anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-22 22:44:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: use INPUT_ prefix for allowed/disallowed tools environment variables

Browse Source 
The base action expects INPUT_ALLOWED_TOOLS and INPUT_DISALLOWED_TOOLS
(following GitHub Actions input naming convention) but we were exporting
them without the INPUT_ prefix. This was causing the tools to not be
properly allowed in the base action.
This commit is contained in:
km-anthropic
2025-07-30 17:26:08 -07:00
parent a083bdaad0
commit bf8c12ecfa
3 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/modes/agent/index.ts
View File

@@ -80,8 +80,9 @@ export const agentMode: Mode = {
...context.inputs.disallowedTools,
];
core.exportVariable("ALLOWED_TOOLS", allowedTools.join(","));
core.exportVariable("DISALLOWED_TOOLS", disallowedTools.join(","));
// Export as INPUT_ prefixed variables for the base action
core.exportVariable("INPUT_ALLOWED_TOOLS", allowedTools.join(","));
core.exportVariable("INPUT_DISALLOWED_TOOLS", disallowedTools.join(","));
// Agent mode uses a minimal MCP configuration
// We don't need comment servers or PR-specific tools for automation

5
src/modes/review/index.ts
View File

@@ -256,8 +256,9 @@ Then proceed with the review workflow described above.`;
...context.inputs.disallowedTools,
];
core.exportVariable("ALLOWED_TOOLS", allowedTools.join(","));
core.exportVariable("DISALLOWED_TOOLS", disallowedTools.join(","));
// Export as INPUT_ prefixed variables for the base action
core.exportVariable("INPUT_ALLOWED_TOOLS", allowedTools.join(","));
core.exportVariable("INPUT_DISALLOWED_TOOLS", disallowedTools.join(","));
const additionalMcpConfig = process.env.MCP_CONFIG || "";
const mcpConfig = await prepareMcpConfig({

33
test-review.md Normal file
View File

@@ -0,0 +1,33 @@
# Test Review Mode
This is a test file to demonstrate the review mode functionality.
## Features to Review
- Code quality analysis
- Security vulnerability detection
- Performance optimization suggestions
- Best practices enforcement
## Test Code
```javascript
function processUser(user) {
// Potential issues for review:
// 1. No input validation
// 2. No error handling
var name = user.name;
var age = user.age;
if (age > 18) {
console.log(name + " is an adult");
}
// SQL injection vulnerability
const query = "SELECT * FROM users WHERE name = '" + name + "'";
return query;
}
```
This code has several issues that the review mode should catch.