- Add agent mode that always triggers without checking for mentions
- Implement Mode interface with support for mode-specific tool configuration
- Add getAllowedTools() and getDisallowedTools() methods to Mode interface
- Simplify tests by combining related test cases
- Update documentation and examples to include agent mode
- Fix TypeScript imports to prevent circular dependencies
Agent mode is designed for automation and workflow_dispatch scenarios
where Claude should always run without requiring trigger phrases.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add mode support
* update "as any" with proper "as unknwon as ModeName" casting
* Add documentation to README and registry.ts
* Add tests for differen event types, integration flows, and error conditions
* Clean up some tests
* Minor test fix
* Minor formatting test + switch from interface to type
* correct the order of mkdir call
* always configureGitAuth as there's already a fallback to handle null users by using the bot ID
* simplify registry setup
---------
Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
* feat: add Squid proxy network restrictions to Claude workflow
Implements URL whitelisting for GitHub Actions to prevent unauthorized network access.
Only allows connections to:
- Claude API (anthropic.com)
- GitHub services
- Package registries (npm, bun)
- Azure blob storage for caching
Uses NO_PROXY for package registries to avoid integrity check issues.
* test: add network restrictions verification test
* test: simplify network restrictions test output
* refactor: make network restrictions opt-in and move to examples
- Removed network restrictions from .github/workflows/claude.yml
- Added network restrictions to examples/claude.yml as opt-in feature
- Changed from DISABLE_NETWORK_RESTRICTIONS to ENABLE_NETWORK_RESTRICTIONS
- Added support for CUSTOM_ALLOWED_DOMAINS repository variable
- Organized whitelist by provider (Anthropic, Bedrock, Vertex AI)
- Removed package registries from whitelist (already in NO_PROXY)
Users can now enable network restrictions by setting ENABLE_NETWORK_RESTRICTIONS=true
and configure additional domains via CUSTOM_ALLOWED_DOMAINS.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Minor bun format
* test: simplify network restrictions test
- Reduce to one allowed and one blocked domain
- Remove slow google.com test
- Fix TypeScript errors with AbortController
- Match test formatting conventions
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Move network restrictions to actions.yml + show custom domains in the examples folder
* Simplify network restrictions -- Move it to actions, remove extended examples in claude.yml and move them to readme
* Remove unnecessary network restrictions test and update readme + action.yml with no default domains and respective instructions in the readme
* Update README with common domains
* Give an example of network restriction in claude.yml
* Remove unnecesssary NO_PROXY as packages are installed beforehand
* Remove proxy example -- it's intuitive for users to figure it out
* Update potential EOF not being treated as a string issue
* update claude.yml to test
* Update example allowed_domains with tested domains for network restrictions
* change to experimental allowed domains and add `.blob.core.windows.net` to use cached bun isntall
* Update remaining allowed_domains references to experimental_allowed_domains
* Reset claude.yml to match origin/main
Remove network restrictions test changes from claude.yml
* Format README.md table alignment
Run bun format to fix table column alignment
---------
Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
* docs: add missing use_commit_signing input to README
Added the `use_commit_signing` input to the README's inputs table. This input was present in action.yml but not documented in the README.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* ci: add documentation consistency check to PR reviews
Updated claude-review.yml to include checking that README.md and other documentation files are updated to reflect code changes, especially for new inputs, features, or configuration options.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Add settings input to action.yml that accepts JSON string or file path
- Pass settings parameter to claude-code-base-action
- Update README with comprehensive settings documentation
- Add link to official Claude Code settings documentation
- Document precedence rules for model and tool permissions
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add comprehensive section explaining how to create and use a custom GitHub App
instead of the official Claude app. This is particularly useful for users with
restrictive organization policies or those using AWS Bedrock/Google Vertex AI.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add OAuth token authentication support
Add claude_code_oauth_token as an alternative authentication method to anthropic_api_key.
This provides more flexibility for users who prefer OAuth authentication.
