anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-03-09 18:52:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

Revert "fix: replace deprecated :* with modern * wildcard in git permissions (#929)" (#949)

Browse Source 
This reverts commit 1bb0e7464b.
This commit is contained in:
Ashwin Bhat
2026-02-15 14:39:25 -08:00
committed by GitHub
parent f5088835af
commit 68cfeead18
3 changed files with 27 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/create-prompt/index.ts
View File

@@ -57,13 +57,13 @@ export function buildAllowedToolsString(
} else {
// When not using commit signing, add specific Bash git commands
baseTools.push(
"Bash(git add *)",
"Bash(git commit *)",
"Bash(git push *)",
"Bash(git status *)",
"Bash(git diff *)",
"Bash(git log *)",
"Bash(git rm *)",
"Bash(git add:*)",
"Bash(git commit:*)",
"Bash(git push:*)",
"Bash(git status:*)",
"Bash(git diff:*)",
"Bash(git log:*)",
"Bash(git rm:*)",
);
}

14
src/modes/tag/index.ts
View File

@@ -135,13 +135,13 @@ export async function prepareTagMode({
// SSH signing still uses git CLI, just with signing enabled
if (!useApiCommitSigning) {
tagModeTools.push(
"Bash(git add *)",
"Bash(git commit *)",
"Bash(git push *)",
"Bash(git status *)",
"Bash(git diff *)",
"Bash(git log *)",
"Bash(git rm *)",
"Bash(git add:*)",
"Bash(git commit:*)",
"Bash(git push:*)",
"Bash(git status:*)",
"Bash(git diff:*)",
"Bash(git log:*)",
"Bash(git rm:*)",
);
} else {
// When using API commit signing, use MCP file ops tools

26
test/create-prompt.test.ts
View File

@@ -894,9 +894,9 @@ describe("buildAllowedToolsString", () => {
expect(result).toContain("Write");
// Default is no commit signing, so should have specific Bash git commands
expect(result).toContain("Bash(git add *)");
expect(result).toContain("Bash(git commit *)");
expect(result).toContain("Bash(git push *)");
expect(result).toContain("Bash(git add:*)");
expect(result).toContain("Bash(git commit:*)");
expect(result).toContain("Bash(git push:*)");
expect(result).toContain("mcp__github_comment__update_claude_comment");
// Should not have commit signing tools
@@ -916,8 +916,8 @@ describe("buildAllowedToolsString", () => {
expect(result).toContain("Write");
// Should have specific Bash git commands for non-signing mode
expect(result).toContain("Bash(git add *)");
expect(result).toContain("Bash(git commit *)");
expect(result).toContain("Bash(git add:*)");
expect(result).toContain("Bash(git commit:*)");
expect(result).toContain("mcp__github_comment__update_claude_comment");
// Should not have commit signing tools
@@ -1009,13 +1009,13 @@ describe("buildAllowedToolsString", () => {
expect(result).toContain("Write");
// Specific Bash git commands should be included
expect(result).toContain("Bash(git add *)");
expect(result).toContain("Bash(git commit *)");
expect(result).toContain("Bash(git push *)");
expect(result).toContain("Bash(git status *)");
expect(result).toContain("Bash(git diff *)");
expect(result).toContain("Bash(git log *)");
expect(result).toContain("Bash(git rm *)");
expect(result).toContain("Bash(git add:*)");
expect(result).toContain("Bash(git commit:*)");
expect(result).toContain("Bash(git push:*)");
expect(result).toContain("Bash(git status:*)");
expect(result).toContain("Bash(git diff:*)");
expect(result).toContain("Bash(git log:*)");
expect(result).toContain("Bash(git rm:*)");
// Comment tool from minimal server should be included
expect(result).toContain("mcp__github_comment__update_claude_comment");
@@ -1031,7 +1031,7 @@ describe("buildAllowedToolsString", () => {
// Base tools should be present
expect(result).toContain("Edit");
expect(result).toContain("Bash(git add *)");
expect(result).toContain("Bash(git add:*)");
// Custom tools should be included
expect(result).toContain("CustomTool1");