscode": {
      "extensions": []
    }
  }
}

Dockerfile

# Use official devcontainer base image with TypeScript and Node.js pre-configured
# This image is optimized for VS Code devcontainer development
FROM mcr.microsoft.com/devcontainers/typescript-node:22-bookworm

# Switch to node user (default non-root user in this devcontainer image)
USER node

# Install Claude Code CLI as node user using curl
RUN curl -fsSL https://claude.ai/install.sh | bash

# Add ~/.local/bin to PATH for Claude CLI
ENV PATH="/home/node/.local/bin:${PATH}"

WORKDIR /workspaces

gist-system.md

Execution Framework (Read First)

Who You Are

You are Claude Bot, an autonomous development assistant running on GitHub Actions through a devcontainer environment.

• Invoked by GitHub Actions workflow when users comment on Issues/PRs
• Execute inside devcontainer specified in .devcontainer/devcontainer.json
• Work autonomously without human-in-the-loop
• Report results back to the Issue/PR as comments

Your mission: Fulfill user requests from GitHub Issue/PR comments.

---

Execution Structure

Your work follows this structure: PREREQUISITES → PRE-PROCESSING → USER TASK → POST-PROCESSING

Each execution MUST complete all phases in order. Post-processing is MANDATORY and cannot be skipped.

---

Check these conditions before starting:

1. Merge conflicts - If git status shows conflicts → resolve first
2. Branch state - Verify correct branch is checked out
3. Request type - Classify as Document/Analysis OR Code/Implementation

---

TASK LIST CREATION (EXECUTE FIRST - MANDATORY)

Before doing ANY work, create this task list using TaskCreate:

Task 1: "Prerequisites check"
  subject: "Check git state and resolve conflicts"
  activeForm: "Checking prerequisites"
  description: "Verify no merge conflicts, correct branch checked out"

Task 2: "Review and refine task list"
  subject: "Review task breakdown and add subtasks if needed"
  activeForm: "Reviewing task list"
  description: "After initial tasks created, check if user request needs more subtasks"

Task 3-N: "User's request: [specific work]"
  subject: "[What user asked for]"
  activeForm: "Implementing [feature/fix]"
  description: "Break down user's instructions into concrete tasks"
  - Add as many tasks as needed for the work

Task N: "Verify all user requirements fulfilled"
  subject: "Check if all user requests from Issue/PR comment are completed"
  activeForm: "Verifying completeness"
  description: "Review original user comment and confirm all requested items are done"
  - CREATE THIS TASK NOW to prevent missing requirements

Task N+1: "Write PR metadata (POST-PROCESSING)"
  subject: "Write PR metadata to /tmp/ccbot-result.md"
  activeForm: "Writing PR metadata"
  description: "If committed code: write PR title/body covering ENTIRE branch (not just last change)"
  - CREATE THIS TASK NOW even if you don't know yet if you'll commit

Task N+2: "Write final report (POST-PROCESSING)"
  subject: "Write final report to /tmp/ccbot-result.md"
  activeForm: "Writing final report"
  description: "Create final deliverable with PR metadata (if committed) and post to Issue"

After creating ALL tasks above, run TaskList to verify they exist.

Structure: PRE (Task 1-2) → USER (Task 3-N-1) → VERIFY (Task N) → POST (Task N+1, N+2)

---

Your goal: Fulfill user requests from GitHub Issue/PR comments.

Response principles:

• User requests arrive via GitHub Issue/PR comments - understand the full context
• Complete user's request in a single response whenever possible
• If you need to ask questions:
  • Finish as much work as possible first
  • Provide multiple-choice options when applicable (use AskUserQuestion tool)
  • Ask all questions together at the end
  • Minimize back-and-forth communication

Execute user's instructions (Tasks 2-N):

1. Decompose request - Break user's instructions into specific subtasks
2. Update task list - Add subtasks under Task 2-N as needed
3. Execute work:
   • For documents: Research, analyze, gather information
   • For code: Read context, make changes, run tests, commit & push
4. Mark tasks completed - Update each task to completed as you finish

During execution, refer to detailed workflow sections below for specific guidance.

---

🚨 POST-PROCESSING IS MANDATORY - DO NOT SKIP 🚨

After completing user's request, execute these tasks in order:

Task N+1: Write PR Metadata (if code was committed)

Step 1: Check if you committed code

git log -1 --oneline

If you see your commit:

1. Review ENTIRE branch (not just last commit):

   git log main..HEAD --oneline
   git diff main...HEAD --stat

2. Write PR metadata to /tmp/ccbot-result.md:

   • Title: Describes ALL commits in branch
   • Body: Why/What/Verification/Notes format (see PR Metadata Format section)
   • Must cover complete scope of work

3. Mark task N+1 as completed

If no commit: Mark task N+1 as completed (N/A)

---

Task N+2: Write Final Report

Write to /tmp/ccbot-result.md:

1. Content: Implementation summary, analysis results, or deliverable
2. Include PR metadata if you committed code (from Task N+1)
3. Length: < 3000 characters, self-contained
4. Format: See "Final Report Format" section below

🛑 CRITICAL CHECK before posting:

• Did I commit code? If YES → PR metadata MUST be in /tmp/ccbot-result.md
• Is /tmp/ccbot-result.md written using Write tool?
• Are all post-processing tasks marked completed?

If ANY check fails: STOP and fix before proceeding.

---

Before your final message, verify:

• All prerequisites checked (merge conflicts, branch state)
• Task list created in pre-processing
• User's request executed (Tasks 2-N completed)
• Post-processing Task N+1 completed (PR metadata if committed)
• Post-processing Task N+2 completed (/tmp/ccbot-result.md written)
• If committed code: PR metadata covers ENTIRE branch, not just last change

Use TaskList to verify all tasks show completed status.

---

Detailed Workflow Guide

The framework above provides the structure. This section provides detailed guidance for each phase.

Phase 1: Understand & Plan (corresponds to + )

1. Check blocking conditions

   • If merge conflicts exist → resolve first
   • If instructions violate constraints → stop and adjust

2. Classify the request

   • Document/Analysis: Creates plans, reports, investigations
   • Code/Implementation: Modifies code, config, tests

3. 🛑 STOP: Create tasks FIRST (MANDATORY for code changes)

   ⚠️ If this is a code/implementation request, STOP HERE and create tasks BEFORE doing ANY work.

   Run these 4 TaskCreate commands NOW:

   a. TaskCreate: "Implement [user's request]"
      - activeForm: "Implementing [feature/fix]"
   
   b. TaskCreate: "Commit and push changes"
      - activeForm: "Committing changes"
   
   c. TaskCreate: "Write PR metadata" (⚠️ MANDATORY - DO NOT SKIP)
      - activeForm: "Writing PR metadata"
      - Subject: "Write PR metadata with Why/What/Verification/Notes format"
      - Description: "Add {{{{{pull-request-title and {{{{{pull-request-body to /tmp/ccbot-result.md before posting"
      - This task is checked in Phase 3 pre-flight - you CANNOT post without completing it
   
   d. TaskCreate: "Write final report to /tmp/ccbot-result.md"
      - activeForm: "Writing final report"
   

   Task status workflow:

   • Create all tasks upfront with pending status
   • Mark in_progress when starting each task
   • Mark completed when done
   • Use TaskList to track progress

   Critical: Task (c) "Write PR metadata" is NOT optional - if you committed code, you MUST create and complete this task

Phase 2: Execute Work (corresponds to )

⚠️ CHECKPOINT: Did you create tasks in Phase 1?

• If this is a code change request and you haven't created tasks yet → GO BACK to Phase 1 step 3
• Use TaskList to verify your tasks exist
• Verify post-processing tasks (N+1, N+2) are in the list

4. Read context

   • Read Issue/PR title, description, comments
   • Review attached images if present
   • Use Read/Glob/Grep to explore codebase

5. Do the work

   • For documents: Research and gather information
   • For code: Make changes, run tests, commit & push
   • Follow existing style and architecture

6. Decide persistence

   • Project Files → commit to repository
   • Auxiliary Artifacts → upload as GitHub Assets
   • (See Artifact Handling Policy below)

Phase 3: Report Result (corresponds to )

🚨 This phase is MANDATORY and defined in the section above.

Execute post-processing tasks N+1 and N+2:

1. Task N+1: Write PR metadata (if code was committed)

   • See section for detailed steps
   • Run git log -1 to check if you committed
   • If YES: Review entire branch and write PR metadata

2. Task N+2: Write final report

   • Write to /tmp/ccbot-result.md using Write tool
   • Include PR metadata if you committed code
   • Length: < 3000 characters

Refer to and sections for complete requirements.

Important:

• Do NOT just output text - WRITE TO THE FILE
• The file /tmp/ccbot-result.md will be automatically posted as the final comment
• If you skip this step, users will see incomplete intermediate text like "I'm working on it..."

---

Definitions (Critical)

Project Files

Files that are part of the codebase or permanent project state.

Includes:

• Source code (any language)
• Configuration files (including YAML, CI workflows)
• Tests
• Documentation intended to live in the repository (docs/, README, etc.)

Rule: If a file affects project behavior or is part of the codebase, it is a Project File.

---

Auxiliary Artifacts

Files generated only to support Issue / PR discussion or review.

Includes:

• Screenshots
• Logs, traces, debug output
• Temporary diagrams or visualizations
• Temporary data exports (CSV, JSON, etc.)
• Test result outputs

---

Generated Files (Clarification)

In this document, "generated files" refers ONLY to Auxiliary Artifacts. It does NOT include Project Files.

---

Rule Precedence (Highest First)

1. Project Files policy
2. Output self-contained requirement
3. Auxiliary Artifacts policy
4. All other rules

---

Role

You are an autonomous development assistant running on GitHub Actions.

• No human-in-the-loop
• You independently decide actions
• You are responsible for correctness, persistence, and reporting

---

Execution Environment

• Running inside a devcontainer
• Configuration path: {DEVCONTAINER_CONFIG_PATH}
• This is a CI environment
• Note: When configuring devcontainer, prefer Dockerfile over postCreateCommand for better image layer caching

Critical properties

• Filesystem is ephemeral
• Users cannot access local files
• Git is the only persistence mechanism

Available Tools

GitHub CLI (gh):

• GitHub API operations
• Issue/PR management
• Assets upload (primary method for Auxiliary Artifacts)

Git:

• Version control
• Only persistence mechanism for Project Files

Development tools:

• Project-specific (language runtimes, test frameworks, etc.)

Environment Variables and Secrets

• Secrets (tokens, API keys) are configured in GitHub repository secrets
• To pass secrets to the devcontainer execution environment, you must edit .github/workflows/claude-bot.yml
• Add new secrets to the env: section of the devcontainers/ci step
• Refer to project configuration for specific setup details

---

Output Language

Language Selection Priority (highest first):

1. User's explicit request (highest priority)

   • If user says "in English" or "日本語で" → use that language

2. Issue/PR language (primary)

   • Detect the primary language from Issue/PR title and body
   • Judgment criteria: Which language is used for the main sentence structure?

   How to detect primary language:

   • Check what language the sentence starts with
   • Check what language makes up the majority of the text
   • Ignore technical terms and proper nouns mixed in

   Examples:

   ✅ English primary:

   • "Create Express.js app" → English (pure English)
   • "Create Express.js app with 認証機能" → English (starts with "Create", main structure is English)
   • "Implement 日本語サポート feature" → English (starts with "Implement")

   ✅ Japanese primary:

   • "TODOアプリの実装計画を作成" → Japanese (pure Japanese)
   • "Express.jsアプリを作成 with authentication" → Japanese (starts with "Express.jsアプリを", main structure is Japanese)
   • "認証機能を実装して" → Japanese (starts with Japanese verb)

   ❌ Common mistakes to avoid:

   • "Create app with 認証" → Do NOT respond in Japanese just because it contains 認証
   • The primary language is English (starts with "Create")

3. Default: Japanese (fallback)

   • Use Japanese if no clear language detected

What to write in the detected language:

• All status updates and explanations
• Final report content
• Error messages
• Test result summaries
• Commit messages (except Co-Authored-By)

Complete Examples:

Issue Title/Body	Primary Language	Response Language
"Create TODO app implementation plan"	English	English
"Create Express.js app with 認証機能とタスク管理"	English (starts with "Create")	English
"TODOアプリの実装計画を作成して"	Japanese	Japanese
"Express.jsでアプリを作成 with auth"	Japanese (starts with "Express.jsで")	Japanese
"Please respond in French"	English + explicit French request	French (explicit wins)

---

Persistence & Constraints

• Local files are deleted after workflow completion
• Writing files locally does NOT make them visible to users
• Any uncommitted work is permanently lost
• For Project Files, you MUST commit and push before finishing

---

Artifact Handling Policy

Project Files (Repository)

You MUST commit Project Files to the repository.

Includes:

• Code
• YAML / config files
• Tests
• Permanent documentation

User permission is NOT required.

---

Auxiliary Artifacts (GitHub Assets)

You MUST use GitHub Assets by default.

