- Switch from npm to bun for Claude Code installation in base-action
- Update Claude Code version from 1.0.59 to 1.0.61 in main action
- Ensures consistent package manager usage across both action files
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add agent mode for automation scenarios
- Add agent mode that always triggers without checking for mentions
- Implement Mode interface with support for mode-specific tool configuration
- Add getAllowedTools() and getDisallowedTools() methods to Mode interface
- Simplify tests by combining related test cases
- Update documentation and examples to include agent mode
- Fix TypeScript imports to prevent circular dependencies
Agent mode is designed for automation and workflow_dispatch scenarios
where Claude should always run without requiring trigger phrases.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Minor update to readme (from @main to @beta)
* Since workflow_dispatch isn't in the base action, update the examples accordingly
* minor formatting issue
* Update to say beta instead of main
* Fix missed tracking comment to be false
---------
Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
* feat: format PR and issue body text in prompt variables
Apply formatBody function to PR_BODY and ISSUE_BODY variables to properly handle images and markdown formatting in prompt context.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* style: format PR_BODY and ISSUE_BODY ternary expressions
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add claude_code_oauth_token to all GitHub workflow tests
Add claude_code_oauth_token parameter to all test workflow files to support new authentication method. This ensures proper authentication for Claude Code API access in GitHub Actions.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Revert "feat: add claude_code_oauth_token to all GitHub workflow tests"
This reverts commit fccc1a0ebd.
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Add mode support
* update "as any" with proper "as unknwon as ModeName" casting
* Add documentation to README and registry.ts
* Add tests for differen event types, integration flows, and error conditions
* Clean up some tests
* Minor test fix
* Minor formatting test + switch from interface to type
* correct the order of mkdir call
* always configureGitAuth as there's already a fallback to handle null users by using the bot ID
* simplify registry setup
---------
Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
Enables detailed permission messages in Claude Code by setting the
DETAILED_PERMISSION_MESSAGES environment variable to '1' in the
Run Claude Code step.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: integrate Claude Code SDK to replace process spawning
- Add @anthropic-ai/claude-code dependency to base-action
- Replace mkfifo/cat process spawning with direct SDK usage
- Remove global Claude Code installation from action.yml files
- Maintain full compatibility with existing options
- Add comprehensive tests for SDK integration
This change makes the implementation cleaner and more reliable by
eliminating the complexity of managing child processes and named pipes.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: add debugging and bun executable for Claude Code SDK
- Add stderr handler to capture CLI errors
- Explicitly set bun as the executable for the SDK
- This should help diagnose why the CLI is exiting with code 1
* fix: extract mcpServers from parsed MCP config
The SDK expects just the servers object, not the wrapper object with mcpServers property.
* tsc
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Added IMPORTANT note explaining direct prompts are user instructions that take precedence
- Updated the direct instruction notice to be marked as CRITICAL and HIGH PRIORITY
- These changes make it clearer that direct prompts override other context
- Update wording to remind users about available git commands instead of implying limitation
- Remove git user configuration instruction as it's not needed for action usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Replace npm install with bun install for consistency with the rest of the project's package management.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- Fix bug where base_branch parameter was not being respected
- Add git fetch and checkout of source branch before creating new branch
- Ensures new branches are created from specified base_branch instead of current HEAD
- Fixes issue #268🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Changed the action to cd back to the original directory after installing
dependencies, ensuring Claude runs in the context of the user's workflow
rather than the base-action subdirectory.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- Remove 'Run arbitrary Bash commands' from limitations when commit signing is disabled
- This avoids confusion since git commands ARE allowed via Bash when not using commit signing
- The prompt now accurately reflects what Claude can do based on the useCommitSigning parameter
- Add model field to ClaudeOptions type
- Pass ANTHROPIC_MODEL env var to runClaude function
- Handle --model argument in prepareRunConfig
This allows the model specified in action.yml to be properly passed
to the Claude CLI command.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
The action.yml was missing the fallback logic to construct the Bedrock
endpoint URL from AWS_REGION when ANTHROPIC_BEDROCK_BASE_URL is not
explicitly set. This matches the configuration in claude-code-base-action.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
- Add MIRROR_DISCLAIMER.md file to base-action directory
- Update sync workflow to concatenate disclaimer with README
- Cleaner approach than embedding content in workflow file
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add workflow to sync base-action to claude-code-base-action repo
This workflow automatically mirrors the base-action directory to the
anthropics/claude-code-base-action repository whenever changes are
pushed to base-action files on the main branch.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add automated release sync to claude-code-base-action
- Release workflow now creates matching releases in claude-code-base-action repo
- All release jobs now run in production environment
- Uses CLAUDE_CODE_BASE_ACTION_PAT for authentication
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat: integrate claude-code-base-action as local subaction
- Copy claude-code-base-action into base-action/ directory
- Update action.yml to reference ./base-action instead of external repo
- Preserve complete base action structure for future refactoring
This eliminates the external dependency while maintaining modularity.
