anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-23 06:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: anthropics:ashwin/bump-bun-to-2.1.1
Branches Tags
anthropics:main anthropics:ashwin/bump-bun-to-2.1.1 anthropics:fix-tag-sync anthropics:claude/autopatch-scan-caf54156-vuln-17-L6v6t anthropics:claude/slack-improve-autofix-suggestion-detection-jVXXD anthropics:claude/slack-add-clawd-stop-label-check-YOQgu anthropics:boris/add-push-event-support anthropics:feature/merge-prepare-and-run-steps anthropics:claude/issue-746-20251216-2049 anthropics:claude/fix-command-injection-012ini6RiyJVXxae6QfACQce anthropics:claude/slack-standardize-pr-instructions-Jpta2 anthropics:fix/installation-lock-file-cleanup anthropics:claude/fix-command-injection-01G6U5P2UUcNFSDQ5ugMJToh anthropics:claude/fix-command-injection-011p27fUErJNzJnC8F2NhDfU anthropics:claude/slack-session-01CmWq48mc2PNmbs57vtiDL8 anthropics:claude/fix-017jw8xRDW1dJWuVWmZf8L37 anthropics:claude/slack-session-01MVWPvyum9Tfs4uZKSYNwb2 anthropics:ashwin/debug-agent-sdk anthropics:ashwin/timeoutfi anthropics:inigo/structured-outputs-clean anthropics:inigo/add-structured-outputs anthropics:inigo/structured-outputs anthropics:inigo/structured-outputs-v2 anthropics:claude/slack-session-01V5yvGzTYGjKuXyrkd816Q8 anthropics:claude/slack-session-01KNnXBDe14t4FYBFYj6x6kz anthropics:claude/update-docs-claude-code-action-011CUcQCrd4gH7XpanoeKXJg anthropics:ashwin/inlines anthropics:add-plugins-input anthropics:add-claude-github-actions-1761020053046 anthropics:add-claude-github-actions-1761019930984 anthropics:claude/update-readme-011CTvTGkPpgCdDtj57GaAAk anthropics:claude/aussie-readme-011CTv66HfGaaE3LMmFM9ZtN anthropics:claude/update-readme-011CTtgkeo2Hx7eheVcEwxb4 anthropics:claude/aussie-readme-update-011CTtgCkB57KfsJ1SUWUwaj anthropics:claude/minor-update-011CTrjPp29xM3Cnbz2FLdqy anthropics:ashwin/branch-template anthropics:demo/subtle-test-issues anthropics:demo/flawed-branch-tests-fix anthropics:demo/flawed-branch-tests anthropics:ashwin/allownonwritetest anthropics:ashwin/testghe anthropics:ashwin/testcommenttime anthropics:test-ci-tools-fix-3 anthropics:test-ci-tools-fix anthropics:eap anthropics:ashwin/testfix anthropics:ashwin/rmnpmrc anthropics:v1-dev anthropics:ashwin/envlog anthropics:km-anthropic-patch-1 anthropics:test-auto-fix-trigger anthropics:ashwin/verbosedebug anthropics:test-autofix-from-scratch anthropics:test-ci-failure anthropics:ashwin/inputtest anthropics:eaptest anthropics:test-gh-comment anthropics:ashwin/v1-devtest anthropics:test-no-approval anthropics:feat/ttyd-cloudflared-tunnel-integration anthropics:ashwin/claudestep anthropics:support-bot-user anthropics:ashwin/testid anthropics:km/add-mcp-to-agent anthropics:testenvvar anthropics:km/discriminated-unions-cleanup anthropics:ashwin/examples anthropics:claude/issue-313-20250719-1530 anthropics:ashwin/modelparam anthropics:ashwin/testnetwork anthropics:ashwin/branchfix anthropics:ashwin-ant-patch-3 anthropics:ashwin/stickytest anthropics:feat-add-label-trigger anthropics:ashwin/testdynamicfetch anthropics:ashwin/multiline anthropics:claude/issue-132-20250605_170450 anthropics:update-claude-code-base-action-v0.0.10-20250605-165057 anthropics:ashwin/promptfiletest anthropics:ashwin/debug anthropics:claude/issue-122-20250604_004902 anthropics:claude/issue-125-20250604_150607 anthropics:claude/issue-123-20250604_005116 anthropics:ashwin/triagefix anthropics:update-claude-code-base-action-v0.0.9-20250603-035419 anthropics:claude/issue-101-20250531_001023 anthropics:ashwin/commenttool anthropics:claude/issue-95-20250530_142727 anthropics:claude/issue-103-20250531_051637 anthropics:ashwin-ant-patch-2 anthropics:testbranch anthropics:ashwin-ant-patch-1 anthropics:ashwin/faq anthropics:ashwin/bump anthropics:claude/issue-62-20250527_192138 anthropics:ashwin/tools anthropics:enhance-text-sanitization anthropics:ashwin/erroroutput anthropics:update-claude-code-base-action-v0.0.7-20250529-000200 anthropics:ashwin/shabump anthropics:claude/issue-49-20250527_235943 anthropics:claude/issue-52-20250526_025103 anthropics:ashwin/triage anthropics:ashwin/dsstore anthropics:ashwin/bugtemplate anthropics:ashwin/pin anthropics:ashwin/errorlogging anthropics:fix-500-error-logging anthropics:fix-mcp-undefined-error anthropics:fix-local-action-reference anthropics:update-claude-workflow-v2 anthropics:add-claude-github-actions-1747972566174 anthropics:update-to-use-model-parameter anthropics:np-anthropic-patch-1 anthropics:lina/rename-anthropic-model-to-model anthropics:lina/html_comments_strip anthropics:lina/modify-action-name anthropics:lina/modify-base-action
anthropics:v1 anthropics:v1.0.33 anthropics:v1.0.32 anthropics:v1.0.31 anthropics:v1.0.30 anthropics:v1.0.29 anthropics:v1.0.28 anthropics:v1.0.27 anthropics:v1.0.26 anthropics:v1.0.25 anthropics:v1.0.24 anthropics:v1.0.23 anthropics:v1.0.22 anthropics:v1.0.21 anthropics:v1.0.20 anthropics:v1.0.19 anthropics:v1.0.18 anthropics:v1.0.17 anthropics:v1.0.16 anthropics:v1.0.15 anthropics:v1.0.14 anthropics:v1.0.13 anthropics:v1.0.12 anthropics:v1.0.11 anthropics:v1.0.10 anthropics:v1.0.9 anthropics:v1.0.8 anthropics:v1.0.7 anthropics:v1.0.6 anthropics:v1.0.5 anthropics:v1.0.4 anthropics:v1.0.3 anthropics:v1.0.2 anthropics:v1.0.1 anthropics:v1.0.0 anthropics:v0 anthropics:v0.0.63 anthropics:beta anthropics:v0.0.62 anthropics:v0.0.61 anthropics:v0.0.60 anthropics:v0.0.59 anthropics:v0.0.58 anthropics:v0.0.57 anthropics:v0.0.56 anthropics:v0.0.55 anthropics:v0.0.54 anthropics:v0.0.53 anthropics:v0.0.52 anthropics:v0.0.51 anthropics:v0.0.50 anthropics:v0.0.49 anthropics:v0.0.48 anthropics:v0.0.47 anthropics:v0.0.46 anthropics:v0.0.45 anthropics:v0.0.44 anthropics:v0.0.43 anthropics:v0.0.42 anthropics:v0.0.41 anthropics:v0.0.40 anthropics:v0.0.39 anthropics:v0.0.38 anthropics:v0.0.37 anthropics:v0.0.36 anthropics:v0.0.35 anthropics:v0.0.34 anthropics:v0.0.33 anthropics:v0.0.32 anthropics:v0.0.31 anthropics:v0.0.30 anthropics:v0.0.29 anthropics:v0.0.28 anthropics:v0.0.27 anthropics:v0.0.26 anthropics:v0.0.25 anthropics:v0.0.24 anthropics:v0.0.23 anthropics:v0.0.22 anthropics:v0.0.21 anthropics:v0.0.20 anthropics:v0.0.19 anthropics:v0.0.18 anthropics:v0.0.17 anthropics:v0.0.16 anthropics:v0.0.15 anthropics:v0.0.14 anthropics:v0.0.13 anthropics:v0.0.12 anthropics:v0.0.11 anthropics:v0.0.10 anthropics:v0.0.9 anthropics:v0.0.8 anthropics:v0.0.7 anthropics:v0.0.6 anthropics:v0.0.5 anthropics:v0.0.4 anthropics:v0.0.3 anthropics:v0.0.2 anthropics:v0.0.1
..
compare: anthropics:ashwin/timeoutfi
Branches Tags
anthropics:main anthropics:ashwin/bump-bun-to-2.1.1 anthropics:fix-tag-sync anthropics:claude/autopatch-scan-caf54156-vuln-17-L6v6t anthropics:claude/slack-improve-autofix-suggestion-detection-jVXXD anthropics:claude/slack-add-clawd-stop-label-check-YOQgu anthropics:boris/add-push-event-support anthropics:feature/merge-prepare-and-run-steps anthropics:claude/issue-746-20251216-2049 anthropics:claude/fix-command-injection-012ini6RiyJVXxae6QfACQce anthropics:claude/slack-standardize-pr-instructions-Jpta2 anthropics:fix/installation-lock-file-cleanup anthropics:claude/fix-command-injection-01G6U5P2UUcNFSDQ5ugMJToh anthropics:claude/fix-command-injection-011p27fUErJNzJnC8F2NhDfU anthropics:claude/slack-session-01CmWq48mc2PNmbs57vtiDL8 anthropics:claude/fix-017jw8xRDW1dJWuVWmZf8L37 anthropics:claude/slack-session-01MVWPvyum9Tfs4uZKSYNwb2 anthropics:ashwin/debug-agent-sdk anthropics:ashwin/timeoutfi anthropics:inigo/structured-outputs-clean anthropics:inigo/add-structured-outputs anthropics:inigo/structured-outputs anthropics:inigo/structured-outputs-v2 anthropics:claude/slack-session-01V5yvGzTYGjKuXyrkd816Q8 anthropics:claude/slack-session-01KNnXBDe14t4FYBFYj6x6kz anthropics:claude/update-docs-claude-code-action-011CUcQCrd4gH7XpanoeKXJg anthropics:ashwin/inlines anthropics:add-plugins-input anthropics:add-claude-github-actions-1761020053046 anthropics:add-claude-github-actions-1761019930984 anthropics:claude/update-readme-011CTvTGkPpgCdDtj57GaAAk anthropics:claude/aussie-readme-011CTv66HfGaaE3LMmFM9ZtN anthropics:claude/update-readme-011CTtgkeo2Hx7eheVcEwxb4 anthropics:claude/aussie-readme-update-011CTtgCkB57KfsJ1SUWUwaj anthropics:claude/minor-update-011CTrjPp29xM3Cnbz2FLdqy anthropics:ashwin/branch-template anthropics:demo/subtle-test-issues anthropics:demo/flawed-branch-tests-fix anthropics:demo/flawed-branch-tests anthropics:ashwin/allownonwritetest anthropics:ashwin/testghe anthropics:ashwin/testcommenttime anthropics:test-ci-tools-fix-3 anthropics:test-ci-tools-fix anthropics:eap anthropics:ashwin/testfix anthropics:ashwin/rmnpmrc anthropics:v1-dev anthropics:ashwin/envlog anthropics:km-anthropic-patch-1 anthropics:test-auto-fix-trigger anthropics:ashwin/verbosedebug anthropics:test-autofix-from-scratch anthropics:test-ci-failure anthropics:ashwin/inputtest anthropics:eaptest anthropics:test-gh-comment anthropics:ashwin/v1-devtest anthropics:test-no-approval anthropics:feat/ttyd-cloudflared-tunnel-integration anthropics:ashwin/claudestep anthropics:support-bot-user anthropics:ashwin/testid anthropics:km/add-mcp-to-agent anthropics:testenvvar anthropics:km/discriminated-unions-cleanup anthropics:ashwin/examples anthropics:claude/issue-313-20250719-1530 anthropics:ashwin/modelparam anthropics:ashwin/testnetwork anthropics:ashwin/branchfix anthropics:ashwin-ant-patch-3 anthropics:ashwin/stickytest anthropics:feat-add-label-trigger anthropics:ashwin/testdynamicfetch anthropics:ashwin/multiline anthropics:claude/issue-132-20250605_170450 anthropics:update-claude-code-base-action-v0.0.10-20250605-165057 anthropics:ashwin/promptfiletest anthropics:ashwin/debug anthropics:claude/issue-122-20250604_004902 anthropics:claude/issue-125-20250604_150607 anthropics:claude/issue-123-20250604_005116 anthropics:ashwin/triagefix anthropics:update-claude-code-base-action-v0.0.9-20250603-035419 anthropics:claude/issue-101-20250531_001023 anthropics:ashwin/commenttool anthropics:claude/issue-95-20250530_142727 anthropics:claude/issue-103-20250531_051637 anthropics:ashwin-ant-patch-2 anthropics:testbranch anthropics:ashwin-ant-patch-1 anthropics:ashwin/faq anthropics:ashwin/bump anthropics:claude/issue-62-20250527_192138 anthropics:ashwin/tools anthropics:enhance-text-sanitization anthropics:ashwin/erroroutput anthropics:update-claude-code-base-action-v0.0.7-20250529-000200 anthropics:ashwin/shabump anthropics:claude/issue-49-20250527_235943 anthropics:claude/issue-52-20250526_025103 anthropics:ashwin/triage anthropics:ashwin/dsstore anthropics:ashwin/bugtemplate anthropics:ashwin/pin anthropics:ashwin/errorlogging anthropics:fix-500-error-logging anthropics:fix-mcp-undefined-error anthropics:fix-local-action-reference anthropics:update-claude-workflow-v2 anthropics:add-claude-github-actions-1747972566174 anthropics:update-to-use-model-parameter anthropics:np-anthropic-patch-1 anthropics:lina/rename-anthropic-model-to-model anthropics:lina/html_comments_strip anthropics:lina/modify-action-name anthropics:lina/modify-base-action
anthropics:v1 anthropics:v1.0.33 anthropics:v1.0.32 anthropics:v1.0.31 anthropics:v1.0.30 anthropics:v1.0.29 anthropics:v1.0.28 anthropics:v1.0.27 anthropics:v1.0.26 anthropics:v1.0.25 anthropics:v1.0.24 anthropics:v1.0.23 anthropics:v1.0.22 anthropics:v1.0.21 anthropics:v1.0.20 anthropics:v1.0.19 anthropics:v1.0.18 anthropics:v1.0.17 anthropics:v1.0.16 anthropics:v1.0.15 anthropics:v1.0.14 anthropics:v1.0.13 anthropics:v1.0.12 anthropics:v1.0.11 anthropics:v1.0.10 anthropics:v1.0.9 anthropics:v1.0.8 anthropics:v1.0.7 anthropics:v1.0.6 anthropics:v1.0.5 anthropics:v1.0.4 anthropics:v1.0.3 anthropics:v1.0.2 anthropics:v1.0.1 anthropics:v1.0.0 anthropics:v0 anthropics:v0.0.63 anthropics:beta anthropics:v0.0.62 anthropics:v0.0.61 anthropics:v0.0.60 anthropics:v0.0.59 anthropics:v0.0.58 anthropics:v0.0.57 anthropics:v0.0.56 anthropics:v0.0.55 anthropics:v0.0.54 anthropics:v0.0.53 anthropics:v0.0.52 anthropics:v0.0.51 anthropics:v0.0.50 anthropics:v0.0.49 anthropics:v0.0.48 anthropics:v0.0.47 anthropics:v0.0.46 anthropics:v0.0.45 anthropics:v0.0.44 anthropics:v0.0.43 anthropics:v0.0.42 anthropics:v0.0.41 anthropics:v0.0.40 anthropics:v0.0.39 anthropics:v0.0.38 anthropics:v0.0.37 anthropics:v0.0.36 anthropics:v0.0.35 anthropics:v0.0.34 anthropics:v0.0.33 anthropics:v0.0.32 anthropics:v0.0.31 anthropics:v0.0.30 anthropics:v0.0.29 anthropics:v0.0.28 anthropics:v0.0.27 anthropics:v0.0.26 anthropics:v0.0.25 anthropics:v0.0.24 anthropics:v0.0.23 anthropics:v0.0.22 anthropics:v0.0.21 anthropics:v0.0.20 anthropics:v0.0.19 anthropics:v0.0.18 anthropics:v0.0.17 anthropics:v0.0.16 anthropics:v0.0.15 anthropics:v0.0.14 anthropics:v0.0.13 anthropics:v0.0.12 anthropics:v0.0.11 anthropics:v0.0.10 anthropics:v0.0.9 anthropics:v0.0.8 anthropics:v0.0.7 anthropics:v0.0.6 anthropics:v0.0.5 anthropics:v0.0.4 anthropics:v0.0.3 anthropics:v0.0.2 anthropics:v0.0.1

2 Commits
ashwin/bum ... ashwin/tim

Author SHA1 Message Date
Ashwin Bhat
6626337d20 fix: suppress exit code from killed timeout watchdog process 
When killing the timeout watchdog process after successful installation,
`wait` returns exit code 143 (SIGTERM). Add `|| true` to prevent this
from causing the step to fail.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-24 20:52:16 -05:00
Ashwin Bhat
ed4a4d26bc fix: use cross-platform timeout for Claude Code installation 
The GNU `timeout` command is not available on macOS, which breaks
the action on macOS self-hosted runners. Replace with a portable
bash approach using background process management.

Also extracts the version into a CLAUDE_CODE_VERSION variable for
easier maintenance.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-24 20:45:51 -05:00
69 changed files with 558 additions and 3939 deletions
Expand all files Collapse all files

132
.github/workflows/bump-claude-code-version.yml vendored Normal file
View File

@@ -0,0 +1,132 @@
name: Bump Claude Code Version
on:
repository_dispatch:
types: [bump_claude_code_version]
workflow_dispatch:
inputs:
version:
description: "Claude Code version to bump to"
required: true
type: string
permissions:
contents: write
jobs:
bump-version:
name: Bump Claude Code Version
runs-on: ubuntu-latest
environment: release
timeout-minutes: 5
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4
with:
token: ${{ secrets.RELEASE_PAT }}
fetch-depth: 0
- name: Get version from event payload
id: get_version
run: |
# Get version from either repository_dispatch or workflow_dispatch
if [ "${{ github.event_name }}" = "repository_dispatch" ]; then
NEW_VERSION="${CLIENT_PAYLOAD_VERSION}"
else
NEW_VERSION="${INPUT_VERSION}"
fi
# Sanitize the version to avoid issues enabled by problematic characters
NEW_VERSION=$(echo "$NEW_VERSION" | tr -d '`;$(){}[]|&<>' | tr -s ' ' '-')
if [ -z "$NEW_VERSION" ]; then
echo "Error: version not provided"
exit 1
fi
echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
env:
INPUT_VERSION: ${{ inputs.version }}
CLIENT_PAYLOAD_VERSION: ${{ github.event.client_payload.version }}
- name: Create branch and update base-action/action.yml
run: |
# Variables
TIMESTAMP=$(date +'%Y%m%d-%H%M%S')
BRANCH_NAME="bump-claude-code-${{ env.NEW_VERSION }}-$TIMESTAMP"
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
# Get the default branch
DEFAULT_BRANCH=$(gh api repos/${GITHUB_REPOSITORY} --jq '.default_branch')
echo "DEFAULT_BRANCH=$DEFAULT_BRANCH" >> $GITHUB_ENV
# Get the latest commit SHA from the default branch
BASE_SHA=$(gh api repos/${GITHUB_REPOSITORY}/git/refs/heads/$DEFAULT_BRANCH --jq '.object.sha')
# Create a new branch
gh api \
--method POST \
repos/${GITHUB_REPOSITORY}/git/refs \
-f ref="refs/heads/$BRANCH_NAME" \
-f sha="$BASE_SHA"
# Get the current base-action/action.yml content
ACTION_CONTENT=$(gh api repos/${GITHUB_REPOSITORY}/contents/base-action/action.yml?ref=$DEFAULT_BRANCH --jq '.content' | base64 -d)
# Update the Claude Code version in the npm install command
UPDATED_CONTENT=$(echo "$ACTION_CONTENT" | sed -E "s/(npm install -g @anthropic-ai\/claude-code@)[0-9]+\.[0-9]+\.[0-9]+/\1${{ env.NEW_VERSION }}/")
# Verify the change would be made
if ! echo "$UPDATED_CONTENT" | grep -q "@anthropic-ai/claude-code@${{ env.NEW_VERSION }}"; then
echo "Error: Failed to update Claude Code version in content"
exit 1
fi
# Get the current SHA of base-action/action.yml for the update API call
FILE_SHA=$(gh api repos/${GITHUB_REPOSITORY}/contents/base-action/action.yml?ref=$DEFAULT_BRANCH --jq '.sha')
# Create the updated base-action/action.yml content in base64
echo "$UPDATED_CONTENT" | base64 > action.yml.b64
# Commit the updated base-action/action.yml via GitHub API
gh api \
--method PUT \
repos/${GITHUB_REPOSITORY}/contents/base-action/action.yml \
-f message="chore: bump Claude Code version to ${{ env.NEW_VERSION }}" \
-F content=@action.yml.b64 \
-f sha="$FILE_SHA" \
-f branch="$BRANCH_NAME"
echo "Successfully created branch and updated Claude Code version to ${{ env.NEW_VERSION }}"
env:
GH_TOKEN: ${{ secrets.RELEASE_PAT }}
GITHUB_REPOSITORY: ${{ github.repository }}
- name: Create Pull Request
run: |
# Determine trigger type for PR body
if [ "${{ github.event_name }}" = "repository_dispatch" ]; then
TRIGGER_INFO="repository dispatch event"
else
TRIGGER_INFO="manual workflow dispatch by @${GITHUB_ACTOR}"
fi
# Create PR body with proper YAML escape
printf -v PR_BODY "## Bump Claude Code to ${{ env.NEW_VERSION }}\n\nThis PR updates the Claude Code version in base-action/action.yml to ${{ env.NEW_VERSION }}.\n\n### Changes\n- Updated Claude Code version from current to \`${{ env.NEW_VERSION }}\`\n\n### Triggered by\n- $TRIGGER_INFO\n\n🤖 This PR was automatically created by the bump-claude-code-version workflow."
echo "Creating PR with gh pr create command"
PR_URL=$(gh pr create \
--repo "${GITHUB_REPOSITORY}" \
--title "chore: bump Claude Code version to ${{ env.NEW_VERSION }}" \
--body "$PR_BODY" \
--base "${DEFAULT_BRANCH}" \
--head "${BRANCH_NAME}")
echo "PR created successfully: $PR_URL"
env:
GH_TOKEN: ${{ secrets.RELEASE_PAT }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_ACTOR: ${{ github.actor }}
DEFAULT_BRANCH: ${{ env.DEFAULT_BRANCH }}
BRANCH_NAME: ${{ env.BRANCH_NAME }}

37
.github/workflows/ci-all.yml vendored
View File

@@ -1,37 +0,0 @@
# Orchestrates all CI workflows - runs on PRs, pushes to main, and manual dispatch
# Individual test workflows are called as reusable workflows
name: CI All
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
permissions:
contents: read
jobs:
ci:
uses: ./.github/workflows/ci.yml
test-base-action:
uses: ./.github/workflows/test-base-action.yml
secrets: inherit # Required for ANTHROPIC_API_KEY
test-custom-executables:
uses: ./.github/workflows/test-custom-executables.yml
secrets: inherit
test-mcp-servers:
uses: ./.github/workflows/test-mcp-servers.yml
secrets: inherit
test-settings:
uses: ./.github/workflows/test-settings.yml
secrets: inherit
test-structured-output:
uses: ./.github/workflows/test-structured-output.yml
secrets: inherit

3
.github/workflows/ci.yml vendored
View File

@@ -1,8 +1,9 @@
name: CI
on:
push:
branches: [main]
pull_request:
workflow_call:
jobs:
test:

2
.github/workflows/claude.yml vendored
View File

@@ -36,4 +36,4 @@ jobs:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--allowedTools "Bash(bun install),Bash(bun test:*),Bash(bun run format),Bash(bun typecheck)"
--model "claude-opus-4-5"
--model "claude-opus-4-1-20250805"