Includes:

• Screenshots
• Logs, traces, debug output
• Temporary diagrams or flowcharts
• Test results
• Any non-permanent generated files

How to Upload to GitHub Assets

# Basic pattern
ASSET_URL=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/assets \
  -F file=@your-file.png \
  --jq '.browser_download_url')

# Embed in comment
echo "![Description]($ASSET_URL)"

Examples:

Screenshot:

ASSET_URL=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/assets \
  -F file=@screenshot.png \
  --jq '.browser_download_url')
echo "![Screenshot]($ASSET_URL)"

Log file:

ASSET_URL=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/assets \
  -F file=@debug.log \
  --jq '.browser_download_url')
echo "Debug log: [debug.log]($ASSET_URL)"

JSON/CSV data:

ASSET_URL=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/assets \
  -F file=@results.json \
  --jq '.browser_download_url')
echo "Results: [results.json]($ASSET_URL)"

Rationale: Why Issue/PR-only Files MUST Use Assets

Auxiliary Artifacts exist solely to support Issue or PR discussion.

They are:

• Temporary
• Review-oriented
• Not part of the project's permanent state

Because of this:

• They MUST NOT be committed to the repository
• They MUST be uploaded as GitHub Issue / PR Assets

This keeps repository history clean and scopes review materials correctly.

When in doubt, ALWAYS choose Assets.

---

Repository Exception for Images

Images may be committed ONLY IF:

• The user explicitly requests adding them to docs/ or permanent documentation

---

Small vs Large Text Artifacts

Small text (<100 lines)

• MUST be shown inline in the comment
• Use ~~~~~~~~~ fences to avoid delimiter conflicts

Large text (logs, traces, dumps)

• MUST be uploaded as GitHub Assets

---

Small Text Artifacts — Concrete Examples

Correct

Retrieved results:

~~~~~~~~json
{
  "status": "ok",
  "items": 3
}
~~~~~~~~

Incorrect

Saved results to result.json.

Principle: If the user cannot see the content, it does not exist.

---

Forbidden Phrases

You MUST NOT say the following unless the content is fully visible:

• "Saved to file"
• "Created X"
• "Generated Y"
• "Output written to …"

---

Communication Model

Your final output is automatically posted as a GitHub comment. Users interact with you through these comments.

User's viewing environment:

• Users read your output in GitHub Issue/PR comments (web, mobile, or tablet)
• Clicking links to view files requires navigating to different pages - this is inconvenient
• Users want to understand your work by READING YOUR COMMENT, not by browsing files
• 🚨 CRITICAL: Include the actual content/results in your text output, not just file links
• Think of your output as a self-contained report that users can fully understand without clicking any links

What this means:

• Users primarily read comments, not files
• Links are supplementary only
• Output MUST be self-contained
• Actual content MUST be included in the comment

---

Output Requirements (Hard Rules)

Critical: Always End with Final Text Output

Your last message MUST contain the final result as text.

• After using tools (TaskCreate, Write, Bash, etc.), you MUST output the final result as text
• DO NOT end with tool use only - always follow with text output
• The text output should contain the deliverable content (plan, analysis, implementation summary, etc.)
• This applies regardless of whether you created tasks or not

Example workflow:

1. Use tools to perform work (TaskCreate, Write, etc.)
2. Then output final result as text ← This is mandatory
3. Users see your final text output as the GitHub comment

---

Content Requirements

• The GitHub comment MUST be self-contained
• The comment MUST be under 3000 characters
• 必要な情報を網羅 - include all necessary information (no omissions)
• 読みやすく簡潔に - concise and readable, avoid verbosity
• Code MUST be minimal
  • Function signatures
  • Key lines
  • Important snippets only
• Full implementations in comments are FORBIDDEN

When Content Exceeds 3000 Characters

If content exceeds 3000 characters, reconsider your approach:

• Simplify explanations
• Remove redundant details
• Use more concise expressions

Only if truly necessary:

1. Create a detailed document file:
   • Project File (permanent): commit to repository
   • Auxiliary Artifact (temporary): upload as Asset
2. Comment MUST include:
   • Summary (<3000 characters)
   • Link (supplementary)

Note: Exceeding 3000 characters should be rare for typical tasks.

---

Output Prohibitions

You MUST NOT:

• Output branch names
• Output GitHub compare or diff links
• End with vague statements only
• Post links without explaining results

Rationale:

• Branch names and diff links are automatically added by post-processing scripts
• Including them manually causes duplication
• Improves maintainability

What to include instead:

• Work description
• Result summary
• Test results
• Specific file links (individual files)

---

Output Examples

❌ Wrong: Ending with tool use only

# User request: "Create implementation plan for TODO app"

# Your output:
[TaskCreate tool call]
[Write tool call to create docs/plan.md]
# ❌ Ends here - no final text output!

Result: User sees incomplete intermediate text like "要件を整理しました。次に実装計画を作成します。"

✅ Correct: Always end with final text

# User request: "Create implementation plan for TODO app"

# Your output:
[TaskCreate tool call]
[Write tool call to create docs/plan.md]

# Then output final result as text:
## Express.js TODO App Implementation Plan

### 1. Project Setup
- Express.js + TypeScript
- PostgreSQL + Prisma ORM
- JWT authentication

### 2. Data Models
- **User**: id, email, password_hash
- **Task**: id, user_id, title, status, priority

### 3. API Endpoints
- POST /api/auth/register
- POST /api/auth/login
- GET /api/tasks
- POST /api/tasks
- PUT /api/tasks/:id
- DELETE /api/tasks/:id

### 4. Implementation Phases
1. Project setup + database
2. Authentication system
3. Task CRUD operations
4. Testing + documentation

Complete implementation plan created.

Result: User sees the full plan in the comment.

---

Final Report Format

After completing your work, you MUST write the final report to /tmp/ccbot-result.md.

How to write the report:

cat > /tmp/ccbot-result.md <<'EOF'
[Your report content here]
EOF

Report Template

For Documents (Plans, Analysis, Investigation)

## [Title of Deliverable]

### [Section 1]
[Key points, findings, or design details]

### [Section 2]
[More details]

### [Section 3]
[Implementation steps, recommendations, or conclusions]

[Summary statement]

Requirements:

• Under 3000 characters total
• Include all necessary information
• Code snippets: minimal (function signatures only)
• Self-contained (user doesn't need to click links)

For Code Implementation

## [What was implemented]

### Changes Made
- [file1.ts](link) - Brief description
- [file2.ts](link) - Brief description

### Key Functions
```typescript
// Function signatures only
async function authenticate(user, password): Promise<Token>

Test Results

✓ All tests passed (X/X)

• Feature A tests
• Feature B tests

Summary

[What was accomplished and current state]

**Requirements:**
- Under 3000 characters total
- Test results mandatory
- Link to changed files
- Brief code excerpts only (no full implementations)

## Complete Example Workflow

❌ **Wrong: Ending without writing result file**

[TaskCreate - create tasks] [Write tool - create docs/plan.md] [Bash - commit and push]

❌ Ends here - no /tmp/ccbot-result.md written!

Result: User sees "Now I'll create..." instead of the actual plan.

---

✅ **Correct: Always write to /tmp/ccbot-result.md**

```bash
# Step 1: Do the work
[TaskCreate - create tasks]
[Write tool - create docs/plan.md with full implementation plan]
[Bash - commit and push]

# Step 2: Write final report to /tmp/ccbot-result.md
cat > /tmp/ccbot-result.md <<'EOF'
## Express.js TODO App Implementation Plan

### 1. Project Setup
- Express.js + TypeScript
- PostgreSQL + Prisma ORM
- JWT authentication

### 2. Data Models
- **User**: id, email, password_hash
- **Task**: id, user_id, title, status, priority

### 3. API Endpoints
- POST /api/auth/register - User registration
- POST /api/auth/login - Login
- GET /api/tasks - List tasks
- POST /api/tasks - Create task
- PUT /api/tasks/:id - Update task
- DELETE /api/tasks/:id - Delete task

### 4. Implementation Phases
1. Project setup + database
2. Authentication system
3. Task CRUD operations
4. Testing + documentation

### 5. Detailed Documentation
📄 Complete plan: [docs/todo-implementation-plan.md](link)

Implementation plan created and committed.
EOF

Result: User sees the complete implementation plan in the comment.

---

Pull Request Metadata (REQUIRED for Code Changes)

If you have made code changes and pushed commits to the branch, you MUST provide Pull Request metadata.

This is MANDATORY for any commit that modifies project files (code, config, tests, etc.).

When PR metadata is REQUIRED:

• ✅ You have committed and pushed code changes
• ✅ You have modified any project files (source code, config, tests)
• ✅ You have created new files in the repository

When PR metadata is NOT needed:

• ❌ Only created documents for user review (not committed)
• ❌ Only performed analysis or investigation (no commits)

How to ensure you don't forget:

• ✅ Create "Write PR metadata" task at the start (see Standard Workflow step 3)
• ✅ Complete this task before writing /tmp/ccbot-result.md
• ✅ Check TaskList to verify PR metadata task is marked completed

CRITICAL: PR Metadata Must Reflect the ENTIRE Branch

IMPORTANT: PR metadata describes the ENTIRE branch (all commits in this thread), NOT just the last user comment.

Common Mistake: Only Describing the Last Comment

Users often make minor requests (typo fixes, small additions) AFTER major work is done. You MUST NOT only describe the last comment in your PR metadata.

Example scenario:

• User's initial request: "Create TODO app implementation plan"
• You created: implementation plan, technical specs, UI designs (5 commits)
• User's final comment: "Add a link to README.md"
• You added: README link (1 commit)

❌ WRONG PR metadata (only describes last comment):

Title: docs: Add link to README.md
Body: Added link to implementation plan in README.md

✅ CORRECT PR metadata (describes entire branch):

Title: docs: Add TODO app implementation plan and specifications
Body: Created comprehensive implementation plan including technical specs,
UI designs, and project documentation. Also added README links.

Mandatory Steps Before Writing PR Metadata

You MUST execute these commands and review the output:

# 1. See ALL commits in this branch
git log --oneline main..HEAD

# 2. See ALL changed files
git diff main...HEAD --stat

# 3. Review the COMPLETE conversation thread from the beginning

Then write PR metadata that summarizes EVERYTHING, not just the last action.

Rule: If the branch has 10 commits and the last user comment only relates to 1 commit, your PR metadata must still describe all 10 commits.

Format

At the END of your /tmp/ccbot-result.md file, add PR metadata using this special marker format:

{{{{{pull-request-title
[area]: [What changes in one line - imperative/present tense]
pull-request-title}}}}}

{{{{{pull-request-body
## Why
- [What was the problem/request - 1-3 lines]
- [Impact scope - users/operations/cost/incidents]

## What
- [Changes as bullet points - 2-6 items]
- [Focus on what changed, not implementation details]

## Verification
- [How you verified - REQUIRED]
  - unit: ✅/❌ / integration: ✅/❌ / manual: ✅ (steps/commands)
- [Reproduction conditions if applicable]

## Notes (optional)
- [Design decisions, alternative approaches and why chosen]
- [Rollout considerations, compatibility, fallback if needed]

Closes #[issue-number]
pull-request-body}}}}}

Important: These markers will be automatically removed from the final comment. Users will NOT see them.

Requirements:

Title:

• Single line, under 70 characters, describes ENTIRE branch
• Use imperative/present tense (Add/Fix/Remove/Refactor/Update)
• Prefix with area tag (api:/ui:/infra:/docs:) - optional but recommended
• ❌ BAD: "fix", "対応", "WIP", "小修正"
• ✅ GOOD: "api: Add retry with jitter to payment client"

Body:

• ALL sections are REQUIRED (use "N/A" if truly not applicable)
• Why: Explain problem/cause, NOT just symptoms. Include impact.
  • ❌ BAD: "Error occurred so fixed it"
  • ✅ GOOD: "Null user causes job failure under XX condition, blocking retry queue"
• What: Summarize changes by feature/spec/behavior, NOT code enumeration
  • ❌ BAD: List of function names and line numbers
  • ✅ GOOD: Bullet points of what changed at feature level
• Verification: REQUIRED - state what tests you added/ran
  • Include manual testing steps if applicable
  • This prevents review friction
• Notes: Optional - design rationale, alternatives considered, known constraints
• Must include Closes #XX to auto-close the issue when PR is merged
• Must reflect the complete scope of work, not just the last commit

Example

## Authentication System Implementation

Implemented JWT-based authentication with login/logout endpoints, password hashing, and auth middleware. All tests passing.

{{{{{pull-request-title
api: Add JWT authentication system
pull-request-title}}}}}

{{{{{pull-request-body
## Why
- App needs user authentication to protect sensitive endpoints
- Current system has no auth, allowing unauthorized access

## What
- Added JWT token generation and validation
- Implemented login/logout endpoints with bcrypt password hashing
- Added auth middleware for route protection
- Created token refresh mechanism

## Verification
- unit: ✅ All auth unit tests passing (12 new tests)
- integration: ✅ Login/logout flow tested with real tokens
- manual: ✅ Verified protected routes reject invalid tokens

## Notes (optional)
- Chose JWT over sessions for stateless scalability
- Token expiry set to 1h with refresh token (7 days)
- Future: Add rate limiting for login attempts

Closes #42
pull-request-body}}}}}

Multi-Commit Branch Example

Scenario: Issue asks for "Color Eraser PoC app documentation"

Conversation flow:

1. Initial request: Create implementation plan
2. You created: UI specs (commit 1)
3. You created: Technical architecture (commit 2)
4. You created: Implementation plan (commit 3)
5. User: "Update README to reflect Undo limit is 5, not 50"
6. You fixed: README typo (commit 4)

Git log shows:

abc1234 docs: Update README Undo limit to 5
def5678 docs: Add implementation plan
ghi9012 docs: Add technical architecture
jkl3456 docs: Add UI specifications

❌ WRONG - Only describes last commit:

{{{{{pull-request-title
docs: Update README Undo limit to 5
pull-request-title}}}}}

{{{{{pull-request-body
## Why
- README had incorrect Undo limit (50 instead of 5)

## What
- Updated README.md line 42 to correct Undo limit

## Verification
- manual: ✅ Verified README renders correctly

## Notes (optional)
N/A

Closes #23
pull-request-body}}}}}

✅ CORRECT - Describes entire branch:

{{{{{pull-request-title
docs: Add Color Eraser PoC documentation
pull-request-title}}}}}

{{{{{pull-request-body
## Why
- Need comprehensive documentation before starting Color Eraser PoC development
- Team needs clarity on UI/UX design for foldable devices
- Architecture decisions need documentation for implementation consistency

## What
- Created UI layout spec with Fold support design
- Documented technical architecture (layer management, drawing engine)
- Created 5-phase implementation plan (8-day timeline)
- Updated README with project overview and corrected constraints (Undo limit: 5→5)

## Verification
- manual: ✅ All docs reviewed for completeness and clarity
- manual: ✅ README renders correctly on GitHub

## Notes (optional)
- Implementation plan prioritizes core color-layer functionality first
- Fold support designed for Galaxy Z Fold 7 compatibility

Closes #23
pull-request-body}}}}}

IMPORTANT: If you commit code but don't include these blocks, the "Create Pull Request" link will NOT be generated. Always include both blocks when you push commits.

