diff --git a/README.md b/README.md index ae620ce..8ba22a3 100644 --- a/README.md +++ b/README.md @@ -110,6 +110,7 @@ jobs: | `branch_prefix` | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No | `claude/` | | `claude_env` | Custom environment variables to pass to Claude Code execution (YAML format) | No | "" | | `additional_permissions` | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" | +| `allowed_domains` | Restrict network access to these domains only (newline-separated). Provider domains are auto-detected. | No | "" | \*Required when using direct Anthropic API (default and when not using Bedrock or Vertex) @@ -491,6 +492,64 @@ Use a specific Claude model: # ... other inputs ``` +### Network Restrictions + +For enhanced security, you can restrict Claude's network access to specific domains only. This feature is particularly useful for: + +- Enterprise environments with strict security policies +- Preventing access to external services +- Limiting Claude to only your internal APIs and services + +When `allowed_domains` is set, Claude can only access: + +1. The domains you explicitly list +2. Auto-detected provider domains (based on your authentication method) + +#### Basic Example + +```yaml +- uses: anthropics/claude-code-action@beta + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + allowed_domains: | + .github.com + .githubusercontent.com + ghcr.io + .blob.core.windows.net +``` + +#### GitHub Enterprise Example + +For GitHub Enterprise users, replace the GitHub domains with your own: + +```yaml +- uses: anthropics/claude-code-action@beta + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + allowed_domains: | + .github.company.com + packages.company.com + .blob.core.windows.net + # Add any other internal services Claude needs access to + internal-api.company.com +``` + +#### Custom LLM Proxy Example + +If you're using a custom LLM proxy instead of the standard providers: + +```yaml +- uses: anthropics/claude-code-action@beta + with: + anthropic_api_key: ${{ secrets.PROXY_API_KEY }} + allowed_domains: | + llm-proxy.company.com + github.com + api.github.com + raw.githubusercontent.com + .githubusercontent.com +``` + ## Cloud Providers You can authenticate with Claude using any of these three methods: diff --git a/action.yml b/action.yml index 933354f..1d54e16 100644 --- a/action.yml +++ b/action.yml @@ -96,12 +96,8 @@ inputs: description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands" required: false default: "false" - enable_network_restrictions: - description: "Enable network restrictions to limit Claude's internet access to approved domains" - required: false - default: "false" allowed_domains: - description: "Additional domains to allow when network restrictions are enabled (newline-separated)" + description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected." required: false default: "" @@ -151,41 +147,28 @@ runs: USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }} - name: Setup Network Restrictions - if: steps.prepare.outputs.contains_trigger == 'true' && inputs.enable_network_restrictions == 'true' + if: steps.prepare.outputs.contains_trigger == 'true' && inputs.allowed_domains != '' shell: bash run: | # Install and configure Squid proxy sudo apt-get update && sudo apt-get install -y squid - # Create whitelist for allowed domains - cat > /tmp/whitelist.txt << 'EOF' - # Core domains (always needed) - .anthropic.com - .github.com - .githubusercontent.com - ghcr.io - .blob.core.windows.net - EOF + echo "${{ inputs.allowed_domains }}" > /tmp/whitelist.txt + + if [[ -n "${{ inputs.anthropic_api_key }}" ]]; then + echo ".anthropic.com" >> /tmp/whitelist.txt + fi - # Auto-detect and add provider-specific domains if [[ "${{ inputs.use_bedrock }}" == "true" ]]; then - echo "# AWS Bedrock domains" >> /tmp/whitelist.txt echo "bedrock.*.amazonaws.com" >> /tmp/whitelist.txt echo "bedrock-runtime.*.amazonaws.com" >> /tmp/whitelist.txt fi if [[ "${{ inputs.use_vertex }}" == "true" ]]; then - echo "# Google Vertex AI domains" >> /tmp/whitelist.txt echo "*.googleapis.com" >> /tmp/whitelist.txt echo "vertexai.googleapis.com" >> /tmp/whitelist.txt fi - # Add any custom domains provided by user - if [[ -n "${{ inputs.allowed_domains }}" ]]; then - echo "# User-provided custom domains" >> /tmp/whitelist.txt - echo "${{ inputs.allowed_domains }}" >> /tmp/whitelist.txt - fi - # Configure Squid sudo tee /etc/squid/squid.conf << 'EOF' http_port 127.0.0.1:3128 diff --git a/examples/claude.yml b/examples/claude.yml index 4d78b02..1feb715 100644 --- a/examples/claude.yml +++ b/examples/claude.yml @@ -36,13 +36,4 @@ jobs: # Or use OAuth token instead: # claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} timeout_minutes: "60" - - # Optional: Enable network restrictions - # This limits Claude's internet access to approved domains only - # enable_network_restrictions: true - - # Optional: Add custom domains (when network restrictions are enabled) - # These are in addition to core domains and auto-detected provider domains - # allowed_domains: | - # api.mycompany.com - # internal-service.example.com + # allowed_domains: "github.com\napi.github.com\nraw.githubusercontent.com" # Optional: Restrict network access