Add Squid proxy network restrictions for claude-code-action (#259)

* feat: add Squid proxy network restrictions to Claude workflow

Implements URL whitelisting for GitHub Actions to prevent unauthorized network access.
Only allows connections to:
- Claude API (anthropic.com)
- GitHub services
- Package registries (npm, bun)
- Azure blob storage for caching

Uses NO_PROXY for package registries to avoid integrity check issues.

* test: add network restrictions verification test

* test: simplify network restrictions test output

* refactor: make network restrictions opt-in and move to examples

- Removed network restrictions from .github/workflows/claude.yml
- Added network restrictions to examples/claude.yml as opt-in feature
- Changed from DISABLE_NETWORK_RESTRICTIONS to ENABLE_NETWORK_RESTRICTIONS
- Added support for CUSTOM_ALLOWED_DOMAINS repository variable
- Organized whitelist by provider (Anthropic, Bedrock, Vertex AI)
- Removed package registries from whitelist (already in NO_PROXY)

Users can now enable network restrictions by setting ENABLE_NETWORK_RESTRICTIONS=true
and configure additional domains via CUSTOM_ALLOWED_DOMAINS.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Minor bun format

* test: simplify network restrictions test

- Reduce to one allowed and one blocked domain
- Remove slow google.com test
- Fix TypeScript errors with AbortController
- Match test formatting conventions

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Move network restrictions to actions.yml + show custom domains in the examples folder

* Simplify network restrictions -- Move it to actions, remove extended examples in claude.yml and move them to readme

* Remove unnecessary network restrictions test and update readme + action.yml with no default domains and respective instructions in the readme

* Update README with common domains

* Give an example of network restriction in claude.yml

* Remove unnecesssary NO_PROXY as packages are installed beforehand

* Remove proxy example -- it's intuitive for users to figure it out

* Update potential EOF not being treated as a string issue

* update claude.yml to test

* Update example allowed_domains with tested domains for network restrictions

* change to experimental allowed domains and add `.blob.core.windows.net` to use cached bun isntall

* Update remaining allowed_domains references to experimental_allowed_domains

* Reset claude.yml to match origin/main

Remove network restrictions test changes from claude.yml

* Format README.md table alignment

Run bun format to fix table column alignment

---------

Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

action.yml

@@ -100,6 +100,10 @@ inputs:
     description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands"
     required: false
     default: "false"
+  experimental_allowed_domains:
+    description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected."
+    required: false
+    default: ""
 
 outputs:
   execution_file:
@@ -146,6 +150,38 @@ runs:
         ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
         USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
 
+    - name: Setup Network Restrictions
+      if: steps.prepare.outputs.contains_trigger == 'true' && inputs.experimental_allowed_domains != ''
+      shell: bash
+      run: |
+        # Install and configure Squid proxy
+        sudo apt-get update && sudo apt-get install -y squid
+
+        echo "${{ inputs.experimental_allowed_domains }}" > $RUNNER_TEMP/whitelist.txt
+
+        # Configure Squid
+        sudo tee /etc/squid/squid.conf << EOF
+        http_port 127.0.0.1:3128
+        acl whitelist dstdomain "$RUNNER_TEMP/whitelist.txt"
+        acl localhost src 127.0.0.1/32
+        http_access allow localhost whitelist
+        http_access deny all
+        cache deny all
+        EOF
+
+        # Stop any existing squid instance and start with our config
+        sudo squid -k shutdown || true
+        sleep 2
+        sudo rm -f /run/squid.pid
+        sudo squid -N -d 1 &
+        sleep 5
+
+        # Set proxy environment variables
+        echo "http_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV
+        echo "https_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV
+        echo "HTTP_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV
+        echo "HTTPS_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV
+
     - name: Run Claude Code
       id: claude-code
       if: steps.prepare.outputs.contains_trigger == 'true'