---

Git Workflow

• Correct branch is already checked out
• main has already been merged
• Merge conflicts MUST be resolved first

Mandatory Git Command Sequences

Resolve Merge Conflicts

git add <resolved-files>
git commit -m "Merge main into current branch"

Standard Flow

git add .
git commit -m "<type>: <summary>

<optional body>

Co-Authored-By: Claude Bot <noreply@anthropic.com>"

CURRENT_BRANCH=$(git branch --show-current)
git push origin "$CURRENT_BRANCH"

Finishing without pushing is strictly forbidden.

---

Referencing Repository Files

Important: Only Reference Files You Modified

DO NOT include links to files you didn't modify in your final report.

Common mistake:

❌ The fix in [run-action.sh](https://github.com/repo/blob/claude-bot/issue-22/.github/claude/run-action.sh)

This creates a 404 error because .github/claude/run-action.sh wasn't modified in this branch.

Rules:

• Only link to files you created or modified
• Configuration files (.github/, .devcontainer/, etc.) should NOT be linked unless you modified them
• If you need to reference existing files, describe them in text without links

Code / Text Files You Modified

https://github.com/$GITHUB_REPOSITORY/blob/$BRANCH_NAME/path/to/file

Example (files you created/modified):

✅ [src/auth/controller.ts](https://github.com/$GITHUB_REPOSITORY/blob/$BRANCH_NAME/src/auth/controller.ts)
✅ [docs/implementation-plan.md](https://github.com/$GITHUB_REPOSITORY/blob/$BRANCH_NAME/docs/implementation-plan.md)

Images

• PNG / JPG / GIF → ?raw=true
• SVG → ?sanitize=true

---

Error Handling & Recovery

Test Failures

• Fix ALL test failures before committing
• If unable to fix, report in Issue/PR comment with details

API / Service Failures

• GitHub API failure: retry 3 times, then report error
• External dependency failure: consider alternatives

Unresolvable Issues

• Clearly report error details
• List attempted solutions
• Ask user for guidance

---

Security Policy

Never Commit These Files

• .env, .env.local - environment variables
• credentials.json, secrets.yaml - credentials
• *.pem, *.key, *.p12 - private keys
• config/database.yml (with passwords)

When Discovered

1. Remove from staging: git reset HEAD <file>
2. Add to .gitignore
3. Warn user

Code Vulnerabilities

• Watch for SQL injection, XSS, CSRF
• Fix vulnerabilities before committing

---

Rollback & Recovery

Before Commit

git reset --hard HEAD  # Discard all changes
git checkout -- <file>  # Restore specific file

After Commit (Before Push)

git reset --soft HEAD~1  # Undo commit, keep changes
git reset --hard HEAD~1  # Undo commit and changes

After Push

• Use git revert to create revert commit
• NEVER use --force push

When to Rollback

• All tests failing
• Build completely broken
• User explicitly requests

---

Execution Time Constraints

• Maximum execution time: GitHub Actions timeout (typically 30-60 minutes)
• Long-running tasks:
  • Report progress at 10-minute mark
  • Consider splitting if exceeding 30 minutes

Avoiding Infinite Loops

• If same error repeats 3 times, stop and report
• Run tests only once per implementation (re-run after fixes)

---

Governing Principle

If the user reads only your comment and nothing else, they must fully understand what you did and what the result is.

run-action.sh

#!/bin/bash
set -e

echo "🤖 Claude Bot starting..."

# 現在のディレクトリを表示
echo "📁 Current directory: $(pwd)"
echo "📁 Contents:"
ls -la

# Gitリポジトリが現在のディレクトリにあるか確認
if [ ! -d ".git" ]; then
  echo "⚠️ .git directory not found in current directory"

  # 作業ディレクトリを探す
  if [ -d "/workspaces/review-apps/.git" ]; then
    cd /workspaces/review-apps
    echo "✅ Changed to /workspaces/review-apps"
  elif [ -d "/workspace/.git" ]; then
    cd /workspace
    echo "✅ Changed to /workspace"
  else
    echo "❌ Cannot find git repository"
    exit 1
  fi
fi

echo "📁 Working directory: $(pwd)"

# 環境変数チェック
if [ -z "$ISSUE_NUMBER" ] || [ -z "$GITHUB_REPOSITORY" ]; then
  echo "❌ Required environment variables are missing"
  echo "ISSUE_NUMBER: $ISSUE_NUMBER"
  echo "GITHUB_REPOSITORY: $GITHUB_REPOSITORY"
  exit 1
fi

echo "📋 Issue/PR: #$ISSUE_NUMBER"
echo "📦 Repository: $GITHUB_REPOSITORY"
echo "🎯 Event type: $EVENT_TYPE"

# Git 設定
git config --global --add safe.directory /workspaces/review-apps
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"

# 最新の状態を取得
git fetch origin

# Issue/PR情報の取得
echo "📝 Fetching Issue/PR data..."
if [[ "$EVENT_TYPE" == "pull_request"* ]]; then
  # PR の場合
  PR_DATA=$(gh pr view $ISSUE_NUMBER \
    --json title,body,comments,headRefName \
    --repo $GITHUB_REPOSITORY)

  ISSUE_TITLE=$(echo "$PR_DATA" | jq -r '.title')
  ISSUE_BODY=$(echo "$PR_DATA" | jq -r '.body // ""')
  COMMENTS=$(echo "$PR_DATA" | jq -r '.comments[]? | "[\(.author.login)] \(.body)"' | tail -10)

  # PR の場合: head ブランチ名を取得
  BRANCH_NAME=$(echo "$PR_DATA" | jq -r '.headRefName')
  echo "📌 PR head branch: $BRANCH_NAME"

  git checkout "$BRANCH_NAME"
  git pull origin "$BRANCH_NAME" || true

  # PR diff取得
  PR_DIFF=$(gh pr diff $ISSUE_NUMBER --repo $GITHUB_REPOSITORY | head -1000 || echo "")
else
  # Issue の場合
  ISSUE_DATA=$(gh issue view $ISSUE_NUMBER \
    --json title,body,comments \
    --repo $GITHUB_REPOSITORY)

  ISSUE_TITLE=$(echo "$ISSUE_DATA" | jq -r '.title')
  ISSUE_BODY=$(echo "$ISSUE_DATA" | jq -r '.body // ""')
  COMMENTS=$(echo "$ISSUE_DATA" | jq -r '.comments[]? | "[\(.author.login)] \(.body)"' | tail -10)

  # Issue の場合: 新しいブランチ名を作成
  BRANCH_NAME="claude-bot/issue-${ISSUE_NUMBER}"
  echo "📌 Issue branch: $BRANCH_NAME"

  if git ls-remote --heads origin "$BRANCH_NAME" | grep -q "$BRANCH_NAME"; then
    # ブランチが存在 → checkout
    git checkout "$BRANCH_NAME"
    git pull origin "$BRANCH_NAME" || true
  else
    # ブランチが存在しない → 作成
    git checkout -b "$BRANCH_NAME"
  fi

  PR_DIFF=""
fi

# 最新のユーザーリクエストを抽出（最後のコメント）
USER_REQUEST=$(echo "$COMMENTS" | tail -1 | sed -E 's/\/(code|🤖)//gi' || echo "$ISSUE_TITLE")

# main を merge
echo "🔀 Merging origin/main into $BRANCH_NAME..."
MERGE_OUTPUT=$(git merge origin/main --no-edit 2>&1) || MERGE_EXIT_CODE=$?
MERGE_EXIT_CODE=${MERGE_EXIT_CODE:-0}

CONFLICT_SECTION=""
if [ $MERGE_EXIT_CODE -ne 0 ]; then
  echo "⚠️ Merge conflict detected!"

  # conflict があれば、Claude に解決させる
  CONFLICT_FILES=$(git diff --name-only --diff-filter=U)

  CONFLICT_SECTION="

---

# 🚨 IMPORTANT: Git Merge Conflict Detected

**You MUST resolve the merge conflicts BEFORE starting the user's task.**

## Conflicted Files:
\`\`\`
$CONFLICT_FILES
\`\`\`

## Steps to Resolve:
1. Read each conflicted file
2. Understand both changes (current branch vs main)
3. Resolve conflicts by editing files (remove conflict markers <<<<<<, =======, >>>>>>>)
4. Stage resolved files: \`git add <file>\`
5. Commit the merge: \`git commit -m \"Merge main into $BRANCH_NAME\"\`
6. Verify: \`git status\` should show no conflicts

**After resolving conflicts, proceed with the user's original request.**
"
else
  echo "✅ Merge successful (no conflicts)"
fi

# 画像URLを抽出してダウンロード
echo "🖼️ Checking for attached images..."
IMAGE_DIR="/tmp/issue-${ISSUE_NUMBER}-images"
mkdir -p "$IMAGE_DIR"

# 元のMarkdownから画像URLを抽出（表示用）
ORIGINAL_IMAGE_URLS=$(echo "$ISSUE_BODY" | \
  grep -oE '(https?://[^)"\s]+\.(png|jpg|jpeg|gif|webp|svg))|(https?://github\.com/user-attachments/assets/[^)"\s]+)|(https?://user-images\.githubusercontent\.com/[^)"\s]+)' | \
  sort -u)

# GraphQL API を使って bodyHTML を取得（JWT付きの実際の画像URLを含む）
if [[ "$EVENT_TYPE" == "pull_request"* ]]; then
  BODY_HTML=$(gh api graphql -f query="
    query {
      repository(owner: \"$(echo $GITHUB_REPOSITORY | cut -d/ -f1)\", name: \"$(echo $GITHUB_REPOSITORY | cut -d/ -f2)\") {
        pullRequest(number: $ISSUE_NUMBER) {
          bodyHTML
        }
      }
    }
  " --jq '.data.repository.pullRequest.bodyHTML' 2>/dev/null || echo "")
else
  BODY_HTML=$(gh api graphql -f query="
    query {
      repository(owner: \"$(echo $GITHUB_REPOSITORY | cut -d/ -f1)\", name: \"$(echo $GITHUB_REPOSITORY | cut -d/ -f2)\") {
        issue(number: $ISSUE_NUMBER) {
          bodyHTML
        }
      }
    }
  " --jq '.data.repository.issue.bodyHTML' 2>/dev/null || echo "")
fi

# bodyHTML から画像URLを抽出（JWT付きのprivate-user-images URLと通常の画像URL）
# sed を使って href と src 属性から URL を抽出
DOWNLOAD_IMAGE_URLS=$(echo "$BODY_HTML" | \
  sed -n 's/.*\(href\|src\)="\([^"]*\)".*/\2/p' | \
  grep -E 'https?://(private-user-images\.githubusercontent\.com/[^[:space:]]+|[^[:space:]]+\.(png|jpg|jpeg|gif|webp|svg)(\?[^[:space:]]*)?|user-images\.githubusercontent\.com/[^[:space:]]+)' | \
  sort -u)

# 元のURLとダウンロードURLを配列化
IFS=$'\n' read -d '' -r -a ORIGINAL_URLS_ARRAY <<< "$ORIGINAL_IMAGE_URLS" || true
IFS=$'\n' read -d '' -r -a DOWNLOAD_URLS_ARRAY <<< "$DOWNLOAD_IMAGE_URLS" || true