106
.github/workflows/release.yml vendored
View File

@@ -8,23 +8,10 @@ on:
required: false
type: boolean
default: false
workflow_run:
workflows: ["CI All"]
types:
- completed
branches:
- main
jobs:
create-release:
runs-on: ubuntu-latest
# Run if: manual dispatch OR (CI All succeeded AND commit is a version bump)
if: |
github.event_name == 'workflow_dispatch' ||
(github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.head_branch == 'main' &&
github.event.workflow_run.event == 'push' &&
startsWith(github.event.workflow_run.head_commit.message, 'chore: bump Claude Code to'))
environment: production
permissions:
contents: write
@@ -97,8 +84,7 @@ jobs:
update-major-tag:
needs: create-release
# Skip for dry runs (workflow_run events are never dry runs)
if: github.event_name == 'workflow_run' || !inputs.dry_run
if: ${{ !inputs.dry_run }}
runs-on: ubuntu-latest
environment: production
permissions:
@@ -123,48 +109,48 @@ jobs:
echo "Updated $major_version tag to point to $next_version"
# release-base-action:
# needs: create-release
# if: ${{ !inputs.dry_run }}
# runs-on: ubuntu-latest
# environment: production
# steps:
# - name: Checkout base-action repo
# uses: actions/checkout@v5
# with:
# repository: anthropics/claude-code-base-action
# token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
# fetch-depth: 0
#
# - name: Create and push tag
# run: |
# next_version="${{ needs.create-release.outputs.next_version }}"
#
# git config user.name "github-actions[bot]"
# git config user.email "github-actions[bot]@users.noreply.github.com"
#
# # Create the version tag
# git tag -a "$next_version" -m "Release $next_version - synced from claude-code-action"
# git push origin "$next_version"
#
# # Update the beta tag
# git tag -fa beta -m "Update beta tag to ${next_version}"
# git push origin beta --force
#
# - name: Create GitHub release
# env:
# GH_TOKEN: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
# run: |
# next_version="${{ needs.create-release.outputs.next_version }}"
#
# # Create the release
# gh release create "$next_version" \
# --repo anthropics/claude-code-base-action \
# --title "$next_version" \
# --notes "Release $next_version - synced from anthropics/claude-code-action" \
# --latest=false
#
# # Update beta release to be latest
# gh release edit beta \
# --repo anthropics/claude-code-base-action \
# --latest
release-base-action:
needs: create-release
if: ${{ !inputs.dry_run }}
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout base-action repo
uses: actions/checkout@v5
with:
repository: anthropics/claude-code-base-action
token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
fetch-depth: 0
# - name: Create and push tag
# run: |
# next_version="${{ needs.create-release.outputs.next_version }}"
# git config user.name "github-actions[bot]"
# git config user.email "github-actions[bot]@users.noreply.github.com"
# # Create the version tag
# git tag -a "$next_version" -m "Release $next_version - synced from claude-code-action"
# git push origin "$next_version"
# # Update the beta tag
# git tag -fa beta -m "Update beta tag to ${next_version}"
# git push origin beta --force
# - name: Create GitHub release
# env:
# GH_TOKEN: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
# run: |
# next_version="${{ needs.create-release.outputs.next_version }}"
# # Create the release
# gh release create "$next_version" \
# --repo anthropics/claude-code-base-action \
# --title "$next_version" \
# --notes "Release $next_version - synced from anthropics/claude-code-action" \
# --latest=false
# # Update beta release to be latest
# gh release edit beta \
# --repo anthropics/claude-code-base-action \
# --latest

4
.github/workflows/sync-base-action.yml vendored
View File

@@ -94,5 +94,5 @@ jobs:
echo "✅ Successfully synced \`base-action\` directory to [anthropics/claude-code-base-action](https://github.com/anthropics/claude-code-base-action)" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **Source commit**: [\`${GITHUB_SHA:0:7}\`](https://github.com/anthropics/claude-code-action/commit/${GITHUB_SHA})" >> $GITHUB_STEP_SUMMARY
echo "- **Triggered by**: $GITHUB_EVENT_NAME" >> $GITHUB_STEP_SUMMARY
echo "- **Actor**: @$GITHUB_ACTOR" >> $GITHUB_STEP_SUMMARY
echo "- **Triggered by**: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
echo "- **Actor**: @${{ github.actor }}" >> $GITHUB_STEP_SUMMARY

62
.github/workflows/test-base-action.yml vendored
View File

@@ -1,6 +1,9 @@
name: Test Claude Code Action
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
inputs:
@@ -8,7 +11,6 @@ on:
description: "Test prompt for Claude"
required: false
default: "List the files in the current directory starting with 'package'"
workflow_call:
jobs:
test-inline-prompt:
@@ -116,61 +118,3 @@ jobs:
echo "❌ Execution log file not found"
exit 1
fi
test-agent-sdk:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Test with Agent SDK
id: sdk-test
uses: ./base-action
env:
USE_AGENT_SDK: "true"
with:
prompt: ${{ github.event.inputs.test_prompt || 'List the files in the current directory starting with "package"' }}
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
allowed_tools: "LS,Read"
- name: Verify SDK output
run: |
OUTPUT_FILE="${{ steps.sdk-test.outputs.execution_file }}"
CONCLUSION="${{ steps.sdk-test.outputs.conclusion }}"
echo "Conclusion: $CONCLUSION"
echo "Output file: $OUTPUT_FILE"
if [ "$CONCLUSION" = "success" ]; then
echo "✅ Action completed successfully with Agent SDK"
else
echo "❌ Action failed with Agent SDK"
exit 1
fi
if [ -f "$OUTPUT_FILE" ]; then
if [ -s "$OUTPUT_FILE" ]; then
echo "✅ Execution log file created successfully with content"
echo "Validating JSON format:"
if jq . "$OUTPUT_FILE" > /dev/null 2>&1; then
echo "✅ Output is valid JSON"
# Verify SDK output contains total_cost_usd (SDK field name)
if jq -e '.[] | select(.type == "result") | .total_cost_usd' "$OUTPUT_FILE" > /dev/null 2>&1; then
echo "✅ SDK output contains total_cost_usd field"
else
echo "❌ SDK output missing total_cost_usd field"
exit 1
fi
echo "Content preview:"
head -c 500 "$OUTPUT_FILE"
else
echo "❌ Output is not valid JSON"
exit 1
fi
else
echo "❌ Execution log file is empty"
exit 1
fi
else
echo "❌ Execution log file not found"
exit 1
fi

4
.github/workflows/test-custom-executables.yml vendored
View File

@@ -1,9 +1,11 @@
name: Test Custom Executables
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
workflow_call:
jobs:
test-custom-executables:

4
.github/workflows/test-mcp-servers.yml vendored
View File

@@ -1,9 +1,11 @@
name: Test MCP Servers
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
workflow_call:
jobs:
test-mcp-integration:

4
.github/workflows/test-settings.yml vendored
View File

@@ -1,9 +1,11 @@
name: Test Settings Feature
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
workflow_call:
jobs:
test-settings-inline-allow:

4
.github/workflows/test-structured-output.yml vendored
View File

@@ -1,9 +1,11 @@
name: Test Structured Outputs
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
workflow_call:
permissions:
contents: read

77
action.yml
View File

@@ -23,10 +23,6 @@ inputs:
description: "The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)"
required: false
default: "claude/"
branch_name_template:
description: "Template for branch naming. Available variables: {{prefix}}, {{entityType}}, {{entityNumber}}, {{timestamp}}, {{sha}}, {{label}}, {{description}}. {{label}} will be first label from the issue/PR, or {{entityType}} as a fallback. {{description}} will be the first 5 words of the issue/PR title in kebab-case. Default: '{{prefix}}{{entityType}}-{{entityNumber}}-{{timestamp}}'"
required: false
default: ""
allowed_bots:
description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots."
required: false
@@ -85,10 +81,6 @@ inputs:
description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands"
required: false
default: "false"
ssh_signing_key:
description: "SSH private key for signing commits. When provided, git will be configured to use SSH signing. Takes precedence over use_commit_signing."
required: false
default: ""
bot_id:
description: "GitHub user ID to use for git operations (defaults to Claude's bot ID)"
required: false
@@ -101,10 +93,10 @@ inputs:
description: "Force tag mode with tracking comments for pull_request and issue events. Only applicable to pull_request (opened, synchronize, ready_for_review, reopened) and issue (opened, edited, labeled, assigned) events."
required: false
default: "false"
include_fix_links:
description: "Include 'Fix this' links in PR code review feedback that open Claude Code with context to fix the identified issue"
experimental_allowed_domains:
description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected."
required: false
default: "true"
default: ""
path_to_claude_code_executable:
description: "Optional path to a custom Claude Code executable. If provided, skips automatic installation and uses this executable instead. WARNING: Using an older version may cause problems if the action begins taking advantage of new Claude Code features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment."
required: false
@@ -139,28 +131,23 @@ outputs:
structured_output:
description: "JSON string containing all structured output fields when --json-schema is provided in claude_args. Use fromJSON() to parse: fromJSON(steps.id.outputs.structured_output).field_name"
value: ${{ steps.claude-code.outputs.structured_output }}
session_id:
description: "The Claude Code session ID that can be used with --resume to continue this conversation"
value: ${{ steps.claude-code.outputs.session_id }}
runs:
using: "composite"
steps:
- name: Install Bun
if: inputs.path_to_bun_executable == ''
uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # https://github.com/oven-sh/setup-bun/releases/tag/v2.1.2
uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # https://github.com/oven-sh/setup-bun/releases/tag/v2.0.2
with:
bun-version: 2.1.1
bun-version: 1.2.11
- name: Setup Custom Bun Path
if: inputs.path_to_bun_executable != ''
shell: bash
env:
PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }}
run: |
echo "Using custom Bun executable: $PATH_TO_BUN_EXECUTABLE"
echo "Using custom Bun executable: ${{ inputs.path_to_bun_executable }}"
# Add the directory containing the custom executable to PATH
BUN_DIR=$(dirname "$PATH_TO_BUN_EXECUTABLE")
BUN_DIR=$(dirname "${{ inputs.path_to_bun_executable }}")
echo "$BUN_DIR" >> "$GITHUB_PATH"
- name: Install Dependencies
@@ -182,7 +169,6 @@ runs:
LABEL_TRIGGER: ${{ inputs.label_trigger }}
BASE_BRANCH: ${{ inputs.base_branch }}
BRANCH_PREFIX: ${{ inputs.branch_prefix }}
BRANCH_NAME_TEMPLATE: ${{ inputs.branch_name_template }}
OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
ALLOWED_BOTS: ${{ inputs.allowed_bots }}
ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }}
@@ -190,11 +176,9 @@ runs:
USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
DEFAULT_WORKFLOW_TOKEN: ${{ github.token }}
USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
SSH_SIGNING_KEY: ${{ inputs.ssh_signing_key }}
BOT_ID: ${{ inputs.bot_id }}
BOT_NAME: ${{ inputs.bot_name }}
TRACK_PROGRESS: ${{ inputs.track_progress }}
INCLUDE_FIX_LINKS: ${{ inputs.include_fix_links }}
ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
CLAUDE_ARGS: ${{ inputs.claude_args }}
ALL_INPUTS: ${{ toJson(inputs) }}
@@ -202,8 +186,6 @@ runs:
- name: Install Base Action Dependencies
if: steps.prepare.outputs.contains_trigger == 'true'
shell: bash
env:
PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
run: |
echo "Installing base-action dependencies..."
cd ${GITHUB_ACTION_PATH}/base-action
@@ -212,33 +194,48 @@ runs:
cd -
# Install Claude Code if no custom executable is provided
if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
CLAUDE_CODE_VERSION="2.1.11"
if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
CLAUDE_CODE_VERSION="2.0.50"
echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
for attempt in 1 2 3; do
echo "Installation attempt $attempt..."
if command -v timeout &> /dev/null; then
# Use --foreground to kill entire process group on timeout, --kill-after to send SIGKILL if SIGTERM fails
timeout --foreground --kill-after=10 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
else
curl -fsSL https://claude.ai/install.sh | bash -s -- "$CLAUDE_CODE_VERSION" && break
# Cross-platform timeout (GNU timeout not available on macOS)
(curl -fsSL https://claude.ai/install.sh | bash -s -- "$CLAUDE_CODE_VERSION") &
install_pid=$!
( sleep 120; kill $install_pid 2>/dev/null ) &
timeout_pid=$!
if wait $install_pid 2>/dev/null; then
kill $timeout_pid 2>/dev/null || true
wait $timeout_pid 2>/dev/null || true
echo "Claude Code installed successfully"
break
fi
kill $timeout_pid 2>/dev/null || true
wait $timeout_pid 2>/dev/null || true
if [ $attempt -eq 3 ]; then
echo "Failed to install Claude Code after 3 attempts"
exit 1
fi
echo "Installation failed, retrying..."
echo "Installation timed out or failed, retrying..."
sleep 5
done
echo "Claude Code installed successfully"
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
else
echo "Using custom Claude Code executable: $PATH_TO_CLAUDE_CODE_EXECUTABLE"
echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
# Add the directory containing the custom executable to PATH
CLAUDE_DIR=$(dirname "$PATH_TO_CLAUDE_CODE_EXECUTABLE")
CLAUDE_DIR=$(dirname "${{ inputs.path_to_claude_code_executable }}")
echo "$CLAUDE_DIR" >> "$GITHUB_PATH"
fi
- name: Setup Network Restrictions
if: steps.prepare.outputs.contains_trigger == 'true' && inputs.experimental_allowed_domains != ''
shell: bash
run: |
chmod +x ${GITHUB_ACTION_PATH}/scripts/setup-network-restrictions.sh
${GITHUB_ACTION_PATH}/scripts/setup-network-restrictions.sh
env:
EXPERIMENTAL_ALLOWED_DOMAINS: ${{ inputs.experimental_allowed_domains }}
- name: Run Claude Code
id: claude-code
if: steps.prepare.outputs.contains_trigger == 'true'
@@ -263,7 +260,6 @@ runs:
# Model configuration
GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
GH_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
NODE_VERSION: ${{ env.NODE_VERSION }}
DETAILED_PERMISSION_MESSAGES: "1"
@@ -313,7 +309,6 @@ runs:
CLAUDE_COMMENT_ID: ${{ steps.prepare.outputs.claude_comment_id }}
GITHUB_RUN_ID: ${{ github.run_id }}
GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
GH_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
GITHUB_EVENT_NAME: ${{ github.event_name }}
TRIGGER_COMMENT_ID: ${{ github.event.comment.id }}
CLAUDE_BRANCH: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
@@ -345,12 +340,6 @@ runs:
echo '```' >> $GITHUB_STEP_SUMMARY
fi
- name: Cleanup SSH signing key
if: always() && inputs.ssh_signing_key != ''
shell: bash
run: |
bun run ${GITHUB_ACTION_PATH}/src/entrypoints/cleanup-ssh-signing.ts
- name: Revoke app token
if: always() && inputs.github_token == '' && steps.prepare.outputs.skipped_due_to_workflow_validation_mismatch != 'true'
shell: bash

43
base-action/action.yml
View File

@@ -82,9 +82,6 @@ outputs:
structured_output:
description: "JSON string containing all structured output fields when --json-schema is provided in claude_args (use fromJSON() or jq to parse)"
value: ${{ steps.run_claude.outputs.structured_output }}
session_id:
description: "The Claude Code session ID that can be used with --resume to continue this conversation"
value: ${{ steps.run_claude.outputs.session_id }}
runs:
using: "composite"
@@ -97,19 +94,17 @@ runs:
- name: Install Bun
if: inputs.path_to_bun_executable == ''
uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # https://github.com/oven-sh/setup-bun/releases/tag/v2.1.2
uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # https://github.com/oven-sh/setup-bun/releases/tag/v2.0.2
with:
bun-version: 2.1.1
bun-version: 1.2.11
- name: Setup Custom Bun Path
if: inputs.path_to_bun_executable != ''
shell: bash
env:
PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }}
run: |
echo "Using custom Bun executable: $PATH_TO_BUN_EXECUTABLE"
echo "Using custom Bun executable: ${{ inputs.path_to_bun_executable }}"
# Add the directory containing the custom executable to PATH
BUN_DIR=$(dirname "$PATH_TO_BUN_EXECUTABLE")
BUN_DIR=$(dirname "${{ inputs.path_to_bun_executable }}")
echo "$BUN_DIR" >> "$GITHUB_PATH"
- name: Install Dependencies
@@ -120,32 +115,36 @@ runs:
- name: Install Claude Code
shell: bash
env:
PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
run: |
if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
CLAUDE_CODE_VERSION="2.1.11"
if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
CLAUDE_CODE_VERSION="2.0.50"
echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
for attempt in 1 2 3; do
echo "Installation attempt $attempt..."
if command -v timeout &> /dev/null; then
# Use --foreground to kill entire process group on timeout, --kill-after to send SIGKILL if SIGTERM fails
timeout --foreground --kill-after=10 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
else
curl -fsSL https://claude.ai/install.sh | bash -s -- "$CLAUDE_CODE_VERSION" && break
# Cross-platform timeout (GNU timeout not available on macOS)
(curl -fsSL https://claude.ai/install.sh | bash -s -- "$CLAUDE_CODE_VERSION") &
install_pid=$!
( sleep 120; kill $install_pid 2>/dev/null ) &
timeout_pid=$!
if wait $install_pid 2>/dev/null; then
kill $timeout_pid 2>/dev/null || true
wait $timeout_pid 2>/dev/null || true
echo "Claude Code installed successfully"
break
fi
kill $timeout_pid 2>/dev/null || true
wait $timeout_pid 2>/dev/null || true
if [ $attempt -eq 3 ]; then
echo "Failed to install Claude Code after 3 attempts"
exit 1
fi
echo "Installation failed, retrying..."
echo "Installation timed out or failed, retrying..."
sleep 5
done
echo "Claude Code installed successfully"
else
echo "Using custom Claude Code executable: $PATH_TO_CLAUDE_CODE_EXECUTABLE"
echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
# Add the directory containing the custom executable to PATH
CLAUDE_DIR=$(dirname "$PATH_TO_CLAUDE_CODE_EXECUTABLE")
CLAUDE_DIR=$(dirname "${{ inputs.path_to_claude_code_executable }}")
echo "$CLAUDE_DIR" >> "$GITHUB_PATH"
fi

36
base-action/bun.lock
View File

@@ -1,12 +1,10 @@
{
"lockfileVersion": 1,
"configVersion": 0,
"workspaces": {
"": {
"name": "@anthropic-ai/claude-code-base-action",
"dependencies": {
"@actions/core": "^1.10.1",
"@anthropic-ai/claude-agent-sdk": "^0.2.11",
"shell-quote": "^1.8.3",
},
"devDependencies": {
@@ -27,40 +25,8 @@
"@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
"@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.11", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-50q4vfh57HYTUrwukULp3gvSaOZfRF5zukxhWvW6mmUHuD8+Xwhqn59sZhoDz9ZUw6Um+1lUCgWpJw5/TTMn5w=="],
"@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
"@img/sharp-darwin-arm64": ["@img/sharp-darwin-arm64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-darwin-arm64": "1.0.4" }, "os": "darwin", "cpu": "arm64" }, "sha512-UT4p+iz/2H4twwAoLCqfA9UH5pI6DggwKEGuaPy7nCVQ8ZsiY5PIcrRvD1DzuY3qYL07NtIQcWnBSY/heikIFQ=="],
"@img/sharp-darwin-x64": ["@img/sharp-darwin-x64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-darwin-x64": "1.0.4" }, "os": "darwin", "cpu": "x64" }, "sha512-fyHac4jIc1ANYGRDxtiqelIbdWkIuQaI84Mv45KvGRRxSAa7o7d1ZKAOBaYbnepLC1WqxfpimdeWfvqqSGwR2Q=="],
"@img/sharp-libvips-darwin-arm64": ["@img/sharp-libvips-darwin-arm64@1.0.4", "", { "os": "darwin", "cpu": "arm64" }, "sha512-XblONe153h0O2zuFfTAbQYAX2JhYmDHeWikp1LM9Hul9gVPjFY427k6dFEcOL72O01QxQsWi761svJ/ev9xEDg=="],
"@img/sharp-libvips-darwin-x64": ["@img/sharp-libvips-darwin-x64@1.0.4", "", { "os": "darwin", "cpu": "x64" }, "sha512-xnGR8YuZYfJGmWPvmlunFaWJsb9T/AO2ykoP3Fz/0X5XV2aoYBPkX6xqCQvUTKKiLddarLaxpzNe+b1hjeWHAQ=="],
"@img/sharp-libvips-linux-arm": ["@img/sharp-libvips-linux-arm@1.0.5", "", { "os": "linux", "cpu": "arm" }, "sha512-gvcC4ACAOPRNATg/ov8/MnbxFDJqf/pDePbBnuBDcjsI8PssmjoKMAz4LtLaVi+OnSb5FK/yIOamqDwGmXW32g=="],
"@img/sharp-libvips-linux-arm64": ["@img/sharp-libvips-linux-arm64@1.0.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-9B+taZ8DlyyqzZQnoeIvDVR/2F4EbMepXMc/NdVbkzsJbzkUjhXv/70GQJ7tdLA4YJgNP25zukcxpX2/SueNrA=="],
"@img/sharp-libvips-linux-x64": ["@img/sharp-libvips-linux-x64@1.0.4", "", { "os": "linux", "cpu": "x64" }, "sha512-MmWmQ3iPFZr0Iev+BAgVMb3ZyC4KeFc3jFxnNbEPas60e1cIfevbtuyf9nDGIzOaW9PdnDciJm+wFFaTlj5xYw=="],
"@img/sharp-libvips-linuxmusl-arm64": ["@img/sharp-libvips-linuxmusl-arm64@1.0.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-9Ti+BbTYDcsbp4wfYib8Ctm1ilkugkA/uscUn6UXK1ldpC1JjiXbLfFZtRlBhjPZ5o1NCLiDbg8fhUPKStHoTA=="],
"@img/sharp-libvips-linuxmusl-x64": ["@img/sharp-libvips-linuxmusl-x64@1.0.4", "", { "os": "linux", "cpu": "x64" }, "sha512-viYN1KX9m+/hGkJtvYYp+CCLgnJXwiQB39damAO7WMdKWlIhmYTfHjwSbQeUK/20vY154mwezd9HflVFM1wVSw=="],
"@img/sharp-linux-arm": ["@img/sharp-linux-arm@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-arm": "1.0.5" }, "os": "linux", "cpu": "arm" }, "sha512-JTS1eldqZbJxjvKaAkxhZmBqPRGmxgu+qFKSInv8moZ2AmT5Yib3EQ1c6gp493HvrvV8QgdOXdyaIBrhvFhBMQ=="],
"@img/sharp-linux-arm64": ["@img/sharp-linux-arm64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-arm64": "1.0.4" }, "os": "linux", "cpu": "arm64" }, "sha512-JMVv+AMRyGOHtO1RFBiJy/MBsgz0x4AWrT6QoEVVTyh1E39TrCUpTRI7mx9VksGX4awWASxqCYLCV4wBZHAYxA=="],
"@img/sharp-linux-x64": ["@img/sharp-linux-x64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-x64": "1.0.4" }, "os": "linux", "cpu": "x64" }, "sha512-opC+Ok5pRNAzuvq1AG0ar+1owsu842/Ab+4qvU879ippJBHvyY5n2mxF1izXqkPYlGuP/M556uh53jRLJmzTWA=="],
"@img/sharp-linuxmusl-arm64": ["@img/sharp-linuxmusl-arm64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linuxmusl-arm64": "1.0.4" }, "os": "linux", "cpu": "arm64" }, "sha512-XrHMZwGQGvJg2V/oRSUfSAfjfPxO+4DkiRh6p2AFjLQztWUuY/o8Mq0eMQVIY7HJ1CDQUJlxGGZRw1a5bqmd1g=="],
"@img/sharp-linuxmusl-x64": ["@img/sharp-linuxmusl-x64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linuxmusl-x64": "1.0.4" }, "os": "linux", "cpu": "x64" }, "sha512-WT+d/cgqKkkKySYmqoZ8y3pxx7lx9vVejxW/W4DOFMYVSkErR+w7mf2u8m/y4+xHe7yY9DAXQMWQhpnMuFfScw=="],
"@img/sharp-win32-x64": ["@img/sharp-win32-x64@0.33.5", "", { "os": "win32", "cpu": "x64" }, "sha512-MpY/o8/8kj+EcnxwvrP4aTJSWw/aZ7JIGR4aBeZkZw5B7/Jn+tY9/VNwtcoGmdT7GfggGIU4kygOMSbYnOrAbg=="],
"@types/bun": ["@types/bun@1.2.19", "", { "dependencies": { "bun-types": "1.2.19" } }, "sha512-d9ZCmrH3CJ2uYKXQIUuZ/pUnTqIvLDS0SK7pFmbx8ma+ziH/FRMoAq5bYpRG7y+w1gl+HgyNZbtqgMq4W4e2Lg=="],
"@types/node": ["@types/node@20.19.9", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-cuVNgarYWZqxRJDQHEB58GEONhOK79QVR/qYx4S7kcUObQvUwvFnYxJuuHUKm2aieN9X3yZB4LZsuYNU1Qphsw=="],
@@ -84,7 +50,5 @@
"undici": ["undici@5.29.0", "", { "dependencies": { "@fastify/busboy": "^2.0.0" } }, "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg=="],
"undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
"zod": ["zod@3.25.76", "", {}, "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ=="],
}
}

1
base-action/package.json
View File

@@ -11,7 +11,6 @@
},
"dependencies": {
"@actions/core": "^1.10.1",
"@anthropic-ai/claude-agent-sdk": "^0.2.11",
"shell-quote": "^1.8.3"
},
"devDependencies": {

