Tend
Early development — extracted from worktrunk's CI automation. Expect breaking changes.
Claude-powered CI for GitHub repos. PR review, issue triage, @bot mentions, CI fixes, nightly sweeps, dependency updates.
How it works
Three sources of behavior:
tend init — workflow files
uvx tend@latest init reads .config/tend.toml and writes tend-*.yaml into
.github/workflows/. Each workflow handles everything GitHub needs before
Claude runs: triggers, conditions (skip drafts, prevent bot self-loops),
engagement verification, concurrency, permissions, checkout strategy, setup
steps, and event-specific prompts. All seven are enabled by default.
| Workflow | Trigger | Skill |
|---|---|---|
tend-review | PR opened/updated | review |
tend-mention | @bot mentions, reviews, engaged conversations | — (prompt-driven) |
tend-triage | Issue opened | triage |
tend-ci-fix | CI fails on default branch | ci-fix |
tend-nightly | Daily schedule, manual dispatch | nightly |
tend-weekly | Weekly schedule, manual dispatch | weekly |
tend-notifications | Every 15 minutes, manual dispatch | notifications |
Each workflow ends with uses: max-sixty/tend@v1, handing off to the action.
Action (max-sixty/tend@v1)
The composite action runs the same steps regardless of which workflow
triggered it: security preflight (branch protection), rate limit preflight
(burst and daily spike detection), bot identity resolution, then invokes
claude-code-action with plugins, model, and allowed tools. Uploads session
logs as build artifacts afterward.
Skills (tend-ci-runner plugin)
Skills define what Claude does once running. The action loads the
tend-ci-runner plugin automatically; each workflow's prompt invokes the
corresponding skill (see table above). running-in-ci loads first in every
session — CI environment rules, security boundaries, comment formatting.
A separate install-tend plugin provides user-facing skills: install-tend
(interactive repo setup) and debug-ci-session (session log analysis).
Quick start
The fastest way to set up tend is with the install-tend skill, which handles
config, workflows, bot account, secrets, branch protection, and collaborator
setup interactively:
/install-tend my-project-bot
See the install-tend skill for the full step-by-step procedure. The rest of this README covers config options.
Plugin install
Install the install-tend plugin for interactive setup:
claude plugin marketplace add max-sixty/tend # one-time: register the repo as a marketplace
claude plugin install install-tend
The CI skills (tend plugin) are loaded automatically by the composite action —
you don't need to install them locally.
Config
Create .config/tend.toml:
bot_name = "my-project-bot"
Only overrides from defaults are needed.
Protected branches
The default branch is always protected. To protect additional branches (e.g., release branches), list them explicitly:
protected_branches = ["v1", "v2"]
tend check verifies branch protection on all listed branches. tend check --fix creates a single ruleset covering the default branch and all extra
branches.
Secrets
Two repo secrets are required:
| Secret | Value |
|---|---|
BOT_TOKEN | Bot account's PAT — classic with repo scope, or fine-grained with contents:write, pull-requests:write, issues:write |
CLAUDE_CODE_OAUTH_TOKEN | Claude Code OAuth token (via OAuth PKCE flow, not an API key) |
Override secret names if yours differ:
[secrets]
bot_token = "MY_BOT_PAT"
claude_token = "MY_CLAUDE_TOKEN"
tend check flags any repo-level secret not in an explicit allowlist (the bot
tokens above are always allowed). Repos with additional legitimate repo-level
secrets — coverage tokens, linter keys — must list them:
[secrets]
allowed = ["CODECOV_TOKEN"]