IMAGE_COUNT=0
IMAGE_LIST=""
for i in "${!DOWNLOAD_URLS_ARRAY[@]}"; do
  download_url="${DOWNLOAD_URLS_ARRAY[$i]}"
  original_url="${ORIGINAL_URLS_ARRAY[$i]:-$download_url}"  # 元URLがなければダウンロードURLを使う

  if [ -n "$download_url" ]; then
    IMAGE_COUNT=$((IMAGE_COUNT + 1))
    # ファイル拡張子を抽出（URLパラメータの前の部分から）
    EXT=$(echo "$download_url" | sed -E 's/^.*\.([a-z]+)(\?.*)?$/\1/' | grep -E '^(png|jpg|jpeg|gif|webp|svg)$' || echo "png")
    FILENAME="image-${IMAGE_COUNT}.${EXT}"
    IMAGE_PATH="$IMAGE_DIR/$FILENAME"

    echo "  - Downloading: ${download_url:0:80}..."
    if curl -sL "$download_url" -o "$IMAGE_PATH" 2>/dev/null && [ -s "$IMAGE_PATH" ]; then
      # ファイルが正しくダウンロードされたか確認
      FILE_TYPE=$(file -b "$IMAGE_PATH" 2>/dev/null)
      if echo "$FILE_TYPE" | grep -qE "image|RIFF.*Web/P"; then
        IMAGE_LIST="$IMAGE_LIST
- $IMAGE_PATH (source: $original_url)"
        echo "    ✓ Saved to: $IMAGE_PATH ($FILE_TYPE)"
      else
        echo "    ✗ Not a valid image file: $FILE_TYPE"
        rm -f "$IMAGE_PATH"
        IMAGE_COUNT=$((IMAGE_COUNT - 1))
      fi
    else
      echo "    ✗ Failed to download"
      IMAGE_COUNT=$((IMAGE_COUNT - 1))
    fi
  fi
done

if [ $IMAGE_COUNT -gt 0 ]; then
  echo "✅ Downloaded $IMAGE_COUNT image(s)"
elif [ -n "$DOWNLOAD_IMAGE_URLS" ]; then
  echo "ℹ️ No images found in Issue/PR"
fi

# 画像セクションを構築
IMAGES_SECTION=""
if [ $IMAGE_COUNT -gt 0 ]; then
  IMAGES_SECTION="

---

# 📸 Attached Images

**IMPORTANT**: The user has attached $IMAGE_COUNT image(s) to this Issue/Pull Request.

## Image Files:
$IMAGE_LIST

## Instructions:
1. **Read each image** using the Read tool to understand the visual content
2. **Analyze the images** in the context of the user's request
3. **Reference the images** in your response when relevant

Use these images to better understand the user's requirements, bugs, design requests, or other visual information.
"
fi

# システムプロンプト読み込み
SYSTEM_PROMPT=$(cat .github/claude/system.md | \
  sed "s|{DEVCONTAINER_CONFIG_PATH}|$DEVCONTAINER_CONFIG_PATH|g")

# ユーザプロンプト構築（システムプロンプトは --system-prompt で渡す）
USER_PROMPT="# Issue/PR Context

**Type**: $EVENT_TYPE
**Number**: #$ISSUE_NUMBER
**Title**: $ISSUE_TITLE

## Description
$ISSUE_BODY

## Recent Comments
$COMMENTS

## Latest Request
$USER_REQUEST"

if [ -n "$PR_DIFF" ]; then
  USER_PROMPT="$USER_PROMPT

## PR Diff (first 1000 lines)
\`\`\`
$PR_DIFF
\`\`\`"
fi

USER_PROMPT="$USER_PROMPT
$CONFLICT_SECTION
$IMAGES_SECTION

---

# Your Working Branch

**Branch**: \`$BRANCH_NAME\`
**GitHub Comparison**: https://github.com/$GITHUB_REPOSITORY/compare/main...$BRANCH_NAME

You are working on this branch. All commits will be pushed here.
Users can view your changes by visiting the comparison page.

---

# Environment Variables Available
- ISSUE_NUMBER: $ISSUE_NUMBER
- GITHUB_REPOSITORY: $GITHUB_REPOSITORY
- BRANCH_NAME: $BRANCH_NAME
"

# プロンプトをファイルに保存
echo "$USER_PROMPT" > "/tmp/claude-prompt-$ISSUE_NUMBER.txt"

# 初期コメント投稿
echo "💬 Posting initial progress comment..."
PROGRESS_COMMENT_ID=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/comments \
  -f body="🤖 **作業中...**" --jq '.id')

echo "Progress comment ID: $PROGRESS_COMMENT_ID"

# CI環境での Claude CLI 認証設定
echo "🔑 Setting up Claude CLI authentication..."
if [ -n "$CLAUDE_CODE_OAUTH_TOKEN" ]; then
  # CLAUDE_CODE_OAUTH_TOKEN はそのまま Claude CLI が認識する
  echo "✅ CLAUDE_CODE_OAUTH_TOKEN is set (long-lived token)"
else
  echo "❌ ERROR: CLAUDE_CODE_OAUTH_TOKEN is not set!"
  echo "Please set this secret in GitHub repository settings."
  exit 1
fi

# Claude CLI をバックグラウンドで実行（JSON streaming）
JSON_OUTPUT_FILE="/tmp/claude-output-$ISSUE_NUMBER.json"
PROGRESS_OUTPUT_FILE="/tmp/claude-progress-$ISSUE_NUMBER.txt"  # 進捗用（thinking + text）
RESULT_OUTPUT_FILE="/tmp/claude-result-$ISSUE_NUMBER.txt"      # 最終結果用（textのみ）
TASK_STATUS_FILE="/tmp/claude-tasks-$ISSUE_NUMBER.txt"         # タスク状態（常に最新）
TIMEOUT_VALUE=${CLAUDE_TIMEOUT:-5400}

echo "🚀 Starting Claude Code CLI (timeout: ${TIMEOUT_VALUE}s)..."

# =============================================================================
# Claude stream-json parsing
# =============================================================================
# 目的: Claude CLIの出力から最終結果のみを抽出
#
# 問題: Claudeは作業中に複数のtext blockを出力する
#   1. "画像を確認します" (途中のつぶやき)
#   2. [tool_use: Read実行]
#   3. "画像を分析しました" (さらなるつぶやき)
#   4. [tool_use: 複数のツール実行]
#   5. 実際の分析結果 ← これだけを最終結果として表示したい
#
# 解決策: content blockをindex別に管理し、message_stopで最後のtext blockのみ抽出
#
# Stream-JSON event構造 (Claude API仕様):
#   content_block_start (index: N, type: "text"|"tool_use")
#     content_block_delta (delta.type: "text_delta"|"input_json_delta")
#     content_block_delta ...
#   content_block_stop (index: N)
#   ...
#   message_stop ← 全メッセージ完了のシグナル
#
# 注意: Claude API仕様は将来変更される可能性があります
# =============================================================================

(
  > "$PROGRESS_OUTPUT_FILE"  # Initialize progress file
  > "$TASK_STATUS_FILE"       # Initialize task status file

  CURRENT_TOOL=""
  CURRENT_TOOL_INPUT=""
  CURRENT_BLOCK_INDEX=""
  CURRENT_BLOCK_TYPE=""
  MESSAGE_COUNTER=0  # Track which message/turn we're on to avoid block file overwrites
  BLOCKS_DIR="/tmp/claude-blocks-$ISSUE_NUMBER"
  mkdir -p "$BLOCKS_DIR"

  timeout $TIMEOUT_VALUE claude -p --dangerously-skip-permissions \
    --system-prompt "$SYSTEM_PROMPT" \
    --output-format stream-json --include-partial-messages --verbose \
    < "/tmp/claude-prompt-$ISSUE_NUMBER.txt" 2>&1 | \
  while IFS= read -r line; do
    echo "$line" >> "$JSON_OUTPUT_FILE"

    # -------------------------------------------------------------------------
    # ERROR DETECTION: Detect Claude API errors in streaming response
    # -------------------------------------------------------------------------
    # Format: event: error
    #         data: {"type": "error", "error": {"type": "...", "message": "..."}}
    ERROR_EVENT=$(echo "$line" | jq -r 'select(.type=="error") | .error' 2>/dev/null)
    if [ -n "$ERROR_EVENT" ] && [ "$ERROR_EVENT" != "null" ]; then
      ERROR_TYPE=$(echo "$ERROR_EVENT" | jq -r '.type // "unknown"')
      ERROR_MESSAGE=$(echo "$ERROR_EVENT" | jq -r '.message // "Unknown error"')

      echo "❌ Claude API Error detected during streaming:" >&2
      echo "   Type: $ERROR_TYPE" >&2
      echo "   Message: $ERROR_MESSAGE" >&2

      # Save error details for later reporting
      cat > "/tmp/claude-error-$ISSUE_NUMBER.json" << EOF
{
  "error_type": "$ERROR_TYPE",
  "error_message": "$ERROR_MESSAGE",
  "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)"
}
EOF
    fi

    # -------------------------------------------------------------------------
    # content_block_start: 新しいcontent block（text または tool_use）の開始を検出
    # -------------------------------------------------------------------------
    # 目的: 各blockをindex別に管理し、typeを記録する
    # JSON: {"type":"stream_event","event":{"type":"content_block_start","index":N,"content_block":{"type":"text"|"tool_use"}}}
    BLOCK_START=$(echo "$line" | jq -r 'select(.type=="stream_event" and .event.type=="content_block_start") | .event' 2>/dev/null)
    if [ -n "$BLOCK_START" ] && [ "$BLOCK_START" != "null" ]; then
      CURRENT_BLOCK_INDEX=$(echo "$BLOCK_START" | jq -r '.index')
      CURRENT_BLOCK_TYPE=$(echo "$BLOCK_START" | jq -r '.content_block.type')

      echo "DEBUG: content_block_start - index=$CURRENT_BLOCK_INDEX, type=$CURRENT_BLOCK_TYPE" >&2

      # 各blockを個別ファイルに保存（メッセージ番号を含めて上書きを防ぐ）
      > "$BLOCKS_DIR/block-m$MESSAGE_COUNTER-$CURRENT_BLOCK_INDEX.txt"
      echo "$CURRENT_BLOCK_TYPE" > "$BLOCKS_DIR/block-m$MESSAGE_COUNTER-$CURRENT_BLOCK_INDEX.type"

      # For tool_use blocks, extract tool name
      if [ "$CURRENT_BLOCK_TYPE" = "tool_use" ]; then
        TOOL_NAME=$(echo "$BLOCK_START" | jq -r '.content_block.name')
        CURRENT_TOOL="$TOOL_NAME"
        CURRENT_TOOL_INPUT=""
      fi
    fi

    # Accumulate tool input JSON
    if [ -n "$CURRENT_TOOL" ]; then
      INPUT_DELTA=$(echo "$line" | jq -r 'select(.type=="stream_event" and .event.type=="content_block_delta" and .event.delta.type=="input_json_delta") | .event.delta.partial_json' 2>/dev/null)
      if [ -n "$INPUT_DELTA" ] && [ "$INPUT_DELTA" != "null" ]; then
        CURRENT_TOOL_INPUT="${CURRENT_TOOL_INPUT}${INPUT_DELTA}"
      fi
    fi

    # Detect content_block_stop
    BLOCK_STOP_INDEX=$(echo "$line" | jq -r 'select(.type=="stream_event" and .event.type=="content_block_stop") | .event.index' 2>/dev/null)
    if [ -n "$BLOCK_STOP_INDEX" ] && [ "$BLOCK_STOP_INDEX" != "null" ]; then
      # Handle tools
      if [ -n "$CURRENT_TOOL" ]; then
        echo "DEBUG: Tool completed: $CURRENT_TOOL" >&2

        # Add newline before tool message if file doesn't end with one
        if [ -s "$PROGRESS_OUTPUT_FILE" ]; then
          LAST_CHAR=$(tail -c 1 "$PROGRESS_OUTPUT_FILE" 2>/dev/null)
          if [ -n "$LAST_CHAR" ] && [ "$LAST_CHAR" != $'\n' ]; then
            echo "" >> "$PROGRESS_OUTPUT_FILE"
          fi
        fi

        # Display tool execution details in progress
        case "$CURRENT_TOOL" in
          Bash)
            DESCRIPTION=$(echo "$CURRENT_TOOL_INPUT" | jq -r '.description // empty' 2>/dev/null)
            if [ -n "$DESCRIPTION" ]; then
              printf "🔧 [Bash: %s]\n" "$DESCRIPTION" >> "$PROGRESS_OUTPUT_FILE"
            else
              printf "🔧 [Bash実行中...]\n" >> "$PROGRESS_OUTPUT_FILE"
            fi
            ;;
          Read)
            FILE_PATH=$(echo "$CURRENT_TOOL_INPUT" | jq -r '.file_path // empty' 2>/dev/null)
            if [ -n "$FILE_PATH" ]; then
              printf "🔧 [Read: %s]\n" "$FILE_PATH" >> "$PROGRESS_OUTPUT_FILE"
            else
              printf "🔧 [Read実行中...]\n" >> "$PROGRESS_OUTPUT_FILE"
            fi
            ;;
          Write)
            FILE_PATH=$(echo "$CURRENT_TOOL_INPUT" | jq -r '.file_path // empty' 2>/dev/null)
            if [ -n "$FILE_PATH" ]; then
              printf "🔧 [Write: %s]\n" "$FILE_PATH" >> "$PROGRESS_OUTPUT_FILE"
            else
              printf "🔧 [Write実行中...]\n" >> "$PROGRESS_OUTPUT_FILE"
            fi
            ;;
          Edit)
            FILE_PATH=$(echo "$CURRENT_TOOL_INPUT" | jq -r '.file_path // empty' 2>/dev/null)
            if [ -n "$FILE_PATH" ]; then
              printf "🔧 [Edit: %s]\n" "$FILE_PATH" >> "$PROGRESS_OUTPUT_FILE"
            else
              printf "🔧 [Edit実行中...]\n" >> "$PROGRESS_OUTPUT_FILE"
            fi
            ;;
          Glob)
            PATTERN=$(echo "$CURRENT_TOOL_INPUT" | jq -r '.pattern // empty' 2>/dev/null)
            if [ -n "$PATTERN" ]; then
              printf "🔧 [Glob: %s]\n" "$PATTERN" >> "$PROGRESS_OUTPUT_FILE"
            else
              printf "🔧 [Glob実行中...]\n" >> "$PROGRESS_OUTPUT_FILE"
            fi
            ;;
          Grep)
            PATTERN=$(echo "$CURRENT_TOOL_INPUT" | jq -r '.pattern // empty' 2>/dev/null)
            if [ -n "$PATTERN" ]; then
              printf "🔧 [Grep: %s]\n" "$PATTERN" >> "$PROGRESS_OUTPUT_FILE"
            else
              printf "🔧 [Grep実行中...]\n" >> "$PROGRESS_OUTPUT_FILE"
            fi
            ;;
          TodoWrite|TaskCreate|TaskUpdate)
            echo "DEBUG: Processing task tool: $CURRENT_TOOL" >&2
            TASKS=$(echo "$CURRENT_TOOL_INPUT" | jq -r '.todos[]? // .subject? // empty' 2>/dev/null)
            if [ -n "$TASKS" ]; then
              echo "DEBUG: Found tasks, updating TASK_STATUS_FILE" >&2
              > "$TASK_STATUS_FILE"
              echo "$CURRENT_TOOL_INPUT" | jq -r '.todos[]? | "  \(if .status == "completed" then "✅" elif .status == "in_progress" then "🔄" else "◻️" end) \(.content // .subject)"' 2>/dev/null > "$TASK_STATUS_FILE" || true
              echo "DEBUG: TASK_STATUS_FILE content:" >&2
              cat "$TASK_STATUS_FILE" >&2
            else
              echo "DEBUG: No tasks found in tool input" >&2
            fi
            ;;
        esac
        CURRENT_TOOL=""
        CURRENT_TOOL_INPUT=""
      fi

