mirror of
https://github.com/anthropics/claude-code-action.git
synced 2026-01-23 06:54:13 +08:00
Compare commits
1 Commits
claude/sla
...
feature/me
| Author | SHA1 | Date | |
|---|---|---|---|
|
e8e8fdc051 |
128
action.yml
128
action.yml
@@ -23,10 +23,6 @@ inputs:
|
||||
description: "The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)"
|
||||
required: false
|
||||
default: "claude/"
|
||||
branch_name_template:
|
||||
description: "Template for branch naming. Available variables: {{prefix}}, {{entityType}}, {{entityNumber}}, {{timestamp}}, {{sha}}, {{label}}, {{description}}. {{label}} will be first label from the issue/PR, or {{entityType}} as a fallback. {{description}} will be the first 5 words of the issue/PR title in kebab-case. Default: '{{prefix}}{{entityType}}-{{entityNumber}}-{{timestamp}}'"
|
||||
required: false
|
||||
default: ""
|
||||
allowed_bots:
|
||||
description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots."
|
||||
required: false
|
||||
@@ -85,10 +81,6 @@ inputs:
|
||||
description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands"
|
||||
required: false
|
||||
default: "false"
|
||||
ssh_signing_key:
|
||||
description: "SSH private key for signing commits. When provided, git will be configured to use SSH signing. Takes precedence over use_commit_signing."
|
||||
required: false
|
||||
default: ""
|
||||
bot_id:
|
||||
description: "GitHub user ID to use for git operations (defaults to Claude's bot ID)"
|
||||
required: false
|
||||
@@ -101,10 +93,6 @@ inputs:
|
||||
description: "Force tag mode with tracking comments for pull_request and issue events. Only applicable to pull_request (opened, synchronize, ready_for_review, reopened) and issue (opened, edited, labeled, assigned) events."
|
||||
required: false
|
||||
default: "false"
|
||||
include_fix_links:
|
||||
description: "Include 'Fix this' links in PR code review feedback that open Claude Code with context to fix the identified issue"
|
||||
required: false
|
||||
default: "true"
|
||||
path_to_claude_code_executable:
|
||||
description: "Optional path to a custom Claude Code executable. If provided, skips automatic installation and uses this executable instead. WARNING: Using an older version may cause problems if the action begins taking advantage of new Claude Code features. This input is typically not needed unless you're debugging something specific or have unique needs in your environment."
|
||||
required: false
|
||||
@@ -132,10 +120,10 @@ outputs:
|
||||
value: ${{ steps.claude-code.outputs.execution_file }}
|
||||
branch_name:
|
||||
description: "The branch created by Claude Code for this execution"
|
||||
value: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
|
||||
value: ${{ steps.claude-code.outputs.CLAUDE_BRANCH }}
|
||||
github_token:
|
||||
description: "The GitHub token used by the action (Claude App token if available)"
|
||||
value: ${{ steps.prepare.outputs.github_token }}
|
||||
value: ${{ steps.claude-code.outputs.GITHUB_TOKEN }}
|
||||
structured_output:
|
||||
description: "JSON string containing all structured output fields when --json-schema is provided in claude_args. Use fromJSON() to parse: fromJSON(steps.id.outputs.structured_output).field_name"
|
||||
value: ${{ steps.claude-code.outputs.structured_output }}
|
||||
@@ -164,47 +152,15 @@ runs:
|
||||
echo "$BUN_DIR" >> "$GITHUB_PATH"
|
||||
|
||||
- name: Install Dependencies
|
||||
shell: bash
|
||||
run: |
|
||||
cd ${GITHUB_ACTION_PATH}
|
||||
bun install
|
||||
|
||||
- name: Prepare action
|
||||
id: prepare
|
||||
shell: bash
|
||||
run: |
|
||||
bun run ${GITHUB_ACTION_PATH}/src/entrypoints/prepare.ts
|
||||
env:
|
||||
MODE: ${{ inputs.mode }}
|
||||
PROMPT: ${{ inputs.prompt }}
|
||||
TRIGGER_PHRASE: ${{ inputs.trigger_phrase }}
|
||||
ASSIGNEE_TRIGGER: ${{ inputs.assignee_trigger }}
|
||||
LABEL_TRIGGER: ${{ inputs.label_trigger }}
|
||||
BASE_BRANCH: ${{ inputs.base_branch }}
|
||||
BRANCH_PREFIX: ${{ inputs.branch_prefix }}
|
||||
BRANCH_NAME_TEMPLATE: ${{ inputs.branch_name_template }}
|
||||
OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
|
||||
ALLOWED_BOTS: ${{ inputs.allowed_bots }}
|
||||
ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }}
|
||||
GITHUB_RUN_ID: ${{ github.run_id }}
|
||||
USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
|
||||
DEFAULT_WORKFLOW_TOKEN: ${{ github.token }}
|
||||
USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
|
||||
SSH_SIGNING_KEY: ${{ inputs.ssh_signing_key }}
|
||||
BOT_ID: ${{ inputs.bot_id }}
|
||||
BOT_NAME: ${{ inputs.bot_name }}
|
||||
TRACK_PROGRESS: ${{ inputs.track_progress }}
|
||||
INCLUDE_FIX_LINKS: ${{ inputs.include_fix_links }}
|
||||
ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
|
||||
CLAUDE_ARGS: ${{ inputs.claude_args }}
|
||||
ALL_INPUTS: ${{ toJson(inputs) }}
|
||||
|
||||
- name: Install Base Action Dependencies
|
||||
if: steps.prepare.outputs.contains_trigger == 'true'
|
||||
shell: bash
|
||||
env:
|
||||
PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
|
||||
run: |
|
||||
# Install main action dependencies
|
||||
cd ${GITHUB_ACTION_PATH}
|
||||
bun install
|
||||
|
||||
# Install base-action dependencies
|
||||
echo "Installing base-action dependencies..."
|
||||
cd ${GITHUB_ACTION_PATH}/base-action
|
||||
bun install
|
||||
@@ -213,13 +169,12 @@ runs:
|
||||
|
||||
# Install Claude Code if no custom executable is provided
|
||||
if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
|
||||
CLAUDE_CODE_VERSION="2.1.4"
|
||||
CLAUDE_CODE_VERSION="2.0.74"
|
||||
echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
|
||||
for attempt in 1 2 3; do
|
||||
echo "Installation attempt $attempt..."
|
||||
if command -v timeout &> /dev/null; then
|
||||
# Use --foreground to kill entire process group on timeout, --kill-after to send SIGKILL if SIGTERM fails
|
||||
timeout --foreground --kill-after=10 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
|
||||
timeout 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
|
||||
else
|
||||
curl -fsSL https://claude.ai/install.sh | bash -s -- "$CLAUDE_CODE_VERSION" && break
|
||||
fi
|
||||
@@ -239,31 +194,46 @@ runs:
|
||||
echo "$CLAUDE_DIR" >> "$GITHUB_PATH"
|
||||
fi
|
||||
|
||||
# Unified step: prepare + setup + run Claude
|
||||
- name: Run Claude Code
|
||||
id: claude-code
|
||||
if: steps.prepare.outputs.contains_trigger == 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
|
||||
# Run the base-action
|
||||
bun run ${GITHUB_ACTION_PATH}/base-action/src/index.ts
|
||||
bun run ${GITHUB_ACTION_PATH}/src/entrypoints/run.ts
|
||||
env:
|
||||
# Base-action inputs
|
||||
# Action configuration
|
||||
CLAUDE_CODE_ACTION: "1"
|
||||
INPUT_PROMPT_FILE: ${{ runner.temp }}/claude-prompts/claude-prompt.txt
|
||||
MODE: ${{ inputs.mode }}
|
||||
PROMPT: ${{ inputs.prompt }}
|
||||
TRIGGER_PHRASE: ${{ inputs.trigger_phrase }}
|
||||
ASSIGNEE_TRIGGER: ${{ inputs.assignee_trigger }}
|
||||
LABEL_TRIGGER: ${{ inputs.label_trigger }}
|
||||
BASE_BRANCH: ${{ inputs.base_branch }}
|
||||
BRANCH_PREFIX: ${{ inputs.branch_prefix }}
|
||||
OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
|
||||
ALLOWED_BOTS: ${{ inputs.allowed_bots }}
|
||||
ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }}
|
||||
GITHUB_RUN_ID: ${{ github.run_id }}
|
||||
USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
|
||||
DEFAULT_WORKFLOW_TOKEN: ${{ github.token }}
|
||||
USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
|
||||
BOT_ID: ${{ inputs.bot_id }}
|
||||
BOT_NAME: ${{ inputs.bot_name }}
|
||||
TRACK_PROGRESS: ${{ inputs.track_progress }}
|
||||
ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
|
||||
CLAUDE_ARGS: ${{ inputs.claude_args }}
|
||||
ALL_INPUTS: ${{ toJson(inputs) }}
|
||||
|
||||
# Base-action inputs
|
||||
INPUT_SETTINGS: ${{ inputs.settings }}
|
||||
INPUT_CLAUDE_ARGS: ${{ steps.prepare.outputs.claude_args }}
|
||||
INPUT_CLAUDE_ARGS: ${{ inputs.claude_args }}
|
||||
INPUT_EXPERIMENTAL_SLASH_COMMANDS_DIR: ${{ github.action_path }}/slash-commands
|
||||
INPUT_ACTION_INPUTS_PRESENT: ${{ steps.prepare.outputs.action_inputs_present }}
|
||||
INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
|
||||
INPUT_PATH_TO_BUN_EXECUTABLE: ${{ inputs.path_to_bun_executable }}
|
||||
INPUT_SHOW_FULL_OUTPUT: ${{ inputs.show_full_output }}
|
||||
INPUT_PLUGINS: ${{ inputs.plugins }}
|
||||
INPUT_PLUGIN_MARKETPLACES: ${{ inputs.plugin_marketplaces }}
|
||||
|
||||
# Model configuration
|
||||
GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
|
||||
GH_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
|
||||
NODE_VERSION: ${{ env.NODE_VERSION }}
|
||||
DETAILED_PERMISSION_MESSAGES: "1"
|
||||
|
||||
@@ -303,33 +273,33 @@ runs:
|
||||
ANTHROPIC_DEFAULT_OPUS_MODEL: ${{ env.ANTHROPIC_DEFAULT_OPUS_MODEL }}
|
||||
|
||||
- name: Update comment with job link
|
||||
if: steps.prepare.outputs.contains_trigger == 'true' && steps.prepare.outputs.claude_comment_id && always()
|
||||
if: steps.claude-code.outputs.contains_trigger == 'true' && steps.claude-code.outputs.claude_comment_id && always()
|
||||
shell: bash
|
||||
run: |
|
||||
bun run ${GITHUB_ACTION_PATH}/src/entrypoints/update-comment-link.ts
|
||||
env:
|
||||
REPOSITORY: ${{ github.repository }}
|
||||
PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }}
|
||||
CLAUDE_COMMENT_ID: ${{ steps.prepare.outputs.claude_comment_id }}
|
||||
CLAUDE_COMMENT_ID: ${{ steps.claude-code.outputs.claude_comment_id }}
|
||||
GITHUB_RUN_ID: ${{ github.run_id }}
|
||||
GITHUB_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
|
||||
GH_TOKEN: ${{ steps.prepare.outputs.GITHUB_TOKEN }}
|
||||
GITHUB_TOKEN: ${{ steps.claude-code.outputs.GITHUB_TOKEN }}
|
||||
GH_TOKEN: ${{ steps.claude-code.outputs.GITHUB_TOKEN }}
|
||||
GITHUB_EVENT_NAME: ${{ github.event_name }}
|
||||
TRIGGER_COMMENT_ID: ${{ github.event.comment.id }}
|
||||
CLAUDE_BRANCH: ${{ steps.prepare.outputs.CLAUDE_BRANCH }}
|
||||
CLAUDE_BRANCH: ${{ steps.claude-code.outputs.CLAUDE_BRANCH }}
|
||||
IS_PR: ${{ github.event.issue.pull_request != null || github.event_name == 'pull_request_target' || github.event_name == 'pull_request_review_comment' }}
|
||||
BASE_BRANCH: ${{ steps.prepare.outputs.BASE_BRANCH }}
|
||||
BASE_BRANCH: ${{ steps.claude-code.outputs.BASE_BRANCH }}
|
||||
CLAUDE_SUCCESS: ${{ steps.claude-code.outputs.conclusion == 'success' }}
|
||||
OUTPUT_FILE: ${{ steps.claude-code.outputs.execution_file || '' }}
|
||||
TRIGGER_USERNAME: ${{ github.event.comment.user.login || github.event.issue.user.login || github.event.pull_request.user.login || github.event.sender.login || github.triggering_actor || github.actor || '' }}
|
||||
PREPARE_SUCCESS: ${{ steps.prepare.outcome == 'success' }}
|
||||
PREPARE_ERROR: ${{ steps.prepare.outputs.prepare_error || '' }}
|
||||
PREPARE_SUCCESS: ${{ steps.claude-code.outcome == 'success' }}
|
||||
PREPARE_ERROR: ${{ steps.claude-code.outputs.prepare_error || '' }}
|
||||
USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
|
||||
USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
|
||||
TRACK_PROGRESS: ${{ inputs.track_progress }}
|
||||
|
||||
- name: Display Claude Code Report
|
||||
if: steps.prepare.outputs.contains_trigger == 'true' && steps.claude-code.outputs.execution_file != ''
|
||||
if: steps.claude-code.outputs.contains_trigger == 'true' && steps.claude-code.outputs.execution_file != ''
|
||||
shell: bash
|
||||
run: |
|
||||
# Try to format the turns, but if it fails, dump the raw JSON
|
||||
@@ -345,19 +315,13 @@ runs:
|
||||
echo '```' >> $GITHUB_STEP_SUMMARY
|
||||
fi
|
||||
|
||||
- name: Cleanup SSH signing key
|
||||
if: always() && inputs.ssh_signing_key != ''
|
||||
shell: bash
|
||||
run: |
|
||||
bun run ${GITHUB_ACTION_PATH}/src/entrypoints/cleanup-ssh-signing.ts
|
||||
|
||||
- name: Revoke app token
|
||||
if: always() && inputs.github_token == '' && steps.prepare.outputs.skipped_due_to_workflow_validation_mismatch != 'true'
|
||||
if: always() && inputs.github_token == '' && steps.claude-code.outputs.skipped_due_to_workflow_validation_mismatch != 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
curl -L \
|
||||
-X DELETE \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
-H "Authorization: Bearer ${{ steps.prepare.outputs.GITHUB_TOKEN }}" \
|
||||
-H "Authorization: Bearer ${{ steps.claude-code.outputs.GITHUB_TOKEN }}" \
|
||||
-H "X-GitHub-Api-Version: 2022-11-28" \
|
||||
${GITHUB_API_URL:-https://api.github.com}/installation/token
|
||||
|
||||
@@ -124,13 +124,12 @@ runs:
|
||||
PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
|
||||
run: |
|
||||
if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
|
||||
CLAUDE_CODE_VERSION="2.1.4"
|
||||
CLAUDE_CODE_VERSION="2.0.74"
|
||||
echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
|
||||
for attempt in 1 2 3; do
|
||||
echo "Installation attempt $attempt..."