65
base-action/src/install-plugins.ts
View File

@@ -8,47 +8,26 @@ const MARKETPLACE_URL_REGEX =
/^https:\/\/[a-zA-Z0-9\-._~:/?#[\]@!$&'()*+,;=%]+\.git$/;
/**
* Checks if a marketplace input is a local path (not a URL)
* @param input - The marketplace input to check
* @returns true if the input is a local path, false if it's a URL
* Validates a marketplace URL for security issues
* @param url - The marketplace URL to validate
* @throws {Error} If the URL is invalid
*/
function isLocalPath(input: string): boolean {
// Local paths start with ./, ../, /, or a drive letter (Windows)
return (
input.startsWith("./") ||
input.startsWith("../") ||
input.startsWith("/") ||
/^[a-zA-Z]:[\\\/]/.test(input)
);
}
/**
* Validates a marketplace URL or local path
* @param input - The marketplace URL or local path to validate
* @throws {Error} If the input is invalid
*/
function validateMarketplaceInput(input: string): void {
const normalized = input.trim();
function validateMarketplaceUrl(url: string): void {
const normalized = url.trim();
if (!normalized) {
throw new Error("Marketplace URL or path cannot be empty");
throw new Error("Marketplace URL cannot be empty");
}
// Local paths are passed directly to Claude Code which handles them
if (isLocalPath(normalized)) {
return;
}
// Validate as URL
if (!MARKETPLACE_URL_REGEX.test(normalized)) {
throw new Error(`Invalid marketplace URL format: ${input}`);
throw new Error(`Invalid marketplace URL format: ${url}`);
}
// Additional check for valid URL structure
try {
new URL(normalized);
} catch {
throw new Error(`Invalid marketplace URL: ${input}`);
throw new Error(`Invalid marketplace URL: ${url}`);
}
}
@@ -76,9 +55,9 @@ function validatePluginName(pluginName: string): void {
}
/**
* Parse a newline-separated list of marketplace URLs or local paths and return an array of validated entries
* @param marketplaces - Newline-separated list of marketplace Git URLs or local paths
* @returns Array of validated marketplace URLs or paths (empty array if none provided)
* Parse a newline-separated list of marketplace URLs and return an array of validated URLs
* @param marketplaces - Newline-separated list of marketplace Git URLs
* @returns Array of validated marketplace URLs (empty array if none provided)
*/
function parseMarketplaces(marketplaces?: string): string[] {
const trimmed = marketplaces?.trim();
@@ -87,14 +66,14 @@ function parseMarketplaces(marketplaces?: string): string[] {
return [];
}
// Split by newline and process each entry
// Split by newline and process each URL
return trimmed
.split("\n")
.map((entry) => entry.trim())
.filter((entry) => {
if (entry.length === 0) return false;
.map((url) => url.trim())
.filter((url) => {
if (url.length === 0) return false;
validateMarketplaceInput(entry);
validateMarketplaceUrl(url);
return true;
});
}
@@ -184,26 +163,26 @@ async function installPlugin(
/**
* Adds a Claude Code plugin marketplace
* @param claudeExecutable - Path to the Claude executable
* @param marketplace - The marketplace Git URL or local path to add
* @param marketplaceUrl - The marketplace Git URL to add
* @returns Promise that resolves when the marketplace add command completes
* @throws {Error} If the command fails to execute
*/
async function addMarketplace(
claudeExecutable: string,
marketplace: string,
marketplaceUrl: string,
): Promise<void> {
console.log(`Adding marketplace: ${marketplace}`);
console.log(`Adding marketplace: ${marketplaceUrl}`);
return executeClaudeCommand(
claudeExecutable,
["plugin", "marketplace", "add", marketplace],
`Failed to add marketplace '${marketplace}'`,
["plugin", "marketplace", "add", marketplaceUrl],
`Failed to add marketplace '${marketplaceUrl}'`,
);
}
/**
* Installs Claude Code plugins from a newline-separated list
* @param marketplacesInput - Newline-separated list of marketplace Git URLs or local paths
* @param marketplacesInput - Newline-separated list of marketplace Git URLs
* @param pluginsInput - Newline-separated list of plugin names
* @param claudeExecutable - Path to the Claude executable (defaults to "claude")
* @returns Promise that resolves when all plugins are installed

271
base-action/src/parse-sdk-options.ts
View File

@@ -1,271 +0,0 @@
import { parse as parseShellArgs } from "shell-quote";
import type { ClaudeOptions } from "./run-claude";
import type { Options as SdkOptions } from "@anthropic-ai/claude-agent-sdk";
/**
* Result of parsing ClaudeOptions for SDK usage
*/
export type ParsedSdkOptions = {
sdkOptions: SdkOptions;
showFullOutput: boolean;
hasJsonSchema: boolean;
};
// Flags that should accumulate multiple values instead of overwriting
// Include both camelCase and hyphenated variants for CLI compatibility
const ACCUMULATING_FLAGS = new Set([
"allowedTools",
"allowed-tools",
"disallowedTools",
"disallowed-tools",
"mcp-config",
]);
// Delimiter used to join accumulated flag values
const ACCUMULATE_DELIMITER = "\x00";
type McpConfig = {
mcpServers?: Record<string, unknown>;
};
/**
* Merge multiple MCP config values into a single config.
* Each config can be a JSON string or a file path.
* For JSON strings, mcpServers objects are merged.
* For file paths, they are kept as-is (user's file takes precedence and is used last).
*/
function mergeMcpConfigs(configValues: string[]): string {
const merged: McpConfig = { mcpServers: {} };
let lastFilePath: string | null = null;
for (const config of configValues) {
const trimmed = config.trim();
if (!trimmed) continue;
// Check if it's a JSON string (starts with {) or a file path
if (trimmed.startsWith("{")) {
try {
const parsed = JSON.parse(trimmed) as McpConfig;
if (parsed.mcpServers) {
Object.assign(merged.mcpServers!, parsed.mcpServers);
}
} catch {
// If JSON parsing fails, treat as file path
lastFilePath = trimmed;
}
} else {
// It's a file path - store it to handle separately
lastFilePath = trimmed;
}
}
// If we have file paths, we need to keep the merged JSON and let the file
// be handled separately. Since we can only return one value, merge what we can.
// If there's a file path, we need a different approach - read the file at runtime.
// For now, if there's a file path, we'll stringify the merged config.
// The action prepends its config as JSON, so we can safely merge inline JSON configs.
// If no inline configs were found (all file paths), return the last file path
if (Object.keys(merged.mcpServers!).length === 0 && lastFilePath) {
return lastFilePath;
}
// Note: If user passes a file path, we cannot merge it at parse time since
// we don't have access to the file system here. The action's built-in MCP
// servers are always passed as inline JSON, so they will be merged.
// If user also passes inline JSON, it will be merged.
// If user passes a file path, they should ensure it includes all needed servers.
return JSON.stringify(merged);
}
/**
* Parse claudeArgs string into extraArgs record for SDK pass-through
* The SDK/CLI will handle --mcp-config, --json-schema, etc.
* For allowedTools and disallowedTools, multiple occurrences are accumulated (null-char joined).
* Accumulating flags also consume all consecutive non-flag values
* (e.g., --allowed-tools "Tool1" "Tool2" "Tool3" captures all three).
*/
function parseClaudeArgsToExtraArgs(
claudeArgs?: string,
): Record<string, string | null> {
if (!claudeArgs?.trim()) return {};
const result: Record<string, string | null> = {};
const args = parseShellArgs(claudeArgs).filter(
(arg): arg is string => typeof arg === "string",
);
for (let i = 0; i < args.length; i++) {
const arg = args[i];
if (arg?.startsWith("--")) {
const flag = arg.slice(2);
const nextArg = args[i + 1];
// Check if next arg is a value (not another flag)
if (nextArg && !nextArg.startsWith("--")) {
// For accumulating flags, consume all consecutive non-flag values
// This handles: --allowed-tools "Tool1" "Tool2" "Tool3"
if (ACCUMULATING_FLAGS.has(flag)) {
const values: string[] = [];
while (i + 1 < args.length && !args[i + 1]?.startsWith("--")) {
i++;
values.push(args[i]!);
}
const joinedValues = values.join(ACCUMULATE_DELIMITER);
if (result[flag]) {
result[flag] =
`${result[flag]}${ACCUMULATE_DELIMITER}${joinedValues}`;
} else {
result[flag] = joinedValues;
}
} else {
result[flag] = nextArg;
i++; // Skip the value
}
} else {
result[flag] = null; // Boolean flag
}
}
}
return result;
}
/**
* Parse ClaudeOptions into SDK-compatible options
* Uses extraArgs for CLI pass-through instead of duplicating option parsing
*/
export function parseSdkOptions(options: ClaudeOptions): ParsedSdkOptions {
// Determine output verbosity
const isDebugMode = process.env.ACTIONS_STEP_DEBUG === "true";
const showFullOutput = options.showFullOutput === "true" || isDebugMode;
// Parse claudeArgs into extraArgs for CLI pass-through
const extraArgs = parseClaudeArgsToExtraArgs(options.claudeArgs);
// Detect if --json-schema is present (for hasJsonSchema flag)
const hasJsonSchema = "json-schema" in extraArgs;
// Extract and merge allowedTools from all sources:
// 1. From extraArgs (parsed from claudeArgs - contains tag mode's tools)
// - Check both camelCase (--allowedTools) and hyphenated (--allowed-tools) variants
// 2. From options.allowedTools (direct input - may be undefined)
// This prevents duplicate flags being overwritten when claudeArgs contains --allowedTools
const allowedToolsValues = [
extraArgs["allowedTools"],
extraArgs["allowed-tools"],
]
.filter(Boolean)
.join(ACCUMULATE_DELIMITER);
const extraArgsAllowedTools = allowedToolsValues
? allowedToolsValues
.split(ACCUMULATE_DELIMITER)
.flatMap((v) => v.split(","))
.map((t) => t.trim())
.filter(Boolean)
: [];
const directAllowedTools = options.allowedTools
? options.allowedTools.split(",").map((t) => t.trim())
: [];
const mergedAllowedTools = [
...new Set([...extraArgsAllowedTools, ...directAllowedTools]),
];
delete extraArgs["allowedTools"];
delete extraArgs["allowed-tools"];
// Same for disallowedTools - check both camelCase and hyphenated variants
const disallowedToolsValues = [
extraArgs["disallowedTools"],
extraArgs["disallowed-tools"],
]
.filter(Boolean)
.join(ACCUMULATE_DELIMITER);
const extraArgsDisallowedTools = disallowedToolsValues
? disallowedToolsValues
.split(ACCUMULATE_DELIMITER)
.flatMap((v) => v.split(","))
.map((t) => t.trim())
.filter(Boolean)
: [];
const directDisallowedTools = options.disallowedTools
? options.disallowedTools.split(",").map((t) => t.trim())
: [];
const mergedDisallowedTools = [
...new Set([...extraArgsDisallowedTools, ...directDisallowedTools]),
];
delete extraArgs["disallowedTools"];
delete extraArgs["disallowed-tools"];
// Merge multiple --mcp-config values by combining their mcpServers objects
// The action prepends its config (github_comment, github_ci, etc.) as inline JSON,
// and users may provide their own config as inline JSON or file path
if (extraArgs["mcp-config"]) {
const mcpConfigValues = extraArgs["mcp-config"].split(ACCUMULATE_DELIMITER);
if (mcpConfigValues.length > 1) {
extraArgs["mcp-config"] = mergeMcpConfigs(mcpConfigValues);
}
}
// Build custom environment
const env: Record<string, string | undefined> = { ...process.env };
if (process.env.INPUT_ACTION_INPUTS_PRESENT) {
env.GITHUB_ACTION_INPUTS = process.env.INPUT_ACTION_INPUTS_PRESENT;
}
// Ensure SDK path uses the same entrypoint as the CLI path
env.CLAUDE_CODE_ENTRYPOINT = "claude-code-github-action";
// Build system prompt option - default to claude_code preset
let systemPrompt: SdkOptions["systemPrompt"];
if (options.systemPrompt) {
systemPrompt = options.systemPrompt;
} else if (options.appendSystemPrompt) {
systemPrompt = {
type: "preset",
preset: "claude_code",
append: options.appendSystemPrompt,
};
} else {
// Default to claude_code preset when no custom prompt is specified
systemPrompt = {
type: "preset",
preset: "claude_code",
};
}
// Build SDK options - use merged tools from both direct options and claudeArgs
const sdkOptions: SdkOptions = {
// Direct options from ClaudeOptions inputs
model: options.model,
maxTurns: options.maxTurns ? parseInt(options.maxTurns, 10) : undefined,
allowedTools:
mergedAllowedTools.length > 0 ? mergedAllowedTools : undefined,
disallowedTools:
mergedDisallowedTools.length > 0 ? mergedDisallowedTools : undefined,
systemPrompt,
fallbackModel: options.fallbackModel,
pathToClaudeCodeExecutable: options.pathToClaudeCodeExecutable,
// Pass through claudeArgs as extraArgs - CLI handles --mcp-config, --json-schema, etc.
// Note: allowedTools and disallowedTools have been removed from extraArgs to prevent duplicates
extraArgs,
env,
// Load settings from sources - prefer user's --setting-sources if provided, otherwise use all sources
// This ensures users can override the default behavior (e.g., --setting-sources user to avoid in-repo configs)
settingSources: extraArgs["setting-sources"]
? (extraArgs["setting-sources"].split(
",",
) as SdkOptions["settingSources"])
: ["user", "project", "local"],
};
// Remove setting-sources from extraArgs to avoid passing it twice
delete extraArgs["setting-sources"];
return {
sdkOptions,
showFullOutput,
hasJsonSchema,
};
}

219
base-action/src/run-claude-sdk.ts
View File

@@ -1,219 +0,0 @@
import * as core from "@actions/core";
import { readFile, writeFile, access } from "fs/promises";
import { dirname, join } from "path";
import { query } from "@anthropic-ai/claude-agent-sdk";
import type {
SDKMessage,
SDKResultMessage,
SDKUserMessage,
} from "@anthropic-ai/claude-agent-sdk";
import type { ParsedSdkOptions } from "./parse-sdk-options";
const EXECUTION_FILE = `${process.env.RUNNER_TEMP}/claude-execution-output.json`;
/** Filename for the user request file, written by prompt generation */
const USER_REQUEST_FILENAME = "claude-user-request.txt";
/**
* Check if a file exists
*/
async function fileExists(path: string): Promise<boolean> {
try {
await access(path);
return true;
} catch {
return false;
}
}
/**
* Creates a prompt configuration for the SDK.
* If a user request file exists alongside the prompt file, returns a multi-block
* SDKUserMessage that enables slash command processing in the CLI.
* Otherwise, returns the prompt as a simple string.
*/
async function createPromptConfig(
promptPath: string,
showFullOutput: boolean,
): Promise<string | AsyncIterable<SDKUserMessage>> {
const promptContent = await readFile(promptPath, "utf-8");
// Check for user request file in the same directory
const userRequestPath = join(dirname(promptPath), USER_REQUEST_FILENAME);
const hasUserRequest = await fileExists(userRequestPath);
if (!hasUserRequest) {
// No user request file - use simple string prompt
return promptContent;
}
// User request file exists - create multi-block message
const userRequest = await readFile(userRequestPath, "utf-8");
if (showFullOutput) {
console.log("Using multi-block message with user request:", userRequest);
} else {
console.log("Using multi-block message with user request (content hidden)");
}
// Create an async generator that yields a single multi-block message
// The context/instructions go first, then the user's actual request last
// This allows the CLI to detect and process slash commands in the user request
async function* createMultiBlockMessage(): AsyncGenerator<SDKUserMessage> {
yield {
type: "user",
session_id: "",
message: {
role: "user",
content: [
{ type: "text", text: promptContent }, // Instructions + GitHub context
{ type: "text", text: userRequest }, // User's request (may be a slash command)
],
},
parent_tool_use_id: null,
};
}
return createMultiBlockMessage();
}
/**
* Sanitizes SDK output to match CLI sanitization behavior
*/
function sanitizeSdkOutput(
message: SDKMessage,
showFullOutput: boolean,
): string | null {
if (showFullOutput) {
return JSON.stringify(message, null, 2);
}
// System initialization - safe to show
if (message.type === "system" && message.subtype === "init") {
return JSON.stringify(
{
type: "system",
subtype: "init",
message: "Claude Code initialized",
model: "model" in message ? message.model : "unknown",
},
null,
2,
);
}
// Result messages - show sanitized summary
if (message.type === "result") {
const resultMsg = message as SDKResultMessage;
return JSON.stringify(
{
type: "result",
subtype: resultMsg.subtype,
is_error: resultMsg.is_error,
duration_ms: resultMsg.duration_ms,
num_turns: resultMsg.num_turns,
total_cost_usd: resultMsg.total_cost_usd,
permission_denials: resultMsg.permission_denials,
},
null,
2,
);
}
// Suppress other message types in non-full-output mode
return null;
}
/**
* Run Claude using the Agent SDK
*/
export async function runClaudeWithSdk(
promptPath: string,
{ sdkOptions, showFullOutput, hasJsonSchema }: ParsedSdkOptions,
): Promise<void> {
// Create prompt configuration - may be a string or multi-block message
const prompt = await createPromptConfig(promptPath, showFullOutput);
if (!showFullOutput) {
console.log(
"Running Claude Code via SDK (full output hidden for security)...",
);
console.log(
"Rerun in debug mode or enable `show_full_output: true` in your workflow file for full output.",
);
}
console.log(`Running Claude with prompt from file: ${promptPath}`);
// Log SDK options without env (which could contain sensitive data)
const { env, ...optionsToLog } = sdkOptions;
console.log("SDK options:", JSON.stringify(optionsToLog, null, 2));
const messages: SDKMessage[] = [];
let resultMessage: SDKResultMessage | undefined;
try {
for await (const message of query({ prompt, options: sdkOptions })) {
messages.push(message);
const sanitized = sanitizeSdkOutput(message, showFullOutput);
if (sanitized) {
console.log(sanitized);
}
if (message.type === "result") {
resultMessage = message as SDKResultMessage;
}
}
} catch (error) {
console.error("SDK execution error:", error);
core.setOutput("conclusion", "failure");
process.exit(1);
}
// Write execution file
try {
await writeFile(EXECUTION_FILE, JSON.stringify(messages, null, 2));
console.log(`Log saved to ${EXECUTION_FILE}`);
core.setOutput("execution_file", EXECUTION_FILE);
} catch (error) {
core.warning(`Failed to write execution file: ${error}`);
}
if (!resultMessage) {
core.setOutput("conclusion", "failure");
core.error("No result message received from Claude");
process.exit(1);
}
const isSuccess = resultMessage.subtype === "success";
core.setOutput("conclusion", isSuccess ? "success" : "failure");
// Handle structured output
if (hasJsonSchema) {
if (
isSuccess &&
"structured_output" in resultMessage &&
resultMessage.structured_output
) {
const structuredOutputJson = JSON.stringify(
resultMessage.structured_output,
);
core.setOutput("structured_output", structuredOutputJson);
core.info(
`Set structured_output with ${Object.keys(resultMessage.structured_output as object).length} field(s)`,
);
} else {
core.setFailed(
`--json-schema was provided but Claude did not return structured_output. Result subtype: ${resultMessage.subtype}`,
);
core.setOutput("conclusion", "failure");
process.exit(1);
}
}
if (!isSuccess) {
if ("errors" in resultMessage && resultMessage.errors) {
core.error(`Execution failed: ${resultMessage.errors.join(", ")}`);
}
process.exit(1);
}
}

46
base-action/src/run-claude.ts
View File

@@ -5,8 +5,6 @@ import { unlink, writeFile, stat, readFile } from "fs/promises";
import { createWriteStream } from "fs";
import { spawn } from "child_process";
import { parse as parseShellArgs } from "shell-quote";
import { runClaudeWithSdk } from "./run-claude-sdk";
import { parseSdkOptions } from "./parse-sdk-options";
const execAsync = promisify(exec);
@@ -124,36 +122,6 @@ export function prepareRunConfig(
};
}
/**
* Parses session_id from execution file and sets GitHub Action output
* Exported for testing
*/
export async function parseAndSetSessionId(
executionFile: string,
): Promise<void> {
try {
const content = await readFile(executionFile, "utf-8");
const messages = JSON.parse(content) as {
type: string;
subtype?: string;
session_id?: string;
}[];
// Find the system.init message which contains session_id
const initMessage = messages.find(
(m) => m.type === "system" && m.subtype === "init",
);
if (initMessage?.session_id) {
core.setOutput("session_id", initMessage.session_id);
core.info(`Set session_id: ${initMessage.session_id}`);
}
} catch (error) {
// Don't fail the action if session_id extraction fails
core.warning(`Failed to extract session_id: ${error}`);
}
}
/**
* Parses structured_output from execution file and sets GitHub Action outputs
* Only runs if --json-schema was explicitly provided in claude_args
@@ -197,17 +165,6 @@ export async function parseAndSetStructuredOutputs(
}
export async function runClaude(promptPath: string, options: ClaudeOptions) {
// Feature flag: use SDK path by default, set USE_AGENT_SDK=false to use CLI
const useAgentSdk = process.env.USE_AGENT_SDK !== "false";
console.log(
`Using ${useAgentSdk ? "Agent SDK" : "CLI"} path (USE_AGENT_SDK=${process.env.USE_AGENT_SDK ?? "unset"})`,
);
if (useAgentSdk) {
const parsedOptions = parseSdkOptions(options);
return runClaudeWithSdk(promptPath, parsedOptions);
}
const config = prepareRunConfig(promptPath, options);
// Detect if --json-schema is present in claude args
@@ -398,9 +355,6 @@ export async function runClaude(promptPath: string, options: ClaudeOptions) {
core.setOutput("execution_file", EXECUTION_FILE);
// Extract and set session_id
await parseAndSetSessionId(EXECUTION_FILE);
// Parse and set structured outputs only if user provided --json-schema in claude_args
if (hasJsonSchema) {
try {

107
base-action/test/install-plugins.test.ts
View File

@@ -596,111 +596,4 @@ describe("installPlugins", () => {
{ stdio: "inherit" },
);
});
// Local marketplace path tests
test("should accept local marketplace path with ./", async () => {
const spy = createMockSpawn();
await installPlugins("./my-local-marketplace", "test-plugin");
expect(spy).toHaveBeenCalledTimes(2);
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
["plugin", "marketplace", "add", "./my-local-marketplace"],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "install", "test-plugin"],
{ stdio: "inherit" },
);
});
test("should accept local marketplace path with absolute Unix path", async () => {
const spy = createMockSpawn();
await installPlugins("/home/user/my-marketplace", "test-plugin");
expect(spy).toHaveBeenCalledTimes(2);
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
["plugin", "marketplace", "add", "/home/user/my-marketplace"],
{ stdio: "inherit" },
);
});
test("should accept local marketplace path with Windows absolute path", async () => {
const spy = createMockSpawn();
await installPlugins("C:\\Users\\user\\marketplace", "test-plugin");
expect(spy).toHaveBeenCalledTimes(2);
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
["plugin", "marketplace", "add", "C:\\Users\\user\\marketplace"],
{ stdio: "inherit" },
);
});
test("should accept mixed local and remote marketplaces", async () => {
const spy = createMockSpawn();
await installPlugins(
"./local-marketplace\nhttps://github.com/user/remote.git",
"test-plugin",
);
expect(spy).toHaveBeenCalledTimes(3);
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
["plugin", "marketplace", "add", "./local-marketplace"],
{ stdio: "inherit" },
);
expect(spy).toHaveBeenNthCalledWith(
2,
"claude",
["plugin", "marketplace", "add", "https://github.com/user/remote.git"],
{ stdio: "inherit" },
);
});
test("should accept local path with ../ (parent directory)", async () => {
const spy = createMockSpawn();
await installPlugins("../shared-plugins/marketplace", "test-plugin");
expect(spy).toHaveBeenCalledTimes(2);
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
["plugin", "marketplace", "add", "../shared-plugins/marketplace"],
{ stdio: "inherit" },
);
});
test("should accept local path with nested directories", async () => {
const spy = createMockSpawn();
await installPlugins("./plugins/my-org/my-marketplace", "test-plugin");
expect(spy).toHaveBeenCalledTimes(2);
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
["plugin", "marketplace", "add", "./plugins/my-org/my-marketplace"],
{ stdio: "inherit" },
);
});
test("should accept local path with dots in directory name", async () => {
const spy = createMockSpawn();
await installPlugins("./my.plugin.marketplace", "test-plugin");
expect(spy).toHaveBeenCalledTimes(2);
expect(spy).toHaveBeenNthCalledWith(
1,
"claude",
["plugin", "marketplace", "add", "./my.plugin.marketplace"],
{ stdio: "inherit" },
);
});
});

2
base-action/test/mcp-test/package.json
View File

@@ -2,6 +2,6 @@
"name": "mcp-test",
"version": "1.0.0",
"dependencies": {
"@modelcontextprotocol/sdk": "^1.24.0"
"@modelcontextprotocol/sdk": "^1.11.0"
}
}