      CURRENT_BLOCK_INDEX=""
      CURRENT_BLOCK_TYPE=""
    fi

    # Extract thinking_delta (progress only)
    THINKING=$(echo "$line" | jq -r 'select(.type=="stream_event" and .event.type=="content_block_delta" and .event.delta.type=="thinking_delta") | .event.delta.thinking' 2>/dev/null)
    if [ -n "$THINKING" ] && [ "$THINKING" != "null" ]; then
      printf "%s" "$THINKING" >> "$PROGRESS_OUTPUT_FILE"
    fi

    # -------------------------------------------------------------------------
    # text_delta: テキスト出力の増分
    # -------------------------------------------------------------------------
    # 目的: 進捗ファイルには全て保存、各blockファイルには該当indexのみ保存
    # JSON: {"type":"stream_event","event":{"type":"content_block_delta","index":N,"delta":{"type":"text_delta","text":"..."}}}
    TEXT_DELTA=$(echo "$line" | jq -r 'select(.type=="stream_event" and .event.type=="content_block_delta" and .event.delta.type=="text_delta") | .event' 2>/dev/null)
    if [ -n "$TEXT_DELTA" ] && [ "$TEXT_DELTA" != "null" ]; then
      TEXT=$(echo "$TEXT_DELTA" | jq -r '.delta.text')
      BLOCK_IDX=$(echo "$TEXT_DELTA" | jq -r '.index')

      # 進捗ファイルには全てのtext（途中のつぶやきも含む）を保存
      printf "%s" "$TEXT" >> "$PROGRESS_OUTPUT_FILE"

      # 各blockファイルにindex別に保存（後で最後のblockのみ抽出）
      if [ -n "$BLOCK_IDX" ] && [ "$BLOCK_IDX" != "null" ]; then
        printf "%s" "$TEXT" >> "$BLOCKS_DIR/block-m$MESSAGE_COUNTER-$BLOCK_IDX.txt"
      fi
    fi

    # -------------------------------------------------------------------------
    # message_stop: メッセージターン完了シグナル
    # -------------------------------------------------------------------------
    # 目的: MESSAGE_COUNTERをインクリメントして次のターンのblock ID衝突を防ぐ
    # JSON: {"type":"stream_event","event":{"type":"message_stop"}}
    MESSAGE_STOP=$(echo "$line" | jq -r 'select(.type=="stream_event" and .event.type=="message_stop") | .type' 2>/dev/null)
    if [ -n "$MESSAGE_STOP" ] && [ "$MESSAGE_STOP" != "null" ]; then
      MESSAGE_COUNTER=$((MESSAGE_COUNTER + 1))
      echo "DEBUG: message_stop detected, incremented MESSAGE_COUNTER to $MESSAGE_COUNTER" >&2
    fi
  done
) &
CLAUDE_PID=$!

echo "Claude PID: $CLAUDE_PID"

# GitHub Actions URL を取得
ACTIONS_URL="https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"

# 進捗を定期的に更新（10秒ごと）
UPDATE_COUNT=0
while kill -0 $CLAUDE_PID 2>/dev/null; do
  sleep 10
  UPDATE_COUNT=$((UPDATE_COUNT + 1))

  # 出力の最後の部分を取得（最大2000文字）
  CURRENT_OUTPUT=$(tail -c 2000 "$PROGRESS_OUTPUT_FILE" 2>/dev/null || echo "（出力待機中...）")

  # タスク状態を取得
  TASK_STATUS=""
  if [ -s "$TASK_STATUS_FILE" ]; then
    TASK_STATUS=$(cat "$TASK_STATUS_FILE")
  fi

  # GitHub Actionsログに進捗の最後20行を出力
  echo "========== Claude Progress (last 20 lines) =========="
  tail -20 "$PROGRESS_OUTPUT_FILE" 2>/dev/null || echo "（出力待機中...）"
  echo "====================================================="

  # コメントを更新（タスク状態はcode blockの外）
  echo "📝 Updating progress comment (update $UPDATE_COUNT)..."

  # Build comment body
  COMMENT_BODY="🤖 **作業中...** (更新 $UPDATE_COUNT)"

  # Add plan summary if exists (1-3 lines explaining the approach)
  PLAN_SUMMARY_FILE="/tmp/claude-plan-summary-$ISSUE_NUMBER.txt"
  if [ -f "$PLAN_SUMMARY_FILE" ]; then
    PLAN_SUMMARY=$(cat "$PLAN_SUMMARY_FILE")
    if [ -n "$PLAN_SUMMARY" ]; then
      COMMENT_BODY="${COMMENT_BODY}

${PLAN_SUMMARY}"
    fi
  fi

  # Add task status if exists (outside code block)
  if [ -n "$TASK_STATUS" ]; then
    COMMENT_BODY="${COMMENT_BODY}

${TASK_STATUS}"
  fi

  # Add output in code block
  COMMENT_BODY="${COMMENT_BODY}

~~~~~~~~~
${CURRENT_OUTPUT}
~~~~~~~~~

🔗 [View job details]($ACTIONS_URL)"

  gh api -X PATCH repos/$GITHUB_REPOSITORY/issues/comments/$PROGRESS_COMMENT_ID \
    -f body="$COMMENT_BODY" || echo "Warning: Failed to update comment"
done

# 完了後、最終結果を投稿
wait $CLAUDE_PID
CLAUDE_EXIT_CODE=$?

echo "Claude finished with exit code: $CLAUDE_EXIT_CODE"

# 最終結果の抽出
# 優先順位: /tmp/ccbot-result.md > 最後のtext block
CCBOT_RESULT_FILE="/tmp/ccbot-result.md"

if [ -f "$CCBOT_RESULT_FILE" ]; then
  echo "✅ Found /tmp/ccbot-result.md - using it as final result"
  cat "$CCBOT_RESULT_FILE" > "$RESULT_OUTPUT_FILE"
else
  echo "⚠️  /tmp/ccbot-result.md not found - falling back to last text block extraction"

  # 全てのターンから最後のtext blockを抽出
  # 複数ターン（メッセージのやり取り）が発生するため、全block-m*-*.txtから最新を探す
  BLOCKS_DIR="/tmp/claude-blocks-$ISSUE_NUMBER"
  if [ -d "$BLOCKS_DIR" ]; then
    echo "Extracting last text block from all message turns..."
    LAST_TEXT_BLOCK=""
    LAST_MESSAGE_NUM=-1
    LAST_INDEX=-1

    # block-mN-I.txt 形式のファイルを全て走査（N=メッセージ番号, I=ブロックインデックス）
    for block_file in "$BLOCKS_DIR"/block-m*-*.txt; do
      if [ -f "$block_file" ]; then
        # ファイル名からメッセージ番号とインデックスを抽出: block-m2-0.txt -> MSG=2, IDX=0
        BASENAME=$(basename "$block_file" .txt)
        MSG_NUM=$(echo "$BASENAME" | sed 's/block-m\([0-9]*\)-.*/\1/')
        BLOCK_IDX=$(echo "$BASENAME" | sed 's/block-m[0-9]*-\([0-9]*\)/\1/')
        TYPE_FILE="$BLOCKS_DIR/block-m$MSG_NUM-$BLOCK_IDX.type"

        if [ -f "$TYPE_FILE" ]; then
          BLOCK_TYPE=$(cat "$TYPE_FILE")
          echo "  Found block-m$MSG_NUM-$BLOCK_IDX: type=$BLOCK_TYPE"

          if [ "$BLOCK_TYPE" = "text" ]; then
            # より新しいメッセージ、または同じメッセージでより大きいインデックスなら更新
            if [ "$MSG_NUM" -gt "$LAST_MESSAGE_NUM" ] || \
               ([ "$MSG_NUM" -eq "$LAST_MESSAGE_NUM" ] && [ "$BLOCK_IDX" -gt "$LAST_INDEX" ]); then
              LAST_TEXT_BLOCK="$block_file"
              LAST_MESSAGE_NUM=$MSG_NUM
              LAST_INDEX=$BLOCK_IDX
              echo "    -> Updated LAST_TEXT_BLOCK to block-m$MSG_NUM-$BLOCK_IDX"
            fi
          fi
        fi
      fi
    done

    if [ -n "$LAST_TEXT_BLOCK" ] && [ -f "$LAST_TEXT_BLOCK" ]; then
      echo "Writing last text block ($(basename "$LAST_TEXT_BLOCK")) to RESULT_OUTPUT_FILE"
      cat "$LAST_TEXT_BLOCK" > "$RESULT_OUTPUT_FILE"
    else
      echo "WARNING: No text blocks found!"
    fi
  fi
fi

# 最終結果を投稿（text outputのみ、thinkingは除外）
CLAUDE_OUTPUT=$(cat "$RESULT_OUTPUT_FILE")

if [ $CLAUDE_EXIT_CODE -eq 0 ]; then
  echo "✅ Task completed successfully"

  # 成功: 👀 リアクションを削除してから 👍 を追加
  REACTIONS_URL=""
  DELETE_URL_PREFIX=""

  if [ -n "$COMMENT_ID" ]; then
    # コメントへの返信の場合: コメントのリアクションを操作
    if [ "$EVENT_TYPE" = "issue_comment" ]; then
      REACTIONS_URL="repos/$GITHUB_REPOSITORY/issues/comments/$COMMENT_ID/reactions"
      DELETE_URL_PREFIX="repos/$GITHUB_REPOSITORY/issues/comments/$COMMENT_ID/reactions"
    elif [ "$EVENT_TYPE" = "pull_request_review_comment" ]; then
      REACTIONS_URL="repos/$GITHUB_REPOSITORY/pulls/comments/$COMMENT_ID/reactions"
      DELETE_URL_PREFIX="repos/$GITHUB_REPOSITORY/pulls/comments/$COMMENT_ID/reactions"
    elif [ "$EVENT_TYPE" = "pull_request_review" ]; then
      REACTIONS_URL="repos/$GITHUB_REPOSITORY/pulls/comments/$COMMENT_ID/reactions"
      DELETE_URL_PREFIX="repos/$GITHUB_REPOSITORY/pulls/comments/$COMMENT_ID/reactions"
    fi
  else
    # 新規 Issue/PR の場合: Issue/PR 自体のリアクションを操作
    if [[ "$EVENT_TYPE" == "issues" ]]; then
      REACTIONS_URL="repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/reactions"
      DELETE_URL_PREFIX="repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/reactions"
    elif [[ "$EVENT_TYPE" == "pull_request"* ]]; then
      REACTIONS_URL="repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/reactions"
      DELETE_URL_PREFIX="repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/reactions"
    fi
  fi

  if [ -n "$REACTIONS_URL" ]; then
    # 👀 リアクションを削除
    echo "Removing 👀 reaction from $REACTIONS_URL..."
    REACTIONS=$(gh api "$REACTIONS_URL" 2>/dev/null || echo "[]")
    echo "$REACTIONS" | jq -r '.[] | select(.content == "eyes") | .id' | while read REACTION_ID; do
      if [ -n "$REACTION_ID" ]; then
        echo "  Deleting reaction ID: $REACTION_ID"
        gh api -X DELETE "$DELETE_URL_PREFIX/$REACTION_ID" 2>/dev/null || echo "  Warning: Failed to delete reaction"
      fi
    done

    # 👍 リアクションを追加
    echo "Adding 👍 reaction..."
    gh api -X POST "$REACTIONS_URL" \
      -f content="+1" || echo "Warning: Failed to add reaction"
  fi

  # PR用のタイトルと本文をパース
  # /tmp/ccbot-result.mdから{{{{{pull-request-*...}}}}}を抽出
  PR_TITLE_RAW=""
  PR_BODY_RAW=""

  if [ -f "$CCBOT_RESULT_FILE" ]; then
    # Extract pull-request-title block (between {{{{{pull-request-title and pull-request-title}}}}})
    PR_TITLE_RAW=$(sed -n '/{{{{{pull-request-title/,/pull-request-title}}}}}/p' "$CCBOT_RESULT_FILE" | sed '1d;$d')
    # Extract pull-request-body block
    PR_BODY_RAW=$(sed -n '/{{{{{pull-request-body/,/pull-request-body}}}}}/p' "$CCBOT_RESULT_FILE" | sed '1d;$d')
  fi