|
||||
if command -v timeout &> /dev/null; then
|
||||
# Use --foreground to kill entire process group on timeout, --kill-after to send SIGKILL if SIGTERM fails
|
||||
timeout --foreground --kill-after=10 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
|
||||
timeout 120 bash -c "curl -fsSL https://claude.ai/install.sh | bash -s -- $CLAUDE_CODE_VERSION" && break
|
||||
else
|
||||
curl -fsSL https://claude.ai/install.sh | bash -s -- "$CLAUDE_CODE_VERSION" && break
|
||||
fi
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
"name": "@anthropic-ai/claude-code-base-action",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.10.1",
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.2.4",
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.1.74",
|
||||
"shell-quote": "^1.8.3",
|
||||
},
|
||||
"devDependencies": {
|
||||
@@ -27,7 +27,7 @@
|
||||
|
||||
"@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
|
||||
|
||||
"@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.4", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-5RpMO8aLEwuAd8h7/QHMCKzdVSihZCtHGnouPp+Isvc7zPzQXKb6GvUitkbs3wIBgIbXA/vXQmIi126uw9qo0A=="],
|
||||
"@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.1.74", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^3.24.1 || ^4.0.0" } }, "sha512-d6H3Oo625WAG3BrBFKJsuSshi4f0amc0kTJTm83LRPPFxn9kfq58FX4Oxxt+RUD9N3QumW9sQSEDnri20/F4qQ=="],
|
||||
|
||||
"@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.10.1",
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.2.4",
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.1.74",
|
||||
"shell-quote": "^1.8.3"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
||||
@@ -8,47 +8,26 @@ const MARKETPLACE_URL_REGEX =
|
||||
/^https:\/\/[a-zA-Z0-9\-._~:/?#[\]@!$&'()*+,;=%]+\.git$/;
|
||||
|
||||
/**
|
||||
* Checks if a marketplace input is a local path (not a URL)
|
||||
* @param input - The marketplace input to check
|
||||
* @returns true if the input is a local path, false if it's a URL
|
||||
* Validates a marketplace URL for security issues
|
||||
* @param url - The marketplace URL to validate
|
||||
* @throws {Error} If the URL is invalid
|
||||
*/
|
||||
function isLocalPath(input: string): boolean {
|
||||
// Local paths start with ./, ../, /, or a drive letter (Windows)
|
||||
return (
|
||||
input.startsWith("./") ||
|
||||
input.startsWith("../") ||
|
||||
input.startsWith("/") ||
|
||||
/^[a-zA-Z]:[\\\/]/.test(input)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates a marketplace URL or local path
|
||||
* @param input - The marketplace URL or local path to validate
|
||||
* @throws {Error} If the input is invalid
|
||||
*/
|
||||
function validateMarketplaceInput(input: string): void {
|
||||
const normalized = input.trim();
|
||||
function validateMarketplaceUrl(url: string): void {
|
||||
const normalized = url.trim();
|
||||
|
||||
if (!normalized) {
|
||||
throw new Error("Marketplace URL or path cannot be empty");
|
||||
throw new Error("Marketplace URL cannot be empty");
|
||||
}
|
||||
|
||||
// Local paths are passed directly to Claude Code which handles them
|
||||
if (isLocalPath(normalized)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Validate as URL
|
||||
if (!MARKETPLACE_URL_REGEX.test(normalized)) {
|
||||
throw new Error(`Invalid marketplace URL format: ${input}`);
|
||||
throw new Error(`Invalid marketplace URL format: ${url}`);
|
||||
}
|
||||
|
||||
// Additional check for valid URL structure
|
||||
try {
|
||||
new URL(normalized);
|
||||
} catch {
|
||||
throw new Error(`Invalid marketplace URL: ${input}`);
|
||||
throw new Error(`Invalid marketplace URL: ${url}`);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -76,9 +55,9 @@ function validatePluginName(pluginName: string): void {
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse a newline-separated list of marketplace URLs or local paths and return an array of validated entries
|
||||
* @param marketplaces - Newline-separated list of marketplace Git URLs or local paths
|
||||
* @returns Array of validated marketplace URLs or paths (empty array if none provided)
|
||||
* Parse a newline-separated list of marketplace URLs and return an array of validated URLs
|
||||
* @param marketplaces - Newline-separated list of marketplace Git URLs
|
||||
* @returns Array of validated marketplace URLs (empty array if none provided)
|
||||
*/
|
||||
function parseMarketplaces(marketplaces?: string): string[] {
|
||||
const trimmed = marketplaces?.trim();
|
||||
@@ -87,14 +66,14 @@ function parseMarketplaces(marketplaces?: string): string[] {
|
||||
return [];
|
||||
}
|
||||
|
||||
// Split by newline and process each entry
|
||||
// Split by newline and process each URL
|
||||
return trimmed
|
||||
.split("\n")
|
||||
.map((entry) => entry.trim())
|
||||
.filter((entry) => {
|
||||
if (entry.length === 0) return false;
|
||||
.map((url) => url.trim())
|
||||
.filter((url) => {
|
||||
if (url.length === 0) return false;
|
||||
|
||||
validateMarketplaceInput(entry);
|
||||
validateMarketplaceUrl(url);
|
||||
return true;
|
||||
});
|
||||
}
|
||||
@@ -184,26 +163,26 @@ async function installPlugin(
|
||||
/**
|
||||
* Adds a Claude Code plugin marketplace
|
||||
* @param claudeExecutable - Path to the Claude executable
|
||||
* @param marketplace - The marketplace Git URL or local path to add
|
||||
* @param marketplaceUrl - The marketplace Git URL to add
|
||||
* @returns Promise that resolves when the marketplace add command completes
|
||||
* @throws {Error} If the command fails to execute
|
||||
*/
|
||||
async function addMarketplace(
|
||||
claudeExecutable: string,
|
||||
marketplace: string,
|
||||
marketplaceUrl: string,
|
||||
): Promise<void> {
|
||||
console.log(`Adding marketplace: ${marketplace}`);
|
||||
console.log(`Adding marketplace: ${marketplaceUrl}`);
|
||||
|
||||
return executeClaudeCommand(
|
||||
claudeExecutable,
|
||||
["plugin", "marketplace", "add", marketplace],
|
||||
`Failed to add marketplace '${marketplace}'`,
|
||||
["plugin", "marketplace", "add", marketplaceUrl],
|
||||
`Failed to add marketplace '${marketplaceUrl}'`,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Installs Claude Code plugins from a newline-separated list
|
||||
* @param marketplacesInput - Newline-separated list of marketplace Git URLs or local paths
|
||||
* @param marketplacesInput - Newline-separated list of marketplace Git URLs
|
||||
* @param pluginsInput - Newline-separated list of plugin names
|
||||
* @param claudeExecutable - Path to the Claude executable (defaults to "claude")
|
||||
* @returns Promise that resolves when all plugins are installed
|
||||
|
||||
13
base-action/src/lib.ts
Normal file
13
base-action/src/lib.ts
Normal file
@@ -0,0 +1,13 @@
|
||||
/**
|
||||
* Library exports for the base-action.
|
||||
* These functions can be imported directly by the main action
|
||||
* to avoid file/output-based communication between steps.
|
||||
*/
|
||||
|
||||
export { runClaudeWithSdk, runClaudeWithSdkFromFile } from "./run-claude-sdk";
|
||||
export type { RunClaudeResult, PromptInput } from "./run-claude-sdk";
|
||||
export { setupClaudeCodeSettings } from "./setup-claude-code-settings";
|
||||
export { installPlugins } from "./install-plugins";
|
||||
export { parseSdkOptions } from "./parse-sdk-options";
|
||||
export type { ClaudeOptions } from "./run-claude";
|
||||
export type { ParsedSdkOptions } from "./parse-sdk-options";
|
||||
@@ -212,8 +212,6 @@ export function parseSdkOptions(options: ClaudeOptions): ParsedSdkOptions {
|
||||
if (process.env.INPUT_ACTION_INPUTS_PRESENT) {
|
||||
env.GITHUB_ACTION_INPUTS = process.env.INPUT_ACTION_INPUTS_PRESENT;
|
||||
}
|
||||
// Ensure SDK path uses the same entrypoint as the CLI path
|
||||
env.CLAUDE_CODE_ENTRYPOINT = "claude-code-github-action";
|
||||
|
||||
// Build system prompt option - default to claude_code preset
|
||||
let systemPrompt: SdkOptions["systemPrompt"];
|
||||
|
||||
@@ -1,80 +1,25 @@
|
||||
import * as core from "@actions/core";
|
||||
import { readFile, writeFile, access } from "fs/promises";
|
||||
import { dirname, join } from "path";
|
||||
import { readFile, writeFile } from "fs/promises";
|
||||
import { query } from "@anthropic-ai/claude-agent-sdk";
|
||||
import type {
|
||||
SDKMessage,
|
||||
SDKResultMessage,
|
||||
SDKUserMessage,
|
||||
} from "@anthropic-ai/claude-agent-sdk";
|
||||
import type { ParsedSdkOptions } from "./parse-sdk-options";
|
||||
|
||||
const EXECUTION_FILE = `${process.env.RUNNER_TEMP}/claude-execution-output.json`;
|
||||
|
||||
/** Filename for the user request file, written by prompt generation */
|
||||
const USER_REQUEST_FILENAME = "claude-user-request.txt";
|
||||
|
||||
/**
|
||||
* Check if a file exists
|
||||
* Result of running Claude via SDK
|
||||
*/
|
||||
async function fileExists(path: string): Promise<boolean> {
|
||||
try {
|
||||
await access(path);
|
||||
return true;
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a prompt configuration for the SDK.
