Remove experimental allowed domains feature (#697)

* chore: remove experimental allowed domains feature Remove the experimental_allowed_domains feature which was used to restrict network access via a Squid proxy. This removes: - The input definition from action.yml - The Network Restrictions workflow step - The setup-network-restrictions.sh script - Documentation from experimental.md, usage.md, and related files - The input default from collect-inputs.ts * chore: fix formatting with prettier Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>
2026-01-22 14:24:13 +08:00 · 2025-11-24 19:03:53 -05:00
parent 798cf0988d
commit 7febbb006b
5 changed files with 0 additions and 203 deletions
--- a/docs/experimental.md
+++ b/docs/experimental.md
@@ -61,68 +61,3 @@ For specialized use cases, you can fine-tune behavior using `claude_args`:
      --system-prompt "You are a code review specialist"
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
 ```
-
-## Network Restrictions
-
-For enhanced security, you can restrict Claude's network access to specific domains only. This feature is particularly useful for:
-
- Enterprise environments with strict security policies
- Preventing access to external services
- Limiting Claude to only your internal APIs and services
-
-When `experimental_allowed_domains` is set, Claude can only access the domains you explicitly list. You'll need to include the appropriate provider domains based on your authentication method.
-
-### Provider-Specific Examples
-
-#### If using Anthropic API or subscription
-
-```yaml
- uses: anthropics/claude-code-action@v1
-  with:
-    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-    # Or: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-    experimental_allowed_domains: |
-      .anthropic.com
-```
-
-#### If using AWS Bedrock
-
-```yaml
- uses: anthropics/claude-code-action@v1
-  with:
-    use_bedrock: "true"
-    experimental_allowed_domains: |
-      bedrock.*.amazonaws.com
-      bedrock-runtime.*.amazonaws.com
-```
-
-#### If using Google Vertex AI
-
-```yaml
- uses: anthropics/claude-code-action@v1
-  with:
-    use_vertex: "true"
-    experimental_allowed_domains: |
-      *.googleapis.com
-      vertexai.googleapis.com
-```
-
-### Common GitHub Domains
-
-In addition to your provider domains, you may need to include GitHub-related domains. For GitHub.com users, common domains include:
-
-```yaml
- uses: anthropics/claude-code-action@v1
-  with:
-    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-    experimental_allowed_domains: |
-      .anthropic.com  # For Anthropic API
-      .github.com
-      .githubusercontent.com
-      ghcr.io
-      .blob.core.windows.net
-```
-
-For GitHub Enterprise users, replace the GitHub.com domains above with your enterprise domains (e.g., `.github.company.com`, `packages.company.com`, etc.).
-
-To determine which domains your workflow needs, you can temporarily run without restrictions and monitor the network requests, or check your GitHub Enterprise configuration for the specific services you use.
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -70,7 +70,6 @@ jobs:
 | `branch_prefix`                  | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)                                                                                           | No       | `claude/`     |
 | `settings`                       | Claude Code settings as JSON string or path to settings JSON file                                                                                                                      | No       | ""            |
 | `additional_permissions`         | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results                                                                                      | No       | ""            |
-| `experimental_allowed_domains`   | Restrict network access to these domains only (newline-separated).                                                                                                                     | No       | ""            |
 | `use_commit_signing`             | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands                                                                      | No       | `false`       |
 | `bot_id`                         | GitHub user ID to use for git operations (defaults to Claude's bot ID)                                                                                                                 | No       | `41898282`    |
 | `bot_name`                       | GitHub username to use for git operations (defaults to Claude's bot name)                                                                                                              | No       | `claude[bot]` |