315
base-action/test/parse-sdk-options.test.ts
View File

@@ -1,315 +0,0 @@
#!/usr/bin/env bun
import { describe, test, expect } from "bun:test";
import { parseSdkOptions } from "../src/parse-sdk-options";
import type { ClaudeOptions } from "../src/run-claude";
describe("parseSdkOptions", () => {
describe("allowedTools merging", () => {
test("should extract allowedTools from claudeArgs", () => {
const options: ClaudeOptions = {
claudeArgs: '--allowedTools "Edit,Read,Write"',
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toEqual(["Edit", "Read", "Write"]);
expect(result.sdkOptions.extraArgs?.["allowedTools"]).toBeUndefined();
});
test("should extract allowedTools from claudeArgs with MCP tools", () => {
const options: ClaudeOptions = {
claudeArgs:
'--allowedTools "Edit,Read,mcp__github_comment__update_claude_comment"',
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toEqual([
"Edit",
"Read",
"mcp__github_comment__update_claude_comment",
]);
});
test("should accumulate multiple --allowedTools flags from claudeArgs", () => {
// This simulates tag mode adding its tools, then user adding their own
const options: ClaudeOptions = {
claudeArgs:
'--allowedTools "Edit,Read,mcp__github_comment__update_claude_comment" --model "claude-3" --allowedTools "Bash(npm install),mcp__github__get_issue"',
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toEqual([
"Edit",
"Read",
"mcp__github_comment__update_claude_comment",
"Bash(npm install)",
"mcp__github__get_issue",
]);
});
test("should merge allowedTools from both claudeArgs and direct options", () => {
const options: ClaudeOptions = {
claudeArgs: '--allowedTools "Edit,Read"',
allowedTools: "Write,Glob",
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toEqual([
"Edit",
"Read",
"Write",
"Glob",
]);
});
test("should deduplicate allowedTools when merging", () => {
const options: ClaudeOptions = {
claudeArgs: '--allowedTools "Edit,Read"',
allowedTools: "Edit,Write",
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toEqual(["Edit", "Read", "Write"]);
});
test("should use only direct options when claudeArgs has no allowedTools", () => {
const options: ClaudeOptions = {
claudeArgs: '--model "claude-3-5-sonnet"',
allowedTools: "Edit,Read",
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toEqual(["Edit", "Read"]);
});
test("should return undefined allowedTools when neither source has it", () => {
const options: ClaudeOptions = {
claudeArgs: '--model "claude-3-5-sonnet"',
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toBeUndefined();
});
test("should remove allowedTools from extraArgs after extraction", () => {
const options: ClaudeOptions = {
claudeArgs: '--allowedTools "Edit,Read" --model "claude-3-5-sonnet"',
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.extraArgs?.["allowedTools"]).toBeUndefined();
expect(result.sdkOptions.extraArgs?.["model"]).toBe("claude-3-5-sonnet");
});
test("should handle hyphenated --allowed-tools flag", () => {
const options: ClaudeOptions = {
claudeArgs: '--allowed-tools "Edit,Read,Write"',
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toEqual(["Edit", "Read", "Write"]);
expect(result.sdkOptions.extraArgs?.["allowed-tools"]).toBeUndefined();
});
test("should accumulate multiple --allowed-tools flags (hyphenated)", () => {
// This is the exact scenario from issue #746
const options: ClaudeOptions = {
claudeArgs:
'--allowed-tools "Bash(git log:*)" "Bash(git diff:*)" "Bash(git fetch:*)" "Bash(gh pr:*)"',
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.allowedTools).toEqual([
"Bash(git log:*)",
"Bash(git diff:*)",
"Bash(git fetch:*)",
"Bash(gh pr:*)",
]);
});
test("should handle mixed camelCase and hyphenated allowedTools flags", () => {
const options: ClaudeOptions = {
claudeArgs: '--allowedTools "Edit,Read" --allowed-tools "Write,Glob"',
};
const result = parseSdkOptions(options);
// Both should be merged - note: order depends on which key is found first
expect(result.sdkOptions.allowedTools).toContain("Edit");
expect(result.sdkOptions.allowedTools).toContain("Read");
expect(result.sdkOptions.allowedTools).toContain("Write");
expect(result.sdkOptions.allowedTools).toContain("Glob");
});
});
describe("disallowedTools merging", () => {
test("should extract disallowedTools from claudeArgs", () => {
const options: ClaudeOptions = {
claudeArgs: '--disallowedTools "Bash,Write"',
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.disallowedTools).toEqual(["Bash", "Write"]);
expect(result.sdkOptions.extraArgs?.["disallowedTools"]).toBeUndefined();
});
test("should merge disallowedTools from both sources", () => {
const options: ClaudeOptions = {
claudeArgs: '--disallowedTools "Bash"',
disallowedTools: "Write",
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.disallowedTools).toEqual(["Bash", "Write"]);
});
});
describe("mcp-config merging", () => {
test("should pass through single mcp-config in extraArgs", () => {
const options: ClaudeOptions = {
claudeArgs: `--mcp-config '{"mcpServers":{"server1":{"command":"cmd1"}}}'`,
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.extraArgs?.["mcp-config"]).toBe(
'{"mcpServers":{"server1":{"command":"cmd1"}}}',
);
});
test("should merge multiple mcp-config flags with inline JSON", () => {
// Simulates action prepending its config, then user providing their own
const options: ClaudeOptions = {
claudeArgs: `--mcp-config '{"mcpServers":{"github_comment":{"command":"node","args":["server.js"]}}}' --mcp-config '{"mcpServers":{"user_server":{"command":"custom","args":["run"]}}}'`,
};
const result = parseSdkOptions(options);
const mcpConfig = JSON.parse(
result.sdkOptions.extraArgs?.["mcp-config"] as string,
);
expect(mcpConfig.mcpServers).toHaveProperty("github_comment");
expect(mcpConfig.mcpServers).toHaveProperty("user_server");
expect(mcpConfig.mcpServers.github_comment.command).toBe("node");
expect(mcpConfig.mcpServers.user_server.command).toBe("custom");
});
test("should merge three mcp-config flags", () => {
const options: ClaudeOptions = {
claudeArgs: `--mcp-config '{"mcpServers":{"server1":{"command":"cmd1"}}}' --mcp-config '{"mcpServers":{"server2":{"command":"cmd2"}}}' --mcp-config '{"mcpServers":{"server3":{"command":"cmd3"}}}'`,
};
const result = parseSdkOptions(options);
const mcpConfig = JSON.parse(
result.sdkOptions.extraArgs?.["mcp-config"] as string,
);
expect(mcpConfig.mcpServers).toHaveProperty("server1");
expect(mcpConfig.mcpServers).toHaveProperty("server2");
expect(mcpConfig.mcpServers).toHaveProperty("server3");
});
test("should handle mcp-config file path when no inline JSON exists", () => {
const options: ClaudeOptions = {
claudeArgs: `--mcp-config /tmp/user-mcp-config.json`,
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.extraArgs?.["mcp-config"]).toBe(
"/tmp/user-mcp-config.json",
);
});
test("should merge inline JSON configs when file path is also present", () => {
// When action provides inline JSON and user provides a file path,
// the inline JSON configs should be merged (file paths cannot be merged at parse time)
const options: ClaudeOptions = {
claudeArgs: `--mcp-config '{"mcpServers":{"github_comment":{"command":"node"}}}' --mcp-config '{"mcpServers":{"github_ci":{"command":"node"}}}' --mcp-config /tmp/user-config.json`,
};
const result = parseSdkOptions(options);
// The inline JSON configs should be merged
const mcpConfig = JSON.parse(
result.sdkOptions.extraArgs?.["mcp-config"] as string,
);
expect(mcpConfig.mcpServers).toHaveProperty("github_comment");
expect(mcpConfig.mcpServers).toHaveProperty("github_ci");
});
test("should handle mcp-config with other flags", () => {
const options: ClaudeOptions = {
claudeArgs: `--mcp-config '{"mcpServers":{"server1":{}}}' --model claude-3-5-sonnet --mcp-config '{"mcpServers":{"server2":{}}}'`,
};
const result = parseSdkOptions(options);
const mcpConfig = JSON.parse(
result.sdkOptions.extraArgs?.["mcp-config"] as string,
);
expect(mcpConfig.mcpServers).toHaveProperty("server1");
expect(mcpConfig.mcpServers).toHaveProperty("server2");
expect(result.sdkOptions.extraArgs?.["model"]).toBe("claude-3-5-sonnet");
});
test("should handle real-world scenario: action config + user config", () => {
// This is the exact scenario from the bug report
const actionConfig = JSON.stringify({
mcpServers: {
github_comment: {
command: "node",
args: ["github-comment-server.js"],
},
github_ci: { command: "node", args: ["github-ci-server.js"] },
},
});
const userConfig = JSON.stringify({
mcpServers: {
my_custom_server: { command: "python", args: ["server.py"] },
},
});
const options: ClaudeOptions = {
claudeArgs: `--mcp-config '${actionConfig}' --mcp-config '${userConfig}'`,
};
const result = parseSdkOptions(options);
const mcpConfig = JSON.parse(
result.sdkOptions.extraArgs?.["mcp-config"] as string,
);
// All servers should be present
expect(mcpConfig.mcpServers).toHaveProperty("github_comment");
expect(mcpConfig.mcpServers).toHaveProperty("github_ci");
expect(mcpConfig.mcpServers).toHaveProperty("my_custom_server");
});
});
describe("other extraArgs passthrough", () => {
test("should pass through json-schema in extraArgs", () => {
const options: ClaudeOptions = {
claudeArgs: `--json-schema '{"type":"object"}'`,
};
const result = parseSdkOptions(options);
expect(result.sdkOptions.extraArgs?.["json-schema"]).toBe(
'{"type":"object"}',
);
expect(result.hasJsonSchema).toBe(true);
});
});
});

71
base-action/test/structured-output.test.ts
View File

@@ -4,10 +4,7 @@ import { describe, test, expect, afterEach, beforeEach, spyOn } from "bun:test";
import { writeFile, unlink } from "fs/promises";
import { tmpdir } from "os";
import { join } from "path";
import {
parseAndSetStructuredOutputs,
parseAndSetSessionId,
} from "../src/run-claude";
import { parseAndSetStructuredOutputs } from "../src/run-claude";
import * as core from "@actions/core";
// Mock execution file path
@@ -38,19 +35,16 @@ async function createMockExecutionFile(
// Spy on core functions
let setOutputSpy: any;
let infoSpy: any;
let warningSpy: any;
beforeEach(() => {
setOutputSpy = spyOn(core, "setOutput").mockImplementation(() => {});
infoSpy = spyOn(core, "info").mockImplementation(() => {});
warningSpy = spyOn(core, "warning").mockImplementation(() => {});
});
describe("parseAndSetStructuredOutputs", () => {
afterEach(async () => {
setOutputSpy?.mockRestore();
infoSpy?.mockRestore();
warningSpy?.mockRestore();
try {
await unlink(TEST_EXECUTION_FILE);
} catch {
@@ -162,66 +156,3 @@ describe("parseAndSetStructuredOutputs", () => {
);
});
});
describe("parseAndSetSessionId", () => {
afterEach(async () => {
setOutputSpy?.mockRestore();
infoSpy?.mockRestore();
warningSpy?.mockRestore();
try {
await unlink(TEST_EXECUTION_FILE);
} catch {
// Ignore if file doesn't exist
}
});
test("should extract session_id from system.init message", async () => {
const messages = [
{ type: "system", subtype: "init", session_id: "test-session-123" },
{ type: "result", cost_usd: 0.01 },
];
await writeFile(TEST_EXECUTION_FILE, JSON.stringify(messages));
await parseAndSetSessionId(TEST_EXECUTION_FILE);
expect(setOutputSpy).toHaveBeenCalledWith("session_id", "test-session-123");
expect(infoSpy).toHaveBeenCalledWith("Set session_id: test-session-123");
});
test("should handle missing session_id gracefully", async () => {
const messages = [
{ type: "system", subtype: "init" },
{ type: "result", cost_usd: 0.01 },
];
await writeFile(TEST_EXECUTION_FILE, JSON.stringify(messages));
await parseAndSetSessionId(TEST_EXECUTION_FILE);
expect(setOutputSpy).not.toHaveBeenCalled();
});
test("should handle missing system.init message gracefully", async () => {
const messages = [{ type: "result", cost_usd: 0.01 }];
await writeFile(TEST_EXECUTION_FILE, JSON.stringify(messages));
await parseAndSetSessionId(TEST_EXECUTION_FILE);
expect(setOutputSpy).not.toHaveBeenCalled();
});
test("should handle malformed JSON gracefully with warning", async () => {
await writeFile(TEST_EXECUTION_FILE, "{ invalid json");
await parseAndSetSessionId(TEST_EXECUTION_FILE);
expect(setOutputSpy).not.toHaveBeenCalled();
expect(warningSpy).toHaveBeenCalled();
});
test("should handle non-existent file gracefully with warning", async () => {
await parseAndSetSessionId("/nonexistent/file.json");
expect(setOutputSpy).not.toHaveBeenCalled();
expect(warningSpy).toHaveBeenCalled();
});
});

34
bun.lock
View File

@@ -1,13 +1,11 @@
{
"lockfileVersion": 1,
"configVersion": 0,
"workspaces": {
"": {
"name": "@anthropic-ai/claude-code-action",
"dependencies": {
"@actions/core": "^1.10.1",
"@actions/github": "^6.0.1",
"@anthropic-ai/claude-agent-sdk": "^0.2.11",
"@modelcontextprotocol/sdk": "^1.11.0",
"@octokit/graphql": "^8.2.2",
"@octokit/rest": "^21.1.1",
@@ -37,40 +35,8 @@
"@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
"@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.11", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-50q4vfh57HYTUrwukULp3gvSaOZfRF5zukxhWvW6mmUHuD8+Xwhqn59sZhoDz9ZUw6Um+1lUCgWpJw5/TTMn5w=="],
"@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
"@img/sharp-darwin-arm64": ["@img/sharp-darwin-arm64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-darwin-arm64": "1.0.4" }, "os": "darwin", "cpu": "arm64" }, "sha512-UT4p+iz/2H4twwAoLCqfA9UH5pI6DggwKEGuaPy7nCVQ8ZsiY5PIcrRvD1DzuY3qYL07NtIQcWnBSY/heikIFQ=="],
"@img/sharp-darwin-x64": ["@img/sharp-darwin-x64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-darwin-x64": "1.0.4" }, "os": "darwin", "cpu": "x64" }, "sha512-fyHac4jIc1ANYGRDxtiqelIbdWkIuQaI84Mv45KvGRRxSAa7o7d1ZKAOBaYbnepLC1WqxfpimdeWfvqqSGwR2Q=="],
"@img/sharp-libvips-darwin-arm64": ["@img/sharp-libvips-darwin-arm64@1.0.4", "", { "os": "darwin", "cpu": "arm64" }, "sha512-XblONe153h0O2zuFfTAbQYAX2JhYmDHeWikp1LM9Hul9gVPjFY427k6dFEcOL72O01QxQsWi761svJ/ev9xEDg=="],
"@img/sharp-libvips-darwin-x64": ["@img/sharp-libvips-darwin-x64@1.0.4", "", { "os": "darwin", "cpu": "x64" }, "sha512-xnGR8YuZYfJGmWPvmlunFaWJsb9T/AO2ykoP3Fz/0X5XV2aoYBPkX6xqCQvUTKKiLddarLaxpzNe+b1hjeWHAQ=="],
"@img/sharp-libvips-linux-arm": ["@img/sharp-libvips-linux-arm@1.0.5", "", { "os": "linux", "cpu": "arm" }, "sha512-gvcC4ACAOPRNATg/ov8/MnbxFDJqf/pDePbBnuBDcjsI8PssmjoKMAz4LtLaVi+OnSb5FK/yIOamqDwGmXW32g=="],
"@img/sharp-libvips-linux-arm64": ["@img/sharp-libvips-linux-arm64@1.0.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-9B+taZ8DlyyqzZQnoeIvDVR/2F4EbMepXMc/NdVbkzsJbzkUjhXv/70GQJ7tdLA4YJgNP25zukcxpX2/SueNrA=="],
"@img/sharp-libvips-linux-x64": ["@img/sharp-libvips-linux-x64@1.0.4", "", { "os": "linux", "cpu": "x64" }, "sha512-MmWmQ3iPFZr0Iev+BAgVMb3ZyC4KeFc3jFxnNbEPas60e1cIfevbtuyf9nDGIzOaW9PdnDciJm+wFFaTlj5xYw=="],
"@img/sharp-libvips-linuxmusl-arm64": ["@img/sharp-libvips-linuxmusl-arm64@1.0.4", "", { "os": "linux", "cpu": "arm64" }, "sha512-9Ti+BbTYDcsbp4wfYib8Ctm1ilkugkA/uscUn6UXK1ldpC1JjiXbLfFZtRlBhjPZ5o1NCLiDbg8fhUPKStHoTA=="],
"@img/sharp-libvips-linuxmusl-x64": ["@img/sharp-libvips-linuxmusl-x64@1.0.4", "", { "os": "linux", "cpu": "x64" }, "sha512-viYN1KX9m+/hGkJtvYYp+CCLgnJXwiQB39damAO7WMdKWlIhmYTfHjwSbQeUK/20vY154mwezd9HflVFM1wVSw=="],
"@img/sharp-linux-arm": ["@img/sharp-linux-arm@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-arm": "1.0.5" }, "os": "linux", "cpu": "arm" }, "sha512-JTS1eldqZbJxjvKaAkxhZmBqPRGmxgu+qFKSInv8moZ2AmT5Yib3EQ1c6gp493HvrvV8QgdOXdyaIBrhvFhBMQ=="],
"@img/sharp-linux-arm64": ["@img/sharp-linux-arm64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-arm64": "1.0.4" }, "os": "linux", "cpu": "arm64" }, "sha512-JMVv+AMRyGOHtO1RFBiJy/MBsgz0x4AWrT6QoEVVTyh1E39TrCUpTRI7mx9VksGX4awWASxqCYLCV4wBZHAYxA=="],
"@img/sharp-linux-x64": ["@img/sharp-linux-x64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linux-x64": "1.0.4" }, "os": "linux", "cpu": "x64" }, "sha512-opC+Ok5pRNAzuvq1AG0ar+1owsu842/Ab+4qvU879ippJBHvyY5n2mxF1izXqkPYlGuP/M556uh53jRLJmzTWA=="],
"@img/sharp-linuxmusl-arm64": ["@img/sharp-linuxmusl-arm64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linuxmusl-arm64": "1.0.4" }, "os": "linux", "cpu": "arm64" }, "sha512-XrHMZwGQGvJg2V/oRSUfSAfjfPxO+4DkiRh6p2AFjLQztWUuY/o8Mq0eMQVIY7HJ1CDQUJlxGGZRw1a5bqmd1g=="],
"@img/sharp-linuxmusl-x64": ["@img/sharp-linuxmusl-x64@0.33.5", "", { "optionalDependencies": { "@img/sharp-libvips-linuxmusl-x64": "1.0.4" }, "os": "linux", "cpu": "x64" }, "sha512-WT+d/cgqKkkKySYmqoZ8y3pxx7lx9vVejxW/W4DOFMYVSkErR+w7mf2u8m/y4+xHe7yY9DAXQMWQhpnMuFfScw=="],
"@img/sharp-win32-x64": ["@img/sharp-win32-x64@0.33.5", "", { "os": "win32", "cpu": "x64" }, "sha512-MpY/o8/8kj+EcnxwvrP4aTJSWw/aZ7JIGR4aBeZkZw5B7/Jn+tY9/VNwtcoGmdT7GfggGIU4kygOMSbYnOrAbg=="],
"@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.16.0", "", { "dependencies": { "ajv": "^6.12.6", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.0.1", "express-rate-limit": "^7.5.0", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.23.8", "zod-to-json-schema": "^3.24.1" } }, "sha512-8ofX7gkZcLj9H9rSd50mCgm3SSF8C7XoclxJuLoV0Cz3rEQ1tv9MZRYYvJtm9n1BiEQQMzSmE/w2AEkNacLYfg=="],
"@octokit/auth-token": ["@octokit/auth-token@4.0.0", "", {}, "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA=="],

2
docs/cloud-providers.md
View File

@@ -7,7 +7,7 @@ You can authenticate with Claude using any of these four methods:
3. Google Vertex AI with OIDC authentication
4. Microsoft Foundry with OIDC authentication
For detailed setup instructions for AWS Bedrock and Google Vertex AI, see the [official documentation](https://code.claude.com/docs/en/github-actions#for-aws-bedrock:).
For detailed setup instructions for AWS Bedrock and Google Vertex AI, see the [official documentation](https://docs.anthropic.com/en/docs/claude-code/github-actions#using-with-aws-bedrock-%26-google-vertex-ai).
**Note**:

65
docs/experimental.md
View File

@@ -61,3 +61,68 @@ For specialized use cases, you can fine-tune behavior using `claude_args`:
--system-prompt "You are a code review specialist"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
```
## Network Restrictions
For enhanced security, you can restrict Claude's network access to specific domains only. This feature is particularly useful for:
- Enterprise environments with strict security policies
- Preventing access to external services
- Limiting Claude to only your internal APIs and services
When `experimental_allowed_domains` is set, Claude can only access the domains you explicitly list. You'll need to include the appropriate provider domains based on your authentication method.
### Provider-Specific Examples
#### If using Anthropic API or subscription
```yaml
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
# Or: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
experimental_allowed_domains: |
.anthropic.com
```
#### If using AWS Bedrock
```yaml
- uses: anthropics/claude-code-action@v1
with:
use_bedrock: "true"
experimental_allowed_domains: |
bedrock.*.amazonaws.com
bedrock-runtime.*.amazonaws.com
```
#### If using Google Vertex AI
```yaml
- uses: anthropics/claude-code-action@v1
with:
use_vertex: "true"
experimental_allowed_domains: |
*.googleapis.com
vertexai.googleapis.com
```
### Common GitHub Domains
In addition to your provider domains, you may need to include GitHub-related domains. For GitHub.com users, common domains include:
```yaml
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
experimental_allowed_domains: |
.anthropic.com # For Anthropic API
.github.com
.githubusercontent.com
ghcr.io
.blob.core.windows.net
```
For GitHub Enterprise users, replace the GitHub.com domains above with your enterprise domains (e.g., `.github.company.com`, `packages.company.com`, etc.).
To determine which domains your workflow needs, you can temporarily run without restrictions and monitor the network requests, or check your GitHub Enterprise configuration for the specific services you use.

69
docs/security.md
View File

@@ -13,16 +13,6 @@
- **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
- **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions
## Pull Request Creation
In its default configuration, **Claude does not create pull requests automatically** when responding to `@claude` mentions. Instead:
- Claude commits code changes to a new branch
- Claude provides a **link to the GitHub PR creation page** in its response
- **The user must click the link and create the PR themselves**, ensuring human oversight before any code is proposed for merging
This design ensures that users retain full control over what pull requests are created and can review the changes before initiating the PR workflow.
## ⚠️ Prompt Injection Risks
**Beware of potential hidden markdown when tagging Claude on untrusted content.** External contributors may include hidden instructions through HTML comments, invisible characters, hidden attributes, or other techniques. The action sanitizes content by stripping HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities, but new bypass techniques may emerge. We recommend reviewing the raw content of all input coming from external contributors before allowing Claude to process it.
@@ -48,64 +38,7 @@ The following permissions are requested but not yet actively used. These will en
## Commit Signing
By default, commits made by Claude are unsigned. You can enable commit signing using one of two methods:
### Option 1: GitHub API Commit Signing (use_commit_signing)
This uses GitHub's API to create commits, which automatically signs them as verified from the GitHub App:
```yaml
- uses: anthropics/claude-code-action@main
with:
use_commit_signing: true
```
This is the simplest option and requires no additional setup. However, because it uses the GitHub API instead of git CLI, it cannot perform complex git operations like rebasing, cherry-picking, or interactive history manipulation.
### Option 2: SSH Signing Key (ssh_signing_key)
This uses an SSH key to sign commits via git CLI. Use this option when you need both signed commits AND standard git operations (rebasing, cherry-picking, etc.):
```yaml
- uses: anthropics/claude-code-action@main
with:
ssh_signing_key: ${{ secrets.SSH_SIGNING_KEY }}
bot_id: "YOUR_GITHUB_USER_ID"
bot_name: "YOUR_GITHUB_USERNAME"
```
Commits will show as verified and attributed to the GitHub account that owns the signing key.
**Setup steps:**
1. Generate an SSH key pair for signing:
```bash
ssh-keygen -t ed25519 -f ~/.ssh/signing_key -N "" -C "commit signing key"
```
2. Add the **public key** to your GitHub account:
- Go to GitHub → Settings → SSH and GPG keys
- Click "New SSH key"
- Select **Key type: Signing Key** (important)
- Paste the contents of `~/.ssh/signing_key.pub`
3. Add the **private key** to your repository secrets:
- Go to your repo → Settings → Secrets and variables → Actions
- Create a new secret named `SSH_SIGNING_KEY`
- Paste the contents of `~/.ssh/signing_key`
4. Get your GitHub user ID:
```bash
gh api users/YOUR_USERNAME --jq '.id'
```
5. Update your workflow with `bot_id` and `bot_name` matching the account where you added the signing key.
**Note:** If both `ssh_signing_key` and `use_commit_signing` are provided, `ssh_signing_key` takes precedence.
Commits made by Claude through this action are no longer automatically signed with commit signatures. To enable commit signing set `use_commit_signing: True` in the workflow(s). This ensures the authenticity and integrity of commits, providing a verifiable trail of changes made by the action.
## ⚠️ Authentication Protection

9
docs/usage.md
View File

@@ -58,7 +58,6 @@ jobs:
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No\* | - |
| `prompt` | Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - |
| `track_progress` | Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No | `false` |
| `include_fix_links` | Include 'Fix this' links in PR code review feedback that open Claude Code with context to fix the identified issue | No | `true` |
| `claude_args` | Additional [arguments to pass directly to Claude CLI](https://docs.claude.com/en/docs/claude-code/cli-reference#cli-flags) (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" |
| `base_branch` | The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - |
| `use_sticky_comment` | Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No | `false` |
@@ -71,10 +70,10 @@ jobs:
| `branch_prefix` | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No | `claude/` |
| `settings` | Claude Code settings as JSON string or path to settings JSON file | No | "" |
| `additional_permissions` | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" |
| `use_commit_signing` | Enable commit signing using GitHub's API. Simple but cannot perform complex git operations like rebasing. See [Security](./security.md#commit-signing) | No | `false` |
| `ssh_signing_key` | SSH private key for signing commits. Enables signed commits with full git CLI support (rebasing, etc.). See [Security](./security.md#commit-signing) | No | "" |
| `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID). Required with `ssh_signing_key` for verified commits | No | `41898282` |
| `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name). Required with `ssh_signing_key` for verified commits | No | `claude[bot]` |
| `experimental_allowed_domains` | Restrict network access to these domains only (newline-separated). | No | "" |
| `use_commit_signing` | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No | `false` |
| `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID) | No | `41898282` |
| `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name) | No | `claude[bot]` |
| `allowed_bots` | Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots | No | "" |
| `allowed_non_write_users` | **⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md) | No | "" |
| `path_to_claude_code_executable` | Optional path to a custom Claude Code executable. Skips automatic installation. Useful for Nix, custom containers, or specialized environments | No | "" |

1
package.json
View File

@@ -12,7 +12,6 @@
"dependencies": {
"@actions/core": "^1.10.1",
"@actions/github": "^6.0.1",
"@anthropic-ai/claude-agent-sdk": "^0.2.11",
"@modelcontextprotocol/sdk": "^1.11.0",
"@octokit/graphql": "^8.2.2",
"@octokit/rest": "^21.1.1",

123
scripts/setup-network-restrictions.sh Executable file
View File

@@ -0,0 +1,123 @@
#!/bin/bash
# Setup Network Restrictions with Squid Proxy
# This script sets up a Squid proxy to restrict network access to whitelisted domains only.
set -e
# Check if experimental_allowed_domains is provided
if [ -z "$EXPERIMENTAL_ALLOWED_DOMAINS" ]; then
echo "ERROR: EXPERIMENTAL_ALLOWED_DOMAINS environment variable is required"
exit 1
fi
# Check required environment variables
if [ -z "$RUNNER_TEMP" ]; then
echo "ERROR: RUNNER_TEMP environment variable is required"
exit 1
fi
if [ -z "$GITHUB_ENV" ]; then
echo "ERROR: GITHUB_ENV environment variable is required"
exit 1
fi
echo "Setting up network restrictions with Squid proxy..."
SQUID_START_TIME=$(date +%s.%N)
# Create whitelist file
echo "$EXPERIMENTAL_ALLOWED_DOMAINS" > $RUNNER_TEMP/whitelist.txt
# Ensure each domain has proper format
# If domain doesn't start with a dot and isn't an IP, add the dot for subdomain matching
mv $RUNNER_TEMP/whitelist.txt $RUNNER_TEMP/whitelist.txt.orig
while IFS= read -r domain; do
if [ -n "$domain" ]; then
# Trim whitespace
domain=$(echo "$domain" | xargs)
# If it's not empty and doesn't start with a dot, add one
if [[ "$domain" != .* ]] && [[ ! "$domain" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo ".$domain" >> $RUNNER_TEMP/whitelist.txt
else
echo "$domain" >> $RUNNER_TEMP/whitelist.txt
fi
fi
done < $RUNNER_TEMP/whitelist.txt.orig
# Create Squid config with whitelist
echo "http_port 3128" > $RUNNER_TEMP/squid.conf
echo "" >> $RUNNER_TEMP/squid.conf
echo "# Define ACLs" >> $RUNNER_TEMP/squid.conf
echo "acl whitelist dstdomain \"/etc/squid/whitelist.txt\"" >> $RUNNER_TEMP/squid.conf
echo "acl localnet src 127.0.0.1/32" >> $RUNNER_TEMP/squid.conf
echo "acl localnet src 172.17.0.0/16" >> $RUNNER_TEMP/squid.conf
echo "acl SSL_ports port 443" >> $RUNNER_TEMP/squid.conf
echo "acl Safe_ports port 80" >> $RUNNER_TEMP/squid.conf
echo "acl Safe_ports port 443" >> $RUNNER_TEMP/squid.conf
echo "acl CONNECT method CONNECT" >> $RUNNER_TEMP/squid.conf
echo "" >> $RUNNER_TEMP/squid.conf
echo "# Deny requests to certain unsafe ports" >> $RUNNER_TEMP/squid.conf
echo "http_access deny !Safe_ports" >> $RUNNER_TEMP/squid.conf
echo "" >> $RUNNER_TEMP/squid.conf
echo "# Only allow CONNECT to SSL ports" >> $RUNNER_TEMP/squid.conf
echo "http_access deny CONNECT !SSL_ports" >> $RUNNER_TEMP/squid.conf
echo "" >> $RUNNER_TEMP/squid.conf
echo "# Allow localhost" >> $RUNNER_TEMP/squid.conf
echo "http_access allow localhost" >> $RUNNER_TEMP/squid.conf
echo "" >> $RUNNER_TEMP/squid.conf
echo "# Allow localnet access to whitelisted domains" >> $RUNNER_TEMP/squid.conf
echo "http_access allow localnet whitelist" >> $RUNNER_TEMP/squid.conf
echo "" >> $RUNNER_TEMP/squid.conf
echo "# Deny everything else" >> $RUNNER_TEMP/squid.conf
echo "http_access deny all" >> $RUNNER_TEMP/squid.conf
echo "Starting Squid proxy..."
# First, remove any existing container
sudo docker rm -f squid-proxy 2>/dev/null || true
# Ensure whitelist file is not empty (Squid fails with empty files)
if [ ! -s "$RUNNER_TEMP/whitelist.txt" ]; then
echo "WARNING: Whitelist file is empty, adding a dummy entry"
echo ".example.com" >> $RUNNER_TEMP/whitelist.txt
fi
# Use sudo to prevent Claude from stopping the container
CONTAINER_ID=$(sudo docker run -d \
--name squid-proxy \
-p 127.0.0.1:3128:3128 \
-v $RUNNER_TEMP/squid.conf:/etc/squid/squid.conf:ro \
-v $RUNNER_TEMP/whitelist.txt:/etc/squid/whitelist.txt:ro \
ubuntu/squid:latest 2>&1) || {
echo "ERROR: Failed to start Squid container"
exit 1
}
# Wait for proxy to be ready (usually < 1 second)
READY=false
for i in {1..30}; do
if nc -z 127.0.0.1 3128 2>/dev/null; then
TOTAL_TIME=$(echo "scale=3; $(date +%s.%N) - $SQUID_START_TIME" | bc)
echo "Squid proxy ready in ${TOTAL_TIME}s"
READY=true
break
fi
sleep 0.1
done
if [ "$READY" != "true" ]; then
echo "ERROR: Squid proxy failed to start within 3 seconds"
echo "Container logs:"
sudo docker logs squid-proxy 2>&1 || true
echo "Container status:"
sudo docker ps -a | grep squid-proxy || true
exit 1
fi
# Set proxy environment variables
echo "http_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV
echo "https_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV
echo "HTTP_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV
echo "HTTPS_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV
echo "Network restrictions setup completed successfully"

203
src/create-prompt/index.ts
View File

@@ -21,12 +21,8 @@ import type { ParsedGitHubContext } from "../github/context";
import type { CommonFields, PreparedContext, EventData } from "./types";
import { GITHUB_SERVER_URL } from "../github/api/config";
import type { Mode, ModeContext } from "../modes/types";
import { extractUserRequest } from "../utils/extract-user-request";
export type { CommonFields, PreparedContext } from "./types";
/** Filename for the user request file, read by the SDK runner */
const USER_REQUEST_FILENAME = "claude-user-request.txt";
// Tag mode defaults - these tools are needed for tag mode to function
const BASE_ALLOWED_TOOLS = [
"Edit",
@@ -196,6 +192,11 @@ export function prepareContext(
if (!isPR) {
throw new Error("IS_PR must be true for pull_request_review event");
}
if (!commentBody) {
throw new Error(
"COMMENT_BODY is required for pull_request_review event",
);
}
eventData = {
eventName: "pull_request_review",
isPR: true,
@@ -463,123 +464,6 @@ export function generatePrompt(
return mode.generatePrompt(context, githubData, useCommitSigning);
}
/**
* Generates a simplified prompt for tag mode (opt-in via USE_SIMPLE_PROMPT env var)
* @internal
*/
function generateSimplePrompt(
context: PreparedContext,
githubData: FetchDataResult,
useCommitSigning: boolean = false,
): string {
const {
contextData,
comments,
changedFilesWithSHA,
reviewData,
imageUrlMap,
} = githubData;
const { eventData } = context;
const { triggerContext } = getEventTypeAndContext(context);
const formattedContext = formatContext(contextData, eventData.isPR);
const formattedComments = formatComments(comments, imageUrlMap);
const formattedReviewComments = eventData.isPR
? formatReviewComments(reviewData, imageUrlMap)
: "";
const formattedChangedFiles = eventData.isPR
? formatChangedFilesWithSHA(changedFilesWithSHA)
: "";
const hasImages = imageUrlMap && imageUrlMap.size > 0;
const imagesInfo = hasImages
? `\n\n<images_info>
Images from comments have been saved to disk. Paths are in the formatted content above. Use Read tool to view them.
</images_info>`
: "";
const formattedBody = contextData?.body
? formatBody(contextData.body, imageUrlMap)
: "No description provided";
const entityType = eventData.isPR ? "pull request" : "issue";
const jobUrl = `${GITHUB_SERVER_URL}/${context.repository}/actions/runs/${process.env.GITHUB_RUN_ID}`;
let promptContent = `You were tagged on a GitHub ${entityType} via "${context.triggerPhrase}". Read the request and decide how to help.
<context>
${formattedContext}
</context>
<${eventData.isPR ? "pr" : "issue"}_body>
${formattedBody}
</${eventData.isPR ? "pr" : "issue"}_body>
<comments>
${formattedComments || "No comments"}
</comments>
${
eventData.isPR
? `
<review_comments>
${formattedReviewComments || "No review comments"}
</review_comments>
<changed_files>
${formattedChangedFiles || "No files changed"}
</changed_files>`
: ""
}${imagesInfo}
<metadata>
repository: ${context.repository}
${eventData.isPR && eventData.prNumber ? `pr_number: ${eventData.prNumber}` : ""}
${!eventData.isPR && eventData.issueNumber ? `issue_number: ${eventData.issueNumber}` : ""}
trigger: ${triggerContext}
triggered_by: ${context.triggerUsername ?? "Unknown"}
claude_comment_id: ${context.claudeCommentId}
</metadata>
${
(eventData.eventName === "issue_comment" ||
eventData.eventName === "pull_request_review_comment" ||
eventData.eventName === "pull_request_review") &&
eventData.commentBody
? `
<trigger_comment>
${sanitizeContent(eventData.commentBody)}
</trigger_comment>`
: ""
}
Your request is in <trigger_comment> above${eventData.eventName === "issues" ? ` (or the ${entityType} body for assigned/labeled events)` : ""}.
Decide what's being asked:
1. **Question or code review** - Answer directly or provide feedback
2. **Code change** - Implement the change, commit, and push
Communication:
- Your ONLY visible output is your GitHub comment - update it with progress and results
- Use mcp__github_comment__update_claude_comment to update (only "body" param needed)
- Use checklist format for tasks: - [ ] incomplete, - [x] complete
- Use ### headers (not #)
${getCommitInstructions(eventData, githubData, context, useCommitSigning)}
${
eventData.claudeBranch
? `
When done with changes, provide a PR link:
[Create a PR](${GITHUB_SERVER_URL}/${context.repository}/compare/${eventData.baseBranch}...${eventData.claudeBranch}?quick_pull=1&title=<url-encoded-title>&body=<url-encoded-body>)
Use THREE dots (...) between branches. URL-encode all parameters.`
: ""
}
Always include at the bottom:
- Job link: [View job run](${jobUrl})
- Follow the repo's CLAUDE.md file for project-specific guidelines`;
return promptContent;
}
/**
* Generates the default prompt for tag mode
* @internal
@@ -589,10 +473,6 @@ export function generateDefaultPrompt(
githubData: FetchDataResult,
useCommitSigning: boolean = false,
): string {
// Use simplified prompt if opted in
if (process.env.USE_SIMPLE_PROMPT === "true") {
return generateSimplePrompt(context, githubData, useCommitSigning);
}
const {
contextData,
comments,
@@ -738,13 +618,7 @@ ${eventData.eventName === "issue_comment" || eventData.eventName === "pull_reque
- Reference specific code sections with file paths and line numbers${eventData.isPR ? `\n - AFTER reading files and analyzing code, you MUST call mcp__github_comment__update_claude_comment to post your review` : ""}
- Formulate a concise, technical, and helpful response based on the context.
- Reference specific code with inline formatting or code blocks.
- Include relevant file paths and line numbers when applicable.${
eventData.isPR && context.githubContext?.inputs.includeFixLinks
? `
- When identifying issues that could be fixed, include an inline link: [Fix this →](https://claude.ai/code?q=<URI_ENCODED_INSTRUCTIONS>&repo=${context.repository})
The query should be URI-encoded and include enough context for Claude Code to understand and fix the issue (file path, line numbers, branch name, what needs to change).`
: ""
}
- Include relevant file paths and line numbers when applicable.
- ${eventData.isPR ? `IMPORTANT: Submit your review feedback by updating the Claude comment using mcp__github_comment__update_claude_comment. This will be displayed as your PR review.` : `Remember that this feedback must be posted to the GitHub comment using mcp__github_comment__update_claude_comment.`}
B. For Straightforward Changes:
@@ -851,55 +725,6 @@ f. If you are unable to complete certain steps, such as running a linter or test
return promptContent;
}
/**
* Extracts the user's request from the prepared context and GitHub data.
*
* This is used to send the user's actual command/request as a separate
* content block, enabling slash command processing in the CLI.
*
* @param context - The prepared context containing event data and trigger phrase
* @param githubData - The fetched GitHub data containing issue/PR body content
* @returns The extracted user request text (e.g., "/review-pr" or "fix this bug"),
* or null for assigned/labeled events without an explicit trigger in the body
*
* @example
* // Comment event: "@claude /review-pr" -> returns "/review-pr"
* // Issue body with "@claude fix this" -> returns "fix this"
* // Issue assigned without @claude in body -> returns null
*/
function extractUserRequestFromContext(
context: PreparedContext,
githubData: FetchDataResult,
): string | null {
const { eventData, triggerPhrase } = context;
// For comment events, extract from comment body
if (
"commentBody" in eventData &&
eventData.commentBody &&
(eventData.eventName === "issue_comment" ||
eventData.eventName === "pull_request_review_comment" ||
eventData.eventName === "pull_request_review")
) {
return extractUserRequest(eventData.commentBody, triggerPhrase);
}
// For issue/PR events triggered by body content, extract from the body
if (githubData.contextData?.body) {
const request = extractUserRequest(
githubData.contextData.body,
triggerPhrase,
);
if (request) {
return request;
}
}
// For assigned/labeled events without explicit trigger in body,
// return null to indicate the full context should be used
return null;
}
export async function createPrompt(
mode: Mode,
modeContext: ModeContext,
@@ -948,22 +773,6 @@ export async function createPrompt(
promptContent,
);
// Extract and write the user request separately for SDK multi-block messaging
// This allows the CLI to process slash commands (e.g., "@claude /review-pr")
const userRequest = extractUserRequestFromContext(
preparedContext,
githubData,
);
if (userRequest) {
await writeFile(
`${process.env.RUNNER_TEMP || "/tmp"}/claude-prompts/${USER_REQUEST_FILENAME}`,
userRequest,
);
console.log("===== USER REQUEST =====");
console.log(userRequest);
console.log("========================");
}
// Set allowed tools
const hasActionsReadPermission = false;

2
src/create-prompt/types.ts
View File

@@ -23,7 +23,7 @@ type PullRequestReviewEvent = {
eventName: "pull_request_review";
isPR: true;
prNumber: string;
commentBody?: string; // May be absent for approvals without comments
commentBody: string;
claudeBranch?: string;
baseBranch?: string;
};

21
src/entrypoints/cleanup-ssh-signing.ts
View File

@@ -1,21 +0,0 @@
#!/usr/bin/env bun
/**
* Cleanup SSH signing key after action completes
* This is run as a post step for security purposes
*/
import { cleanupSshSigning } from "../github/operations/git-config";
async function run() {
try {
await cleanupSshSigning();
} catch (error) {
// Don't fail the action if cleanup fails, just log it
console.error("Failed to cleanup SSH signing key:", error);
}
}
if (import.meta.main) {
run();
}

2
src/entrypoints/collect-inputs.ts
View File

@@ -26,7 +26,7 @@ export function collectActionInputsPresence(): void {
max_turns: "",
use_sticky_comment: "false",
use_commit_signing: "false",
ssh_signing_key: "",
experimental_allowed_domains: "",
};
const allInputsJson = process.env.ALL_INPUTS;

6
src/entrypoints/update-comment-link.ts
View File

@@ -152,7 +152,7 @@ async function run() {
// Check if action failed and read output file for execution details
let executionDetails: {
total_cost_usd?: number;
cost_usd?: number;
duration_ms?: number;
duration_api_ms?: number;
} | null = null;
@@ -179,11 +179,11 @@ async function run() {
const lastElement = outputData[outputData.length - 1];
if (
lastElement.type === "result" &&
"total_cost_usd" in lastElement &&
"cost_usd" in lastElement &&
"duration_ms" in lastElement
) {
executionDetails = {
total_cost_usd: lastElement.total_cost_usd,
cost_usd: lastElement.cost_usd,
duration_ms: lastElement.duration_ms,
duration_api_ms: lastElement.duration_api_ms,
};

14
src/github/api/queries/github.ts
View File

@@ -13,16 +13,9 @@ export const PR_QUERY = `
headRefName
headRefOid
createdAt
updatedAt
lastEditedAt
additions
deletions
state
labels(first: 1) {
nodes {
name
}
}
commits(first: 100) {
totalCount
nodes {
@@ -103,14 +96,7 @@ export const ISSUE_QUERY = `
login
}
createdAt
updatedAt
lastEditedAt
state
labels(first: 1) {
nodes {
name
}
}
comments(first: 100) {
nodes {
id

6
src/github/context.ts
View File

@@ -88,16 +88,13 @@ type BaseContext = {
labelTrigger: string;
baseBranch?: string;
branchPrefix: string;
branchNameTemplate?: string;
useStickyComment: boolean;
useCommitSigning: boolean;
sshSigningKey: string;
botId: string;
botName: string;
allowedBots: string;
allowedNonWriteUsers: string;
trackProgress: boolean;
includeFixLinks: boolean;
};
};
@@ -146,16 +143,13 @@ export function parseGitHubContext(): GitHubContext {
labelTrigger: process.env.LABEL_TRIGGER ?? "",
baseBranch: process.env.BASE_BRANCH,
branchPrefix: process.env.BRANCH_PREFIX ?? "claude/",
branchNameTemplate: process.env.BRANCH_NAME_TEMPLATE,
useStickyComment: process.env.USE_STICKY_COMMENT === "true",
useCommitSigning: process.env.USE_COMMIT_SIGNING === "true",
sshSigningKey: process.env.SSH_SIGNING_KEY || "",
botId: process.env.BOT_ID ?? String(CLAUDE_APP_BOT_ID),
botName: process.env.BOT_NAME ?? CLAUDE_BOT_LOGIN,
allowedBots: process.env.ALLOWED_BOTS ?? "",
allowedNonWriteUsers: process.env.ALLOWED_NON_WRITE_USERS ?? "",
trackProgress: process.env.TRACK_PROGRESS === "true",
includeFixLinks: process.env.INCLUDE_FIX_LINKS === "true",
},
};

86
src/github/data/fetcher.ts
View File

@@ -3,8 +3,6 @@ import type { Octokits } from "../api/client";
import { ISSUE_QUERY, PR_QUERY, USER_QUERY } from "../api/queries/github";
import {
isIssueCommentEvent,
isIssuesEvent,
isPullRequestEvent,
isPullRequestReviewEvent,
isPullRequestReviewCommentEvent,
type ParsedGitHubContext,
@@ -42,31 +40,6 @@ export function extractTriggerTimestamp(
return undefined;
}
/**
* Extracts the original title from the GitHub webhook payload.
* This is the title as it existed when the trigger event occurred.
*
* @param context - Parsed GitHub context from webhook
* @returns The original title string or undefined if not available
*/
export function extractOriginalTitle(
context: ParsedGitHubContext,
): string | undefined {
if (isIssueCommentEvent(context)) {
return context.payload.issue?.title;
} else if (isPullRequestEvent(context)) {
return context.payload.pull_request?.title;
} else if (isPullRequestReviewEvent(context)) {
return context.payload.pull_request?.title;
} else if (isPullRequestReviewCommentEvent(context)) {
return context.payload.pull_request?.title;
} else if (isIssuesEvent(context)) {
return context.payload.issue?.title;
}
return undefined;
}
/**
* Filters comments to only include those that existed in their final state before the trigger time.
* This prevents malicious actors from editing comments after the trigger to inject harmful content.
@@ -134,38 +107,6 @@ export function filterReviewsToTriggerTime<
});
}
/**
* Checks if the issue/PR body was edited after the trigger time.
* This prevents a race condition where an attacker could edit the issue/PR body
* between when an authorized user triggered Claude and when Claude processes the request.
*
* @param contextData - The PR or issue data containing body and edit timestamps
* @param triggerTime - ISO timestamp of when the trigger event occurred
* @returns true if the body is safe to use, false if it was edited after trigger
*/
export function isBodySafeToUse(
contextData: { createdAt: string; updatedAt?: string; lastEditedAt?: string },
triggerTime: string | undefined,
): boolean {
// If no trigger time is available, we can't validate - allow the body
// This maintains backwards compatibility for triggers that don't have timestamps
if (!triggerTime) return true;
