prettier

feat: allow user override of hardcoded disallowed tools
Allow users to override hardcoded disallowed tools (WebSearch, WebFetch) by including them in their allowed_tools configuration. This provides users with the ability to control tool access based on their security requirements. Changes: - Modified buildDisallowedToolsString() to accept allowedTools parameter - Added logic to filter out hardcoded disallowed tools if present in allowed tools - Updated function call site to pass allowedTools - Added comprehensive test coverage for override behavior - Maintains backward compatibility Resolves #49 Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>
2026-01-23 23:14:13 +08:00 · 2025-05-27 17:06:57 -07:00 · 2025-05-28 00:01:59 +00:00 · 2025-05-27 16:31:06 -07:00 · 2025-05-27 14:04:41 -07:00 · 2025-05-27 13:26:03 -07:00
7 changed files with 109 additions and 6 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,36 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ""
+labels: bug
+assignees: ""
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Workflow yml file**
+If it's not sensitive, consider including a paste of your full Claude workflow.yml file.
+
+**API Provider**
+
+[ ] Anthropic First-Party API (default)
+[ ] AWS Bedrock
+[ ] GCP Vertex
+
+**Additional context**
+Add any other context about the problem here.
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+.DS_Store
 node_modules

 **/.claude/settings.local.json
--- a/src/.DS_Store
+++ b/src/.DS_Store
--- a/src/create-prompt/index.ts
+++ b/src/create-prompt/index.ts
@@ -58,10 +58,27 @@ export function buildAllowedToolsString(

 export function buildDisallowedToolsString(
  customDisallowedTools?: string,
+  allowedTools?: string,
 ): string {
-  let allDisallowedTools = DISALLOWED_TOOLS.join(",");
+  let disallowedTools = [...DISALLOWED_TOOLS];
+
+  // If user has explicitly allowed some hardcoded disallowed tools, remove them from disallowed list
+  if (allowedTools) {
+    const allowedToolsArray = allowedTools
+      .split(",")
+      .map((tool) => tool.trim());
+    disallowedTools = disallowedTools.filter(
+      (tool) => !allowedToolsArray.includes(tool),
+    );
+  }
+
+  let allDisallowedTools = disallowedTools.join(",");
  if (customDisallowedTools) {
-    allDisallowedTools = `${allDisallowedTools},${customDisallowedTools}`;
+    if (allDisallowedTools) {
+      allDisallowedTools = `${allDisallowedTools},${customDisallowedTools}`;
+    } else {
+      allDisallowedTools = customDisallowedTools;
+    }
  }
  return allDisallowedTools;
 }
@@ -648,6 +665,7 @@ export async function createPrompt(
    );
    const allDisallowedTools = buildDisallowedToolsString(
      preparedContext.disallowedTools,
+      preparedContext.allowedTools,
    );

    core.exportVariable("ALLOWED_TOOLS", allAllowedTools);
--- a/src/github/operations/branch.ts
+++ b/src/github/operations/branch.ts
@@ -51,8 +51,9 @@ export async function setupBranch(

      const branchName = prData.headRefName;

-      // Execute git commands to checkout PR branch
-      await $`git fetch origin ${branchName}`;
+      // Execute git commands to checkout PR branch (shallow fetch for performance)
+      // Fetch the branch with a depth of 20 to avoid fetching too much history, while still allowing for some context
+      await $`git fetch origin --depth=20 ${branchName}`;
      await $`git checkout ${branchName}`;

      console.log(`Successfully checked out PR branch for PR #${entityNumber}`);
@@ -98,8 +99,8 @@ export async function setupBranch(
      sha: currentSHA,
    });

-    // Checkout the new branch
-    await $`git fetch origin ${newBranch}`;
+    // Checkout the new branch (shallow fetch for performance)
+    await $`git fetch origin --depth=1 ${newBranch}`;
    await $`git checkout ${newBranch}`;

    console.log(
--- a/test/create-prompt.test.ts
+++ b/test/create-prompt.test.ts
@@ -722,4 +722,51 @@ describe("buildDisallowedToolsString", () => {
    expect(parts).toContain("BadTool1");
    expect(parts).toContain("BadTool2");
  });
+
+  test("should remove hardcoded disallowed tools if they are in allowed tools", () => {
+    const customDisallowedTools = "BadTool1,BadTool2";
+    const allowedTools = "WebSearch,SomeOtherTool";
+    const result = buildDisallowedToolsString(
+      customDisallowedTools,
+      allowedTools,
+    );
+
+    // WebSearch should be removed from disallowed since it's in allowed
+    expect(result).not.toContain("WebSearch");
+
+    // WebFetch should still be disallowed since it's not in allowed
+    expect(result).toContain("WebFetch");
+
+    // Custom disallowed tools should still be present
+    expect(result).toContain("BadTool1");
+    expect(result).toContain("BadTool2");
+  });
+
+  test("should remove all hardcoded disallowed tools if they are all in allowed tools", () => {
+    const allowedTools = "WebSearch,WebFetch,SomeOtherTool";
+    const result = buildDisallowedToolsString(undefined, allowedTools);
+
+    // Both hardcoded disallowed tools should be removed
+    expect(result).not.toContain("WebSearch");
+    expect(result).not.toContain("WebFetch");
+
+    // Result should be empty since no custom disallowed tools provided
+    expect(result).toBe("");
+  });
+
+  test("should handle custom disallowed tools when all hardcoded tools are overridden", () => {
+    const customDisallowedTools = "BadTool1,BadTool2";
+    const allowedTools = "WebSearch,WebFetch";
+    const result = buildDisallowedToolsString(
+      customDisallowedTools,
+      allowedTools,
+    );
+
+    // Hardcoded tools should be removed
+    expect(result).not.toContain("WebSearch");
+    expect(result).not.toContain("WebFetch");
+
+    // Only custom disallowed tools should remain
+    expect(result).toBe("BadTool1,BadTool2");
+  });
 });
Author	SHA1	Message	Date
Ashwin Bhat	f18a16aa0f	prettier	2025-05-27 17:06:57 -07:00
claude[bot]	f93fbb32ec	feat: allow user override of hardcoded disallowed tools Allow users to override hardcoded disallowed tools (WebSearch, WebFetch) by including them in their allowed_tools configuration. This provides users with the ability to control tool access based on their security requirements. Changes: - Modified buildDisallowedToolsString() to accept allowedTools parameter - Added logic to filter out hardcoded disallowed tools if present in allowed tools - Updated function call site to pass allowedTools - Added comprehensive test coverage for override behavior - Maintains backward compatibility Resolves #49 Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>	2025-05-28 00:01:59 +00:00
Ashwin Bhat	0eb34ae441	Add shallow fetch to improve performance for large repositories (#53 ) * Add shallow fetch to improve performance for large repositories This change adds `--depth=1` to git fetch operations to perform shallow fetches instead of full history downloads. This significantly reduces checkout time for large repositories as reported in issue #52. Changes: - Line 55: Added --depth=1 to PR branch fetch - Line 102: Added --depth=1 to new branch fetch Fixes #52 Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com> * fetch 50 commits for PRs --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: ashwin-ant <ashwin-ant@users.noreply.github.com>	2025-05-27 16:31:06 -07:00
Ashwin Bhat	804959ac41	add issue triage workflow (#70 )	2025-05-27 14:04:41 -07:00
Ashwin Bhat	21e17bd590	remove .DS_Store (#69 )	2025-05-27 13:26:03 -07:00
Ashwin Bhat	4b925ddf0c	Update issue templates (#51 )	2025-05-27 13:18:29 -07:00