Fix MCP tool availability and shell escaping in tag mode

Pass MCP config and allowed tools through claude_args to ensure tools like mcp__github_comment__update_claude_comment are properly available to Claude CLI. Key changes: - Tag mode outputs claude_args with MCP config (as JSON string) and allowed tools - Fixed shell escaping vulnerability when JSON contains single quotes - Agent mode passes through user-provided claude_args unchanged - Re-added mcp_config input for users to provide custom MCP servers - Cleaned up misleading comments and unused file operations - Clarified test workflow is for fork testing Security fix: Properly escape single quotes in MCP config JSON to prevent shell injection vulnerabilities. Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-22 22:44:13 +08:00 · 2025-08-11 06:42:03 -07:00
parent 5bdb1e4ae0
commit d5fbc80b71
5 changed files with 96 additions and 9 deletions
--- a/src/modes/agent/index.ts
+++ b/src/modes/agent/index.ts
@@ -79,7 +79,9 @@ export const agentMode: Mode = {
      }
    }

-    core.setOutput("mcp_config", JSON.stringify(mcpConfig));
+    // Agent mode: pass through user's claude_args without modification
+    const userClaudeArgs = process.env.CLAUDE_ARGS || "";
+    core.setOutput("claude_args", userClaudeArgs);

    return {
      commentId: undefined,
--- a/src/modes/tag/index.ts
+++ b/src/modes/tag/index.ts
@@ -114,7 +114,53 @@ export const tagMode: Mode = {
      context,
    });

-    core.setOutput("mcp_config", mcpConfig);
+    // Don't output mcp_config separately anymore - include in claude_args
+    
+    // Build claude_args for tag mode with required tools
+    // Tag mode REQUIRES these tools to function properly
+    const tagModeTools = [
+      "Edit",
+      "MultiEdit", 
+      "Glob",
+      "Grep",
+      "LS",
+      "Read",
+      "Write",
+      "mcp__github_comment__update_claude_comment",
+    ];
+    
+    // Add git commands when not using commit signing
+    if (!context.inputs.useCommitSigning) {
+      tagModeTools.push(
+        "Bash(git add:*)",
+        "Bash(git commit:*)",
+        "Bash(git push:*)",
+        "Bash(git status:*)",
+        "Bash(git diff:*)",
+        "Bash(git log:*)",
+        "Bash(git rm:*)"
+      );
+    } else {
+      // When using commit signing, use MCP file ops tools
+      tagModeTools.push(
+        "mcp__github_file_ops__commit_files",
+        "mcp__github_file_ops__delete_files"
+      );
+    }
+    
+    const userClaudeArgs = process.env.CLAUDE_ARGS || "";
+    
+    // Build complete claude_args with MCP config (as JSON string), tools, and user args
+    // Note: Once Claude supports multiple --mcp-config flags, we can pass as file path
+    // Escape single quotes in JSON to prevent shell injection
+    const escapedMcpConfig = mcpConfig.replace(/'/g, "'\\''");
+    let claudeArgs = `--mcp-config '${escapedMcpConfig}' `;
+    claudeArgs += `--allowedTools "${tagModeTools.join(',')}" `;
+    if (userClaudeArgs) {
+      claudeArgs += userClaudeArgs;
+    }
+    
+    core.setOutput("claude_args", claudeArgs.trim());

    return {
      commentId,