const triggerTimestamp = new Date(triggerTime).getTime();
// Check if the body was edited after the trigger
// Use lastEditedAt if available (more accurate for body edits), otherwise fall back to updatedAt
const lastEditTime = contextData.lastEditedAt || contextData.updatedAt;
if (lastEditTime) {
const lastEditTimestamp = new Date(lastEditTime).getTime();
if (lastEditTimestamp >= triggerTimestamp) {
return false;
}
}
return true;
}
type FetchDataParams = {
octokits: Octokits;
repository: string;
@@ -173,7 +114,6 @@ type FetchDataParams = {
isPR: boolean;
triggerUsername?: string;
triggerTime?: string;
originalTitle?: string;
};
export type GitHubFileWithSHA = GitHubFile & {
@@ -197,7 +137,6 @@ export async function fetchGitHubData({
isPR,
triggerUsername,
triggerTime,
originalTitle,
}: FetchDataParams): Promise<FetchDataResult> {
const [owner, repo] = repository.split("/");
if (!owner || !repo) {
@@ -334,13 +273,9 @@ export async function fetchGitHubData({
body: c.body,
}));
// Add the main issue/PR body if it has content and wasn't edited after trigger
// This prevents a TOCTOU race condition where an attacker could edit the body
// between when an authorized user triggered Claude and when Claude processes the request
let mainBody: CommentWithImages[] = [];
if (contextData.body) {
if (isBodySafeToUse(contextData, triggerTime)) {
mainBody = [
// Add the main issue/PR body if it has content
const mainBody: CommentWithImages[] = contextData.body
? [
{
...(isPR
? {
@@ -354,14 +289,8 @@ export async function fetchGitHubData({
body: contextData.body,
}),
},
];
} else {
console.warn(
`Security: ${isPR ? "PR" : "Issue"} #${prNumber} body was edited after the trigger event. ` +
`Excluding body content to prevent potential injection attacks.`,
);
}
}
]
: [];
const allComments = [
...mainBody,
@@ -383,11 +312,6 @@ export async function fetchGitHubData({
triggerDisplayName = await fetchUserDisplayName(octokits, triggerUsername);
}
// Use the original title from the webhook payload if provided
if (originalTitle !== undefined) {
contextData.title = originalTitle;
}
return {
contextData,
comments,

6
src/github/data/formatter.ts
View File

@@ -14,8 +14,7 @@ export function formatContext(
): string {
if (isPR) {
const prData = contextData as GitHubPullRequest;
const sanitizedTitle = sanitizeContent(prData.title);
return `PR Title: ${sanitizedTitle}
return `PR Title: ${prData.title}
PR Author: ${prData.author.login}
PR Branch: ${prData.headRefName} -> ${prData.baseRefName}
PR State: ${prData.state}
@@ -25,8 +24,7 @@ Total Commits: ${prData.commits.totalCount}
Changed Files: ${prData.files.nodes.length} files`;
} else {
const issueData = contextData as GitHubIssue;
const sanitizedTitle = sanitizeContent(issueData.title);
return `Issue Title: ${sanitizedTitle}
return `Issue Title: ${issueData.title}
Issue Author: ${issueData.author.login}
Issue State: ${issueData.state}`;
}

188
src/github/operations/branch.ts
View File

@@ -7,120 +7,11 @@
*/
import { $ } from "bun";
import { execFileSync } from "child_process";
import * as core from "@actions/core";
import type { ParsedGitHubContext } from "../context";
import type { GitHubPullRequest } from "../types";
import type { Octokits } from "../api/client";
import type { FetchDataResult } from "../data/fetcher";
import { generateBranchName } from "../../utils/branch-template";
/**
* Extracts the first label from GitHub data, or returns undefined if no labels exist
*/
function extractFirstLabel(githubData: FetchDataResult): string | undefined {
const labels = githubData.contextData.labels?.nodes;
return labels && labels.length > 0 ? labels[0]?.name : undefined;
}
/**
* Validates a git branch name against a strict whitelist pattern.
* This prevents command injection by ensuring only safe characters are used.
*
* Valid branch names:
* - Start with alphanumeric character (not dash, to prevent option injection)
* - Contain only alphanumeric, forward slash, hyphen, underscore, or period
* - Do not start or end with a period
* - Do not end with a slash
* - Do not contain '..' (path traversal)
* - Do not contain '//' (consecutive slashes)
* - Do not end with '.lock'
* - Do not contain '@{'
* - Do not contain control characters or special git characters (~^:?*[\])
*/
export function validateBranchName(branchName: string): void {
// Check for empty or whitespace-only names
if (!branchName || branchName.trim().length === 0) {
throw new Error("Branch name cannot be empty");
}
// Check for leading dash (prevents option injection like --help, -x)
if (branchName.startsWith("-")) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names cannot start with a dash.`,
);
}
// Check for control characters and special git characters (~^:?*[\])
// eslint-disable-next-line no-control-regex
if (/[\x00-\x1F\x7F ~^:?*[\]\\]/.test(branchName)) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names cannot contain control characters, spaces, or special git characters (~^:?*[\\]).`,
);
}
// Strict whitelist pattern: alphanumeric start, then alphanumeric/slash/hyphen/underscore/period
const validPattern = /^[a-zA-Z0-9][a-zA-Z0-9/_.-]*$/;
if (!validPattern.test(branchName)) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names must start with an alphanumeric character and contain only alphanumeric characters, forward slashes, hyphens, underscores, or periods.`,
);
}
// Check for leading/trailing periods
if (branchName.startsWith(".") || branchName.endsWith(".")) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names cannot start or end with a period.`,
);
}
// Check for trailing slash
if (branchName.endsWith("/")) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names cannot end with a slash.`,
);
}
// Check for consecutive slashes
if (branchName.includes("//")) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names cannot contain consecutive slashes.`,
);
}
// Additional git-specific validations
if (branchName.includes("..")) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names cannot contain '..'`,
);
}
if (branchName.endsWith(".lock")) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names cannot end with '.lock'`,
);
}
if (branchName.includes("@{")) {
throw new Error(
`Invalid branch name: "${branchName}". Branch names cannot contain '@{'`,
);
}
}
/**
* Executes a git command safely using execFileSync to avoid shell interpolation.
*
* Security: execFileSync passes arguments directly to the git binary without
* invoking a shell, preventing command injection attacks where malicious input
* could be interpreted as shell commands (e.g., branch names containing `;`, `|`, `&&`).
*
* @param args - Git command arguments (e.g., ["checkout", "branch-name"])
*/
function execGit(args: string[]): void {
execFileSync("git", args, { stdio: "inherit" });
}
export type BranchInfo = {
baseBranch: string;
@@ -135,7 +26,7 @@ export async function setupBranch(
): Promise<BranchInfo> {
const { owner, repo } = context.repository;
const entityNumber = context.entityNumber;
const { baseBranch, branchPrefix, branchNameTemplate } = context.inputs;
const { baseBranch, branchPrefix } = context.inputs;
const isPR = context.isPR;
if (isPR) {
@@ -162,19 +53,14 @@ export async function setupBranch(
`PR #${entityNumber}: ${commitCount} commits, using fetch depth ${fetchDepth}`,
);
// Validate branch names before use to prevent command injection
validateBranchName(branchName);
// Execute git commands to checkout PR branch (dynamic depth based on PR size)
// Using execFileSync instead of shell template literals for security
execGit(["fetch", "origin", `--depth=${fetchDepth}`, branchName]);
execGit(["checkout", branchName, "--"]);
await $`git fetch origin --depth=${fetchDepth} ${branchName}`;
await $`git checkout ${branchName} --`;
console.log(`Successfully checked out PR branch for PR #${entityNumber}`);
// For open PRs, we need to get the base branch of the PR
const baseBranch = prData.baseRefName;
validateBranchName(baseBranch);
return {
baseBranch,
@@ -201,8 +87,17 @@ export async function setupBranch(
// Generate branch name for either an issue or closed/merged PR
const entityType = isPR ? "pr" : "issue";
// Get the SHA of the source branch to use in template
let sourceSHA: string | undefined;
// Create Kubernetes-compatible timestamp: lowercase, hyphens only, shorter format
const now = new Date();
const timestamp = `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}-${String(now.getHours()).padStart(2, "0")}${String(now.getMinutes()).padStart(2, "0")}`;
// Ensure branch name is Kubernetes-compatible:
// - Lowercase only
// - Alphanumeric with hyphens
// - No underscores
// - Max 50 chars (to allow for prefixes)
const branchName = `${branchPrefix}${entityType}-${entityNumber}-${timestamp}`;
const newBranch = branchName.toLowerCase().substring(0, 50);
try {
// Get the SHA of the source branch to verify it exists
@@ -212,46 +107,8 @@ export async function setupBranch(
ref: `heads/${sourceBranch}`,
});
sourceSHA = sourceBranchRef.data.object.sha;
console.log(`Source branch SHA: ${sourceSHA}`);
// Extract first label from GitHub data
const firstLabel = extractFirstLabel(githubData);
// Extract title from GitHub data
const title = githubData.contextData.title;
// Generate branch name using template or default format
let newBranch = generateBranchName(
branchNameTemplate,
branchPrefix,
entityType,
entityNumber,
sourceSHA,
firstLabel,
title,
);
// Check if generated branch already exists on remote
try {
await $`git ls-remote --exit-code origin refs/heads/${newBranch}`.quiet();
// If we get here, branch exists (exit code 0)
console.log(
`Branch '${newBranch}' already exists, falling back to default format`,
);
newBranch = generateBranchName(
undefined, // Force default template
branchPrefix,
entityType,
entityNumber,
sourceSHA,
firstLabel,
title,
);
} catch {
// Branch doesn't exist (non-zero exit code), continue with generated name
}
const currentSHA = sourceBranchRef.data.object.sha;
console.log(`Source branch SHA: ${currentSHA}`);
// For commit signing, defer branch creation to the file ops server
if (context.inputs.useCommitSigning) {
@@ -261,9 +118,8 @@ export async function setupBranch(
// Ensure we're on the source branch
console.log(`Fetching and checking out source branch: ${sourceBranch}`);
validateBranchName(sourceBranch);
execGit(["fetch", "origin", sourceBranch, "--depth=1"]);
execGit(["checkout", sourceBranch, "--"]);
await $`git fetch origin ${sourceBranch} --depth=1`;
await $`git checkout ${sourceBranch}`;
// Set outputs for GitHub Actions
core.setOutput("CLAUDE_BRANCH", newBranch);
@@ -282,13 +138,11 @@ export async function setupBranch(
// Fetch and checkout the source branch first to ensure we branch from the correct base
console.log(`Fetching and checking out source branch: ${sourceBranch}`);
validateBranchName(sourceBranch);
validateBranchName(newBranch);
execGit(["fetch", "origin", sourceBranch, "--depth=1"]);
execGit(["checkout", sourceBranch, "--"]);
await $`git fetch origin ${sourceBranch} --depth=1`;
await $`git checkout ${sourceBranch}`;
// Create and checkout the new branch from the source branch
execGit(["checkout", "-b", newBranch]);
await $`git checkout -b ${newBranch}`;
console.log(
`Successfully created and checked out local branch: ${newBranch}`,

2
src/github/operations/comment-logic.ts
View File

@@ -1,7 +1,7 @@
import { GITHUB_SERVER_URL } from "../api/config";
export type ExecutionDetails = {
total_cost_usd?: number;
cost_usd?: number;
duration_ms?: number;
duration_api_ms?: number;
};

57
src/github/operations/git-config.ts
View File

@@ -6,14 +6,9 @@
*/
import { $ } from "bun";
import { mkdir, writeFile, rm } from "fs/promises";
import { join } from "path";
import { homedir } from "os";
import type { GitHubContext } from "../context";
import { GITHUB_SERVER_URL } from "../api/config";
const SSH_SIGNING_KEY_PATH = join(homedir(), ".ssh", "claude_signing_key");
type GitUser = {
login: string;
id: number;
@@ -59,55 +54,3 @@ export async function configureGitAuth(
console.log("Git authentication configured successfully");
}
/**
* Configure git to use SSH signing for commits
* This is an alternative to GitHub API-based commit signing (use_commit_signing)
*/
export async function setupSshSigning(sshSigningKey: string): Promise<void> {
console.log("Configuring SSH signing for commits...");
// Validate SSH key format
if (!sshSigningKey.trim()) {
throw new Error("SSH signing key cannot be empty");
}
if (
!sshSigningKey.includes("BEGIN") ||
!sshSigningKey.includes("PRIVATE KEY")
) {
throw new Error("Invalid SSH private key format");
}
// Create .ssh directory with secure permissions (700)
const sshDir = join(homedir(), ".ssh");
await mkdir(sshDir, { recursive: true, mode: 0o700 });
// Ensure key ends with newline (required for ssh-keygen to parse it)
const normalizedKey = sshSigningKey.endsWith("\n")
? sshSigningKey
: sshSigningKey + "\n";
// Write the signing key atomically with secure permissions (600)
await writeFile(SSH_SIGNING_KEY_PATH, normalizedKey, { mode: 0o600 });
console.log(`✓ SSH signing key written to ${SSH_SIGNING_KEY_PATH}`);
// Configure git to use SSH signing
await $`git config gpg.format ssh`;
await $`git config user.signingkey ${SSH_SIGNING_KEY_PATH}`;
await $`git config commit.gpgsign true`;
console.log("✓ Git configured to use SSH signing for commits");
}
/**
* Clean up the SSH signing key file
* Should be called in the post step for security
*/
export async function cleanupSshSigning(): Promise<void> {
try {
await rm(SSH_SIGNING_KEY_PATH, { force: true });
console.log("✓ SSH signing key cleaned up");
} catch (error) {
console.log("No SSH signing key to clean up");
}
}

14
src/github/types.ts
View File

@@ -58,16 +58,9 @@ export type GitHubPullRequest = {
headRefName: string;
headRefOid: string;
createdAt: string;
updatedAt?: string;
lastEditedAt?: string;
additions: number;
deletions: number;
state: string;
labels: {
nodes: Array<{
name: string;
}>;
};
commits: {
totalCount: number;
nodes: Array<{
@@ -90,14 +83,7 @@ export type GitHubIssue = {
body: string;
author: GitHubAuthor;
createdAt: string;
updatedAt?: string;
lastEditedAt?: string;
state: string;
labels: {
nodes: Array<{
name: string;
}>;
};
comments: {
nodes: GitHubComment[];
};

4
src/github/validation/actor.ts
View File

@@ -6,11 +6,11 @@
*/
import type { Octokit } from "@octokit/rest";
import type { GitHubContext } from "../context";
import type { ParsedGitHubContext } from "../context";
export async function checkHumanActor(
octokit: Octokit,
githubContext: GitHubContext,
githubContext: ParsedGitHubContext,
) {
// Fetch user information from GitHub API
const { data: userData } = await octokit.users.getByUsername({

39
src/mcp/github-file-ops-server.ts
View File

@@ -4,12 +4,11 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";
import { readFile, stat } from "fs/promises";
import { resolve } from "path";
import { join } from "path";
import { constants } from "fs";
import fetch from "node-fetch";
import { GITHUB_API_URL } from "../github/api/config";
import { retryWithBackoff } from "../utils/retry";
import { validatePathWithinRepo } from "./path-validation";
type GitHubRef = {
object: {
@@ -214,18 +213,12 @@ server.tool(
throw new Error("GITHUB_TOKEN environment variable is required");
}
// Validate all paths are within repository root and get full/relative paths
const resolvedRepoDir = resolve(REPO_DIR);
const validatedFiles = await Promise.all(
files.map(async (filePath) => {
const fullPath = await validatePathWithinRepo(filePath, REPO_DIR);
// Calculate the relative path for the git tree entry
// Use the original filePath (normalized) for the git path, not the symlink-resolved path
const normalizedPath = resolve(resolvedRepoDir, filePath);
const relativePath = normalizedPath.slice(resolvedRepoDir.length + 1);
return { fullPath, relativePath };
}),
);
const processedFiles = files.map((filePath) => {
if (filePath.startsWith("/")) {
return filePath.slice(1);
}
return filePath;
});
// 1. Get the branch reference (create if doesn't exist)
const baseSha = await getOrCreateBranchRef(
@@ -254,14 +247,18 @@ server.tool(
// 3. Create tree entries for all files
const treeEntries = await Promise.all(
validatedFiles.map(async ({ fullPath, relativePath }) => {
processedFiles.map(async (filePath) => {
const fullPath = filePath.startsWith("/")
? filePath
: join(REPO_DIR, filePath);
// Get the proper file mode based on file permissions
const fileMode = await getFileMode(fullPath);
// Check if file is binary (images, etc.)
const isBinaryFile =
/\.(png|jpg|jpeg|gif|webp|ico|pdf|zip|tar|gz|exe|bin|woff|woff2|ttf|eot)$/i.test(
relativePath,
filePath,
);
if (isBinaryFile) {
@@ -287,7 +284,7 @@ server.tool(
if (!blobResponse.ok) {
const errorText = await blobResponse.text();
throw new Error(
`Failed to create blob for ${relativePath}: ${blobResponse.status} - ${errorText}`,
`Failed to create blob for ${filePath}: ${blobResponse.status} - ${errorText}`,
);
}
@@ -295,7 +292,7 @@ server.tool(
// Return tree entry with blob SHA
return {
path: relativePath,
path: filePath,
mode: fileMode,
type: "blob",
sha: blobData.sha,
@@ -304,7 +301,7 @@ server.tool(
// For text files, include content directly in tree
const content = await readFile(fullPath, "utf-8");
return {
path: relativePath,
path: filePath,
mode: fileMode,
type: "blob",
content: content,
@@ -424,9 +421,7 @@ server.tool(
author: newCommitData.author.name,
date: newCommitData.author.date,
},
files: validatedFiles.map(({ relativePath }) => ({
path: relativePath,
})),
files: processedFiles.map((path) => ({ path })),
tree: {
sha: treeData.sha,
},

64
src/mcp/path-validation.ts
View File

@@ -1,64 +0,0 @@
import { realpath } from "fs/promises";
import { resolve, sep } from "path";
/**
* Validates that a file path resolves within the repository root.
* Prevents path traversal attacks via "../" sequences and symlinks.
* @param filePath - The file path to validate (can be relative or absolute)
* @param repoRoot - The repository root directory
* @returns The resolved absolute path (with symlinks resolved) if valid
* @throws Error if the path resolves outside the repository root
*/
export async function validatePathWithinRepo(
filePath: string,
repoRoot: string,
): Promise<string> {
// First resolve the path string (handles .. and . segments)
const initialPath = resolve(repoRoot, filePath);
// Resolve symlinks to get the real path
// This prevents symlink attacks where a link inside the repo points outside
let resolvedRoot: string;
let resolvedPath: string;
try {
resolvedRoot = await realpath(repoRoot);
} catch {
throw new Error(`Repository root '${repoRoot}' does not exist`);
}
try {
resolvedPath = await realpath(initialPath);
} catch {
// File doesn't exist yet - fall back to checking the parent directory
// This handles the case where we're creating a new file
const parentDir = resolve(initialPath, "..");
try {
const resolvedParent = await realpath(parentDir);
if (
resolvedParent !== resolvedRoot &&
!resolvedParent.startsWith(resolvedRoot + sep)
) {
throw new Error(
`Path '${filePath}' resolves outside the repository root`,
);
}
// Parent is valid, return the initial path since file doesn't exist yet
return initialPath;
} catch {
throw new Error(
`Path '${filePath}' resolves outside the repository root`,
);
}
}
// Path must be within repo root (or be the root itself)
if (
resolvedPath !== resolvedRoot &&
!resolvedPath.startsWith(resolvedRoot + sep)
) {
throw new Error(`Path '${filePath}' resolves outside the repository root`);
}
return resolvedPath;
}

37
src/modes/agent/index.ts
View File

@@ -4,11 +4,7 @@ import type { Mode, ModeOptions, ModeResult } from "../types";
import type { PreparedContext } from "../../create-prompt/types";
import { prepareMcpConfig } from "../../mcp/install-mcp-server";
import { parseAllowedTools } from "./parse-tools";
import {
configureGitAuth,
setupSshSigning,
} from "../../github/operations/git-config";
import { checkHumanActor } from "../../github/validation/actor";
import { configureGitAuth } from "../../github/operations/git-config";
import type { GitHubContext } from "../../github/context";
import { isEntityContext } from "../../github/context";
@@ -81,36 +77,9 @@ export const agentMode: Mode = {
return false;
},
async prepare({
context,
octokit,
githubToken,
}: ModeOptions): Promise<ModeResult> {
// Check if actor is human (prevents bot-triggered loops)
await checkHumanActor(octokit.rest, context);
async prepare({ context, githubToken }: ModeOptions): Promise<ModeResult> {
// Configure git authentication for agent mode (same as tag mode)
// SSH signing takes precedence if provided
const useSshSigning = !!context.inputs.sshSigningKey;
const useApiCommitSigning =
context.inputs.useCommitSigning && !useSshSigning;
if (useSshSigning) {
// Setup SSH signing for commits
await setupSshSigning(context.inputs.sshSigningKey);
// Still configure git auth for push operations (user/email and remote URL)
const user = {
login: context.inputs.botName,
id: parseInt(context.inputs.botId),
};
try {
await configureGitAuth(githubToken, context, user);
} catch (error) {
console.error("Failed to configure git authentication:", error);
// Continue anyway - git operations may still work with default config
}
} else if (!useApiCommitSigning) {
if (!context.inputs.useCommitSigning) {
// Use bot_id and bot_name from inputs directly
const user = {
login: context.inputs.botName,

31
src/modes/agent/parse-tools.ts
View File

@@ -1,33 +1,22 @@
export function parseAllowedTools(claudeArgs: string): string[] {
// Match --allowedTools or --allowed-tools followed by the value
// Handle both quoted and unquoted values
// Use /g flag to find ALL occurrences, not just the first one
const patterns = [
/--(?:allowedTools|allowed-tools)\s+"([^"]+)"/g, // Double quoted
/--(?:allowedTools|allowed-tools)\s+'([^']+)'/g, // Single quoted
/--(?:allowedTools|allowed-tools)\s+([^'"\s][^\s]*)/g, // Unquoted (must not start with quote)
/--(?:allowedTools|allowed-tools)\s+"([^"]+)"/, // Double quoted
/--(?:allowedTools|allowed-tools)\s+'([^']+)'/, // Single quoted
/--(?:allowedTools|allowed-tools)\s+([^\s]+)/, // Unquoted
];
const tools: string[] = [];
const seen = new Set<string>();
for (const pattern of patterns) {
for (const match of claudeArgs.matchAll(pattern)) {
if (match[1]) {
// Don't add if the value starts with -- (another flag)
if (match[1].startsWith("--")) {
continue;
}
for (const tool of match[1].split(",")) {
const trimmed = tool.trim();
if (trimmed && !seen.has(trimmed)) {
seen.add(trimmed);
tools.push(trimmed);
}
}
const match = claudeArgs.match(pattern);
if (match && match[1]) {
// Don't return if the value starts with -- (another flag)
if (match[1].startsWith("--")) {
return [];
}
return match[1].split(",").map((t) => t.trim());
}
}
return tools;
return [];
}

39
src/modes/tag/index.ts
View File

@@ -4,15 +4,11 @@ import { checkContainsTrigger } from "../../github/validation/trigger";
import { checkHumanActor } from "../../github/validation/actor";
import { createInitialComment } from "../../github/operations/comments/create-initial";
import { setupBranch } from "../../github/operations/branch";
import {
configureGitAuth,
setupSshSigning,
} from "../../github/operations/git-config";
import { configureGitAuth } from "../../github/operations/git-config";
import { prepareMcpConfig } from "../../mcp/install-mcp-server";
import {
fetchGitHubData,
extractTriggerTimestamp,
extractOriginalTitle,
} from "../../github/data/fetcher";
import { createPrompt, generateDefaultPrompt } from "../../create-prompt";
import { isEntityContext } from "../../github/context";
@@ -79,7 +75,6 @@ export const tagMode: Mode = {
const commentId = commentData.id;
const triggerTime = extractTriggerTimestamp(context);
const originalTitle = extractOriginalTitle(context);
const githubData = await fetchGitHubData({
octokits: octokit,
@@ -88,34 +83,13 @@ export const tagMode: Mode = {
isPR: context.isPR,
triggerUsername: context.actor,
triggerTime,
originalTitle,
});
// Setup branch
const branchInfo = await setupBranch(octokit, githubData, context);
// Configure git authentication
// SSH signing takes precedence if provided
const useSshSigning = !!context.inputs.sshSigningKey;
const useApiCommitSigning =
context.inputs.useCommitSigning && !useSshSigning;
if (useSshSigning) {
// Setup SSH signing for commits
await setupSshSigning(context.inputs.sshSigningKey);
// Still configure git auth for push operations (user/email and remote URL)
const user = {
login: context.inputs.botName,
id: parseInt(context.inputs.botId),
};
try {
await configureGitAuth(githubToken, context, user);
} catch (error) {
console.error("Failed to configure git authentication:", error);
throw error;
}
} else if (!useApiCommitSigning) {
// Configure git authentication if not using commit signing
if (!context.inputs.useCommitSigning) {
// Use bot_id and bot_name from inputs directly
const user = {
login: context.inputs.botName,
@@ -161,9 +135,8 @@ export const tagMode: Mode = {
...userAllowedMCPTools,
];
// Add git commands when using git CLI (no API commit signing, or SSH signing)
// SSH signing still uses git CLI, just with signing enabled
if (!useApiCommitSigning) {
// Add git commands when not using commit signing
if (!context.inputs.useCommitSigning) {
tagModeTools.push(
"Bash(git add:*)",
"Bash(git commit:*)",
@@ -174,7 +147,7 @@ export const tagMode: Mode = {
"Bash(git rm:*)",
);
} else {
// When using API commit signing, use MCP file ops tools
// When using commit signing, use MCP file ops tools
tagModeTools.push(
"mcp__github_file_ops__commit_files",
"mcp__github_file_ops__delete_files",

99
src/utils/branch-template.ts
View File

@@ -1,99 +0,0 @@
#!/usr/bin/env bun
/**
* Branch name template parsing and variable substitution utilities
*/
const NUM_DESCRIPTION_WORDS = 5;
/**
* Extracts the first 5 words from a title and converts them to kebab-case
*/
function extractDescription(
title: string,
numWords: number = NUM_DESCRIPTION_WORDS,
): string {
if (!title || title.trim() === "") {
return "";
}
return title
.trim()
.split(/\s+/)
.slice(0, numWords) // Only first `numWords` words
.join("-")
.toLowerCase()
.replace(/[^a-z0-9-]/g, "") // Remove non-alphanumeric except hyphens
.replace(/-+/g, "-") // Replace multiple hyphens with single
.replace(/^-|-$/g, ""); // Remove leading/trailing hyphens
}
export interface BranchTemplateVariables {
prefix: string;
entityType: string;
entityNumber: number;
timestamp: string;
sha?: string;
label?: string;
description?: string;
}
/**
* Replaces template variables in a branch name template
* Template format: {{variableName}}
*/
export function applyBranchTemplate(
template: string,
variables: BranchTemplateVariables,
): string {
let result = template;
// Replace each variable
Object.entries(variables).forEach(([key, value]) => {
const placeholder = `{{${key}}}`;
const replacement = value ? String(value) : "";
result = result.replaceAll(placeholder, replacement);
});
return result;
}
/**
* Generates a branch name from the provided `template` and set of `variables`. Uses a default format if the template is empty or produces an empty result.
*/
export function generateBranchName(
template: string | undefined,
branchPrefix: string,
entityType: string,
entityNumber: number,
sha?: string,
label?: string,
title?: string,
): string {
const now = new Date();
const variables: BranchTemplateVariables = {
