chore: enable display_report and use deterministic git push (#2959)

.github/workflows/claude-check-workflows.yml

@@ -44,6 +44,7 @@ jobs:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ steps.app-token.outputs.token }}
           claude_args: --model claude-sonnet-4-5-20250929
+          display_report: true
           prompt: |
             /dyad:check-workflows ${{ inputs.hours || '24' }}
       - name: Cleanup (self-hosted macOS)

.github/workflows/claude-deflake-e2e.yml

@@ -80,6 +80,7 @@ jobs:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ steps.app-token.outputs.token }}
           claude_args: --model claude-opus-4-6
+          display_report: true
           prompt: |
             /dyad:deflake-e2e-recent-commits ${{ inputs.commit_count || '10' }}
       - name: Cleanup (self-hosted macOS)

.github/workflows/claude-pr-review.yml

@@ -64,6 +64,7 @@ jobs:
 
           # Disable progress tracking (try to save tokens)
           track_progress: false
+          display_report: true
 
           prompt: |
             /dyad:multi-pr-review ${{ github.event.pull_request.number }}

.github/workflows/claude-rebase.yml

@@ -108,6 +108,7 @@ jobs:
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ steps.base-app-token.outputs.token }}
+          display_report: true
           prompt: |
             You are orchestrating the /dyad:pr-rebase skill. Your job is to run it end-to-end as a sub-agent with NO shortcuts.
 

.github/workflows/claude-rules-review.yml

@@ -42,6 +42,7 @@ jobs:
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ steps.app-token.outputs.token }}
+          display_report: true
           direct: true
           allowed_tools: "Read,Glob,Grep,Bash(git log:*),Bash(gh issue create:*),Bash(gh issue list:*),Bash(gh issue close:*),Bash(gh label:*)"
           claude_args: --model claude-opus-4-6

.github/workflows/closed-issue-comment.yml

@@ -36,6 +36,7 @@ jobs:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           # See: https://github.com/anthropics/claude-code-action/blob/v1/docs/security.md
           github_token: ${{ steps.app-token.outputs.token }}
+          # display_report left as default (false) — this workflow processes untrusted issue comments
           allowed_non_write_users: "*"
           claude_args: |
             --model sonnet --allowedTools "Bash(gh issue reopen:*), Bash(gh issue comment:*)"

.github/workflows/pr-review-responder.yml

@@ -43,6 +43,7 @@ jobs:
           permission-actions: write
           permission-contents: write
           permission-pull-requests: write
+          permission-workflows: write
 
       - name: Get PR info and check labels
         id: pr-info
@@ -224,6 +225,7 @@ jobs:
           owner: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.owner.login || github.event.workflow_run.head_repository.owner.login }}
           repositories: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.name || github.event.workflow_run.head_repository.name }}
           permission-contents: write
+          permission-workflows: write
 
       - name: Checkout repository
         if: steps.pr-info.outputs.should_continue == 'true'
@@ -281,6 +283,7 @@ jobs:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ steps.base-app-token.outputs.token }}
           claude_args: --model claude-opus-4-6
+          display_report: true
           prompt: |
             Run the following skill end-to-end. Execute every step sequentially. Do not skip, summarize, or stop early.
 
@@ -289,18 +292,13 @@ jobs:
       - name: Push any unpushed changes
         # In case the previous step accidentally forgot to push its changes
         if: steps.pr-info.outputs.should_continue == 'true' && always()
-        uses: anthropics/claude-code-action@v1
-        with:
-          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          github_token: ${{ steps.base-app-token.outputs.token }}
-          claude_args: --model claude-opus-4-6
-          prompt: |
-            The previous step may have made local commits but
-            accidentally forgot to push them to the origin remote. Run the following skill to
-            push any unpushed changes. If there are no unpushed commits, that's fine — just
-            exit successfully.
-
-            /dyad:fast-push
+        run: |
+          if [ "$(git rev-list --count @{u}..HEAD 2>/dev/null || echo '0')" -gt 0 ]; then
+            echo "Local branch is ahead of upstream, pushing..."
+            git push --force-with-lease
+          else
+            echo "No unpushed commits"
+          fi
 
       - name: Check if commits were pushed
         # Use always() to ensure we detect commits even if Claude Code fails partway through.