- Add claude_code_oauth_token input to action.yml
- Pass OAuth token through to claude-code-base-action
- Update README with OAuth token documentation and examples
- Update security best practices to cover both authentication methods
- Add OAuth example to examples/claude.yml
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: add OAuth token generation instructions for Pro/Max users
Update README to mention that Pro and Max users can generate OAuth tokens
by running `claude setup-token` locally. This provides clearer guidance
for users who want to use OAuth authentication instead of API keys.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: update CI capabilities documentation
- Move GitHub Actions access from limitations to capabilities in README
- Update FAQ to explain how to enable CI/CD access with actions:read permission
- Clarify that Claude can access workflow results on PRs where it's tagged
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* actions server
* tmp
* Replace view_actions_results with additional_permissions input
- Changed input from boolean view_actions_results to a more flexible additional_permissions format
- Uses newline-separated colon format similar to claude_env (e.g., "actions: read")
- Maintains permission checking to warn users when their token lacks required permissions
- Updated all tests to use the new format
This allows for future extensibility while currently supporting only "actions: read" permission.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update GitHub Actions MCP server with RUNNER_TEMP and status filtering
- Use RUNNER_TEMP environment variable for log storage directory (defaults to /tmp)
- Add status parameter to get_ci_status tool to filter workflow runs
- Supported statuses: completed, action_required, cancelled, failure, neutral, skipped, stale, success, timed_out, in_progress, queued, requested, waiting, pending
- Pass RUNNER_TEMP from install-mcp-server.ts to the MCP server environment
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add GitHub Actions MCP tools to allowed tools when actions:read is granted
- Automatically include github_ci MCP server tools in allowed tools list when actions:read permission is granted
- Added mcp__github_ci__get_ci_status, mcp__github_ci__get_workflow_run_details, mcp__github_ci__download_job_log
- Simplified permission checking to avoid duplicate parsing logic
- Added tests for the new functionality
This ensures Claude can use the Actions tools when the server is enabled.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Refactor additional permissions parsing to parseGitHubContext
- Moved additional permissions parsing from individual functions to centralized parseGitHubContext
- Added parseAdditionalPermissions function to handle newline-separated colon format
- Removed redundant additionalPermissions parameter from prepareMcpConfig
- Updated tests to use permissions from context instead of passing as parameter
- Added comprehensive tests for parseAdditionalPermissions function
This centralizes all input parsing logic in one place for better maintainability.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Remove unnecessary hasActionsReadPermission parameter from createPrompt
- Removed hasActionsReadPermission parameter since createPrompt has access to context
- Calculate hasActionsReadPermission directly from context.inputs.additionalPermissions inside createPrompt
- Simplified prepare.ts by removing intermediate permission check
This completes the refactoring to centralize all permission handling through the context object.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: Add documentation for additional_permissions feature
- Document the new additional_permissions input that replaces view_actions_results
- Add dedicated section explaining CI/CD integration with actions:read permission
- Include example workflow showing how to grant GitHub token permissions
- Update main workflow example to show optional additional_permissions usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* roadmap
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Add fallback_model input to action.yml matching claude-code-base-action
- Pass fallback_model through to the base action
- Document the new input in README.md inputs table
- Enables automatic fallback when primary model is unavailable
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- introduced a new input parameter `label_trigger` in `action.yml` to allow triggering actions based on specific labels applied to issues.
- Enhanced the context preparation and event handling in the code to support the new labled event.
Added documentation showing how to configure Python-based MCP servers using uv
with the --directory argument, as requested in issue #130.
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>
* feat: add claude_env input for custom environment variables
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
* docs: add claude_env input documentation with clear syntax examples
Added comprehensive documentation for the new claude_env input including:
- Entry in the Inputs table with description
- Example in the basic workflow configuration
- Detailed section in Advanced Configuration with practical use cases
This makes it clear how users can pass custom environment variables
to Claude Code execution in YAML format for CI/test setups.
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
- Add FAQ.md with sections on triggering, authentication, capabilities, and troubleshooting
- Document key limitations including workflow access, PR creation, and CI results visibility
- Include workarounds for common issues like automated workflows and test result access
- Cover security considerations and best practices for safe usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
The table row was broken across two lines which caused markdown rendering issues.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Show model parameter as optional comment for direct API examples
- Keep model parameter required for Bedrock and Vertex AI examples
- Demonstrates the default behavior when model is not specified
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add new 'model' input parameter as the preferred way to specify the model
- Keep 'anthropic_model' for backward compatibility with deprecation notice
- Use expression syntax to prioritize 'model' over 'anthropic_model'
- Update README documentation to reflect the change
This allows existing workflows to continue working while encouraging migration to the cleaner 'model' parameter name.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