prefix: branchPrefix,
entityType,
entityNumber,
timestamp: `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}-${String(now.getHours()).padStart(2, "0")}${String(now.getMinutes()).padStart(2, "0")}`,
sha: sha?.substring(0, 8), // First 8 characters of SHA
label: label || entityType, // Fall back to entityType if no label
description: title ? extractDescription(title) : undefined,
};
if (template?.trim()) {
const branchName = applyBranchTemplate(template, variables);
// Some templates could produce empty results- validate
if (branchName.trim().length > 0) return branchName;
console.log(
`Branch template '${template}' generated empty result, falling back to default format`,
);
}
const branchName = `${branchPrefix}${entityType}-${entityNumber}-${variables.timestamp}`;
// Kubernetes compatible: lowercase, max 50 chars, alphanumeric and hyphens only
return branchName.toLowerCase().substring(0, 50);
}

32
src/utils/extract-user-request.ts
View File

@@ -1,32 +0,0 @@
/**
* Extracts the user's request from a trigger comment.
*
* Given a comment like "@claude /review-pr please check the auth module",
* this extracts "/review-pr please check the auth module".
*
* @param commentBody - The full comment body containing the trigger phrase
* @param triggerPhrase - The trigger phrase (e.g., "@claude")
* @returns The user's request (text after the trigger phrase), or null if not found
*/
export function extractUserRequest(
commentBody: string | undefined,
triggerPhrase: string,
): string | null {
if (!commentBody) {
return null;
}
// Use string operations instead of regex for better performance and security
// (avoids potential ReDoS with large comment bodies)
const triggerIndex = commentBody
.toLowerCase()
.indexOf(triggerPhrase.toLowerCase());
if (triggerIndex === -1) {
return null;
}
const afterTrigger = commentBody
.substring(triggerIndex + triggerPhrase.length)
.trim();
return afterTrigger || null;
}

247
test/branch-template.test.ts
View File

@@ -1,247 +0,0 @@
#!/usr/bin/env bun
import { describe, it, expect } from "bun:test";
import {
applyBranchTemplate,
generateBranchName,
} from "../src/utils/branch-template";
describe("branch template utilities", () => {
describe("applyBranchTemplate", () => {
it("should replace all template variables", () => {
const template =
"{{prefix}}{{entityType}}-{{entityNumber}}-{{timestamp}}";
const variables = {
prefix: "feat/",
entityType: "issue",
entityNumber: 123,
timestamp: "20240301-1430",
sha: "abcd1234",
};
const result = applyBranchTemplate(template, variables);
expect(result).toBe("feat/issue-123-20240301-1430");
});
it("should handle custom templates with multiple variables", () => {
const template =
"{{prefix}}fix/{{entityType}}_{{entityNumber}}_{{timestamp}}_{{sha}}";
const variables = {
prefix: "claude-",
entityType: "pr",
entityNumber: 456,
timestamp: "20240301-1430",
sha: "abcd1234",
};
const result = applyBranchTemplate(template, variables);
expect(result).toBe("claude-fix/pr_456_20240301-1430_abcd1234");
});
it("should handle templates with missing variables gracefully", () => {
const template = "{{prefix}}{{entityType}}-{{missing}}-{{entityNumber}}";
const variables = {
prefix: "feat/",
entityType: "issue",
entityNumber: 123,
timestamp: "20240301-1430",
};
const result = applyBranchTemplate(template, variables);
expect(result).toBe("feat/issue-{{missing}}-123");
});
});
describe("generateBranchName", () => {
it("should use custom template when provided", () => {
const template = "{{prefix}}custom-{{entityType}}_{{entityNumber}}";
const result = generateBranchName(template, "feature/", "issue", 123);
expect(result).toBe("feature/custom-issue_123");
});
it("should use default format when template is empty", () => {
const result = generateBranchName("", "claude/", "issue", 123);
expect(result).toMatch(/^claude\/issue-123-\d{8}-\d{4}$/);
});
it("should use default format when template is undefined", () => {
const result = generateBranchName(undefined, "claude/", "pr", 456);
expect(result).toMatch(/^claude\/pr-456-\d{8}-\d{4}$/);
});
it("should preserve custom template formatting (no automatic lowercase/truncation)", () => {
const template = "{{prefix}}UPPERCASE_Branch-Name_{{entityNumber}}";
const result = generateBranchName(template, "Feature/", "issue", 123);
expect(result).toBe("Feature/UPPERCASE_Branch-Name_123");
});
it("should not truncate custom template results", () => {
const template =
"{{prefix}}very-long-branch-name-that-exceeds-the-maximum-allowed-length-{{entityNumber}}";
const result = generateBranchName(template, "feature/", "issue", 123);
expect(result).toBe(
"feature/very-long-branch-name-that-exceeds-the-maximum-allowed-length-123",
);
});
it("should apply Kubernetes-compatible transformations to default template only", () => {
const result = generateBranchName(undefined, "Feature/", "issue", 123);
expect(result).toMatch(/^feature\/issue-123-\d{8}-\d{4}$/);
expect(result.length).toBeLessThanOrEqual(50);
});
it("should handle SHA in template", () => {
const template = "{{prefix}}{{entityType}}-{{entityNumber}}-{{sha}}";
const result = generateBranchName(
template,
"fix/",
"pr",
789,
"abcdef123456",
);
expect(result).toBe("fix/pr-789-abcdef12");
});
it("should use label in template when provided", () => {
const template = "{{prefix}}{{label}}/{{entityNumber}}";
const result = generateBranchName(
template,
"feature/",
"issue",
123,
undefined,
"bug",
);
expect(result).toBe("feature/bug/123");
});
it("should fallback to entityType when label template is used but no label provided", () => {
const template = "{{prefix}}{{label}}-{{entityNumber}}";
const result = generateBranchName(template, "fix/", "pr", 456);
expect(result).toBe("fix/pr-456");
});
it("should handle template with both label and entityType", () => {
const template = "{{prefix}}{{label}}-{{entityType}}_{{entityNumber}}";
const result = generateBranchName(
template,
"dev/",
"issue",
789,
undefined,
"enhancement",
);
expect(result).toBe("dev/enhancement-issue_789");
});
it("should use description in template when provided", () => {
const template = "{{prefix}}{{description}}/{{entityNumber}}";
const result = generateBranchName(
template,
"feature/",
"issue",
123,
undefined,
undefined,
"Fix login bug with OAuth",
);
expect(result).toBe("feature/fix-login-bug-with-oauth/123");
});
it("should handle template with multiple variables including description", () => {
const template =
"{{prefix}}{{label}}/{{description}}-{{entityType}}_{{entityNumber}}";
const result = generateBranchName(
template,
"dev/",
"issue",
456,
undefined,
"bug",
"User authentication fails completely",
);
expect(result).toBe(
"dev/bug/user-authentication-fails-completely-issue_456",
);
});
it("should handle description with special characters in template", () => {
const template = "{{prefix}}{{description}}-{{entityNumber}}";
const result = generateBranchName(
template,
"fix/",
"pr",
789,
undefined,
undefined,
"Add: User Registration & Email Validation",
);
expect(result).toBe("fix/add-user-registration-email-789");
});
it("should truncate descriptions to exactly 5 words", () => {
const result = generateBranchName(
"{{prefix}}{{description}}/{{entityNumber}}",
"feature/",
"issue",
999,
undefined,
undefined,
"This is a very long title with many more than five words in it",
);
expect(result).toBe("feature/this-is-a-very-long/999");
});
it("should handle empty description in template", () => {
const template = "{{prefix}}{{description}}-{{entityNumber}}";
const result = generateBranchName(
template,
"test/",
"issue",
101,
undefined,
undefined,
"",
);
expect(result).toBe("test/-101");
});
it("should fallback to default format when template produces empty result", () => {
const template = "{{description}}"; // Will be empty if no title provided
const result = generateBranchName(template, "claude/", "issue", 123);
expect(result).toMatch(/^claude\/issue-123-\d{8}-\d{4}$/);
expect(result.length).toBeLessThanOrEqual(50);
});
it("should fallback to default format when template produces only whitespace", () => {
const template = " {{description}} "; // Will be " " if description is empty
const result = generateBranchName(
template,
"fix/",
"pr",
456,
undefined,
undefined,
"",
);
expect(result).toMatch(/^fix\/pr-456-\d{8}-\d{4}$/);
expect(result.length).toBeLessThanOrEqual(50);
});
});
});

6
test/comment-logic.test.ts
View File

@@ -258,7 +258,7 @@ describe("updateCommentBody", () => {
const input = {
...baseInput,
executionDetails: {
total_cost_usd: 0.13382595,
cost_usd: 0.13382595,
duration_ms: 31033,
duration_api_ms: 31034,
},
@@ -301,7 +301,7 @@ describe("updateCommentBody", () => {
const input = {
...baseInput,
executionDetails: {
total_cost_usd: 0.25,
cost_usd: 0.25,
},
triggerUsername: "testuser",
};
@@ -322,7 +322,7 @@ describe("updateCommentBody", () => {
branchName: "claude-branch-123",
prLink: "\n[Create a PR](https://github.com/owner/repo/pr-url)",
executionDetails: {
total_cost_usd: 0.01,
cost_usd: 0.01,
duration_ms: 65000, // 1 minute 5 seconds
},
triggerUsername: "trigger-user",

2
test/create-prompt.test.ts
View File

@@ -61,7 +61,6 @@ describe("generatePrompt", () => {
body: "This is a test PR",
author: { login: "testuser" },
state: "OPEN",
labels: { nodes: [] },
createdAt: "2023-01-01T00:00:00Z",
additions: 15,
deletions: 5,
@@ -476,7 +475,6 @@ describe("generatePrompt", () => {
body: "The login form is not working",
author: { login: "testuser" },
state: "OPEN",
labels: { nodes: [] },
createdAt: "2023-01-01T00:00:00Z",
comments: {
nodes: [],

403
test/data-fetcher.test.ts
View File

@@ -1,16 +1,13 @@
import { describe, expect, it, jest } from "bun:test";
import {
extractTriggerTimestamp,
extractOriginalTitle,
fetchGitHubData,
filterCommentsToTriggerTime,
filterReviewsToTriggerTime,
isBodySafeToUse,
} from "../src/github/data/fetcher";
import {
createMockContext,
mockIssueCommentContext,
mockPullRequestCommentContext,
mockPullRequestReviewContext,
mockPullRequestReviewCommentContext,
mockPullRequestOpenedContext,
@@ -65,47 +62,6 @@ describe("extractTriggerTimestamp", () => {
});
});
describe("extractOriginalTitle", () => {
it("should extract title from IssueCommentEvent on PR", () => {
const title = extractOriginalTitle(mockPullRequestCommentContext);
expect(title).toBe("Fix: Memory leak in user service");
});
it("should extract title from PullRequestReviewEvent", () => {
const title = extractOriginalTitle(mockPullRequestReviewContext);
expect(title).toBe("Refactor: Improve error handling in API layer");
});
it("should extract title from PullRequestReviewCommentEvent", () => {
const title = extractOriginalTitle(mockPullRequestReviewCommentContext);
expect(title).toBe("Performance: Optimize search algorithm");
});
it("should extract title from pull_request event", () => {
const title = extractOriginalTitle(mockPullRequestOpenedContext);
expect(title).toBe("Feature: Add user authentication");
});
it("should extract title from issues event", () => {
const title = extractOriginalTitle(mockIssueOpenedContext);
expect(title).toBe("Bug: Application crashes on startup");
});
it("should return undefined for event without title", () => {
const context = createMockContext({
eventName: "issue_comment",
payload: {
comment: {
id: 123,
body: "test",
},
} as any,
});
const title = extractOriginalTitle(context);
expect(title).toBeUndefined();
});
});
describe("filterCommentsToTriggerTime", () => {
const createMockComment = (
createdAt: string,
@@ -415,139 +371,6 @@ describe("filterReviewsToTriggerTime", () => {
});
});
describe("isBodySafeToUse", () => {
const triggerTime = "2024-01-15T12:00:00Z";
const createMockContextData = (
createdAt: string,
updatedAt?: string,
lastEditedAt?: string,
) => ({
createdAt,
updatedAt,
lastEditedAt,
});
describe("body edit time validation", () => {
it("should return true when body was never edited", () => {
const contextData = createMockContextData("2024-01-15T10:00:00Z");
expect(isBodySafeToUse(contextData, triggerTime)).toBe(true);
});
it("should return true when body was edited before trigger time", () => {
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T11:00:00Z",
"2024-01-15T11:30:00Z",
);
expect(isBodySafeToUse(contextData, triggerTime)).toBe(true);
});
it("should return false when body was edited after trigger time (using updatedAt)", () => {
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T13:00:00Z",
);
expect(isBodySafeToUse(contextData, triggerTime)).toBe(false);
});
it("should return false when body was edited after trigger time (using lastEditedAt)", () => {
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
undefined,
"2024-01-15T13:00:00Z",
);
expect(isBodySafeToUse(contextData, triggerTime)).toBe(false);
});
it("should return false when body was edited exactly at trigger time", () => {
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T12:00:00Z",
);
expect(isBodySafeToUse(contextData, triggerTime)).toBe(false);
});
it("should prioritize lastEditedAt over updatedAt", () => {
// updatedAt is after trigger, but lastEditedAt is before - should be safe
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T13:00:00Z", // updatedAt after trigger
"2024-01-15T11:00:00Z", // lastEditedAt before trigger
);
expect(isBodySafeToUse(contextData, triggerTime)).toBe(true);
});
});
describe("edge cases", () => {
it("should return true when no trigger time is provided (backward compatibility)", () => {
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T13:00:00Z", // Would normally fail
"2024-01-15T14:00:00Z", // Would normally fail
);
expect(isBodySafeToUse(contextData, undefined)).toBe(true);
});
it("should handle millisecond precision correctly", () => {
// Edit 1ms after trigger - should be unsafe
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T12:00:00.001Z",
);
expect(isBodySafeToUse(contextData, triggerTime)).toBe(false);
});
it("should handle edit 1ms before trigger - should be safe", () => {
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T11:59:59.999Z",
);
expect(isBodySafeToUse(contextData, triggerTime)).toBe(true);
});
it("should handle various ISO timestamp formats", () => {
const contextData1 = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T11:00:00Z",
);
const contextData2 = createMockContextData(
"2024-01-15T10:00:00+00:00",
"2024-01-15T11:00:00+00:00",
);
const contextData3 = createMockContextData(
"2024-01-15T10:00:00.000Z",
"2024-01-15T11:00:00.000Z",
);
expect(isBodySafeToUse(contextData1, triggerTime)).toBe(true);
expect(isBodySafeToUse(contextData2, triggerTime)).toBe(true);
expect(isBodySafeToUse(contextData3, triggerTime)).toBe(true);
});
});
describe("security scenarios", () => {
it("should detect race condition attack - body edited between trigger and processing", () => {
// Simulates: Owner triggers @claude at 12:00, attacker edits body at 12:00:30
const contextData = createMockContextData(
"2024-01-15T10:00:00Z", // Issue created
"2024-01-15T12:00:30Z", // Body edited after trigger
);
expect(isBodySafeToUse(contextData, "2024-01-15T12:00:00Z")).toBe(false);
});
it("should allow body that was stable at trigger time", () => {
// Body was last edited well before the trigger
const contextData = createMockContextData(
"2024-01-15T10:00:00Z",
"2024-01-15T10:30:00Z",
"2024-01-15T10:30:00Z",
);
expect(isBodySafeToUse(contextData, "2024-01-15T12:00:00Z")).toBe(true);
});
});
});
describe("fetchGitHubData integration with time filtering", () => {
it("should filter comments based on trigger time when provided", async () => {
const mockOctokits = {
@@ -873,230 +696,4 @@ describe("fetchGitHubData integration with time filtering", () => {
// All three comments should be included as they're all before trigger time
expect(result.comments.length).toBe(3);
});
it("should exclude issue body when edited after trigger time (TOCTOU protection)", async () => {
const mockOctokits = {
graphql: jest.fn().mockResolvedValue({
repository: {
issue: {
number: 555,
title: "Test Issue",
body: "Malicious body edited after trigger",
author: { login: "attacker" },
createdAt: "2024-01-15T10:00:00Z",
updatedAt: "2024-01-15T12:30:00Z", // Edited after trigger
lastEditedAt: "2024-01-15T12:30:00Z", // Edited after trigger
comments: { nodes: [] },
},
},
user: { login: "trigger-user" },
}),
rest: jest.fn() as any,
};
const result = await fetchGitHubData({
octokits: mockOctokits as any,
repository: "test-owner/test-repo",
prNumber: "555",
isPR: false,
triggerUsername: "trigger-user",
triggerTime: "2024-01-15T12:00:00Z",
});
// The body should be excluded from image processing due to TOCTOU protection
// We can verify this by checking that issue_body is NOT in the imageUrlMap keys
const hasIssueBodyInMap = Array.from(result.imageUrlMap.keys()).some(
(key) => key.includes("issue_body"),
);
expect(hasIssueBodyInMap).toBe(false);
});
it("should include issue body when not edited after trigger time", async () => {
const mockOctokits = {
graphql: jest.fn().mockResolvedValue({
repository: {
issue: {
number: 666,
title: "Test Issue",
body: "Safe body not edited after trigger",
author: { login: "author" },
createdAt: "2024-01-15T10:00:00Z",
updatedAt: "2024-01-15T11:00:00Z", // Edited before trigger
lastEditedAt: "2024-01-15T11:00:00Z", // Edited before trigger
comments: { nodes: [] },
},
},
user: { login: "trigger-user" },
}),
rest: jest.fn() as any,
};
const result = await fetchGitHubData({
octokits: mockOctokits as any,
repository: "test-owner/test-repo",
prNumber: "666",
isPR: false,
triggerUsername: "trigger-user",
triggerTime: "2024-01-15T12:00:00Z",
});
// The contextData should still contain the body
expect(result.contextData.body).toBe("Safe body not edited after trigger");
});
it("should exclude PR body when edited after trigger time (TOCTOU protection)", async () => {
const mockOctokits = {
graphql: jest.fn().mockResolvedValue({
repository: {
pullRequest: {
number: 777,
title: "Test PR",
body: "Malicious PR body edited after trigger",
author: { login: "attacker" },
baseRefName: "main",
headRefName: "feature",
headRefOid: "abc123",
createdAt: "2024-01-15T10:00:00Z",
updatedAt: "2024-01-15T12:30:00Z", // Edited after trigger
lastEditedAt: "2024-01-15T12:30:00Z", // Edited after trigger
additions: 10,
deletions: 5,
state: "OPEN",
commits: { totalCount: 1, nodes: [] },
files: { nodes: [] },
comments: { nodes: [] },
reviews: { nodes: [] },
},
},
user: { login: "trigger-user" },
}),
rest: jest.fn() as any,
};
const result = await fetchGitHubData({
octokits: mockOctokits as any,
repository: "test-owner/test-repo",
prNumber: "777",
isPR: true,
triggerUsername: "trigger-user",
triggerTime: "2024-01-15T12:00:00Z",
});
// The body should be excluded from image processing due to TOCTOU protection
const hasPrBodyInMap = Array.from(result.imageUrlMap.keys()).some((key) =>
key.includes("pr_body"),
);
expect(hasPrBodyInMap).toBe(false);
});
it("should use originalTitle when provided instead of fetched title", async () => {
const mockOctokits = {
graphql: jest.fn().mockResolvedValue({
repository: {
pullRequest: {
number: 123,
title: "Fetched Title From GraphQL",
body: "PR body",
author: { login: "author" },
createdAt: "2024-01-15T10:00:00Z",
additions: 10,
deletions: 5,
state: "OPEN",
commits: { totalCount: 1, nodes: [] },
files: { nodes: [] },
comments: { nodes: [] },
reviews: { nodes: [] },
},
},
user: { login: "trigger-user" },
}),
rest: jest.fn() as any,
};
const result = await fetchGitHubData({
octokits: mockOctokits as any,
repository: "test-owner/test-repo",
prNumber: "123",
isPR: true,
triggerUsername: "trigger-user",
originalTitle: "Original Title From Webhook",
});
expect(result.contextData.title).toBe("Original Title From Webhook");
});
it("should use fetched title when originalTitle is not provided", async () => {
const mockOctokits = {
graphql: jest.fn().mockResolvedValue({
repository: {
pullRequest: {
number: 123,
title: "Fetched Title From GraphQL",
body: "PR body",
author: { login: "author" },
createdAt: "2024-01-15T10:00:00Z",
additions: 10,
deletions: 5,
state: "OPEN",
commits: { totalCount: 1, nodes: [] },
files: { nodes: [] },
comments: { nodes: [] },
reviews: { nodes: [] },
},
},
user: { login: "trigger-user" },
}),
rest: jest.fn() as any,
};
const result = await fetchGitHubData({
octokits: mockOctokits as any,
repository: "test-owner/test-repo",
prNumber: "123",
isPR: true,
triggerUsername: "trigger-user",
});
expect(result.contextData.title).toBe("Fetched Title From GraphQL");
});
it("should use original title from webhook even if title was edited after trigger", async () => {
const mockOctokits = {
graphql: jest.fn().mockResolvedValue({
repository: {
pullRequest: {
number: 123,
title: "Edited Title (from GraphQL)",
body: "PR body",
author: { login: "author" },
createdAt: "2024-01-15T10:00:00Z",
lastEditedAt: "2024-01-15T12:30:00Z", // Edited after trigger
additions: 10,
deletions: 5,
state: "OPEN",
commits: { totalCount: 1, nodes: [] },
files: { nodes: [] },
comments: { nodes: [] },
reviews: { nodes: [] },
},
},
user: { login: "trigger-user" },
}),
rest: jest.fn() as any,
};
const result = await fetchGitHubData({
octokits: mockOctokits as any,
repository: "test-owner/test-repo",
prNumber: "123",
isPR: true,
triggerUsername: "trigger-user",
triggerTime: "2024-01-15T12:00:00Z",
originalTitle: "Original Title (from webhook at trigger time)",
});
expect(result.contextData.title).toBe(
"Original Title (from webhook at trigger time)",
);
});
});

6
test/data-formatter.test.ts
View File

@@ -28,9 +28,6 @@ describe("formatContext", () => {
additions: 50,
deletions: 30,
state: "OPEN",
labels: {
nodes: [],
},
commits: {
totalCount: 3,
nodes: [],
@@ -66,9 +63,6 @@ Changed Files: 2 files`,
author: { login: "test-user" },
createdAt: "2023-01-01T00:00:00Z",
state: "OPEN",
labels: {
nodes: [],
},
comments: {
nodes: [],
},

77
test/extract-user-request.test.ts
View File

@@ -1,77 +0,0 @@
import { describe, test, expect } from "bun:test";
import { extractUserRequest } from "../src/utils/extract-user-request";
describe("extractUserRequest", () => {
test("extracts text after @claude trigger", () => {
expect(extractUserRequest("@claude /review-pr", "@claude")).toBe(
"/review-pr",
);
});
test("extracts slash command with arguments", () => {
expect(
extractUserRequest(
"@claude /review-pr please check the auth module",
"@claude",
),
).toBe("/review-pr please check the auth module");
});
test("handles trigger phrase with extra whitespace", () => {
expect(extractUserRequest("@claude /review-pr", "@claude")).toBe(
"/review-pr",
);
});
test("handles trigger phrase at start of multiline comment", () => {
const comment = `@claude /review-pr
Please review this PR carefully.
Focus on security issues.`;
expect(extractUserRequest(comment, "@claude")).toBe(
`/review-pr
Please review this PR carefully.
Focus on security issues.`,
);
});
test("handles trigger phrase in middle of text", () => {
expect(
extractUserRequest("Hey team, @claude can you review this?", "@claude"),
).toBe("can you review this?");
});
test("returns null for empty comment body", () => {
expect(extractUserRequest("", "@claude")).toBeNull();
});
test("returns null for undefined comment body", () => {
expect(extractUserRequest(undefined, "@claude")).toBeNull();
});
test("returns null when trigger phrase not found", () => {
expect(extractUserRequest("Please review this PR", "@claude")).toBeNull();
});
test("returns null when only trigger phrase with no request", () => {
expect(extractUserRequest("@claude", "@claude")).toBeNull();
});
test("handles custom trigger phrase", () => {
expect(extractUserRequest("/claude help me", "/claude")).toBe("help me");
});
test("handles trigger phrase with special regex characters", () => {
expect(
extractUserRequest("@claude[bot] do something", "@claude[bot]"),
).toBe("do something");
});
test("is case insensitive", () => {
expect(extractUserRequest("@CLAUDE /review-pr", "@claude")).toBe(
"/review-pr",
);
expect(extractUserRequest("@Claude /review-pr", "@claude")).toBe(
"/review-pr",
);
});
});

2
test/fixtures/sample-turns.json vendored
View File

@@ -189,7 +189,7 @@
},
{
"type": "result",
"total_cost_usd": 0.0347,
"cost_usd": 0.0347,
"duration_ms": 18750,
"result": "Successfully removed debug print statement from file and added review comment to document the change."
}

214
test/github-file-ops-path-validation.test.ts
View File

@@ -1,214 +0,0 @@
import { describe, expect, it, beforeAll, afterAll } from "bun:test";
import { validatePathWithinRepo } from "../src/mcp/path-validation";
import { resolve } from "path";
import { mkdir, writeFile, symlink, rm, realpath } from "fs/promises";
import { tmpdir } from "os";
describe("validatePathWithinRepo", () => {
// Use a real temp directory for tests that need filesystem access
let testDir: string;
let repoRoot: string;
let outsideDir: string;
// Real paths after symlink resolution (e.g., /tmp -> /private/tmp on macOS)
let realRepoRoot: string;
beforeAll(async () => {
// Create test directory structure
testDir = resolve(tmpdir(), `path-validation-test-${Date.now()}`);
repoRoot = resolve(testDir, "repo");
outsideDir = resolve(testDir, "outside");
await mkdir(repoRoot, { recursive: true });
await mkdir(resolve(repoRoot, "src"), { recursive: true });
await mkdir(outsideDir, { recursive: true });
// Create test files
await writeFile(resolve(repoRoot, "file.txt"), "inside repo");
await writeFile(resolve(repoRoot, "src", "main.js"), "console.log('hi')");
await writeFile(resolve(outsideDir, "secret.txt"), "sensitive data");
// Get real paths after symlink resolution
realRepoRoot = await realpath(repoRoot);
});
afterAll(async () => {
// Cleanup
await rm(testDir, { recursive: true, force: true });
});
describe("valid paths", () => {
it("should accept simple relative paths", async () => {
const result = await validatePathWithinRepo("file.txt", repoRoot);
expect(result).toBe(resolve(realRepoRoot, "file.txt"));
});
it("should accept nested relative paths", async () => {
const result = await validatePathWithinRepo("src/main.js", repoRoot);
expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
});
it("should accept paths with single dot segments", async () => {
const result = await validatePathWithinRepo("./src/main.js", repoRoot);
expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
});
it("should accept paths that use .. but resolve inside repo", async () => {
// src/../file.txt resolves to file.txt which is still inside repo
const result = await validatePathWithinRepo("src/../file.txt", repoRoot);
expect(result).toBe(resolve(realRepoRoot, "file.txt"));
});
it("should accept absolute paths within the repo root", async () => {
const absolutePath = resolve(repoRoot, "file.txt");
const result = await validatePathWithinRepo(absolutePath, repoRoot);
expect(result).toBe(resolve(realRepoRoot, "file.txt"));
});
it("should accept the repo root itself", async () => {
const result = await validatePathWithinRepo(".", repoRoot);
expect(result).toBe(realRepoRoot);
});
it("should handle new files (non-existent) in valid directories", async () => {
const result = await validatePathWithinRepo("src/newfile.js", repoRoot);
// For non-existent files, we validate the parent but return the initial path
// (can't realpath a file that doesn't exist yet)
expect(result).toBe(resolve(repoRoot, "src/newfile.js"));
});
});
describe("path traversal attacks", () => {
it("should reject simple parent directory traversal", async () => {
await expect(