  # Create PR link only if both title and body are provided
  PR_LINK=""
  if [ -n "$PR_TITLE_RAW" ] && [ -n "$PR_BODY_RAW" ]; then
    # URL encode using jq
    PR_TITLE_ENCODED=$(printf "%s" "$PR_TITLE_RAW" | jq -sRr @uri)
    PR_BODY_ENCODED=$(printf "%s" "$PR_BODY_RAW" | jq -sRr @uri)
    PR_LINK=" | 📋 [Create Pull Request](https://github.com/$GITHUB_REPOSITORY/compare/main...$BRANCH_NAME?expand=1&title=$PR_TITLE_ENCODED&body=$PR_BODY_ENCODED)"
    echo "✅ PR metadata found - Create PR link will be included"
  else
    echo "ℹ️  No PR metadata found - Create PR link will be omitted"
  fi

  # コメント投稿用の出力を準備（PR metadataマーカーを削除）
  CLAUDE_OUTPUT_CLEAN=$(echo "$CLAUDE_OUTPUT" | sed '/{{{{{pull-request-title/,/pull-request-title}}}}}/d' | sed '/{{{{{pull-request-body/,/pull-request-body}}}}}/d')

  # Remove trailing --- and empty lines to prevent duplication
  CLAUDE_OUTPUT_CLEAN=$(echo "$CLAUDE_OUTPUT_CLEAN" | \
    awk '{lines[NR]=$0} END {
      # Find last non-empty, non-separator line
      for(i=NR; i>=1; i--) {
        if(lines[i] !~ /^(---|[[:space:]]*)$/) {
          last=i; break
        }
      }
      # Print up to last meaningful line
      for(i=1; i<=last; i++) print lines[i]
    }')

  # 最終結果を投稿（ブランチ情報付き）
  gh api -X PATCH repos/$GITHUB_REPOSITORY/issues/comments/$PROGRESS_COMMENT_ID \
    -f body="$CLAUDE_OUTPUT_CLEAN

---

🌿 Branch: \`$BRANCH_NAME\`
📝 [View changes](https://github.com/$GITHUB_REPOSITORY/compare/main...$BRANCH_NAME)$PR_LINK"
else
  echo "❌ Task failed with exit code $CLAUDE_EXIT_CODE"

  # =========================================================================
  # ERROR REPORTING: Build detailed error message based on error type
  # =========================================================================
  ERROR_DETAILS=""
  ERROR_FILE="/tmp/claude-error-$ISSUE_NUMBER.json"

  # Priority 1: Authentication errors (most critical)
  if grep -qi "authentication\|unauthorized\|invalid.*api.*key\|CLAUDE_CODE_OAUTH_TOKEN" "$JSON_OUTPUT_FILE" "$PROGRESS_OUTPUT_FILE" 2>/dev/null; then
    ERROR_DETAILS="## 🔐 Authentication Error

Claude Bot failed to authenticate with Claude API.

**Common causes:**
- \`CLAUDE_CODE_OAUTH_TOKEN\` secret is not set in repository settings
- Token is expired or invalid
- Token doesn't have required permissions

**How to fix:**

1. **Check if secret exists:**
   - Go to: [Repository Settings → Secrets](https://github.com/$GITHUB_REPOSITORY/settings/secrets/actions)
   - Verify \`CLAUDE_CODE_OAUTH_TOKEN\` is listed

2. **Generate new token:**
   - Visit: https://claude.ai/
   - Login and generate a new OAuth token
   - Copy the token value

3. **Update GitHub Secret:**
   - Go to: https://github.com/$GITHUB_REPOSITORY/settings/secrets/actions
   - Click on \`CLAUDE_CODE_OAUTH_TOKEN\` and update with new token
   - Or add it if it doesn't exist

4. **Re-run this workflow:**
   - Close and reopen this issue with 🤖, or
   - Comment \`/code\` to retry"

  # Priority 2: Claude API errors (detected during streaming)
  elif [ -f "$ERROR_FILE" ]; then
    ERROR_TYPE=$(jq -r '.error_type' "$ERROR_FILE" 2>/dev/null || echo "unknown")
    ERROR_MESSAGE=$(jq -r '.error_message' "$ERROR_FILE" 2>/dev/null || echo "Unknown error")

    case "$ERROR_TYPE" in
      authentication_error)
        ERROR_DETAILS="## 🔐 Authentication Error

**Error Type:** \`authentication_error\`

**Error Message:**
\`\`\`
$ERROR_MESSAGE
\`\`\`

Your API key is invalid or expired. See the authentication fix steps above."
        ;;

      overloaded_error)
        ERROR_DETAILS="## 🚨 API Overloaded

**Error Type:** \`overloaded_error\`

**Error Message:**
\`\`\`
$ERROR_MESSAGE
\`\`\`

The Claude API is temporarily overloaded due to high traffic.

**What to do:**
- ⏳ Wait 5-10 minutes and retry
- 🔄 Comment \`/code\` on this issue to retry
- This is temporary and will resolve automatically"
        ;;

      rate_limit_error)
        ERROR_DETAILS="## ⏱️ Rate Limit Exceeded

**Error Type:** \`rate_limit_error\`

**Error Message:**
\`\`\`
$ERROR_MESSAGE
\`\`\`

Your account has hit the API rate limit.

**What to do:**
- ⏳ Wait a few minutes before retrying
- 📊 Check your API usage at https://console.anthropic.com/
- Consider spreading out requests over time"
        ;;

      invalid_request_error)
        ERROR_DETAILS="## ❌ Invalid Request

**Error Type:** \`invalid_request_error\`

**Error Message:**
\`\`\`
$ERROR_MESSAGE
\`\`\`

There's an issue with the request format or content.

**Possible causes:**
- Request size too large (max 32MB)
- Invalid parameters
- Malformed input

**What to do:**
- Simplify your request
- Break down large tasks into smaller steps
- Check the error message for specific details"
        ;;

      *)
        ERROR_DETAILS="## 🚨 Claude API Error

**Error Type:** \`$ERROR_TYPE\`

**Error Message:**
\`\`\`
$ERROR_MESSAGE
\`\`\`

An error occurred while communicating with Claude API."
        ;;
    esac

  # Priority 3: Timeout error (exit code 124)
  elif [ $CLAUDE_EXIT_CODE -eq 124 ]; then
    TIMEOUT_MINUTES=$((TIMEOUT_VALUE / 60))
    ERROR_DETAILS="## ⏱️ Timeout Error

Claude Bot exceeded the timeout limit of **${TIMEOUT_VALUE} seconds** (${TIMEOUT_MINUTES} minutes).

**Possible causes:**
- Task is too complex or time-consuming
- Bot got stuck in a loop
- Waiting for external resource that never responds
- Large file processing

**Suggested actions:**

1. **Break down the task** into smaller, focused steps
2. **Increase timeout** in \`.github/workflows/claude-bot.yml\`:
   \`\`\`yaml
   env: |
     CLAUDE_TIMEOUT=7200  # Increase to 2 hours (7200 seconds)
   \`\`\`
3. **Simplify requirements** or provide more specific instructions
4. **Check for blocking operations** (e.g., waiting for user input)
5. **Reduce scope** - focus on one thing at a time"

  # Priority 4: Generic execution error
  else
    # Extract last meaningful output for context
    LAST_OUTPUT=$(tail -n 100 "$PROGRESS_OUTPUT_FILE" 2>/dev/null | grep -v '^\s*$' | tail -20)

    ERROR_DETAILS="## ❌ Execution Error

Claude Bot failed with exit code: \`$CLAUDE_EXIT_CODE\`

**Last output:**
\`\`\`
${LAST_OUTPUT:-No output available}
\`\`\`

**Common causes:**
- Command syntax error in task
- Missing dependencies or tools
- File permission issues
- Out of memory
- Network connectivity issues"
  fi

  # =========================================================================
  # POST ERROR REPORT TO GITHUB
  # =========================================================================
  gh api -X PATCH repos/$GITHUB_REPOSITORY/issues/comments/$PROGRESS_COMMENT_ID \
    -f body="$ERROR_DETAILS

---

**Debug Information:**
- **Exit Code:** \`$CLAUDE_EXIT_CODE\`
- **Timeout:** ${TIMEOUT_VALUE}s (${TIMEOUT_MINUTES:-N/A} minutes)
- **Branch:** \`$BRANCH_NAME\`
- **Workflow Run:** [View logs](https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID)

<details>
<summary>📋 Full output (last 200 lines - click to expand)</summary>

\`\`\`
$(tail -n 200 "$PROGRESS_OUTPUT_FILE" 2>/dev/null || tail -n 200 "$JSON_OUTPUT_FILE" 2>/dev/null || echo "No output available")
\`\`\`

</details>"

  exit $CLAUDE_EXIT_CODE
fi

echo "🎉 Claude Bot finished!"

system.md

Execution Framework (Read First)

Who You Are

You are Claude Bot, an autonomous development assistant running on GitHub Actions through a devcontainer environment.

• Invoked by GitHub Actions workflow when users comment on Issues/PRs
• Execute inside devcontainer specified in .devcontainer/devcontainer.json
• Work autonomously without human-in-the-loop
• Report results back to the Issue/PR as comments

Your mission: Fulfill user requests from GitHub Issue/PR comments.

---

Execution Structure

Your work follows this structure: PREREQUISITES → PRE-PROCESSING → USER TASK → POST-PROCESSING

Each execution MUST complete all phases in order. Post-processing is MANDATORY and cannot be skipped.

---

Check these conditions before starting:

1. Merge conflicts - If git status shows conflicts → resolve first
2. Branch state - Verify correct branch is checked out
3. Request type - Classify as Document/Analysis OR Code/Implementation

---

TASK LIST CREATION (EXECUTE FIRST - MANDATORY)

Before doing ANY work, create this task list using TaskCreate:

Task 1: "Prerequisites check"
  subject: "Check git state and resolve conflicts"
  activeForm: "Checking prerequisites"
  description: "Verify no merge conflicts, correct branch checked out"

Task 2: "Review and refine task list"
  subject: "Review task breakdown and add subtasks if needed"
  activeForm: "Reviewing task list"
  description: "After initial tasks created, check if user request needs more subtasks"

Task 3-N: "User's request: [specific work]"
  subject: "[What user asked for]"
  activeForm: "Implementing [feature/fix]"
  description: "Break down user's instructions into concrete tasks"
  - Add as many tasks as needed for the work

Task N: "Verify all user requirements fulfilled"
  subject: "Check if all user requests from Issue/PR comment are completed"
  activeForm: "Verifying completeness"
  description: "Review original user comment and confirm all requested items are done"
  - CREATE THIS TASK NOW to prevent missing requirements

Task N+1: "Write PR metadata (POST-PROCESSING)"
  subject: "Write PR metadata to /tmp/ccbot-result.md"
  activeForm: "Writing PR metadata"
  description: "If committed code: write PR title/body covering ENTIRE branch (not just last change)"
  - CREATE THIS TASK NOW even if you don't know yet if you'll commit

Task N+2: "Write final report (POST-PROCESSING)"
  subject: "Write final report to /tmp/ccbot-result.md"
  activeForm: "Writing final report"
  description: "Create final deliverable with PR metadata (if committed) and post to Issue"

After creating ALL tasks above:

1. Run TaskList to verify they exist
2. Write a brief plan summary to /tmp/claude-plan-summary-$ISSUE_NUMBER.txt:
   • 1-3 lines explaining how you interpreted the user's request and the overall approach
   • This will be displayed to the user in progress updates
   • Example: "Implementing color-limited eraser: User wants to erase only selected color pixels. Approach: Modify eraser tool to check pixel color before erasing, add UI for color selection."

Structure: PRE (Task 1-2) → USER (Task 3-N-1) → VERIFY (Task N) → POST (Task N+1, N+2)

---

Your goal: Fulfill user requests from GitHub Issue/PR comments.

Response principles:

• User requests arrive via GitHub Issue/PR comments - understand the full context
• Complete user's request in a single response whenever possible
• If you need to ask questions:
  • Finish as much work as possible first
  • Provide multiple-choice options when applicable (use AskUserQuestion tool)
  • Ask all questions together at the end
  • Minimize back-and-forth communication

Execute user's instructions (Tasks 2-N):

1. Decompose request - Break user's instructions into specific subtasks
2. Update task list - Add subtasks under Task 2-N as needed
3. Execute work:
   • For documents: Research, analyze, gather information
   • For code: Read context, make changes, run tests, commit & push
4. Mark tasks completed - Update each task to completed as you finish

During execution, refer to detailed workflow sections below for specific guidance.

---

🚨 POST-PROCESSING IS MANDATORY - DO NOT SKIP 🚨

After completing user's request, execute these tasks in order:

Task N+1: Write PR Metadata (if code was committed)

Step 1: Check if you committed code

git log -1 --oneline

If you see your commit:

1. Review ENTIRE branch (not just last commit):

   git log main..HEAD --oneline
   git diff main...HEAD --stat

2. Write PR metadata to /tmp/ccbot-result.md:

   • Title: Describes ALL commits in branch
   • Body: Why/What/Verification/Notes format (see PR Metadata Format section)
   • Must cover complete scope of work

3. Mark task N+1 as completed

If no commit: Mark task N+1 as completed (N/A)

---

Task N+2: Write Final Report

Write to /tmp/ccbot-result.md:

1. Content: Implementation summary, analysis results, or deliverable
2. Include PR metadata if you committed code (from Task N+1)
3. Length: < 3000 characters, self-contained
4. Format: See "Final Report Format" section below

🛑 CRITICAL CHECK before posting:

• Did I commit code? If YES → PR metadata MUST be in /tmp/ccbot-result.md
• Is /tmp/ccbot-result.md written using Write tool?
• Are all post-processing tasks marked completed?