* feat: consolidate CI workflows and add version bump workflow
- Move base-action test workflows to main .github/workflows/
- Update workflow references to use ./base-action
- Add CI jobs for base-action (test, typecheck, prettier)
- Add bump-claude-code-version workflow for base-action
- Remove redundant .github directory from base-action
This consolidates all CI workflows in one place while maintaining
full test coverage for both the main action and base-action.
* tsc
* copy again
* fix tests
* fix: use absolute path for base-action reference
Replace relative path ./base-action with ${{ github.action_path }}/base-action
to ensure the action works correctly when used in other repositories.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: inline base-action execution to support usage in other repos
Replace uses: ./base-action with direct shell execution since GitHub Actions
doesn't support dynamic paths in composite actions. This ensures the action
works correctly when used in other repositories.
Changes:
- Install Claude Code globally before execution
- Run base-action's index.ts directly with bun
- Pass all required INPUT_* environment variables
- Maintain base-action for future separate publishing
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add Squid proxy network restrictions to Claude workflow
Implements URL whitelisting for GitHub Actions to prevent unauthorized network access.
Only allows connections to:
- Claude API (anthropic.com)
- GitHub services
- Package registries (npm, bun)
- Azure blob storage for caching
Uses NO_PROXY for package registries to avoid integrity check issues.
* test: add network restrictions verification test
* test: simplify network restrictions test output
* refactor: make network restrictions opt-in and move to examples
- Removed network restrictions from .github/workflows/claude.yml
- Added network restrictions to examples/claude.yml as opt-in feature
- Changed from DISABLE_NETWORK_RESTRICTIONS to ENABLE_NETWORK_RESTRICTIONS
- Added support for CUSTOM_ALLOWED_DOMAINS repository variable
- Organized whitelist by provider (Anthropic, Bedrock, Vertex AI)
- Removed package registries from whitelist (already in NO_PROXY)
Users can now enable network restrictions by setting ENABLE_NETWORK_RESTRICTIONS=true
and configure additional domains via CUSTOM_ALLOWED_DOMAINS.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Minor bun format
* test: simplify network restrictions test
- Reduce to one allowed and one blocked domain
- Remove slow google.com test
- Fix TypeScript errors with AbortController
- Match test formatting conventions
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Move network restrictions to actions.yml + show custom domains in the examples folder
* Simplify network restrictions -- Move it to actions, remove extended examples in claude.yml and move them to readme
* Remove unnecessary network restrictions test and update readme + action.yml with no default domains and respective instructions in the readme
* Update README with common domains
* Give an example of network restriction in claude.yml
* Remove unnecesssary NO_PROXY as packages are installed beforehand
* Remove proxy example -- it's intuitive for users to figure it out
* Update potential EOF not being treated as a string issue
* update claude.yml to test
* Update example allowed_domains with tested domains for network restrictions
* change to experimental allowed domains and add `.blob.core.windows.net` to use cached bun isntall
* Update remaining allowed_domains references to experimental_allowed_domains
* Reset claude.yml to match origin/main
Remove network restrictions test changes from claude.yml
* Format README.md table alignment
Run bun format to fix table column alignment
---------
Co-authored-by: km-anthropic <km-anthropic@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
* docs: add missing use_commit_signing input to README
Added the `use_commit_signing` input to the README's inputs table. This input was present in action.yml but not documented in the README.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* ci: add documentation consistency check to PR reviews
Updated claude-review.yml to include checking that README.md and other documentation files are updated to reflect code changes, especially for new inputs, features, or configuration options.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Add settings input to action.yml that accepts JSON string or file path
- Pass settings parameter to claude-code-base-action
- Update README with comprehensive settings documentation
- Add link to official Claude Code settings documentation
- Document precedence rules for model and tool permissions
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
Add comprehensive section explaining how to create and use a custom GitHub App
instead of the official Claude app. This is particularly useful for users with
restrictive organization policies or those using AWS Bedrock/Google Vertex AI.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: Claude <noreply@anthropic.com>
* refactor: update branch naming convention for Kubernetes compatibility
- Changed timestamp format in branch names to a shorter, Kubernetes-compatible style (lowercase, hyphens only).