validatePathWithinRepo("../outside/secret.txt", repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
});
it("should reject deeply nested parent directory traversal", async () => {
await expect(
validatePathWithinRepo("../../../etc/passwd", repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
});
it("should reject traversal hidden within path", async () => {
await expect(
validatePathWithinRepo("src/../../outside/secret.txt", repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
});
it("should reject traversal at the end of path", async () => {
await expect(
validatePathWithinRepo("src/../..", repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
});
it("should reject absolute paths outside the repo root", async () => {
await expect(
validatePathWithinRepo("/etc/passwd", repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
});
it("should reject absolute paths to sibling directories", async () => {
await expect(
validatePathWithinRepo(resolve(outsideDir, "secret.txt"), repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
});
});
describe("symlink attacks", () => {
it("should reject symlinks pointing outside the repo", async () => {
// Create a symlink inside the repo that points to a file outside
const symlinkPath = resolve(repoRoot, "evil-link");
await symlink(resolve(outsideDir, "secret.txt"), symlinkPath);
try {
// The symlink path looks like it's inside the repo, but points outside
await expect(
validatePathWithinRepo("evil-link", repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
} finally {
await rm(symlinkPath, { force: true });
}
});
it("should reject symlinks to parent directories", async () => {
// Create a symlink to the parent directory
const symlinkPath = resolve(repoRoot, "parent-link");
await symlink(testDir, symlinkPath);
try {
await expect(
validatePathWithinRepo("parent-link/outside/secret.txt", repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
} finally {
await rm(symlinkPath, { force: true });
}
});
it("should accept symlinks that resolve within the repo", async () => {
// Create a symlink inside the repo that points to another file inside
const symlinkPath = resolve(repoRoot, "good-link");
await symlink(resolve(repoRoot, "file.txt"), symlinkPath);
try {
const result = await validatePathWithinRepo("good-link", repoRoot);
// Should resolve to the actual file location
expect(result).toBe(resolve(realRepoRoot, "file.txt"));
} finally {
await rm(symlinkPath, { force: true });
}
});
it("should reject directory symlinks that escape the repo", async () => {
// Create a symlink to outside directory
const symlinkPath = resolve(repoRoot, "escape-dir");
await symlink(outsideDir, symlinkPath);
try {
await expect(
validatePathWithinRepo("escape-dir/secret.txt", repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
} finally {
await rm(symlinkPath, { force: true });
}
});
});
describe("edge cases", () => {
it("should handle empty path (current directory)", async () => {
const result = await validatePathWithinRepo("", repoRoot);
expect(result).toBe(realRepoRoot);
});
it("should handle paths with multiple consecutive slashes", async () => {
const result = await validatePathWithinRepo("src//main.js", repoRoot);
expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
});
it("should handle paths with trailing slashes", async () => {
const result = await validatePathWithinRepo("src/", repoRoot);
expect(result).toBe(resolve(realRepoRoot, "src"));
});
it("should reject prefix attack (repo root as prefix but not parent)", async () => {
// Create a sibling directory with repo name as prefix
const evilDir = repoRoot + "-evil";
await mkdir(evilDir, { recursive: true });
await writeFile(resolve(evilDir, "file.txt"), "evil");
try {
await expect(
validatePathWithinRepo(resolve(evilDir, "file.txt"), repoRoot),
).rejects.toThrow(/resolves outside the repository root/);
} finally {
await rm(evilDir, { recursive: true, force: true });
}
});
it("should throw error for non-existent repo root", async () => {
await expect(
validatePathWithinRepo("file.txt", "/nonexistent/repo"),
).rejects.toThrow(/does not exist/);
});
});
});

2
test/install-mcp-server.test.ts
View File

@@ -32,13 +32,11 @@ describe("prepareMcpConfig", () => {
branchPrefix: "",
useStickyComment: false,
useCommitSigning: false,
sshSigningKey: "",
botId: String(CLAUDE_APP_BOT_ID),
botName: CLAUDE_BOT_LOGIN,
allowedBots: "",
allowedNonWriteUsers: "",
trackProgress: false,
includeFixLinks: true,
},
};

49
test/mockContext.ts
View File

@@ -20,13 +20,11 @@ const defaultInputs = {
branchPrefix: "claude/",
useStickyComment: false,
useCommitSigning: false,
sshSigningKey: "",
botId: String(CLAUDE_APP_BOT_ID),
botName: CLAUDE_BOT_LOGIN,
allowedBots: "",
allowedNonWriteUsers: "",
trackProgress: false,
includeFixLinks: true,
};
const defaultRepository = {
@@ -403,53 +401,6 @@ export const mockPullRequestReviewContext: ParsedGitHubContext = {
inputs: { ...defaultInputs, triggerPhrase: "@claude" },
};
export const mockPullRequestReviewWithoutCommentContext: ParsedGitHubContext = {
runId: "1234567890",
eventName: "pull_request_review",
eventAction: "dismissed",
repository: defaultRepository,
actor: "senior-developer",
payload: {
action: "submitted",
review: {
id: 11122233,
body: null, // Simulating approval without comment
user: {
login: "senior-developer",
id: 44444,
avatar_url: "https://avatars.githubusercontent.com/u/44444",
html_url: "https://github.com/senior-developer",
},
state: "approved",
html_url:
"https://github.com/test-owner/test-repo/pull/321#pullrequestreview-11122233",
submitted_at: "2024-01-15T15:30:00Z",
},
pull_request: {
number: 321,
title: "Refactor: Improve error handling in API layer",
body: "This PR improves error handling across all API endpoints",
user: {
login: "backend-developer",
id: 33333,
avatar_url: "https://avatars.githubusercontent.com/u/33333",
html_url: "https://github.com/backend-developer",
},
},
repository: {
name: "test-repo",
full_name: "test-owner/test-repo",
private: false,
owner: {
login: "test-owner",
},
},
} as PullRequestReviewEvent,
entityNumber: 321,
isPR: true,
inputs: { ...defaultInputs, triggerPhrase: "@claude" },
};
export const mockPullRequestReviewCommentContext: ParsedGitHubContext = {
runId: "1234567890",
eventName: "pull_request_review_comment",

67
test/modes/agent.test.ts
View File

@@ -145,12 +145,12 @@ describe("Agent Mode", () => {
users: {
getAuthenticated: mock(() =>
Promise.resolve({
data: { login: "test-user", id: 12345, type: "User" },
data: { login: "test-user", id: 12345 },
}),
),
getByUsername: mock(() =>
Promise.resolve({
data: { login: "test-user", id: 12345, type: "User" },
data: { login: "test-user", id: 12345 },
}),
),
},
@@ -187,65 +187,6 @@ describe("Agent Mode", () => {
process.env.GITHUB_REF_NAME = originalRefName;
});
test("prepare method rejects bot actors without allowed_bots", async () => {
const contextWithPrompts = createMockAutomationContext({
eventName: "workflow_dispatch",
});
contextWithPrompts.actor = "claude[bot]";
contextWithPrompts.inputs.allowedBots = "";
const mockOctokit = {
rest: {
users: {
getByUsername: mock(() =>
Promise.resolve({
data: { login: "claude[bot]", id: 12345, type: "Bot" },
}),
),
},
},
} as any;
await expect(
agentMode.prepare({
context: contextWithPrompts,
octokit: mockOctokit,
githubToken: "test-token",
}),
).rejects.toThrow(
"Workflow initiated by non-human actor: claude (type: Bot)",
);
});
test("prepare method allows bot actors when in allowed_bots list", async () => {
const contextWithPrompts = createMockAutomationContext({
eventName: "workflow_dispatch",
});
contextWithPrompts.actor = "dependabot[bot]";
contextWithPrompts.inputs.allowedBots = "dependabot";
const mockOctokit = {
rest: {
users: {
getByUsername: mock(() =>
Promise.resolve({
data: { login: "dependabot[bot]", id: 12345, type: "Bot" },
}),
),
},
},
} as any;
// Should not throw - bot is in allowed list
await expect(
agentMode.prepare({
context: contextWithPrompts,
octokit: mockOctokit,
githubToken: "test-token",
}),
).resolves.toBeDefined();
});
test("prepare method creates prompt file with correct content", async () => {
const contextWithPrompts = createMockAutomationContext({
eventName: "workflow_dispatch",
@@ -258,12 +199,12 @@ describe("Agent Mode", () => {
users: {
getAuthenticated: mock(() =>
Promise.resolve({
data: { login: "test-user", id: 12345, type: "User" },
data: { login: "test-user", id: 12345 },
}),
),
getByUsername: mock(() =>
Promise.resolve({
data: { login: "test-user", id: 12345, type: "User" },
data: { login: "test-user", id: 12345 },
}),
),
},

2
test/modes/detector.test.ts
View File

@@ -20,13 +20,11 @@ describe("detectMode with enhanced routing", () => {
branchPrefix: "claude/",
useStickyComment: false,
useCommitSigning: false,
sshSigningKey: "",
botId: "123456",
botName: "claude-bot",
allowedBots: "",
allowedNonWriteUsers: "",
trackProgress: false,
includeFixLinks: true,
},
};

36
test/modes/parse-tools.test.ts
View File

@@ -35,44 +35,12 @@ describe("parseAllowedTools", () => {
expect(parseAllowedTools("")).toEqual([]);
});
test("handles --allowedTools followed by another --allowedTools flag", () => {
test("handles duplicate --allowedTools flags", () => {
const args = "--allowedTools --allowedTools mcp__github__*";
// The second --allowedTools is consumed as a value of the first, then skipped.
// This is an edge case with malformed input - returns empty.
// Should not match the first one since the value is another flag
expect(parseAllowedTools(args)).toEqual([]);
});
test("parses multiple separate --allowed-tools flags", () => {
const args =
"--allowed-tools 'mcp__context7__*' --allowed-tools 'Read,Glob' --allowed-tools 'mcp__github_inline_comment__*'";
expect(parseAllowedTools(args)).toEqual([
"mcp__context7__*",
"Read",
"Glob",
"mcp__github_inline_comment__*",
]);
});
test("parses multiple --allowed-tools flags on separate lines", () => {
const args = `--model 'claude-haiku'
--allowed-tools 'mcp__context7__*'
--allowed-tools 'Read,Glob,Grep'
--allowed-tools 'mcp__github_inline_comment__create_inline_comment'`;
expect(parseAllowedTools(args)).toEqual([
"mcp__context7__*",
"Read",
"Glob",
"Grep",
"mcp__github_inline_comment__create_inline_comment",
]);
});
test("deduplicates tools from multiple flags", () => {
const args =
"--allowed-tools 'Read,Glob' --allowed-tools 'Glob,Grep' --allowed-tools 'Read'";
expect(parseAllowedTools(args)).toEqual(["Read", "Glob", "Grep"]);
});
test("handles typo --alloedTools", () => {
const args = "--alloedTools mcp__github__*";
expect(parseAllowedTools(args)).toEqual([]);

2
test/permissions.test.ts
View File

@@ -68,13 +68,11 @@ describe("checkWritePermissions", () => {
branchPrefix: "claude/",
useStickyComment: false,
useCommitSigning: false,
sshSigningKey: "",
botId: String(CLAUDE_APP_BOT_ID),
botName: CLAUDE_BOT_LOGIN,
allowedBots: "",
allowedNonWriteUsers: "",
trackProgress: false,
includeFixLinks: true,
},
});

19
test/prepare-context.test.ts
View File

@@ -10,7 +10,6 @@ import {
mockPullRequestCommentContext,
mockPullRequestReviewContext,
mockPullRequestReviewCommentContext,
mockPullRequestReviewWithoutCommentContext,
} from "./mockContext";
const BASE_ENV = {
@@ -127,24 +126,6 @@ describe("parseEnvVarsWithContext", () => {
});
});
describe("pull_request_review event without comment", () => {
test("should parse pull_request_review event correctly", () => {
process.env = BASE_ENV;
const result = prepareContext(
mockPullRequestReviewWithoutCommentContext,
"12345",
);
expect(result.eventData.eventName).toBe("pull_request_review");
expect(result.eventData.isPR).toBe(true);
expect(result.triggerUsername).toBe("senior-developer");
if (result.eventData.eventName === "pull_request_review") {
expect(result.eventData.prNumber).toBe("321");
expect(result.eventData.commentBody).toBe("");
}
});
});
describe("pull_request_review_comment event", () => {
test("should parse pull_request_review_comment event correctly", () => {
process.env = BASE_ENV;

1
test/pull-request-target.test.ts
View File

@@ -87,7 +87,6 @@ describe("pull_request_target event support", () => {
},
comments: { nodes: [] },
reviews: { nodes: [] },
labels: { nodes: [] },
},
comments: [],
changedFiles: [],

291
test/ssh-signing.test.ts
View File

@@ -1,291 +0,0 @@
#!/usr/bin/env bun
import {
describe,
test,
expect,
afterEach,
beforeAll,
afterAll,
} from "bun:test";
import { mkdir, writeFile, rm, readFile, stat } from "fs/promises";
import { join } from "path";
import { tmpdir } from "os";
describe("SSH Signing", () => {
// Use a temp directory for tests
const testTmpDir = join(tmpdir(), "claude-ssh-signing-test");
const testSshDir = join(testTmpDir, ".ssh");
const testKeyPath = join(testSshDir, "claude_signing_key");
const testKey =
"-----BEGIN OPENSSH PRIVATE KEY-----\ntest-key-content\n-----END OPENSSH PRIVATE KEY-----";
beforeAll(async () => {
await mkdir(testTmpDir, { recursive: true });
});
afterAll(async () => {
await rm(testTmpDir, { recursive: true, force: true });
});
afterEach(async () => {
// Clean up test key if it exists
try {
await rm(testKeyPath, { force: true });
} catch {
// Ignore cleanup errors
}
});
describe("setupSshSigning file operations", () => {
test("should write key file atomically with correct permissions", async () => {
// Create the directory with secure permissions (same as setupSshSigning does)
await mkdir(testSshDir, { recursive: true, mode: 0o700 });
// Write key atomically with proper permissions (same as setupSshSigning does)
await writeFile(testKeyPath, testKey, { mode: 0o600 });
// Verify key was written
const keyContent = await readFile(testKeyPath, "utf-8");
expect(keyContent).toBe(testKey);
// Verify permissions (0o600 = 384 in decimal for permission bits only)
const stats = await stat(testKeyPath);
const permissions = stats.mode & 0o777; // Get only permission bits
expect(permissions).toBe(0o600);
});
test("should normalize key to have trailing newline", async () => {
// ssh-keygen requires a trailing newline to parse the key
const keyWithoutNewline =
"-----BEGIN OPENSSH PRIVATE KEY-----\ntest-key-content\n-----END OPENSSH PRIVATE KEY-----";
const keyWithNewline = keyWithoutNewline + "\n";
// Create directory
await mkdir(testSshDir, { recursive: true, mode: 0o700 });
// Normalize the key (same logic as setupSshSigning)
const normalizedKey = keyWithoutNewline.endsWith("\n")
? keyWithoutNewline
: keyWithoutNewline + "\n";
await writeFile(testKeyPath, normalizedKey, { mode: 0o600 });
// Verify the written key ends with newline
const keyContent = await readFile(testKeyPath, "utf-8");
expect(keyContent).toBe(keyWithNewline);
expect(keyContent.endsWith("\n")).toBe(true);
});
test("should not add extra newline if key already has one", async () => {
const keyWithNewline =
"-----BEGIN OPENSSH PRIVATE KEY-----\ntest-key-content\n-----END OPENSSH PRIVATE KEY-----\n";
await mkdir(testSshDir, { recursive: true, mode: 0o700 });
// Normalize the key (same logic as setupSshSigning)
const normalizedKey = keyWithNewline.endsWith("\n")
? keyWithNewline
: keyWithNewline + "\n";
await writeFile(testKeyPath, normalizedKey, { mode: 0o600 });
// Verify no double newline
const keyContent = await readFile(testKeyPath, "utf-8");
expect(keyContent).toBe(keyWithNewline);
expect(keyContent.endsWith("\n\n")).toBe(false);
});
test("should create .ssh directory with secure permissions", async () => {
// Clean up first
await rm(testSshDir, { recursive: true, force: true });
// Create directory with secure permissions (same as setupSshSigning does)
await mkdir(testSshDir, { recursive: true, mode: 0o700 });
// Verify directory exists
const dirStats = await stat(testSshDir);
expect(dirStats.isDirectory()).toBe(true);
// Verify directory permissions
const dirPermissions = dirStats.mode & 0o777;
expect(dirPermissions).toBe(0o700);
});
});
describe("setupSshSigning validation", () => {
test("should reject empty SSH key", () => {
const emptyKey = "";
expect(() => {
if (!emptyKey.trim()) {
throw new Error("SSH signing key cannot be empty");
}
}).toThrow("SSH signing key cannot be empty");
});
test("should reject whitespace-only SSH key", () => {
const whitespaceKey = " \n\t ";
expect(() => {
if (!whitespaceKey.trim()) {
throw new Error("SSH signing key cannot be empty");
}
}).toThrow("SSH signing key cannot be empty");
});
test("should reject invalid SSH key format", () => {
const invalidKey = "not a valid key";
expect(() => {
if (
!invalidKey.includes("BEGIN") ||
!invalidKey.includes("PRIVATE KEY")
) {
throw new Error("Invalid SSH private key format");
}
}).toThrow("Invalid SSH private key format");
});
test("should accept valid SSH key format", () => {
const validKey =
"-----BEGIN OPENSSH PRIVATE KEY-----\nkey-content\n-----END OPENSSH PRIVATE KEY-----";
expect(() => {
if (!validKey.trim()) {
throw new Error("SSH signing key cannot be empty");
}
if (!validKey.includes("BEGIN") || !validKey.includes("PRIVATE KEY")) {
throw new Error("Invalid SSH private key format");
}
}).not.toThrow();
});
});
describe("cleanupSshSigning file operations", () => {
test("should remove the signing key file", async () => {
// Create the key file first
await mkdir(testSshDir, { recursive: true });
await writeFile(testKeyPath, testKey, { mode: 0o600 });
// Verify it exists
const existsBefore = await stat(testKeyPath)
.then(() => true)
.catch(() => false);
expect(existsBefore).toBe(true);
// Clean up (same operation as cleanupSshSigning)
await rm(testKeyPath, { force: true });
// Verify it's gone
const existsAfter = await stat(testKeyPath)
.then(() => true)
.catch(() => false);
expect(existsAfter).toBe(false);
});
test("should not throw if key file does not exist", async () => {
// Make sure file doesn't exist
await rm(testKeyPath, { force: true });
// Should not throw (rm with force: true doesn't throw on missing files)
await expect(rm(testKeyPath, { force: true })).resolves.toBeUndefined();
});
});
});
describe("SSH Signing Mode Detection", () => {
test("sshSigningKey should take precedence over useCommitSigning", () => {
// When both are set, SSH signing takes precedence
const sshSigningKey = "test-key";
const useCommitSigning = true;
const useSshSigning = !!sshSigningKey;
const useApiCommitSigning = useCommitSigning && !useSshSigning;
expect(useSshSigning).toBe(true);
expect(useApiCommitSigning).toBe(false);
});
test("useCommitSigning should work when sshSigningKey is not set", () => {
const sshSigningKey = "";
const useCommitSigning = true;
const useSshSigning = !!sshSigningKey;
const useApiCommitSigning = useCommitSigning && !useSshSigning;
expect(useSshSigning).toBe(false);
expect(useApiCommitSigning).toBe(true);
});
test("neither signing method when both are false/empty", () => {
const sshSigningKey = "";
const useCommitSigning = false;
const useSshSigning = !!sshSigningKey;
const useApiCommitSigning = useCommitSigning && !useSshSigning;
expect(useSshSigning).toBe(false);
expect(useApiCommitSigning).toBe(false);
});
test("git CLI tools should be used when sshSigningKey is set", () => {
// This tests the logic in tag mode for tool selection
const sshSigningKey = "test-key";
const useCommitSigning = true; // Even if this is true
const useSshSigning = !!sshSigningKey;
const useApiCommitSigning = useCommitSigning && !useSshSigning;
// When SSH signing is used, we should use git CLI (not API)
const shouldUseGitCli = !useApiCommitSigning;
expect(shouldUseGitCli).toBe(true);
});
test("MCP file ops should only be used with API commit signing", () => {
// Case 1: API commit signing
{
const sshSigningKey = "";
const useCommitSigning = true;
const useSshSigning = !!sshSigningKey;
const useApiCommitSigning = useCommitSigning && !useSshSigning;
expect(useApiCommitSigning).toBe(true);
}
// Case 2: SSH signing (should NOT use API)
{
const sshSigningKey = "test-key";
const useCommitSigning = true;
const useSshSigning = !!sshSigningKey;
const useApiCommitSigning = useCommitSigning && !useSshSigning;
expect(useApiCommitSigning).toBe(false);
}
// Case 3: No signing (should NOT use API)
{
const sshSigningKey = "";
const useCommitSigning = false;
const useSshSigning = !!sshSigningKey;
const useApiCommitSigning = useCommitSigning && !useSshSigning;
expect(useApiCommitSigning).toBe(false);
}
});
});
describe("Context parsing", () => {
test("sshSigningKey should be parsed from environment", () => {
// Test that context.ts parses SSH_SIGNING_KEY correctly
const testCases = [
{ env: "test-key", expected: "test-key" },
{ env: "", expected: "" },
{ env: undefined, expected: "" },
];
for (const { env, expected } of testCases) {
const result = env || "";
expect(result).toBe(expected);
}
});
});

201
test/validate-branch-name.test.ts
View File

@@ -1,201 +0,0 @@
import { describe, expect, it } from "bun:test";
import { validateBranchName } from "../src/github/operations/branch";
describe("validateBranchName", () => {
describe("valid branch names", () => {
it("should accept simple alphanumeric names", () => {
expect(() => validateBranchName("main")).not.toThrow();
expect(() => validateBranchName("feature123")).not.toThrow();
expect(() => validateBranchName("Branch1")).not.toThrow();
});
it("should accept names with hyphens", () => {
expect(() => validateBranchName("feature-branch")).not.toThrow();
expect(() => validateBranchName("fix-bug-123")).not.toThrow();
});
it("should accept names with underscores", () => {
expect(() => validateBranchName("feature_branch")).not.toThrow();
expect(() => validateBranchName("fix_bug_123")).not.toThrow();
});
it("should accept names with forward slashes", () => {
expect(() => validateBranchName("feature/new-thing")).not.toThrow();
expect(() => validateBranchName("user/feature/branch")).not.toThrow();
});
it("should accept names with periods", () => {
expect(() => validateBranchName("v1.0.0")).not.toThrow();
expect(() => validateBranchName("release.1.2.3")).not.toThrow();
});
it("should accept typical branch name formats", () => {
expect(() =>
validateBranchName("claude/issue-123-20250101-1234"),
).not.toThrow();
expect(() => validateBranchName("refs/heads/main")).not.toThrow();
expect(() => validateBranchName("bugfix/JIRA-1234")).not.toThrow();
});
});
describe("command injection attempts", () => {
it("should reject shell command substitution with $()", () => {
expect(() => validateBranchName("$(whoami)")).toThrow();
expect(() => validateBranchName("branch-$(rm -rf /)")).toThrow();
expect(() => validateBranchName("test$(cat /etc/passwd)")).toThrow();
});
it("should reject shell command substitution with backticks", () => {
expect(() => validateBranchName("`whoami`")).toThrow();
expect(() => validateBranchName("branch-`rm -rf /`")).toThrow();
});
it("should reject command chaining with semicolons", () => {
expect(() => validateBranchName("branch; rm -rf /")).toThrow();
expect(() => validateBranchName("test;whoami")).toThrow();
});
it("should reject command chaining with &&", () => {
expect(() => validateBranchName("branch && rm -rf /")).toThrow();
expect(() => validateBranchName("test&&whoami")).toThrow();
});
it("should reject command chaining with ||", () => {
expect(() => validateBranchName("branch || rm -rf /")).toThrow();
expect(() => validateBranchName("test||whoami")).toThrow();
});
it("should reject pipe characters", () => {
expect(() => validateBranchName("branch | cat")).toThrow();
expect(() => validateBranchName("test|grep password")).toThrow();
});
it("should reject redirection operators", () => {
expect(() => validateBranchName("branch > /etc/passwd")).toThrow();
expect(() => validateBranchName("branch < input")).toThrow();
expect(() => validateBranchName("branch >> file")).toThrow();
});
});
describe("option injection attempts", () => {
it("should reject branch names starting with dash", () => {
expect(() => validateBranchName("-x")).toThrow(
/cannot start with a dash/,
);
expect(() => validateBranchName("--help")).toThrow(
/cannot start with a dash/,
);
expect(() => validateBranchName("-")).toThrow(/cannot start with a dash/);
expect(() => validateBranchName("--version")).toThrow(
/cannot start with a dash/,
);
expect(() => validateBranchName("-rf")).toThrow(
/cannot start with a dash/,
);
});
});
describe("path traversal attempts", () => {
it("should reject double dot sequences", () => {
expect(() => validateBranchName("../../../etc")).toThrow();
expect(() => validateBranchName("branch/../secret")).toThrow(/'\.\.'$/);
expect(() => validateBranchName("a..b")).toThrow(/'\.\.'$/);
});
});
describe("git-specific invalid patterns", () => {
it("should reject @{ sequence", () => {
expect(() => validateBranchName("branch@{1}")).toThrow(/@{/);
expect(() => validateBranchName("HEAD@{yesterday}")).toThrow(/@{/);
});
it("should reject .lock suffix", () => {
expect(() => validateBranchName("branch.lock")).toThrow(/\.lock/);
expect(() => validateBranchName("feature.lock")).toThrow(/\.lock/);
});
it("should reject consecutive slashes", () => {
expect(() => validateBranchName("feature//branch")).toThrow(
/consecutive slashes/,
);
expect(() => validateBranchName("a//b//c")).toThrow(
/consecutive slashes/,
);
});
it("should reject trailing slashes", () => {
expect(() => validateBranchName("feature/")).toThrow(
/cannot end with a slash/,
);
expect(() => validateBranchName("branch/")).toThrow(
/cannot end with a slash/,
);
});
it("should reject leading periods", () => {
expect(() => validateBranchName(".hidden")).toThrow();
});
it("should reject trailing periods", () => {
expect(() => validateBranchName("branch.")).toThrow(
/cannot start or end with a period/,
);
});
it("should reject special git refspec characters", () => {
expect(() => validateBranchName("branch~1")).toThrow();
expect(() => validateBranchName("branch^2")).toThrow();
expect(() => validateBranchName("branch:ref")).toThrow();
expect(() => validateBranchName("branch?")).toThrow();
expect(() => validateBranchName("branch*")).toThrow();
expect(() => validateBranchName("branch[0]")).toThrow();
expect(() => validateBranchName("branch\\path")).toThrow();
});
});
describe("control characters and special characters", () => {
it("should reject null bytes", () => {
expect(() => validateBranchName("branch\x00name")).toThrow();
});
it("should reject other control characters", () => {
expect(() => validateBranchName("branch\x01name")).toThrow();
expect(() => validateBranchName("branch\x1Fname")).toThrow();
expect(() => validateBranchName("branch\x7Fname")).toThrow();
});
it("should reject spaces", () => {
expect(() => validateBranchName("branch name")).toThrow();
expect(() => validateBranchName("feature branch")).toThrow();
});
it("should reject newlines and tabs", () => {
expect(() => validateBranchName("branch\nname")).toThrow();
expect(() => validateBranchName("branch\tname")).toThrow();
});
});
describe("empty and whitespace", () => {
it("should reject empty strings", () => {
expect(() => validateBranchName("")).toThrow(/cannot be empty/);
});
it("should reject whitespace-only strings", () => {
expect(() => validateBranchName(" ")).toThrow();
expect(() => validateBranchName("\t\n")).toThrow();
});
});
describe("edge cases", () => {
it("should accept single alphanumeric character", () => {
expect(() => validateBranchName("a")).not.toThrow();
expect(() => validateBranchName("1")).not.toThrow();
});
it("should reject single special characters", () => {
expect(() => validateBranchName(".")).toThrow();
expect(() => validateBranchName("/")).toThrow();
expect(() => validateBranchName("-")).toThrow();
});
});
});