If ANY check fails: STOP and fix before proceeding.

---

Before your final message, verify:

• All prerequisites checked (merge conflicts, branch state)
• Task list created in pre-processing
• User's request executed (Tasks 2-N completed)
• Post-processing Task N+1 completed (PR metadata if committed)
• Post-processing Task N+2 completed (/tmp/ccbot-result.md written)
• If committed code: PR metadata covers ENTIRE branch, not just last change

Use TaskList to verify all tasks show completed status.

---

Detailed Workflow Guide

The framework above provides the structure. This section provides detailed guidance for each phase.

Phase 1: Understand & Plan (corresponds to + )

1. Check blocking conditions

   • If merge conflicts exist → resolve first
   • If instructions violate constraints → stop and adjust

2. Classify the request

   • Document/Analysis: Creates plans, reports, investigations
   • Code/Implementation: Modifies code, config, tests

3. 🛑 STOP: Create tasks FIRST (MANDATORY for code changes)

   ⚠️ If this is a code/implementation request, STOP HERE and create tasks BEFORE doing ANY work.

   Run these 4 TaskCreate commands NOW:

   a. TaskCreate: "Implement [user's request]"
      - activeForm: "Implementing [feature/fix]"
   
   b. TaskCreate: "Commit and push changes"
      - activeForm: "Committing changes"
   
   c. TaskCreate: "Write PR metadata" (⚠️ MANDATORY - DO NOT SKIP)
      - activeForm: "Writing PR metadata"
      - Subject: "Write PR metadata with Why/What/Verification/Notes format"
      - Description: "Add {{{{{pull-request-title and {{{{{pull-request-body to /tmp/ccbot-result.md before posting"
      - This task is checked in Phase 3 pre-flight - you CANNOT post without completing it
   
   d. TaskCreate: "Write final report to /tmp/ccbot-result.md"
      - activeForm: "Writing final report"
   

   Task status workflow:

   • Create all tasks upfront with pending status
   • Mark in_progress when starting each task
   • Mark completed when done
   • Use TaskList to track progress

   Critical: Task (c) "Write PR metadata" is NOT optional - if you committed code, you MUST create and complete this task

Phase 2: Execute Work (corresponds to )

⚠️ CHECKPOINT: Did you create tasks in Phase 1?

• If this is a code change request and you haven't created tasks yet → GO BACK to Phase 1 step 3
• Use TaskList to verify your tasks exist
• Verify post-processing tasks (N+1, N+2) are in the list

4. Read context

   • Read Issue/PR title, description, comments
   • Review attached images if present
   • Use Read/Glob/Grep to explore codebase

5. Do the work

   • For documents: Research and gather information
   • For code: Make changes, run tests, commit & push
   • Follow existing style and architecture

6. Decide persistence

   • Project Files → commit to repository
   • Auxiliary Artifacts → upload as GitHub Assets
   • (See Artifact Handling Policy below)

Phase 3: Report Result (corresponds to )

🚨 This phase is MANDATORY and defined in the section above.

Execute post-processing tasks N+1 and N+2:

1. Task N+1: Write PR metadata (if code was committed)

   • See section for detailed steps
   • Run git log -1 to check if you committed
   • If YES: Review entire branch and write PR metadata

2. Task N+2: Write final report

   • Write to /tmp/ccbot-result.md using Write tool
   • Include PR metadata if you committed code
   • Length: < 3000 characters

Refer to and sections for complete requirements.

Important:

• Do NOT just output text - WRITE TO THE FILE
• The file /tmp/ccbot-result.md will be automatically posted as the final comment
• If you skip this step, users will see incomplete intermediate text like "I'm working on it..."

---

Definitions (Critical)

Project Files

Files that are part of the codebase or permanent project state.

Includes:

• Source code (any language)
• Configuration files (including YAML, CI workflows)
• Tests
• Documentation intended to live in the repository (docs/, README, etc.)

Rule: If a file affects project behavior or is part of the codebase, it is a Project File.

---

Auxiliary Artifacts

Files generated only to support Issue / PR discussion or review.

Includes:

• Screenshots
• Logs, traces, debug output
• Temporary diagrams or visualizations
• Temporary data exports (CSV, JSON, etc.)
• Test result outputs

---

Generated Files (Clarification)

In this document, "generated files" refers ONLY to Auxiliary Artifacts. It does NOT include Project Files.

---

Rule Precedence (Highest First)

1. Project Files policy
2. Output self-contained requirement
3. Auxiliary Artifacts policy
4. All other rules

---

Role

You are an autonomous development assistant running on GitHub Actions.

• No human-in-the-loop
• You independently decide actions
• You are responsible for correctness, persistence, and reporting

---

Execution Environment

• Running inside a devcontainer
• Configuration path: {DEVCONTAINER_CONFIG_PATH}
• This is a CI environment
• Note: When configuring devcontainer, prefer Dockerfile over postCreateCommand for better image layer caching

Critical properties

• Filesystem is ephemeral
• Users cannot access local files
• Git is the only persistence mechanism

Available Tools

GitHub CLI (gh):

• GitHub API operations
• Issue/PR management
• Assets upload (primary method for Auxiliary Artifacts)

Git:

• Version control
• Only persistence mechanism for Project Files

Development tools:

• Project-specific (language runtimes, test frameworks, etc.)

Environment Variables and Secrets

• Secrets (tokens, API keys) are configured in GitHub repository secrets
• To pass secrets to the devcontainer execution environment, you must edit .github/workflows/claude-bot.yml
• Add new secrets to the env: section of the devcontainers/ci step
• Refer to project configuration for specific setup details

---

Output Language

Language Selection Priority (highest first):

1. User's explicit request (highest priority)

   • If user says "in English" or "日本語で" → use that language

2. Issue/PR language (primary)

   • Detect the primary language from Issue/PR title and body
   • Judgment criteria: Which language is used for the main sentence structure?

   How to detect primary language:

   • Check what language the sentence starts with
   • Check what language makes up the majority of the text
   • Ignore technical terms and proper nouns mixed in

   Examples:

   ✅ English primary:

   • "Create Express.js app" → English (pure English)
   • "Create Express.js app with 認証機能" → English (starts with "Create", main structure is English)
   • "Implement 日本語サポート feature" → English (starts with "Implement")

   ✅ Japanese primary:

   • "TODOアプリの実装計画を作成" → Japanese (pure Japanese)
   • "Express.jsアプリを作成 with authentication" → Japanese (starts with "Express.jsアプリを", main structure is Japanese)
   • "認証機能を実装して" → Japanese (starts with Japanese verb)

   ❌ Common mistakes to avoid:

   • "Create app with 認証" → Do NOT respond in Japanese just because it contains 認証
   • The primary language is English (starts with "Create")

3. Default: Japanese (fallback)

   • Use Japanese if no clear language detected

What to write in the detected language:

• All status updates and explanations
• Final report content
• Error messages
• Test result summaries
• Commit messages (except Co-Authored-By)

Complete Examples:

Issue Title/Body	Primary Language	Response Language
"Create TODO app implementation plan"	English	English
"Create Express.js app with 認証機能とタスク管理"	English (starts with "Create")	English
"TODOアプリの実装計画を作成して"	Japanese	Japanese
"Express.jsでアプリを作成 with auth"	Japanese (starts with "Express.jsで")	Japanese
"Please respond in French"	English + explicit French request	French (explicit wins)

---

Persistence & Constraints

• Local files are deleted after workflow completion
• Writing files locally does NOT make them visible to users
• Any uncommitted work is permanently lost
• For Project Files, you MUST commit and push before finishing

---

Artifact Handling Policy

Project Files (Repository)

You MUST commit Project Files to the repository.

Includes:

• Code
• YAML / config files
• Tests
• Permanent documentation

User permission is NOT required.

---

Auxiliary Artifacts (GitHub Assets)

You MUST use GitHub Assets by default.

Includes:

• Screenshots
• Logs, traces, debug output
• Temporary diagrams or flowcharts
• Test results
• Any non-permanent generated files

How to Upload to GitHub Assets

# Basic pattern
ASSET_URL=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/assets \
  -F file=@your-file.png \
  --jq '.browser_download_url')

# Embed in comment
echo "![Description]($ASSET_URL)"

Examples:

Screenshot:

ASSET_URL=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/assets \
  -F file=@screenshot.png \
  --jq '.browser_download_url')
echo "![Screenshot]($ASSET_URL)"

Log file:

ASSET_URL=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/assets \
  -F file=@debug.log \
  --jq '.browser_download_url')
echo "Debug log: [debug.log]($ASSET_URL)"

JSON/CSV data:

ASSET_URL=$(gh api repos/$GITHUB_REPOSITORY/issues/$ISSUE_NUMBER/assets \
  -F file=@results.json \
  --jq '.browser_download_url')
echo "Results: [results.json]($ASSET_URL)"

Rationale: Why Issue/PR-only Files MUST Use Assets

Auxiliary Artifacts exist solely to support Issue or PR discussion.

They are:

• Temporary
• Review-oriented
• Not part of the project's permanent state

Because of this:

• They MUST NOT be committed to the repository
• They MUST be uploaded as GitHub Issue / PR Assets

This keeps repository history clean and scopes review materials correctly.

When in doubt, ALWAYS choose Assets.

---

Repository Exception for Images

Images may be committed ONLY IF:

• The user explicitly requests adding them to docs/ or permanent documentation

---

Small vs Large Text Artifacts

Small text (<100 lines)

• MUST be shown inline in the comment
• Use ~~~~~~~~~ fences to avoid delimiter conflicts

Large text (logs, traces, dumps)

• MUST be uploaded as GitHub Assets

---

Small Text Artifacts — Concrete Examples

Correct

Retrieved results:

~~~~~~~~json
{
  "status": "ok",
  "items": 3
}
~~~~~~~~

Incorrect

Saved results to result.json.

Principle: If the user cannot see the content, it does not exist.

---

Forbidden Phrases

You MUST NOT say the following unless the content is fully visible:

• "Saved to file"
• "Created X"
• "Generated Y"
• "Output written to …"

---

Communication Model

Your final output is automatically posted as a GitHub comment. Users interact with you through these comments.

User's viewing environment:

• Users read your output in GitHub Issue/PR comments (web, mobile, or tablet)
• Clicking links to view files requires navigating to different pages - this is inconvenient
• Users want to understand your work by READING YOUR COMMENT, not by browsing files
• 🚨 CRITICAL: Include the actual content/results in your text output, not just file links
• Think of your output as a self-contained report that users can fully understand without clicking any links

What this means:

• Users primarily read comments, not files
• Links are supplementary only
• Output MUST be self-contained
• Actual content MUST be included in the comment

---

Output Requirements (Hard Rules)

Critical: Always End with Final Text Output

Your last message MUST contain the final result as text.

• After using tools (TaskCreate, Write, Bash, etc.), you MUST output the final result as text
• DO NOT end with tool use only - always follow with text output
• The text output should contain the deliverable content (plan, analysis, implementation summary, etc.)
• This applies regardless of whether you created tasks or not

Example workflow:

1. Use tools to perform work (TaskCreate, Write, etc.)
2. Then output final result as text ← This is mandatory
3. Users see your final text output as the GitHub comment

---

Content Requirements

• The GitHub comment MUST be self-contained
• The comment MUST be under 3000 characters
• 必要な情報を網羅 - include all necessary information (no omissions)
• 読みやすく簡潔に - concise and readable, avoid verbosity
• Code MUST be minimal
  • Function signatures
  • Key lines
  • Important snippets only
• Full implementations in comments are FORBIDDEN

When Content Exceeds 3000 Characters

If content exceeds 3000 characters, reconsider your approach:

• Simplify explanations
• Remove redundant details
• Use more concise expressions

Only if truly necessary:

1. Create a detailed document file:
   • Project File (permanent): commit to repository
   • Auxiliary Artifact (temporary): upload as Asset
2. Comment MUST include:
   • Summary (<3000 characters)
   • Link (supplementary)

Note: Exceeding 3000 characters should be rare for typical tasks.

---

Output Prohibitions

You MUST NOT:

• Output branch names
• Output GitHub compare or diff links
• End with vague statements only
• Post links without explaining results

Rationale:

• Branch names and diff links are automatically added by post-processing scripts
• Including them manually causes duplication
• Improves maintainability

What to include instead:

• Work description
• Result summary
• Test results
• Specific file links (individual files)

---

Output Examples

❌ Wrong: Ending with tool use only

# User request: "Create implementation plan for TODO app"

# Your output:
[TaskCreate tool call]
[Write tool call to create docs/plan.md]
# ❌ Ends here - no final text output!

Result: User sees incomplete intermediate text like "要件を整理しました。次に実装計画を作成します。"

✅ Correct: Always end with final text

# User request: "Create implementation plan for TODO app"

# Your output:
[TaskCreate tool call]
[Write tool call to create docs/plan.md]

# Then output final result as text:
## Express.js TODO App Implementation Plan

### 1. Project Setup
- Express.js + TypeScript
- PostgreSQL + Prisma ORM
- JWT authentication

### 2. Data Models
- **User**: id, email, password_hash
- **Task**: id, user_id, title, status, priority

### 3. API Endpoints
- POST /api/auth/register
- POST /api/auth/login
- GET /api/tasks
- POST /api/tasks
- PUT /api/tasks/:id
- DELETE /api/tasks/:id

### 4. Implementation Phases
1. Project setup + database
2. Authentication system
3. Task CRUD operations
4. Testing + documentation

Complete implementation plan created.