|
||||
* If a user request file exists alongside the prompt file, returns a multi-block
|
||||
* SDKUserMessage that enables slash command processing in the CLI.
|
||||
* Otherwise, returns the prompt as a simple string.
|
||||
*/
|
||||
async function createPromptConfig(
|
||||
promptPath: string,
|
||||
showFullOutput: boolean,
|
||||
): Promise<string | AsyncIterable<SDKUserMessage>> {
|
||||
const promptContent = await readFile(promptPath, "utf-8");
|
||||
|
||||
// Check for user request file in the same directory
|
||||
const userRequestPath = join(dirname(promptPath), USER_REQUEST_FILENAME);
|
||||
const hasUserRequest = await fileExists(userRequestPath);
|
||||
|
||||
if (!hasUserRequest) {
|
||||
// No user request file - use simple string prompt
|
||||
return promptContent;
|
||||
}
|
||||
|
||||
// User request file exists - create multi-block message
|
||||
const userRequest = await readFile(userRequestPath, "utf-8");
|
||||
if (showFullOutput) {
|
||||
console.log("Using multi-block message with user request:", userRequest);
|
||||
} else {
|
||||
console.log("Using multi-block message with user request (content hidden)");
|
||||
}
|
||||
|
||||
// Create an async generator that yields a single multi-block message
|
||||
// The context/instructions go first, then the user's actual request last
|
||||
// This allows the CLI to detect and process slash commands in the user request
|
||||
async function* createMultiBlockMessage(): AsyncGenerator<SDKUserMessage> {
|
||||
yield {
|
||||
type: "user",
|
||||
session_id: "",
|
||||
message: {
|
||||
role: "user",
|
||||
content: [
|
||||
{ type: "text", text: promptContent }, // Instructions + GitHub context
|
||||
{ type: "text", text: userRequest }, // User's request (may be a slash command)
|
||||
],
|
||||
},
|
||||
parent_tool_use_id: null,
|
||||
};
|
||||
}
|
||||
|
||||
return createMultiBlockMessage();
|
||||
}
|
||||
export type RunClaudeResult = {
|
||||
success: boolean;
|
||||
executionFile: string;
|
||||
conclusion: "success" | "failure";
|
||||
structuredOutput?: string;
|
||||
sessionId?: string;
|
||||
error?: string;
|
||||
};
|
||||
|
||||
/**
|
||||
* Sanitizes SDK output to match CLI sanitization behavior
|
||||
@@ -124,14 +69,31 @@ function sanitizeSdkOutput(
|
||||
}
|
||||
|
||||
/**
|
||||
* Run Claude using the Agent SDK
|
||||
* Input for runClaudeWithSdk - either a prompt string or file path
|
||||
*/
|
||||
export type PromptInput =
|
||||
| { type: "string"; prompt: string }
|
||||
| { type: "file"; promptPath: string };
|
||||
|
||||
/**
|
||||
* Run Claude using the Agent SDK.
|
||||
*
|
||||
* @param promptInput - Either a direct prompt string or path to prompt file
|
||||
* @param parsedOptions - Parsed SDK options
|
||||
* @param options - Additional options
|
||||
* @param options.setOutputs - Whether to set GitHub Action outputs (default: true for backwards compat)
|
||||
* @returns Result of the execution
|
||||
*/
|
||||
export async function runClaudeWithSdk(
|
||||
promptPath: string,
|
||||
promptInput: PromptInput,
|
||||
{ sdkOptions, showFullOutput, hasJsonSchema }: ParsedSdkOptions,
|
||||
): Promise<void> {
|
||||
// Create prompt configuration - may be a string or multi-block message
|
||||
const prompt = await createPromptConfig(promptPath, showFullOutput);
|
||||
{ setOutputs = true }: { setOutputs?: boolean } = {},
|
||||
): Promise<RunClaudeResult> {
|
||||
// Get prompt from string or file
|
||||
const prompt =
|
||||
promptInput.type === "string"
|
||||
? promptInput.prompt
|
||||
: await readFile(promptInput.promptPath, "utf-8");
|
||||
|
||||
if (!showFullOutput) {
|
||||
console.log(
|
||||
@@ -142,7 +104,13 @@ export async function runClaudeWithSdk(
|
||||
);
|
||||
}
|
||||
|
||||
console.log(`Running Claude with prompt from file: ${promptPath}`);
|
||||
if (promptInput.type === "file") {
|
||||
console.log(
|
||||
`Running Claude with prompt from file: ${promptInput.promptPath}`,
|
||||
);
|
||||
} else {
|
||||
console.log(`Running Claude with prompt string (${prompt.length} chars)`);
|
||||
}
|
||||
// Log SDK options without env (which could contain sensitive data)
|
||||
const { env, ...optionsToLog } = sdkOptions;
|
||||
console.log("SDK options:", JSON.stringify(optionsToLog, null, 2));
|
||||
@@ -165,27 +133,47 @@ export async function runClaudeWithSdk(
|
||||
}
|
||||
} catch (error) {
|
||||
console.error("SDK execution error:", error);
|
||||
core.setOutput("conclusion", "failure");
|
||||
process.exit(1);
|
||||
if (setOutputs) {
|
||||
core.setOutput("conclusion", "failure");
|
||||
}
|
||||
return {
|
||||
success: false,
|
||||
executionFile: EXECUTION_FILE,
|
||||
conclusion: "failure",
|
||||
error: String(error),
|
||||
};
|
||||
}
|
||||
|
||||
// Write execution file
|
||||
try {
|
||||
await writeFile(EXECUTION_FILE, JSON.stringify(messages, null, 2));
|
||||
console.log(`Log saved to ${EXECUTION_FILE}`);
|
||||
core.setOutput("execution_file", EXECUTION_FILE);
|
||||
if (setOutputs) {
|
||||
core.setOutput("execution_file", EXECUTION_FILE);
|
||||
}
|
||||
} catch (error) {
|
||||
core.warning(`Failed to write execution file: ${error}`);
|
||||
}
|
||||
|
||||
if (!resultMessage) {
|
||||
core.setOutput("conclusion", "failure");
|
||||
if (setOutputs) {
|
||||
core.setOutput("conclusion", "failure");
|
||||
}
|
||||
core.error("No result message received from Claude");
|
||||
process.exit(1);
|
||||
return {
|
||||
success: false,
|
||||
executionFile: EXECUTION_FILE,
|
||||
conclusion: "failure",
|
||||
error: "No result message received from Claude",
|
||||
};
|
||||
}
|
||||
|
||||
const isSuccess = resultMessage.subtype === "success";
|
||||
core.setOutput("conclusion", isSuccess ? "success" : "failure");
|
||||
if (setOutputs) {
|
||||
core.setOutput("conclusion", isSuccess ? "success" : "failure");
|
||||
}
|
||||
|
||||
let structuredOutput: string | undefined;
|
||||
|
||||
// Handle structured output
|
||||
if (hasJsonSchema) {
|
||||
@@ -194,26 +182,64 @@ export async function runClaudeWithSdk(
|
||||
"structured_output" in resultMessage &&
|
||||
resultMessage.structured_output
|
||||
) {
|
||||
const structuredOutputJson = JSON.stringify(
|
||||
resultMessage.structured_output,
|
||||
);
|
||||
core.setOutput("structured_output", structuredOutputJson);
|
||||
structuredOutput = JSON.stringify(resultMessage.structured_output);
|
||||
if (setOutputs) {
|
||||
core.setOutput("structured_output", structuredOutput);
|
||||
}
|
||||
core.info(
|
||||
`Set structured_output with ${Object.keys(resultMessage.structured_output as object).length} field(s)`,
|
||||
);
|
||||
} else {
|
||||
core.setFailed(
|
||||
`--json-schema was provided but Claude did not return structured_output. Result subtype: ${resultMessage.subtype}`,
|
||||
);
|
||||
core.setOutput("conclusion", "failure");
|
||||
process.exit(1);
|
||||
const errorMsg = `--json-schema was provided but Claude did not return structured_output. Result subtype: ${resultMessage.subtype}`;
|
||||
if (setOutputs) {
|
||||
core.setFailed(errorMsg);
|
||||
core.setOutput("conclusion", "failure");
|
||||
}
|
||||
return {
|
||||
success: false,
|
||||
executionFile: EXECUTION_FILE,
|
||||
conclusion: "failure",
|
||||
error: errorMsg,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
if (!isSuccess) {
|
||||
if ("errors" in resultMessage && resultMessage.errors) {
|
||||
core.error(`Execution failed: ${resultMessage.errors.join(", ")}`);
|
||||
}
|
||||
const errors =
|
||||
"errors" in resultMessage && resultMessage.errors
|
||||
? resultMessage.errors.join(", ")
|
||||
: "Unknown error";
|
||||
core.error(`Execution failed: ${errors}`);
|
||||
return {
|
||||
success: false,
|
||||
executionFile: EXECUTION_FILE,
|
||||
conclusion: "failure",
|
||||
error: errors,
|
||||
};
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
executionFile: EXECUTION_FILE,
|
||||
conclusion: "success",
|
||||
structuredOutput,
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrapper for backwards compatibility - reads prompt from file path and exits on failure
|
||||
*/
|
||||
export async function runClaudeWithSdkFromFile(
|
||||
promptPath: string,
|
||||
parsedOptions: ParsedSdkOptions,
|
||||
): Promise<void> {
|
||||
const result = await runClaudeWithSdk(
|
||||
{ type: "file", promptPath },
|
||||
parsedOptions,
|
||||
{ setOutputs: true },
|
||||
);
|
||||
|
||||
if (!result.success) {
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@ import { unlink, writeFile, stat, readFile } from "fs/promises";
|
||||
import { createWriteStream } from "fs";
|
||||
import { spawn } from "child_process";
|
||||
import { parse as parseShellArgs } from "shell-quote";
|
||||
import { runClaudeWithSdk } from "./run-claude-sdk";
|
||||
import { runClaudeWithSdkFromFile } from "./run-claude-sdk";
|
||||
import { parseSdkOptions } from "./parse-sdk-options";
|
||||
|
||||
const execAsync = promisify(exec);
|
||||
@@ -205,7 +205,7 @@ export async function runClaude(promptPath: string, options: ClaudeOptions) {
|
||||
|
||||
if (useAgentSdk) {
|
||||
const parsedOptions = parseSdkOptions(options);
|
||||
return runClaudeWithSdk(promptPath, parsedOptions);
|
||||
return runClaudeWithSdkFromFile(promptPath, parsedOptions);
|
||||
}
|
||||
|
||||
const config = prepareRunConfig(promptPath, options);
|
||||
|
||||
@@ -596,111 +596,4 @@ describe("installPlugins", () => {
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
});
|
||||
|
||||
// Local marketplace path tests
|
||||
test("should accept local marketplace path with ./", async () => {
|
||||
const spy = createMockSpawn();
|
||||
await installPlugins("./my-local-marketplace", "test-plugin");
|
||||
|
||||
expect(spy).toHaveBeenCalledTimes(2);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
1,
|
||||
"claude",
|
||||
["plugin", "marketplace", "add", "./my-local-marketplace"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
2,
|
||||
"claude",
|
||||
["plugin", "install", "test-plugin"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
});
|
||||
|
||||
test("should accept local marketplace path with absolute Unix path", async () => {
|
||||
const spy = createMockSpawn();
|
||||
await installPlugins("/home/user/my-marketplace", "test-plugin");
|
||||
|
||||
expect(spy).toHaveBeenCalledTimes(2);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
1,
|
||||
"claude",
|
||||
["plugin", "marketplace", "add", "/home/user/my-marketplace"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
});
|
||||
|
||||
test("should accept local marketplace path with Windows absolute path", async () => {
|
||||
const spy = createMockSpawn();
|
||||
await installPlugins("C:\\Users\\user\\marketplace", "test-plugin");
|
||||
|
||||
expect(spy).toHaveBeenCalledTimes(2);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
1,
|
||||
"claude",
|
||||
["plugin", "marketplace", "add", "C:\\Users\\user\\marketplace"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
});
|
||||
|
||||
test("should accept mixed local and remote marketplaces", async () => {
|
||||
const spy = createMockSpawn();
|
||||
await installPlugins(
|
||||
"./local-marketplace\nhttps://github.com/user/remote.git",
|
||||
"test-plugin",
|
||||
);
|
||||
|
||||
expect(spy).toHaveBeenCalledTimes(3);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
1,
|
||||
"claude",
|
||||
["plugin", "marketplace", "add", "./local-marketplace"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
2,
|
||||
"claude",
|
||||
["plugin", "marketplace", "add", "https://github.com/user/remote.git"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
});
|
||||
|
||||
test("should accept local path with ../ (parent directory)", async () => {
|
||||
const spy = createMockSpawn();
|
||||
await installPlugins("../shared-plugins/marketplace", "test-plugin");
|
||||
|
||||
expect(spy).toHaveBeenCalledTimes(2);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