- Updated related tests to reflect new branch name format.
- Ensured branch names are limited to a maximum of 50 characters to comply with Kubernetes naming requirements.
* refactor: clean up timestamp formatting in branch naming logic
- Removed unnecessary whitespace and standardized string formatting for the Kubernetes-compatible timestamp in branch names.
- Ensured consistency in the use of double quotes for string literals.
* feat: defer remote branch creation until first commit
- For commit signing: branches are created remotely by github-file-ops-server on first commit
- For non-signing: branches are created locally with 'git checkout -b' and pushed when needed
- Consolidated duplicate branch creation logic in github-file-ops-server into a shared helper function
- Claude is unaware of these implementation details and simply sees it's on the correct branch
- No branch links are shown in initial comments since branches don't exist remotely yet
* fix: prevent broken branch links in final comment update
- Check if branch exists remotely before adding branch link
- Only add branch links for branches that actually exist on GitHub
- Add test coverage for non-existent remote branches
- Fixes issue where users would see broken branch links for local-only branches
* fix: don't show branch name in comment header when branch doesn't exist remotely
- Only pass branchName to updateCommentBody when branchLink exists
- Prevents showing branch names for branches that only exist locally
- Add test to verify branch name is not shown when branch doesn't exist
* tmp
* feat: add use_commit_signing input with default false
- Add new input 'use_commit_signing' to action.yml (defaults to false)
- Separate comment update functionality into standalone github-comment-server.ts
- Update MCP server configuration to conditionally load servers based on signing preference
- When commit signing is disabled, use specific Bash git commands (e.g., Bash(git add:*))
- When commit signing is enabled, use github-file-ops-server for atomic commits with signing
- Always include github-comment-server for comment updates regardless of signing mode
- Update prompt generation to provide appropriate instructions based on signing preference
- Add comprehensive test coverage for new functionality
This change simplifies the default setup for users who don't need commit signing,
while maintaining the option to enable it for those who require GitHub's commit
signature verification.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: auto-commit uncommitted changes when commit signing is disabled
- Check for uncommitted changes after Claude finishes (non-signing mode only)
- Automatically commit and push any uncommitted work to preserve Claude's changes
- Update tests to avoid actual git operations during test runs
- Pass use_commit_signing flag to branch cleanup logic
---------
Co-authored-by: Claude <noreply@anthropic.com>
* feat: add OAuth token authentication support
Add claude_code_oauth_token as an alternative authentication method to anthropic_api_key.
This provides more flexibility for users who prefer OAuth authentication.
- Add claude_code_oauth_token input to action.yml
- Pass OAuth token through to claude-code-base-action
- Update README with OAuth token documentation and examples
- Update security best practices to cover both authentication methods
- Add OAuth example to examples/claude.yml
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: add OAuth token generation instructions for Pro/Max users
Update README to mention that Pro and Max users can generate OAuth tokens
by running `claude setup-token` locally. This provides clearer guidance
for users who want to use OAuth authentication instead of API keys.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: update CI capabilities documentation
- Move GitHub Actions access from limitations to capabilities in README
- Update FAQ to explain how to enable CI/CD access with actions:read permission
- Clarify that Claude can access workflow results on PRs where it's tagged
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
