Prerequisites
- An IronBee account and your account API key, found in the Console on the Account page. The action runs without a browser, so it authenticates with the account API key rather than an interactive OAuth login.
- An Anthropic API key (get one at console.anthropic.com) or a Claude Code OAuth token
Minimal setup
Create a file at.github/workflows/ironbee.yml:
- Go to Settings → Secrets and variables → Actions
- Click New repository secret
- Add
IRONBEE_API_KEY(your IronBee API key) andANTHROPIC_API_KEY(your Anthropic key)
With application build and start
Verification needs your app running. Tell the action how to bring it up:These inputs are optional but recommended. Without them the agent infers how to install, build, start, and reach your app from the repository which works, but is slower and less reliable than spelling it out. See Verifying your application for details.
Required permissions
The action needs these GitHub token permissions to operate:| Permission | Purpose |
|---|---|
contents: write | Commit fixes to PR branches, create fix branches |
pull-requests: write | Post verification report comments, create fix PRs |
issues: write | Update PR comments via the GitHub API |
Authentication
The action needs two credentials: IronBee API key (always required) authenticates the collector so sessions are recorded and reportable. Passed as an env var, never written to disk.Next steps
Running in CI
How the action behaves on different events and what it reports.
All configuration options
Build commands, app URL, verification platforms, and more.