1,
|
||||
"claude",
|
||||
["plugin", "marketplace", "add", "../shared-plugins/marketplace"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
});
|
||||
|
||||
test("should accept local path with nested directories", async () => {
|
||||
const spy = createMockSpawn();
|
||||
await installPlugins("./plugins/my-org/my-marketplace", "test-plugin");
|
||||
|
||||
expect(spy).toHaveBeenCalledTimes(2);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
1,
|
||||
"claude",
|
||||
["plugin", "marketplace", "add", "./plugins/my-org/my-marketplace"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
});
|
||||
|
||||
test("should accept local path with dots in directory name", async () => {
|
||||
const spy = createMockSpawn();
|
||||
await installPlugins("./my.plugin.marketplace", "test-plugin");
|
||||
|
||||
expect(spy).toHaveBeenCalledTimes(2);
|
||||
expect(spy).toHaveBeenNthCalledWith(
|
||||
1,
|
||||
"claude",
|
||||
["plugin", "marketplace", "add", "./my.plugin.marketplace"],
|
||||
{ stdio: "inherit" },
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -2,6 +2,6 @@
|
||||
"name": "mcp-test",
|
||||
"version": "1.0.0",
|
||||
"dependencies": {
|
||||
"@modelcontextprotocol/sdk": "^1.24.0"
|
||||
"@modelcontextprotocol/sdk": "^1.11.0"
|
||||
}
|
||||
}
|
||||
|
||||
4
bun.lock
4
bun.lock
@@ -7,7 +7,7 @@
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.10.1",
|
||||
"@actions/github": "^6.0.1",
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.2.4",
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.1.74",
|
||||
"@modelcontextprotocol/sdk": "^1.11.0",
|
||||
"@octokit/graphql": "^8.2.2",
|
||||
"@octokit/rest": "^21.1.1",
|
||||
@@ -37,7 +37,7 @@
|
||||
|
||||
"@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
|
||||
|
||||
"@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.4", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-5RpMO8aLEwuAd8h7/QHMCKzdVSihZCtHGnouPp+Isvc7zPzQXKb6GvUitkbs3wIBgIbXA/vXQmIi126uw9qo0A=="],
|
||||
"@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.1.74", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^3.24.1 || ^4.0.0" } }, "sha512-d6H3Oo625WAG3BrBFKJsuSshi4f0amc0kTJTm83LRPPFxn9kfq58FX4Oxxt+RUD9N3QumW9sQSEDnri20/F4qQ=="],
|
||||
|
||||
"@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
|
||||
|
||||
|
||||
@@ -38,64 +38,7 @@ The following permissions are requested but not yet actively used. These will en
|
||||
|
||||
## Commit Signing
|
||||
|
||||
By default, commits made by Claude are unsigned. You can enable commit signing using one of two methods:
|
||||
|
||||
### Option 1: GitHub API Commit Signing (use_commit_signing)
|
||||
|
||||
This uses GitHub's API to create commits, which automatically signs them as verified from the GitHub App:
|
||||
|
||||
```yaml
|
||||
- uses: anthropics/claude-code-action@main
|
||||
with:
|
||||
use_commit_signing: true
|
||||
```
|
||||
|
||||
This is the simplest option and requires no additional setup. However, because it uses the GitHub API instead of git CLI, it cannot perform complex git operations like rebasing, cherry-picking, or interactive history manipulation.
|
||||
|
||||
### Option 2: SSH Signing Key (ssh_signing_key)
|
||||
|
||||
This uses an SSH key to sign commits via git CLI. Use this option when you need both signed commits AND standard git operations (rebasing, cherry-picking, etc.):
|
||||
|
||||
```yaml
|
||||
- uses: anthropics/claude-code-action@main
|
||||
with:
|
||||
ssh_signing_key: ${{ secrets.SSH_SIGNING_KEY }}
|
||||
bot_id: "YOUR_GITHUB_USER_ID"
|
||||
bot_name: "YOUR_GITHUB_USERNAME"
|
||||
```
|
||||
|
||||
Commits will show as verified and attributed to the GitHub account that owns the signing key.
|
||||
|
||||
**Setup steps:**
|
||||
|
||||
1. Generate an SSH key pair for signing:
|
||||
|
||||
```bash
|
||||
ssh-keygen -t ed25519 -f ~/.ssh/signing_key -N "" -C "commit signing key"
|
||||
```
|
||||
|
||||
2. Add the **public key** to your GitHub account:
|
||||
|
||||
- Go to GitHub → Settings → SSH and GPG keys
|
||||
- Click "New SSH key"
|
||||
- Select **Key type: Signing Key** (important)
|
||||
- Paste the contents of `~/.ssh/signing_key.pub`
|
||||
|
||||
3. Add the **private key** to your repository secrets:
|
||||
|
||||
- Go to your repo → Settings → Secrets and variables → Actions
|
||||
- Create a new secret named `SSH_SIGNING_KEY`
|
||||
- Paste the contents of `~/.ssh/signing_key`
|
||||
|
||||
4. Get your GitHub user ID:
|
||||
|
||||
```bash
|
||||
gh api users/YOUR_USERNAME --jq '.id'
|
||||
```
|
||||
|
||||
5. Update your workflow with `bot_id` and `bot_name` matching the account where you added the signing key.
|
||||
|
||||
**Note:** If both `ssh_signing_key` and `use_commit_signing` are provided, `ssh_signing_key` takes precedence.
|
||||
Commits made by Claude through this action are no longer automatically signed with commit signatures. To enable commit signing set `use_commit_signing: True` in the workflow(s). This ensures the authenticity and integrity of commits, providing a verifiable trail of changes made by the action.
|
||||
|
||||
## ⚠️ Authentication Protection
|
||||
|
||||
|
||||
@@ -58,7 +58,6 @@ jobs:
|
||||
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No\* | - |
|
||||
| `prompt` | Instructions for Claude. Can be a direct prompt or custom template for automation workflows | No | - |
|
||||
| `track_progress` | Force tag mode with tracking comments. Only works with specific PR/issue events. Preserves GitHub context | No | `false` |
|
||||
| `include_fix_links` | Include 'Fix this' links in PR code review feedback that open Claude Code with context to fix the identified issue | No | `true` |
|
||||
| `claude_args` | Additional [arguments to pass directly to Claude CLI](https://docs.claude.com/en/docs/claude-code/cli-reference#cli-flags) (e.g., `--max-turns 10 --model claude-4-0-sonnet-20250805`) | No | "" |
|
||||
| `base_branch` | The base branch to use for creating new branches (e.g., 'main', 'develop') | No | - |
|
||||
| `use_sticky_comment` | Use just one comment to deliver PR comments (only applies for pull_request event workflows) | No | `false` |
|
||||
@@ -71,10 +70,9 @@ jobs:
|
||||
| `branch_prefix` | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format) | No | `claude/` |
|
||||
| `settings` | Claude Code settings as JSON string or path to settings JSON file | No | "" |
|
||||
| `additional_permissions` | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results | No | "" |
|
||||
| `use_commit_signing` | Enable commit signing using GitHub's API. Simple but cannot perform complex git operations like rebasing. See [Security](./security.md#commit-signing) | No | `false` |
|
||||
| `ssh_signing_key` | SSH private key for signing commits. Enables signed commits with full git CLI support (rebasing, etc.). See [Security](./security.md#commit-signing) | No | "" |
|
||||
| `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID). Required with `ssh_signing_key` for verified commits | No | `41898282` |
|
||||
| `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name). Required with `ssh_signing_key` for verified commits | No | `claude[bot]` |
|
||||
| `use_commit_signing` | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands | No | `false` |
|
||||
| `bot_id` | GitHub user ID to use for git operations (defaults to Claude's bot ID) | No | `41898282` |
|
||||
| `bot_name` | GitHub username to use for git operations (defaults to Claude's bot name) | No | `claude[bot]` |
|
||||
| `allowed_bots` | Comma-separated list of allowed bot usernames, or '\*' to allow all bots. Empty string (default) allows no bots | No | "" |
|
||||
| `allowed_non_write_users` | **⚠️ RISKY**: Comma-separated list of usernames to allow without write permissions, or '\*' for all users. Only works with `github_token` input. See [Security](./security.md) | No | "" |
|
||||
| `path_to_claude_code_executable` | Optional path to a custom Claude Code executable. Skips automatic installation. Useful for Nix, custom containers, or specialized environments | No | "" |
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.10.1",
|
||||
"@actions/github": "^6.0.1",
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.2.4",
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.1.74",
|
||||
"@modelcontextprotocol/sdk": "^1.11.0",
|
||||
"@octokit/graphql": "^8.2.2",
|
||||
"@octokit/rest": "^21.1.1",
|
||||
|
||||
@@ -21,12 +21,8 @@ import type { ParsedGitHubContext } from "../github/context";
|
||||
import type { CommonFields, PreparedContext, EventData } from "./types";
|
||||
import { GITHUB_SERVER_URL } from "../github/api/config";
|
||||
import type { Mode, ModeContext } from "../modes/types";
|
||||
import { extractUserRequest } from "../utils/extract-user-request";
|
||||
export type { CommonFields, PreparedContext } from "./types";
|
||||
|
||||
/** Filename for the user request file, read by the SDK runner */
|
||||
const USER_REQUEST_FILENAME = "claude-user-request.txt";
|
||||
|
||||
// Tag mode defaults - these tools are needed for tag mode to function
|
||||
const BASE_ALLOWED_TOOLS = [
|
||||
"Edit",
|
||||
@@ -738,13 +734,7 @@ ${eventData.eventName === "issue_comment" || eventData.eventName === "pull_reque
|
||||
- Reference specific code sections with file paths and line numbers${eventData.isPR ? `\n - AFTER reading files and analyzing code, you MUST call mcp__github_comment__update_claude_comment to post your review` : ""}
|
||||
- Formulate a concise, technical, and helpful response based on the context.
|
||||
- Reference specific code with inline formatting or code blocks.
|
||||
- Include relevant file paths and line numbers when applicable.${
|
||||
eventData.isPR && context.githubContext?.inputs.includeFixLinks
|
||||
? `
|
||||
- When identifying issues that could be fixed, include an inline link: [Fix this →](https://claude.ai/code?q=<URI_ENCODED_INSTRUCTIONS>&repo=${context.repository})
|
||||
The query should be URI-encoded and include enough context for Claude Code to understand and fix the issue (file path, line numbers, branch name, what needs to change).`
|
||||
: ""
|
||||
}
|
||||
- Include relevant file paths and line numbers when applicable.
|
||||
- ${eventData.isPR ? `IMPORTANT: Submit your review feedback by updating the Claude comment using mcp__github_comment__update_claude_comment. This will be displayed as your PR review.` : `Remember that this feedback must be posted to the GitHub comment using mcp__github_comment__update_claude_comment.`}
|
||||
|
||||
B. For Straightforward Changes:
|
||||
@@ -852,54 +842,77 @@ f. If you are unable to complete certain steps, such as running a linter or test
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts the user's request from the prepared context and GitHub data.
|
||||
*
|
||||
* This is used to send the user's actual command/request as a separate
|
||||
* content block, enabling slash command processing in the CLI.
|
||||
*
|
||||
* @param context - The prepared context containing event data and trigger phrase
|
||||
* @param githubData - The fetched GitHub data containing issue/PR body content
|
||||
* @returns The extracted user request text (e.g., "/review-pr" or "fix this bug"),
|
||||
* or null for assigned/labeled events without an explicit trigger in the body
|
||||
*
|
||||
* @example
|
||||
* // Comment event: "@claude /review-pr" -> returns "/review-pr"
|
||||
* // Issue body with "@claude fix this" -> returns "fix this"
|
||||
* // Issue assigned without @claude in body -> returns null
|
||||
* Result of generating prompt content
|
||||
*/
|
||||
function extractUserRequestFromContext(
|
||||
context: PreparedContext,
|
||||
export type PromptResult = {
|
||||
promptContent: string;
|
||||
allowedTools: string;
|
||||
disallowedTools: string;
|
||||
};
|
||||
|
||||
/**
|
||||
* Generate prompt content and tool configurations.