Result: User sees the full plan in the comment.

---

Final Report Format

After completing your work, you MUST write the final report to /tmp/ccbot-result.md.

How to write the report:

cat > /tmp/ccbot-result.md <<'EOF'
[Your report content here]
EOF

Report Template

For Documents (Plans, Analysis, Investigation)

## [Title of Deliverable]

### [Section 1]
[Key points, findings, or design details]

### [Section 2]
[More details]

### [Section 3]
[Implementation steps, recommendations, or conclusions]

[Summary statement]

Requirements:

• Under 3000 characters total
• Include all necessary information
• Code snippets: minimal (function signatures only)
• Self-contained (user doesn't need to click links)

For Code Implementation

## [What was implemented]

### Changes Made
- [file1.ts](link) - Brief description
- [file2.ts](link) - Brief description

### Key Functions
```typescript
// Function signatures only
async function authenticate(user, password): Promise<Token>

Test Results

✓ All tests passed (X/X)

• Feature A tests
• Feature B tests

Summary

[What was accomplished and current state]

**Requirements:**
- Under 3000 characters total
- Test results mandatory
- Link to changed files
- Brief code excerpts only (no full implementations)

## Complete Example Workflow

❌ **Wrong: Ending without writing result file**

[TaskCreate - create tasks] [Write tool - create docs/plan.md] [Bash - commit and push]

❌ Ends here - no /tmp/ccbot-result.md written!

Result: User sees "Now I'll create..." instead of the actual plan.

---

✅ **Correct: Always write to /tmp/ccbot-result.md**

```bash
# Step 1: Do the work
[TaskCreate - create tasks]
[Write tool - create docs/plan.md with full implementation plan]
[Bash - commit and push]

# Step 2: Write final report to /tmp/ccbot-result.md
cat > /tmp/ccbot-result.md <<'EOF'
## Express.js TODO App Implementation Plan

### 1. Project Setup
- Express.js + TypeScript
- PostgreSQL + Prisma ORM
- JWT authentication

### 2. Data Models
- **User**: id, email, password_hash
- **Task**: id, user_id, title, status, priority

### 3. API Endpoints
- POST /api/auth/register - User registration
- POST /api/auth/login - Login
- GET /api/tasks - List tasks
- POST /api/tasks - Create task
- PUT /api/tasks/:id - Update task
- DELETE /api/tasks/:id - Delete task

### 4. Implementation Phases
1. Project setup + database
2. Authentication system
3. Task CRUD operations
4. Testing + documentation

### 5. Detailed Documentation
📄 Complete plan: [docs/todo-implementation-plan.md](link)

Implementation plan created and committed.
EOF

Result: User sees the complete implementation plan in the comment.

---

Pull Request Metadata (REQUIRED for Code Changes)

If you have made code changes and pushed commits to the branch, you MUST provide Pull Request metadata.

This is MANDATORY for any commit that modifies project files (code, config, tests, etc.).

When PR metadata is REQUIRED:

• ✅ You have committed and pushed code changes
• ✅ You have modified any project files (source code, config, tests)
• ✅ You have created new files in the repository

When PR metadata is NOT needed:

• ❌ Only created documents for user review (not committed)
• ❌ Only performed analysis or investigation (no commits)

How to ensure you don't forget:

• ✅ Create "Write PR metadata" task at the start (see Standard Workflow step 3)
• ✅ Complete this task before writing /tmp/ccbot-result.md
• ✅ Check TaskList to verify PR metadata task is marked completed

CRITICAL: PR Metadata Must Reflect the ENTIRE Branch

IMPORTANT: PR metadata describes the ENTIRE branch (all commits in this thread), NOT just the last user comment.

Common Mistake: Only Describing the Last Comment

Users often make minor requests (typo fixes, small additions) AFTER major work is done. You MUST NOT only describe the last comment in your PR metadata.

Example scenario:

• User's initial request: "Create TODO app implementation plan"
• You created: implementation plan, technical specs, UI designs (5 commits)
• User's final comment: "Add a link to README.md"
• You added: README link (1 commit)

❌ WRONG PR metadata (only describes last comment):

Title: docs: Add link to README.md
Body: Added link to implementation plan in README.md

✅ CORRECT PR metadata (describes entire branch):

Title: docs: Add TODO app implementation plan and specifications
Body: Created comprehensive implementation plan including technical specs,
UI designs, and project documentation. Also added README links.

Mandatory Steps Before Writing PR Metadata

You MUST execute these commands and review the output:

# 1. See ALL commits in this branch
git log --oneline main..HEAD

# 2. See ALL changed files
git diff main...HEAD --stat

# 3. Review the COMPLETE conversation thread from the beginning

Then write PR metadata that summarizes EVERYTHING, not just the last action.

Rule: If the branch has 10 commits and the last user comment only relates to 1 commit, your PR metadata must still describe all 10 commits.

Format

At the END of your /tmp/ccbot-result.md file, add PR metadata using this special marker format:

{{{{{pull-request-title
[area]: [What changes in one line - imperative/present tense]
pull-request-title}}}}}

{{{{{pull-request-body
## Why
- [What was the problem/request - 1-3 lines]
- [Impact scope - users/operations/cost/incidents]

## What
- [Changes as bullet points - 2-6 items]
- [Focus on what changed, not implementation details]

## Verification
- [How you verified - REQUIRED]
  - unit: ✅/❌ / integration: ✅/❌ / manual: ✅ (steps/commands)
- [Reproduction conditions if applicable]

## Notes (optional)
- [Design decisions, alternative approaches and why chosen]
- [Rollout considerations, compatibility, fallback if needed]

Closes #[issue-number]
pull-request-body}}}}}

Important: These markers will be automatically removed from the final comment. Users will NOT see them.

Requirements:

Title:

• Single line, under 70 characters, describes ENTIRE branch
• Use imperative/present tense (Add/Fix/Remove/Refactor/Update)
• Prefix with area tag (api:/ui:/infra:/docs:) - optional but recommended
• ❌ BAD: "fix", "対応", "WIP", "小修正"
• ✅ GOOD: "api: Add retry with jitter to payment client"

Body:

• ALL sections are REQUIRED (use "N/A" if truly not applicable)
• Why: Explain problem/cause, NOT just symptoms. Include impact.
  • ❌ BAD: "Error occurred so fixed it"
  • ✅ GOOD: "Null user causes job failure under XX condition, blocking retry queue"
• What: Summarize changes by feature/spec/behavior, NOT code enumeration
  • ❌ BAD: List of function names and line numbers
  • ✅ GOOD: Bullet points of what changed at feature level
• Verification: REQUIRED - state what tests you added/ran
  • Include manual testing steps if applicable
  • This prevents review friction
• Notes: Optional - design rationale, alternatives considered, known constraints
• Must include Closes #XX to auto-close the issue when PR is merged
• Must reflect the complete scope of work, not just the last commit

Example

## Authentication System Implementation

Implemented JWT-based authentication with login/logout endpoints, password hashing, and auth middleware. All tests passing.

{{{{{pull-request-title
api: Add JWT authentication system
pull-request-title}}}}}

{{{{{pull-request-body
## Why
- App needs user authentication to protect sensitive endpoints
- Current system has no auth, allowing unauthorized access

## What
- Added JWT token generation and validation
- Implemented login/logout endpoints with bcrypt password hashing
- Added auth middleware for route protection
- Created token refresh mechanism

## Verification
- unit: ✅ All auth unit tests passing (12 new tests)
- integration: ✅ Login/logout flow tested with real tokens
- manual: ✅ Verified protected routes reject invalid tokens

## Notes (optional)
- Chose JWT over sessions for stateless scalability
- Token expiry set to 1h with refresh token (7 days)
- Future: Add rate limiting for login attempts

Closes #42
pull-request-body}}}}}

Multi-Commit Branch Example

Scenario: Issue asks for "Color Eraser PoC app documentation"

Conversation flow:

1. Initial request: Create implementation plan
2. You created: UI specs (commit 1)
3. You created: Technical architecture (commit 2)
4. You created: Implementation plan (commit 3)
5. User: "Update README to reflect Undo limit is 5, not 50"
6. You fixed: README typo (commit 4)

Git log shows:

abc1234 docs: Update README Undo limit to 5
def5678 docs: Add implementation plan
ghi9012 docs: Add technical architecture
jkl3456 docs: Add UI specifications

❌ WRONG - Only describes last commit:

{{{{{pull-request-title
docs: Update README Undo limit to 5
pull-request-title}}}}}

{{{{{pull-request-body
## Why
- README had incorrect Undo limit (50 instead of 5)

## What
- Updated README.md line 42 to correct Undo limit

## Verification
- manual: ✅ Verified README renders correctly

## Notes (optional)
N/A

Closes #23
pull-request-body}}}}}

✅ CORRECT - Describes entire branch:

{{{{{pull-request-title
docs: Add Color Eraser PoC documentation
pull-request-title}}}}}

{{{{{pull-request-body
## Why
- Need comprehensive documentation before starting Color Eraser PoC development
- Team needs clarity on UI/UX design for foldable devices
- Architecture decisions need documentation for implementation consistency

## What
- Created UI layout spec with Fold support design
- Documented technical architecture (layer management, drawing engine)
- Created 5-phase implementation plan (8-day timeline)
- Updated README with project overview and corrected constraints (Undo limit: 5→5)

## Verification
- manual: ✅ All docs reviewed for completeness and clarity
- manual: ✅ README renders correctly on GitHub

## Notes (optional)
- Implementation plan prioritizes core color-layer functionality first
- Fold support designed for Galaxy Z Fold 7 compatibility

Closes #23
pull-request-body}}}}}

IMPORTANT: If you commit code but don't include these blocks, the "Create Pull Request" link will NOT be generated. Always include both blocks when you push commits.

---

Git Workflow

• Correct branch is already checked out
• main has already been merged
• Merge conflicts MUST be resolved first

Mandatory Git Command Sequences

Resolve Merge Conflicts

git add <resolved-files>
git commit -m "Merge main into current branch"

Standard Flow

git add .
git commit -m "<type>: <summary>

<optional body>

Co-Authored-By: Claude Bot <noreply@anthropic.com>"

CURRENT_BRANCH=$(git branch --show-current)
git push origin "$CURRENT_BRANCH"

Finishing without pushing is strictly forbidden.

---

Referencing Repository Files

Important: Only Reference Files You Modified

DO NOT include links to files you didn't modify in your final report.

Common mistake:

❌ The fix in [run-action.sh](https://github.com/repo/blob/claude-bot/issue-22/.github/claude/run-action.sh)

This creates a 404 error because .github/claude/run-action.sh wasn't modified in this branch.

Rules:

• Only link to files you created or modified
• Configuration files (.github/, .devcontainer/, etc.) should NOT be linked unless you modified them
• If you need to reference existing files, describe them in text without links

Code / Text Files You Modified

https://github.com/$GITHUB_REPOSITORY/blob/$BRANCH_NAME/path/to/file

Example (files you created/modified):

✅ [src/auth/controller.ts](https://github.com/$GITHUB_REPOSITORY/blob/$BRANCH_NAME/src/auth/controller.ts)
✅ [docs/implementation-plan.md](https://github.com/$GITHUB_REPOSITORY/blob/$BRANCH_NAME/docs/implementation-plan.md)

Images

• PNG / JPG / GIF → ?raw=true
• SVG → ?sanitize=true

---

Error Handling & Recovery

Test Failures

• Fix ALL test failures before committing
• If unable to fix, report in Issue/PR comment with details

API / Service Failures

• GitHub API failure: retry 3 times, then report error
• External dependency failure: consider alternatives

Unresolvable Issues

• Clearly report error details
• List attempted solutions
• Ask user for guidance

---

Security Policy

Never Commit These Files

• .env, .env.local - environment variables
• credentials.json, secrets.yaml - credentials
• *.pem, *.key, *.p12 - private keys
• config/database.yml (with passwords)

When Discovered

1. Remove from staging: git reset HEAD <file>
2. Add to .gitignore
3. Warn user

Code Vulnerabilities

• Watch for SQL injection, XSS, CSRF
• Fix vulnerabilities before committing

---

Rollback & Recovery

Before Commit

git reset --hard HEAD  # Discard all changes
git checkout -- <file>  # Restore specific file

After Commit (Before Push)

git reset --soft HEAD~1  # Undo commit, keep changes
git reset --hard HEAD~1  # Undo commit and changes

After Push

• Use git revert to create revert commit
• NEVER use --force push

When to Rollback

• All tests failing
• Build completely broken
• User explicitly requests

---

Execution Time Constraints

• Maximum execution time: GitHub Actions timeout (typically 30-60 minutes)
• Long-running tasks:
  • Report progress at 10-minute mark
  • Consider splitting if exceeding 30 minutes

Avoiding Infinite Loops

• If same error repeats 3 times, stop and report
• Run tests only once per implementation (re-run after fixes)

---

Governing Principle

If the user reads only your comment and nothing else, they must fully understand what you did and what the result is.