Make Claude workflow resilient to external credit failures

[Copilot]

The Claude Code workflow fails the entire job when the Anthropic service returns a credit/quota error — an external failure unrelated to repo code. The downstream 404s for branch creation are side effects of this primary failure.

Changes

• Job guard: job skips when ANTHROPIC_API_KEY is absent (!= null) or when repo variable CLAUDE_CODE_ENABLED=false
• Fault tolerance: added continue-on-error: true to the Claude action step so external service errors degrade gracefully instead of failing the workflow

jobs:
  claude:
    if: ${{ secrets.ANTHROPIC_API_KEY != null && vars.CLAUDE_CODE_ENABLED != 'false' }}
    ...
    steps:
      - name: Run Claude Code Action
        uses: anthropics/claude-code-action@v1
        continue-on-error: true

Original prompt

Update the GitHub Actions workflow in kimocoder/wifite2 to prevent the Claude Code job from failing the entire workflow when the external Anthropic service is unavailable or has insufficient credits.

Context:

• Repository: kimocoder/wifite2
• Workflow file: .github/workflows/claude.yml
• Observed failure in Actions logs: Claude Code returned an error result: Credit balance is too low
• Secondary 404 errors for claude/issue-484-20260413-2125 appear to be downstream effects after the primary failure.
• The workflow currently triggers on issue_comment and pull_request_review_comment and runs anthropics/claude-code-action@v1.

Desired changes:

1. Modify .github/workflows/claude.yml so the Claude action step does not fail the whole job if the external service errors. A practical approach is to add continue-on-error: true to the Run Claude Code Action step.
2. Add a job-level guard so the job only runs when the Anthropic secret exists and when a repository variable does not explicitly disable it. For example, gate the job with a condition equivalent to:
   • secret ANTHROPIC_API_KEY is present
   • variable CLAUDE_CODE_ENABLED is not equal to false
3. Preserve the existing prompt and trigger behavior unless small adjustments are needed to keep the workflow valid.
4. Keep the change minimal and focused on making the workflow resilient.

Acceptance criteria:

• .github/workflows/claude.yml is updated accordingly.
• A pull request is created in kimocoder/wifite2 with the workflow fix.
• The PR description should briefly explain that the root cause was an external credit/quota failure, not a repository code failure.

Suggested PR title:
Make Claude workflow resilient to external credit failures

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Fix the workflow issue

Assistant: I’ve applied a workflow-side mitigation: the Claude step is now allowed to fail without failing the whole job, and the job is gated so it can be disabled with CLAUDE_CODE_ENABLED=false.

Root cause: the failure was not from your repo code — the action log shows the external Claude service failed with “Credit balance is too low”, which then caused the workflow to exit with code 1.

What changed in .github/workflows/claude.yml:

• added a job condition:
  • runs only when ANTHROPIC_API_KEY exists
  • can be turned off via repo variable CLAUDE_CODE_ENABLED=false
• added continue-on-error: true to the Claude action step

Why this fixes it:

• if the Claude provider runs out of credits again, the workflow will no longer fail the entire check
• you can also disable the automation cleanly without editing the workflow again

If you want, I can next help you make this stricter by:

1. posting a friendly warning comment when credits are exhausted, or
2. limiting the workflow to PR comments only so it runs less often.

User: @copilot Accepted Confirmation: Are you sure?

Assistant: The workflow failure is caused by the external Claude action running out of credits, not by code in wifite2.

Recommended fix for .github/workflows/claude.yml:

name: Claude Code

on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]

jobs:
  claude:
    if: ${{ secrets.ANTHROPIC_API_KEY != '' && vars.CLAUDE_CODE_ENABLED != 'false' }}
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: write
      pull-requests: write
      issues: write

    steps:
      - name: Checkout repo
        uses: actions/checkout@v6.0.2

      - name: Run Claude Code Action
        uses: anthropics/claude-code-action@v1
        continue-on-error: true
        with:
          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

          prompt: |
            You are an expert security researcher reviewing changes to wifite2 (a Python WiFi auditing tool).
            Review this pull request or comment for:
            - bugs
            - security issues
            - code quality problems
            - performance improvements
            Focus especially on Python code. Be concise but thorough. If you can fix something, do it.

          claude_args: |
            --max-turns 8

          trigger_phrase: "@claude"
          use_sticky_comment: true
          include_fix_links: true
          track_progress: true

What this does:

• continue-on-error: true prevents the whole workflow from failing when the Claude service errors.
• if: ${{ secrets.ANTHROPIC_API_KEY != '' && vars.CLAUDE_CODE_ENABLED != 'false' }} lets you disable the job with a repo variable and skips it if the secret is missing.

Why this is the right fix:

• The log’s primary failure is: Credit balance is too low.
• The later 404s for claude/issue-484-20260413-2125 are secondary ef...

This pull request was created from Copilot chat.

[Copilot]

Pull request overview

Updates the Claude Code GitHub Actions workflow so external Anthropic quota/credit failures don’t fail the overall workflow run.

Changes:

• Adds a job-level if: guard intended to skip the job when ANTHROPIC_API_KEY is missing or when CLAUDE_CODE_ENABLED=false.
• Sets continue-on-error: true on the Claude action step to prevent external service errors from failing the job.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The job guard secrets.ANTHROPIC_API_KEY != null will still evaluate to true when the secret is missing, because GitHub Actions secrets are exposed as strings and an unset secret typically resolves to an empty string (not null). This means the job can still run without credentials. Consider checking for a non-empty string instead (e.g., secrets.ANTHROPIC_API_KEY != '' or truthiness) so the job reliably skips when the secret isn't configured.

Suggested change

	if: ${{ secrets.ANTHROPIC_API_KEY != null && vars.CLAUDE_CODE_ENABLED != 'false' }}
	if: ${{ secrets.ANTHROPIC_API_KEY != '' && vars.CLAUDE_CODE_ENABLED != 'false' }}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5f54698883

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Remove secrets context from job-level if condition

This job guard uses secrets.ANTHROPIC_API_KEY directly in if, but GitHub Actions does not support referencing secrets in if conditionals, so the condition will not evaluate reliably and can prevent the workflow from running as intended (or fail workflow validation) on every trigger. The net effect is that Claude automation may be silently disabled regardless of repository state; move the secret into an environment variable and gate on that value instead.

Useful? React with 👍 / 👎.