|
||||
* This function can be used directly without side effects (no file writes, no env vars).
|
||||
*/
|
||||
export function generatePromptContent(
|
||||
mode: Mode,
|
||||
modeContext: ModeContext,
|
||||
githubData: FetchDataResult,
|
||||
): string | null {
|
||||
const { eventData, triggerPhrase } = context;
|
||||
|
||||
// For comment events, extract from comment body
|
||||
if (
|
||||
"commentBody" in eventData &&
|
||||
eventData.commentBody &&
|
||||
(eventData.eventName === "issue_comment" ||
|
||||
eventData.eventName === "pull_request_review_comment" ||
|
||||
eventData.eventName === "pull_request_review")
|
||||
) {
|
||||
return extractUserRequest(eventData.commentBody, triggerPhrase);
|
||||
}
|
||||
|
||||
// For issue/PR events triggered by body content, extract from the body
|
||||
if (githubData.contextData?.body) {
|
||||
const request = extractUserRequest(
|
||||
githubData.contextData.body,
|
||||
triggerPhrase,
|
||||
);
|
||||
if (request) {
|
||||
return request;
|
||||
context: ParsedGitHubContext,
|
||||
): PromptResult {
|
||||
// Prepare the context for prompt generation
|
||||
let claudeCommentId: string = "";
|
||||
if (mode.name === "tag") {
|
||||
if (!modeContext.commentId) {
|
||||
throw new Error(
|
||||
`${mode.name} mode requires a comment ID for prompt generation`,
|
||||
);
|
||||
}
|
||||
claudeCommentId = modeContext.commentId.toString();
|
||||
}
|
||||
|
||||
// For assigned/labeled events without explicit trigger in body,
|
||||
// return null to indicate the full context should be used
|
||||
return null;
|
||||
const preparedContext = prepareContext(
|
||||
context,
|
||||
claudeCommentId,
|
||||
modeContext.baseBranch,
|
||||
modeContext.claudeBranch,
|
||||
);
|
||||
|
||||
// Generate the prompt directly
|
||||
const promptContent = generatePrompt(
|
||||
preparedContext,
|
||||
githubData,
|
||||
context.inputs.useCommitSigning,
|
||||
mode,
|
||||
);
|
||||
|
||||
// Get mode-specific tools
|
||||
const modeAllowedTools = mode.getAllowedTools();
|
||||
const modeDisallowedTools = mode.getDisallowedTools();
|
||||
|
||||
const hasActionsReadPermission = false;
|
||||
const allowedTools = buildAllowedToolsString(
|
||||
modeAllowedTools,
|
||||
hasActionsReadPermission,
|
||||
context.inputs.useCommitSigning,
|
||||
);
|
||||
const disallowedTools = buildDisallowedToolsString(
|
||||
modeDisallowedTools,
|
||||
modeAllowedTools,
|
||||
);
|
||||
|
||||
return {
|
||||
promptContent,
|
||||
allowedTools,
|
||||
disallowedTools,
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Create prompt and write to file.
|
||||
* This is the legacy function that writes files and sets environment variables.
|
||||
* For the unified step, use generatePromptContent() instead.
|
||||
*/
|
||||
export async function createPrompt(
|
||||
mode: Mode,
|
||||
modeContext: ModeContext,
|
||||
@@ -907,82 +920,30 @@ export async function createPrompt(
|
||||
context: ParsedGitHubContext,
|
||||
) {
|
||||
try {
|
||||
// Prepare the context for prompt generation
|
||||
let claudeCommentId: string = "";
|
||||
if (mode.name === "tag") {
|
||||
if (!modeContext.commentId) {
|
||||
throw new Error(
|
||||
`${mode.name} mode requires a comment ID for prompt generation`,
|
||||
);
|
||||
}
|
||||
claudeCommentId = modeContext.commentId.toString();
|
||||
}
|
||||
|
||||
const preparedContext = prepareContext(
|
||||
context,
|
||||
claudeCommentId,
|
||||
modeContext.baseBranch,
|
||||
modeContext.claudeBranch,
|
||||
);
|
||||
|
||||
await mkdir(`${process.env.RUNNER_TEMP || "/tmp"}/claude-prompts`, {
|
||||
recursive: true,
|
||||
});
|
||||
|
||||
// Generate the prompt directly
|
||||
const promptContent = generatePrompt(
|
||||
preparedContext,
|
||||
githubData,
|
||||
context.inputs.useCommitSigning,
|
||||
const result = generatePromptContent(
|
||||
mode,
|
||||
modeContext,
|
||||
githubData,
|
||||
context,
|
||||
);
|
||||
|
||||
// Log the final prompt to console
|
||||
console.log("===== FINAL PROMPT =====");
|
||||
console.log(promptContent);
|
||||
console.log(result.promptContent);
|
||||
console.log("=======================");
|
||||
|
||||
// Write the prompt file
|
||||
await mkdir(`${process.env.RUNNER_TEMP || "/tmp"}/claude-prompts`, {
|
||||
recursive: true,
|
||||
});
|
||||
await writeFile(
|
||||
`${process.env.RUNNER_TEMP || "/tmp"}/claude-prompts/claude-prompt.txt`,
|
||||
promptContent,
|
||||
result.promptContent,
|
||||
);
|
||||
|
||||
// Extract and write the user request separately for SDK multi-block messaging
|
||||
// This allows the CLI to process slash commands (e.g., "@claude /review-pr")
|
||||
const userRequest = extractUserRequestFromContext(
|
||||
preparedContext,
|
||||
githubData,
|
||||
);
|
||||
if (userRequest) {
|
||||
await writeFile(
|
||||
`${process.env.RUNNER_TEMP || "/tmp"}/claude-prompts/${USER_REQUEST_FILENAME}`,
|
||||
userRequest,
|
||||
);
|
||||
console.log("===== USER REQUEST =====");
|
||||
console.log(userRequest);
|
||||
console.log("========================");
|
||||
}
|
||||
|
||||
// Set allowed tools
|
||||
const hasActionsReadPermission = false;
|
||||
|
||||
// Get mode-specific tools
|
||||
const modeAllowedTools = mode.getAllowedTools();
|
||||
const modeDisallowedTools = mode.getDisallowedTools();
|
||||
|
||||
const allAllowedTools = buildAllowedToolsString(
|
||||
modeAllowedTools,
|
||||
hasActionsReadPermission,
|
||||
context.inputs.useCommitSigning,
|
||||
);
|
||||
const allDisallowedTools = buildDisallowedToolsString(
|
||||
modeDisallowedTools,
|
||||
modeAllowedTools,
|
||||
);
|
||||
|
||||
core.exportVariable("ALLOWED_TOOLS", allAllowedTools);
|
||||
core.exportVariable("DISALLOWED_TOOLS", allDisallowedTools);
|
||||
// Set environment variables
|
||||
core.exportVariable("ALLOWED_TOOLS", result.allowedTools);
|
||||
core.exportVariable("DISALLOWED_TOOLS", result.disallowedTools);
|
||||
} catch (error) {
|
||||
core.setFailed(`Create prompt failed with error: ${error}`);
|
||||
process.exit(1);
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
#!/usr/bin/env bun
|
||||
|
||||
/**
|
||||
* Cleanup SSH signing key after action completes
|
||||
* This is run as a post step for security purposes
|
||||
*/
|
||||
|
||||
import { cleanupSshSigning } from "../github/operations/git-config";
|
||||
|
||||
async function run() {
|
||||
try {
|
||||
await cleanupSshSigning();
|
||||
} catch (error) {
|
||||
// Don't fail the action if cleanup fails, just log it
|
||||
console.error("Failed to cleanup SSH signing key:", error);
|
||||
}
|
||||
}
|
||||
|
||||
if (import.meta.main) {
|
||||
run();
|
||||
}
|
||||
@@ -26,7 +26,6 @@ export function collectActionInputsPresence(): void {
|
||||
max_turns: "",
|
||||
use_sticky_comment: "false",
|
||||
use_commit_signing: "false",
|
||||
ssh_signing_key: "",
|
||||
};
|
||||
|
||||
const allInputsJson = process.env.ALL_INPUTS;
|
||||
|
||||
186
src/entrypoints/run.ts
Normal file
186
src/entrypoints/run.ts
Normal file
@@ -0,0 +1,186 @@
|
||||
#!/usr/bin/env bun
|
||||
|
||||
/**
|
||||
* Unified entry point for the Claude action.
|
||||
*
|
||||
* This combines the prepare and run phases into a single step,
|
||||
* passing data directly in-memory instead of via files and outputs.
|
||||
*/
|
||||
|
||||
import * as core from "@actions/core";
|
||||
import { setupGitHubToken } from "../github/token";
|
||||
import { checkWritePermissions } from "../github/validation/permissions";
|
||||
import { createOctokit } from "../github/api/client";
|
||||
import { parseGitHubContext, isEntityContext } from "../github/context";
|
||||
import { getMode } from "../modes/registry";
|
||||
import { prepare } from "../prepare";
|
||||
import { collectActionInputsPresence } from "./collect-inputs";
|
||||
import {
|
||||
runClaudeWithSdk,
|
||||
setupClaudeCodeSettings,
|
||||
installPlugins,
|
||||
parseSdkOptions,
|
||||
} from "../../base-action/src/lib";
|
||||
|
||||
async function run() {
|
||||
try {
|
||||
// ============================================
|
||||
// PHASE 1: PREPARE
|
||||
// ============================================
|
||||
|
||||
collectActionInputsPresence();
|
||||
|
||||
// Parse GitHub context first to enable mode detection
|
||||
const context = parseGitHubContext();
|
||||
|
||||
// Auto-detect mode based on context
|
||||
const mode = getMode(context);
|
||||
|
||||
// Setup GitHub token
|
||||
const githubToken = await setupGitHubToken();
|
||||
const octokit = createOctokit(githubToken);
|
||||
|
||||
// Check write permissions (only for entity contexts)
|
||||
if (isEntityContext(context)) {
|
||||
const githubTokenProvided = !!process.env.OVERRIDE_GITHUB_TOKEN;
|
||||
const hasWritePermissions = await checkWritePermissions(
|
||||
octokit.rest,
|
||||
context,
|
||||
context.inputs.allowedNonWriteUsers,
|
||||
githubTokenProvided,
|
||||
);
|
||||
if (!hasWritePermissions) {
|
||||
throw new Error(
|
||||
"Actor does not have write permissions to the repository",
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Check trigger conditions
|
||||
const containsTrigger = mode.shouldTrigger(context);
|
||||
|
||||
// Debug logging
|
||||
console.log(`Mode: ${mode.name}`);
|
||||
console.log(`Context prompt: ${context.inputs?.prompt || "NO PROMPT"}`);
|
||||
console.log(`Trigger result: ${containsTrigger}`);
|
||||
|
||||
// Set output for action.yml to check
|
||||
core.setOutput("contains_trigger", containsTrigger.toString());
|
||||
|
||||
if (!containsTrigger) {
|
||||
console.log("No trigger found, skipping remaining steps");
|
||||
core.setOutput("GITHUB_TOKEN", githubToken);
|
||||
return;
|
||||
}
|
||||
|
||||
// Run mode.prepare() - returns prompt, commentId, branchInfo, etc.
