anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-26 00:34:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add time-based comment filtering to tag mode (#512)

Browse Source 
Implement time-based filtering for GitHub comments and reviews to prevent
malicious actors from editing existing comments after Claude is triggered
to inject harmful content.

Changes:
- Add updatedAt and lastEditedAt fields to GraphQL queries
- Update GitHubComment and GitHubReview types with timestamp fields
- Implement filterCommentsToTriggerTime() and filterReviewsToTriggerTime()
- Add extractTriggerTimestamp() to extract trigger time from webhooks
- Update tag and review modes to pass trigger timestamp to data fetcher

Security benefits:
- Prevents comment injection attacks via post-trigger edits
- Maintains chronological integrity of conversation context
- Ensures only comments in their final state before trigger are processed
- Backward compatible with graceful degradation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Ashwin Bhat
2025-08-29 09:49:08 -07:00
committed by GitHub
parent c041f89493
commit a6888c03f2
5 changed files with 850 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/modes/tag/index.ts
View File

@@ -6,7 +6,10 @@ import { createInitialComment } from "../../github/operations/comments/create-in
import { setupBranch } from "../../github/operations/branch";
import { configureGitAuth } from "../../github/operations/git-config";
import { prepareMcpConfig } from "../../mcp/install-mcp-server";
import { fetchGitHubData } from "../../github/data/fetcher";
import {
fetchGitHubData,
extractTriggerTimestamp,
} from "../../github/data/fetcher";
import { createPrompt, generateDefaultPrompt } from "../../create-prompt";
import { isEntityContext } from "../../github/context";
import type { PreparedContext } from "../../create-prompt/types";
@@ -70,12 +73,15 @@ export const tagMode: Mode = {
const commentData = await createInitialComment(octokit.rest, context);
const commentId = commentData.id;
const triggerTime = extractTriggerTimestamp(context);
const githubData = await fetchGitHubData({
octokits: octokit,
repository: `${context.repository.owner}/${context.repository.repo}`,
prNumber: context.entityNumber.toString(),
isPR: context.isPR,
triggerUsername: context.actor,
triggerTime,
});
// Setup branch