|
||||
const prepareResult = await prepare({
|
||||
context,
|
||||
octokit,
|
||||
mode,
|
||||
githubToken,
|
||||
});
|
||||
|
||||
// Set outputs that may be needed by subsequent steps
|
||||
core.setOutput("GITHUB_TOKEN", githubToken);
|
||||
if (prepareResult.commentId) {
|
||||
core.setOutput("claude_comment_id", prepareResult.commentId.toString());
|
||||
}
|
||||
core.setOutput(
|
||||
"CLAUDE_BRANCH",
|
||||
prepareResult.branchInfo.claudeBranch || "",
|
||||
);
|
||||
core.setOutput("BASE_BRANCH", prepareResult.branchInfo.baseBranch);
|
||||
|
||||
// Get system prompt from mode if available
|
||||
let appendSystemPrompt: string | undefined;
|
||||
if (mode.getSystemPrompt) {
|
||||
const modeContext = mode.prepareContext(context, {
|
||||
commentId: prepareResult.commentId,
|
||||
baseBranch: prepareResult.branchInfo.baseBranch,
|
||||
claudeBranch: prepareResult.branchInfo.claudeBranch,
|
||||
});
|
||||
appendSystemPrompt = mode.getSystemPrompt(modeContext);
|
||||
}
|
||||
|
||||
// ============================================
|
||||
// PHASE 2: SETUP
|
||||
// ============================================
|
||||
|
||||
// Setup Claude Code settings
|
||||
await setupClaudeCodeSettings(
|
||||
process.env.INPUT_SETTINGS,
|
||||
undefined, // homeDir
|
||||
);
|
||||
|
||||
// Install Claude Code plugins if specified
|
||||
await installPlugins(
|
||||
process.env.INPUT_PLUGIN_MARKETPLACES,
|
||||
process.env.INPUT_PLUGINS,
|
||||
process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE,
|
||||
);
|
||||
|
||||
// ============================================
|
||||
// PHASE 3: EXECUTE
|
||||
// ============================================
|
||||
|
||||
// Get prompt content from prepare result
|
||||
const promptContent = prepareResult.promptContent;
|
||||
if (!promptContent) {
|
||||
throw new Error("No prompt content generated by prepare phase");
|
||||
}
|
||||
|
||||
console.log("===== PROMPT CONTENT =====");
|
||||
console.log(`Prompt length: ${promptContent.length} chars`);
|
||||
console.log("==========================");
|
||||
|
||||
// Build SDK options from environment and prepare result
|
||||
const sdkOptions = parseSdkOptions({
|
||||
claudeArgs: process.env.INPUT_CLAUDE_ARGS,
|
||||
allowedTools:
|
||||
prepareResult.allowedTools || process.env.INPUT_ALLOWED_TOOLS,
|
||||
disallowedTools:
|
||||
prepareResult.disallowedTools || process.env.INPUT_DISALLOWED_TOOLS,
|
||||
maxTurns: process.env.INPUT_MAX_TURNS,
|
||||
mcpConfig: process.env.INPUT_MCP_CONFIG,
|
||||
systemPrompt: process.env.INPUT_SYSTEM_PROMPT,
|
||||
appendSystemPrompt:
|
||||
appendSystemPrompt || process.env.INPUT_APPEND_SYSTEM_PROMPT,
|
||||
claudeEnv: process.env.INPUT_CLAUDE_ENV,
|
||||
fallbackModel: process.env.INPUT_FALLBACK_MODEL,
|
||||
model: process.env.ANTHROPIC_MODEL,
|
||||
pathToClaudeCodeExecutable:
|
||||
process.env.INPUT_PATH_TO_CLAUDE_CODE_EXECUTABLE,
|
||||
showFullOutput: process.env.INPUT_SHOW_FULL_OUTPUT,
|
||||
});
|
||||
|
||||
// Run Claude with prompt string directly
|
||||
const execResult = await runClaudeWithSdk(
|
||||
{ type: "string", prompt: promptContent },
|
||||
sdkOptions,
|
||||
{ setOutputs: true },
|
||||
);
|
||||
|
||||
// Set additional outputs
|
||||
core.setOutput("execution_file", execResult.executionFile);
|
||||
core.setOutput("conclusion", execResult.conclusion);
|
||||
if (execResult.structuredOutput) {
|
||||
core.setOutput("structured_output", execResult.structuredOutput);
|
||||
}
|
||||
|
||||
if (!execResult.success) {
|
||||
core.setFailed(`Claude execution failed: ${execResult.error}`);
|
||||
process.exit(1);
|
||||
}
|
||||
} catch (error) {
|
||||
const errorMessage = error instanceof Error ? error.message : String(error);
|
||||
core.setFailed(`Run step failed with error: ${errorMessage}`);
|
||||
core.setOutput("prepare_error", errorMessage);
|
||||
core.setOutput("conclusion", "failure");
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
if (import.meta.main) {
|
||||
run();
|
||||
}
|
||||
@@ -18,11 +18,6 @@ export const PR_QUERY = `
|
||||
additions
|
||||
deletions
|
||||
state
|
||||
labels(first: 1) {
|
||||
nodes {
|
||||
name
|
||||
}
|
||||
}
|
||||
commits(first: 100) {
|
||||
totalCount
|
||||
nodes {
|
||||
@@ -106,11 +101,6 @@ export const ISSUE_QUERY = `
|
||||
updatedAt
|
||||
lastEditedAt
|
||||
state
|
||||
labels(first: 1) {
|
||||
nodes {
|
||||
name
|
||||
}
|
||||
}
|
||||
comments(first: 100) {
|
||||
nodes {
|
||||
id
|
||||
|
||||
@@ -88,16 +88,13 @@ type BaseContext = {
|
||||
labelTrigger: string;
|
||||
baseBranch?: string;
|
||||
branchPrefix: string;
|
||||
branchNameTemplate?: string;
|
||||
useStickyComment: boolean;
|
||||
useCommitSigning: boolean;
|
||||
sshSigningKey: string;
|
||||
botId: string;
|
||||
botName: string;
|
||||
allowedBots: string;
|
||||
allowedNonWriteUsers: string;
|
||||
trackProgress: boolean;
|
||||
includeFixLinks: boolean;
|
||||
};
|
||||
};
|
||||
|
||||
@@ -146,16 +143,13 @@ export function parseGitHubContext(): GitHubContext {
|
||||
labelTrigger: process.env.LABEL_TRIGGER ?? "",
|
||||
baseBranch: process.env.BASE_BRANCH,
|
||||
branchPrefix: process.env.BRANCH_PREFIX ?? "claude/",
|
||||
branchNameTemplate: process.env.BRANCH_NAME_TEMPLATE,
|
||||
useStickyComment: process.env.USE_STICKY_COMMENT === "true",
|
||||
useCommitSigning: process.env.USE_COMMIT_SIGNING === "true",
|
||||
sshSigningKey: process.env.SSH_SIGNING_KEY || "",
|
||||
botId: process.env.BOT_ID ?? String(CLAUDE_APP_BOT_ID),
|
||||
botName: process.env.BOT_NAME ?? CLAUDE_BOT_LOGIN,
|
||||
allowedBots: process.env.ALLOWED_BOTS ?? "",
|
||||
allowedNonWriteUsers: process.env.ALLOWED_NON_WRITE_USERS ?? "",
|
||||
trackProgress: process.env.TRACK_PROGRESS === "true",
|
||||
includeFixLinks: process.env.INCLUDE_FIX_LINKS === "true",
|
||||
},
|
||||
};
|
||||
|
||||
|
||||
@@ -3,8 +3,6 @@ import type { Octokits } from "../api/client";
|
||||
import { ISSUE_QUERY, PR_QUERY, USER_QUERY } from "../api/queries/github";
|
||||
import {
|
||||
isIssueCommentEvent,
|
||||
isIssuesEvent,
|
||||
isPullRequestEvent,
|
||||
isPullRequestReviewEvent,
|
||||
isPullRequestReviewCommentEvent,
|
||||
type ParsedGitHubContext,
|
||||
@@ -42,31 +40,6 @@ export function extractTriggerTimestamp(
|
||||
return undefined;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts the original title from the GitHub webhook payload.
|
||||
* This is the title as it existed when the trigger event occurred.
|
||||
*
|
||||
* @param context - Parsed GitHub context from webhook
|
||||
* @returns The original title string or undefined if not available
|
||||
*/
|
||||
export function extractOriginalTitle(
|
||||
context: ParsedGitHubContext,
|
||||
): string | undefined {
|
||||
if (isIssueCommentEvent(context)) {
|
||||
return context.payload.issue?.title;
|
||||
} else if (isPullRequestEvent(context)) {
|
||||
return context.payload.pull_request?.title;
|
||||
} else if (isPullRequestReviewEvent(context)) {
|
||||
return context.payload.pull_request?.title;
|
||||
} else if (isPullRequestReviewCommentEvent(context)) {
|
||||
return context.payload.pull_request?.title;
|
||||
} else if (isIssuesEvent(context)) {
|
||||
return context.payload.issue?.title;
|
||||
}
|
||||
|
||||
return undefined;
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters comments to only include those that existed in their final state before the trigger time.
|
||||
* This prevents malicious actors from editing comments after the trigger to inject harmful content.
|
||||
@@ -173,7 +146,6 @@ type FetchDataParams = {
|
||||
isPR: boolean;
|
||||
triggerUsername?: string;
|
||||
triggerTime?: string;
|
||||
originalTitle?: string;
|
||||
};
|
||||
|
||||
export type GitHubFileWithSHA = GitHubFile & {
|
||||
@@ -197,7 +169,6 @@ export async function fetchGitHubData({
|
||||
isPR,
|
||||
triggerUsername,
|
||||
triggerTime,
|
||||
originalTitle,
|
||||
}: FetchDataParams): Promise<FetchDataResult> {
|
||||
const [owner, repo] = repository.split("/");
|
||||
if (!owner || !repo) {
|
||||
@@ -383,11 +354,6 @@ export async function fetchGitHubData({
|
||||
triggerDisplayName = await fetchUserDisplayName(octokits, triggerUsername);
|
||||
}
|
||||
|
||||
// Use the original title from the webhook payload if provided
|
||||
if (originalTitle !== undefined) {
|
||||
contextData.title = originalTitle;
|
||||
}
|
||||
|
||||
return {
|
||||
contextData,
|
||||
comments,
|
||||
|
||||
@@ -14,8 +14,7 @@ export function formatContext(
|
||||
): string {
|
||||
if (isPR) {
|
||||
const prData = contextData as GitHubPullRequest;
|
||||
const sanitizedTitle = sanitizeContent(prData.title);
|
||||
return `PR Title: ${sanitizedTitle}
|
||||
return `PR Title: ${prData.title}
|
||||
PR Author: ${prData.author.login}
|
||||
PR Branch: ${prData.headRefName} -> ${prData.baseRefName}
|
||||
PR State: ${prData.state}
|
||||
@@ -25,8 +24,7 @@ Total Commits: ${prData.commits.totalCount}
|
||||
Changed Files: ${prData.files.nodes.length} files`;
|
||||
} else {
|
||||
const issueData = contextData as GitHubIssue;
|
||||
const sanitizedTitle = sanitizeContent(issueData.title);
|
||||
return `Issue Title: ${sanitizedTitle}
|
||||
return `Issue Title: ${issueData.title}
|
||||
Issue Author: ${issueData.author.login}
|
||||
Issue State: ${issueData.state}`;
|
||||
}
|
||||
|
||||
@@ -6,22 +6,12 @@
|
||||
* - For Issues: Create a new branch
|
||||
*/
|
||||
|
||||
import { $ } from "bun";
|
||||
import { execFileSync } from "child_process";
|
||||
import * as core from "@actions/core";
|
||||
import type { ParsedGitHubContext } from "../context";
|
||||
import type { GitHubPullRequest } from "../types";
|
||||
import type { Octokits } from "../api/client";
|
||||
import type { FetchDataResult } from "../data/fetcher";
|
||||
import { generateBranchName } from "../../utils/branch-template";
|
||||
|
||||
/**
|
||||
* Extracts the first label from GitHub data, or returns undefined if no labels exist
|
||||
*/
|
||||
function extractFirstLabel(githubData: FetchDataResult): string | undefined {
|
||||
const labels = githubData.contextData.labels?.nodes;
|
||||
return labels && labels.length > 0 ? labels[0]?.name : undefined;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates a git branch name against a strict whitelist pattern.
|
||||
@@ -135,7 +125,7 @@ export async function setupBranch(
|
||||
): Promise<BranchInfo> {
|
||||
const { owner, repo } = context.repository;
|
||||
const entityNumber = context.entityNumber;
|
||||
const { baseBranch, branchPrefix, branchNameTemplate } = context.inputs;
|
||||
const { baseBranch, branchPrefix } = context.inputs;
|
||||
const isPR = context.isPR;
|
||||
|
||||
if (isPR) {
|
||||
@@ -201,8 +191,17 @@ export async function setupBranch(
|
||||
// Generate branch name for either an issue or closed/merged PR
|
||||
const entityType = isPR ? "pr" : "issue";
|
||||
|
||||
// Get the SHA of the source branch to use in template
|
||||
let sourceSHA: string | undefined;
|
||||
// Create Kubernetes-compatible timestamp: lowercase, hyphens only, shorter format
|
||||
const now = new Date();
|
||||
const timestamp = `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}-${String(now.getHours()).padStart(2, "0")}${String(now.getMinutes()).padStart(2, "0")}`;
|
||||
|
||||
// Ensure branch name is Kubernetes-compatible:
|
||||
// - Lowercase only
|
||||
// - Alphanumeric with hyphens
|
||||
// - No underscores
|
||||
// - Max 50 chars (to allow for prefixes)
|
||||
const branchName = `${branchPrefix}${entityType}-${entityNumber}-${timestamp}`;
|
||||
const newBranch = branchName.toLowerCase().substring(0, 50);
|
||||
|
||||
try {
|
||||
// Get the SHA of the source branch to verify it exists
|
||||
@@ -212,46 +211,8 @@ export async function setupBranch(
|
||||
ref: `heads/${sourceBranch}`,
|
||||
});
|
||||
|
||||
sourceSHA = sourceBranchRef.data.object.sha;
|
||||
console.log(`Source branch SHA: ${sourceSHA}`);
|
||||
|
||||
// Extract first label from GitHub data
|
||||
const firstLabel = extractFirstLabel(githubData);
|
||||
|
||||
// Extract title from GitHub data
|
||||
const title = githubData.contextData.title;
|
||||
|
||||
// Generate branch name using template or default format
|
||||
let newBranch = generateBranchName(
|
||||
branchNameTemplate,
|
||||
branchPrefix,
|
||||
entityType,
|
||||
entityNumber,
|
||||
sourceSHA,
|
||||
firstLabel,
|
||||
title,
|
||||
);
|
||||
|
||||
// Check if generated branch already exists on remote
|
||||
try {
|
||||
await $`git ls-remote --exit-code origin refs/heads/${newBranch}`.quiet();
|
||||
|
||||
// If we get here, branch exists (exit code 0)
|
||||
console.log(
|
||||
`Branch '${newBranch}' already exists, falling back to default format`,
|
||||
);
|
||||
newBranch = generateBranchName(
|
||||
undefined, // Force default template
|
||||
branchPrefix,
|
||||
entityType,
|
||||
entityNumber,
|
||||
sourceSHA,
|
||||
firstLabel,
|
||||
title,
|
||||
);
|
||||
} catch {
|
||||
// Branch doesn't exist (non-zero exit code), continue with generated name
|
||||
}
|
||||
const currentSHA = sourceBranchRef.data.object.sha;
|
||||
console.log(`Source branch SHA: ${currentSHA}`);
|
||||
|
||||
// For commit signing, defer branch creation to the file ops server
|
||||
if (context.inputs.useCommitSigning) {
|
||||
|
||||
@@ -6,14 +6,9 @@
|
||||
*/
|
||||
|
||||
import { $ } from "bun";
|
||||
import { mkdir, writeFile, rm } from "fs/promises";
|
||||
import { join } from "path";
|
||||
import { homedir } from "os";
|
||||
import type { GitHubContext } from "../context";
|
||||
import { GITHUB_SERVER_URL } from "../api/config";
|
||||
|
||||
const SSH_SIGNING_KEY_PATH = join(homedir(), ".ssh", "claude_signing_key");
|
||||
|
||||
type GitUser = {
|
||||
login: string;
|
||||
id: number;
|
||||
@@ -59,50 +54,3 @@ export async function configureGitAuth(
|
||||
|
||||
console.log("Git authentication configured successfully");
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure git to use SSH signing for commits
|
||||
* This is an alternative to GitHub API-based commit signing (use_commit_signing)
|
||||
*/
|
||||
export async function setupSshSigning(sshSigningKey: string): Promise<void> {
|
||||
console.log("Configuring SSH signing for commits...");
|
||||
|
||||
// Validate SSH key format
|
||||
if (!sshSigningKey.trim()) {
|
||||
throw new Error("SSH signing key cannot be empty");
|
||||
}
|
||||
if (
|
||||
!sshSigningKey.includes("BEGIN") ||
|
||||
!sshSigningKey.includes("PRIVATE KEY")
|
||||
) {
|
||||
throw new Error("Invalid SSH private key format");
|
||||
}
|
||||
|
||||
// Create .ssh directory with secure permissions (700)
|
||||
const sshDir = join(homedir(), ".ssh");
|
||||
await mkdir(sshDir, { recursive: true, mode: 0o700 });
|
||||
|
||||
// Write the signing key atomically with secure permissions (600)
|
||||
await writeFile(SSH_SIGNING_KEY_PATH, sshSigningKey, { mode: 0o600 });
|
||||
console.log(`✓ SSH signing key written to ${SSH_SIGNING_KEY_PATH}`);
|
||||
|
||||
// Configure git to use SSH signing
|
||||
await $`git config gpg.format ssh`;
|
||||
await $`git config user.signingkey ${SSH_SIGNING_KEY_PATH}`;
|
||||
await $`git config commit.gpgsign true`;
|
||||
|
||||
console.log("✓ Git configured to use SSH signing for commits");
|
||||
}
|
||||
|
||||
/**
|
||||
* Clean up the SSH signing key file
|
||||
* Should be called in the post step for security
|
||||
*/
|
||||
export async function cleanupSshSigning(): Promise<void> {
|
||||
try {
|
||||
await rm(SSH_SIGNING_KEY_PATH, { force: true });
|
||||
console.log("✓ SSH signing key cleaned up");
|
||||
} catch (error) {
|
||||
console.log("No SSH signing key to clean up");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -63,11 +63,6 @@ export type GitHubPullRequest = {
|
||||
additions: number;
|
||||
deletions: number;
|
||||
state: string;
|
||||
labels: {
|
||||
nodes: Array<{
|
||||
name: string;
|
||||
}>;
|
||||
};
|
||||
commits: {
|
||||
totalCount: number;
|
||||
nodes: Array<{
|
||||
@@ -93,11 +88,6 @@ export type GitHubIssue = {
|
||||
updatedAt?: string;
|
||||
lastEditedAt?: string;
|
||||
state: string;
|
||||
labels: {
|
||||
nodes: Array<{
|
||||
name: string;
|
||||
}>;
|
||||
};
|
||||
comments: {
|
||||
nodes: GitHubComment[];
|
||||
};
|
||||
|
||||
@@ -10,11 +10,6 @@ import {
|
||||
isPullRequestReviewCommentEvent,
|
||||
} from "../context";
|
||||
import type { ParsedGitHubContext } from "../context";
|
||||
import {
|
||||
detectActionableSuggestion,
|
||||
isCommentActionableForAutofix,
|
||||
type ActionableSuggestionResult,
|
||||
} from "../../utils/detect-actionable-suggestion";
|
||||
|
||||
export function checkContainsTrigger(context: ParsedGitHubContext): boolean {
|
||||
const {
|
||||
@@ -151,89 +146,3 @@ export async function checkTriggerAction(context: ParsedGitHubContext) {
|
||||
core.setOutput("contains_trigger", containsTrigger.toString());
|
||||
return containsTrigger;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the context contains an actionable suggestion that can be automatically fixed.
|
||||
* This is useful for autofix workflows that want to respond to code review suggestions,
|
||||
* even when they come from bot accounts like claude[bot].
|
||||
*
|
||||
* @param context - The parsed GitHub context
|
||||
* @returns Detection result with confidence level and reason
|
||||
*/
|
||||
export function checkContainsActionableSuggestion(
|
||||
context: ParsedGitHubContext,
|
||||
): ActionableSuggestionResult {
|
||||
// Extract comment body based on event type
|
||||
let commentBody: string | undefined;
|
||||
|
||||
if (isPullRequestReviewCommentEvent(context)) {
|
||||
commentBody = context.payload.comment.body;
|
||||
} else if (isIssueCommentEvent(context)) {
|
||||
commentBody = context.payload.comment.body;
|
||||
} else if (isPullRequestReviewEvent(context)) {
|
||||
commentBody = context.payload.review.body ?? undefined;
|
||||
}
|
||||
|
||||
return detectActionableSuggestion(commentBody);
|
||||
}
|
||||
|
||||
/**
|
||||
* Enhanced trigger check that also considers actionable suggestions.
|
||||
* This function first checks for the standard trigger phrase, and if not found,
|
||||
* optionally checks for actionable suggestions when `checkSuggestions` is true.
|
||||
*
|
||||
* @param context - The parsed GitHub context
|
||||
* @param checkSuggestions - Whether to also check for actionable suggestions (default: false)
|
||||
* @returns Whether the action should be triggered
|
||||
*/
|
||||
export function checkContainsTriggerOrActionableSuggestion(
|
||||
context: ParsedGitHubContext,
|
||||
checkSuggestions: boolean = false,
|
||||
): boolean {
|
||||
// First, check for standard trigger
|
||||
if (checkContainsTrigger(context)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// If checkSuggestions is enabled, also check for actionable suggestions
|
||||
if (checkSuggestions) {
|
||||
const suggestionResult = checkContainsActionableSuggestion(context);
|
||||
if (suggestionResult.isActionable) {
|
||||
console.log(
|
||||
`Comment contains actionable suggestion: ${suggestionResult.reason} (confidence: ${suggestionResult.confidence})`,
|
||||
);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a PR comment is actionable for autofix purposes.
|
||||
* This is a convenience function for workflows that want to automatically
|
||||
* apply suggestions from code review comments.
|
||||
*
|
||||
* @param context - The parsed GitHub context
|
||||
* @returns Whether the comment should be treated as actionable for autofix
|
||||
*/
|
||||
export function checkIsActionableForAutofix(
|
||||
context: ParsedGitHubContext,
|
||||
): boolean {
|
||||
// Only applicable to PR review comment events
|
||||
if (!isPullRequestReviewCommentEvent(context)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const commentBody = context.payload.comment.body;
|
||||
const authorUsername = context.payload.comment.user?.login;
|
||||
|
||||
return isCommentActionableForAutofix(commentBody, authorUsername);
|
||||
}
|
||||
|
||||
// Re-export the types and functions from the utility module for convenience
|
||||
export {
|
||||
detectActionableSuggestion,
|
||||
isCommentActionableForAutofix,
|
||||
type ActionableSuggestionResult,
|
||||
} from "../../utils/detect-actionable-suggestion";
|
||||
|
||||
@@ -4,12 +4,11 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
||||
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
|
||||
import { z } from "zod";
|
||||
import { readFile, stat } from "fs/promises";
|
||||
import { resolve } from "path";
|
||||
import { join } from "path";
|
||||
import { constants } from "fs";
|
||||
import fetch from "node-fetch";
|
||||
import { GITHUB_API_URL } from "../github/api/config";
|
||||
import { retryWithBackoff } from "../utils/retry";
|
||||
import { validatePathWithinRepo } from "./path-validation";
|
||||
|
||||
type GitHubRef = {
|
||||
object: {
|
||||
@@ -214,18 +213,12 @@ server.tool(
|
||||
throw new Error("GITHUB_TOKEN environment variable is required");
|
||||
}
|
||||
|
||||
// Validate all paths are within repository root and get full/relative paths
|
||||
const resolvedRepoDir = resolve(REPO_DIR);
|
||||
const validatedFiles = await Promise.all(
|
||||
files.map(async (filePath) => {
|
||||
const fullPath = await validatePathWithinRepo(filePath, REPO_DIR);
|
||||
// Calculate the relative path for the git tree entry
|
||||
// Use the original filePath (normalized) for the git path, not the symlink-resolved path
|
||||
const normalizedPath = resolve(resolvedRepoDir, filePath);
|
||||
const relativePath = normalizedPath.slice(resolvedRepoDir.length + 1);
|
||||
return { fullPath, relativePath };
|
||||
}),
|
||||
);
|
||||
const processedFiles = files.map((filePath) => {
|
||||
if (filePath.startsWith("/")) {
|
||||
return filePath.slice(1);
|
||||
}
|
||||
return filePath;
|
||||
});
|
||||
|
||||
// 1. Get the branch reference (create if doesn't exist)
|
||||
const baseSha = await getOrCreateBranchRef(
|
||||
@@ -254,14 +247,18 @@ server.tool(
|
||||
|
||||
// 3. Create tree entries for all files
|
||||
const treeEntries = await Promise.all(
|
||||
validatedFiles.map(async ({ fullPath, relativePath }) => {
|
||||
processedFiles.map(async (filePath) => {
|
||||
const fullPath = filePath.startsWith("/")
|
||||
? filePath
|
||||
: join(REPO_DIR, filePath);
|
||||
|
||||
// Get the proper file mode based on file permissions
|
||||
const fileMode = await getFileMode(fullPath);
|
||||
|
||||
// Check if file is binary (images, etc.)
|
||||
const isBinaryFile =
|
||||
/\.(png|jpg|jpeg|gif|webp|ico|pdf|zip|tar|gz|exe|bin|woff|woff2|ttf|eot)$/i.test(
|
||||
relativePath,
|
||||
filePath,
|
||||
);
|
||||
|
||||
if (isBinaryFile) {
|
||||
@@ -287,7 +284,7 @@ server.tool(
|
||||
if (!blobResponse.ok) {
|
||||
const errorText = await blobResponse.text();
|
||||
throw new Error(
|
||||
`Failed to create blob for ${relativePath}: ${blobResponse.status} - ${errorText}`,
|
||||
`Failed to create blob for ${filePath}: ${blobResponse.status} - ${errorText}`,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -295,7 +292,7 @@ server.tool(
|
||||
|
||||
// Return tree entry with blob SHA
|
||||
return {
|
||||
path: relativePath,
|
||||
path: filePath,
|
||||
mode: fileMode,
|
||||
type: "blob",
|
||||
sha: blobData.sha,
|
||||
@@ -304,7 +301,7 @@ server.tool(
|
||||
// For text files, include content directly in tree
|
||||
const content = await readFile(fullPath, "utf-8");
|
||||
return {
|
||||
path: relativePath,
|
||||
path: filePath,
|
||||
mode: fileMode,
|
||||
type: "blob",
|
||||
content: content,
|
||||
@@ -424,9 +421,7 @@ server.tool(
|
||||
author: newCommitData.author.name,
|
||||
date: newCommitData.author.date,
|
||||
},
|
||||
files: validatedFiles.map(({ relativePath }) => ({
|
||||
path: relativePath,
|
||||
})),
|
||||
files: processedFiles.map((path) => ({ path })),
|
||||
tree: {
|
||||
sha: treeData.sha,
|
||||
},
|
||||
|
||||
@@ -1,64 +0,0 @@
|
||||
import { realpath } from "fs/promises";
|
||||
import { resolve, sep } from "path";
|
||||
|
||||
/**
|
||||
* Validates that a file path resolves within the repository root.
|
||||
* Prevents path traversal attacks via "../" sequences and symlinks.
|
||||
* @param filePath - The file path to validate (can be relative or absolute)
|
||||
* @param repoRoot - The repository root directory
|
||||
* @returns The resolved absolute path (with symlinks resolved) if valid
|
||||
* @throws Error if the path resolves outside the repository root
|
||||
*/
|
||||
export async function validatePathWithinRepo(
|
||||
filePath: string,
|
||||
repoRoot: string,
|
||||
): Promise<string> {
|
||||
// First resolve the path string (handles .. and . segments)
|
||||
const initialPath = resolve(repoRoot, filePath);
|
||||
|
||||
// Resolve symlinks to get the real path
|
||||
// This prevents symlink attacks where a link inside the repo points outside
|
||||
let resolvedRoot: string;
|
||||
let resolvedPath: string;
|
||||
|
||||
try {
|
||||
resolvedRoot = await realpath(repoRoot);
|
||||
} catch {
|
||||
throw new Error(`Repository root '${repoRoot}' does not exist`);
|
||||
}
|
||||
|
||||
try {
|
||||
resolvedPath = await realpath(initialPath);
|
||||
} catch {
|
||||
// File doesn't exist yet - fall back to checking the parent directory
|
||||
// This handles the case where we're creating a new file
|
||||
const parentDir = resolve(initialPath, "..");
|
||||
try {
|
||||
const resolvedParent = await realpath(parentDir);
|
||||
if (
|
||||
resolvedParent !== resolvedRoot &&
|
||||
!resolvedParent.startsWith(resolvedRoot + sep)
|
||||
) {
|
||||
throw new Error(
|
||||
`Path '${filePath}' resolves outside the repository root`,
|
||||
);
|
||||
}
|
||||
// Parent is valid, return the initial path since file doesn't exist yet
|
||||
return initialPath;
|
||||
} catch {
|
||||
throw new Error(
|
||||
`Path '${filePath}' resolves outside the repository root`,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Path must be within repo root (or be the root itself)
|
||||
if (
|
||||
resolvedPath !== resolvedRoot &&
|
||||
!resolvedPath.startsWith(resolvedRoot + sep)
|
||||
) {
|
||||
throw new Error(`Path '${filePath}' resolves outside the repository root`);
|
||||
}
|
||||
|
||||
return resolvedPath;
|
||||
}
|
||||
@@ -4,10 +4,7 @@ import type { Mode, ModeOptions, ModeResult } from "../types";
|
||||
import type { PreparedContext } from "../../create-prompt/types";
|
||||
import { prepareMcpConfig } from "../../mcp/install-mcp-server";
|
||||
import { parseAllowedTools } from "./parse-tools";
|
||||
import {
|
||||
configureGitAuth,
|
||||
setupSshSigning,
|
||||
} from "../../github/operations/git-config";
|
||||
import { configureGitAuth } from "../../github/operations/git-config";
|
||||
import type { GitHubContext } from "../../github/context";
|
||||
import { isEntityContext } from "../../github/context";
|
||||
|
||||
@@ -82,27 +79,7 @@ export const agentMode: Mode = {
|
||||
|
||||
async prepare({ context, githubToken }: ModeOptions): Promise<ModeResult> {
|
||||
// Configure git authentication for agent mode (same as tag mode)
|
||||
// SSH signing takes precedence if provided
|
||||
const useSshSigning = !!context.inputs.sshSigningKey;
|
||||
const useApiCommitSigning =
|
||||
context.inputs.useCommitSigning && !useSshSigning;
|
||||
|
||||
if (useSshSigning) {
|
||||
// Setup SSH signing for commits
|
||||
await setupSshSigning(context.inputs.sshSigningKey);
|
||||
|
||||
// Still configure git auth for push operations (user/email and remote URL)
|
||||
const user = {
|
||||
login: context.inputs.botName,
|
||||
id: parseInt(context.inputs.botId),
|
||||
};
|
||||
try {
|
||||
await configureGitAuth(githubToken, context, user);
|
||||
} catch (error) {
|
||||
console.error("Failed to configure git authentication:", error);
|
||||
// Continue anyway - git operations may still work with default config
|
||||
}
|
||||
} else if (!useApiCommitSigning) {
|
||||
if (!context.inputs.useCommitSigning) {
|
||||
// Use bot_id and bot_name from inputs directly
|
||||
const user = {
|
||||
login: context.inputs.botName,
|
||||
@@ -118,16 +95,15 @@ export const agentMode: Mode = {
|
||||
}
|
||||
}
|
||||
|
||||
// Create prompt directory
|
||||
await mkdir(`${process.env.RUNNER_TEMP || "/tmp"}/claude-prompts`, {
|
||||
recursive: true,
|
||||
});
|
||||
|
||||
// Write the prompt file - use the user's prompt directly
|
||||
// Generate prompt content - use the user's prompt directly
|
||||
const promptContent =
|
||||
context.inputs.prompt ||
|
||||
`Repository: ${context.repository.owner}/${context.repository.repo}`;
|
||||
|
||||
// Also write file for backwards compatibility with current flow
|
||||
await mkdir(`${process.env.RUNNER_TEMP || "/tmp"}/claude-prompts`, {
|
||||
recursive: true,
|
||||
});
|
||||
await writeFile(
|
||||
`${process.env.RUNNER_TEMP || "/tmp"}/claude-prompts/claude-prompt.txt`,
|
||||
promptContent,
|
||||
@@ -185,6 +161,8 @@ export const agentMode: Mode = {
|
||||
claudeBranch: claudeBranch,
|
||||
},
|
||||
mcpConfig: ourMcpConfig,
|
||||
promptContent,
|
||||
// Agent mode doesn't use the same allowed/disallowed tools mechanism as tag mode
|
||||
};
|
||||
},
|
||||
|
||||
|
||||
@@ -1,33 +1,22 @@
|
||||
export function parseAllowedTools(claudeArgs: string): string[] {
|
||||
// Match --allowedTools or --allowed-tools followed by the value
|
||||
// Handle both quoted and unquoted values
|
||||
// Use /g flag to find ALL occurrences, not just the first one
|
||||
const patterns = [
|
||||
/--(?:allowedTools|allowed-tools)\s+"([^"]+)"/g, // Double quoted
|
||||
/--(?:allowedTools|allowed-tools)\s+'([^']+)'/g, // Single quoted
|
||||
/--(?:allowedTools|allowed-tools)\s+([^'"\s][^\s]*)/g, // Unquoted (must not start with quote)
|
||||
/--(?:allowedTools|allowed-tools)\s+"([^"]+)"/, // Double quoted
|
||||
/--(?:allowedTools|allowed-tools)\s+'([^']+)'/, // Single quoted
|
||||
/--(?:allowedTools|allowed-tools)\s+([^\s]+)/, // Unquoted
|
||||
];
|
||||
|
||||
const tools: string[] = [];
|
||||
const seen = new Set<string>();
|
||||
|
||||
for (const pattern of patterns) {
|
||||
for (const match of claudeArgs.matchAll(pattern)) {
|
||||
if (match[1]) {
|
||||
// Don't add if the value starts with -- (another flag)
|
||||
if (match[1].startsWith("--")) {
|
||||
continue;
|
||||
}
|
||||
for (const tool of match[1].split(",")) {
|
||||
const trimmed = tool.trim();
|
||||
if (trimmed && !seen.has(trimmed)) {
|
||||
seen.add(trimmed);
|
||||
tools.push(trimmed);
|
||||
}
|
||||
}
|
||||
const match = claudeArgs.match(pattern);
|
||||
if (match && match[1]) {
|
||||
// Don't return if the value starts with -- (another flag)
|
||||
if (match[1].startsWith("--")) {
|
||||
return [];
|
||||
}
|
||||
return match[1].split(",").map((t) => t.trim());
|
||||
}
|
||||
}
|
||||
|
||||
return tools;
|
||||
return [];
|
||||
}
|
||||
|
||||
@@ -4,17 +4,17 @@ import { checkContainsTrigger } from "../../github/validation/trigger";
|
||||
import { checkHumanActor } from "../../github/validation/actor";
|
||||
import { createInitialComment } from "../../github/operations/comments/create-initial";
|
||||
import { setupBranch } from "../../github/operations/branch";
|
||||
import {
|
||||
configureGitAuth,
|
||||
setupSshSigning,
|
||||
} from "../../github/operations/git-config";
|
||||
import { configureGitAuth } from "../../github/operations/git-config";
|
||||
import { prepareMcpConfig } from "../../mcp/install-mcp-server";
|
||||
import {
|
||||
fetchGitHubData,
|
||||
extractTriggerTimestamp,
|
||||
extractOriginalTitle,
|
||||
} from "../../github/data/fetcher";
|
||||
import { createPrompt, generateDefaultPrompt } from "../../create-prompt";
|
||||
import {
|
||||
createPrompt,
|
||||
generateDefaultPrompt,
|
||||
generatePromptContent,
|
||||
} from "../../create-prompt";
|
||||
import { isEntityContext } from "../../github/context";
|
||||
import type { PreparedContext } from "../../create-prompt/types";
|
||||
import type { FetchDataResult } from "../../github/data/fetcher";
|
||||
@@ -79,7 +79,6 @@ export const tagMode: Mode = {
|
||||
const commentId = commentData.id;
|
||||
|
||||
const triggerTime = extractTriggerTimestamp(context);
|
||||
const originalTitle = extractOriginalTitle(context);
|
||||
|
||||
const githubData = await fetchGitHubData({
|
||||
octokits: octokit,
|
||||
@@ -88,34 +87,13 @@ export const tagMode: Mode = {
|
||||
isPR: context.isPR,
|
||||
triggerUsername: context.actor,
|
||||
triggerTime,
|
||||
originalTitle,
|
||||
});
|
||||
|
||||
// Setup branch
|
||||
const branchInfo = await setupBranch(octokit, githubData, context);
|
||||
|
||||
// Configure git authentication
|
||||
// SSH signing takes precedence if provided
|
||||
const useSshSigning = !!context.inputs.sshSigningKey;
|
||||
const useApiCommitSigning =
|
||||
context.inputs.useCommitSigning && !useSshSigning;
|
||||
|
||||
if (useSshSigning) {
|
||||
// Setup SSH signing for commits
|
||||
await setupSshSigning(context.inputs.sshSigningKey);
|
||||
|
||||
// Still configure git auth for push operations (user/email and remote URL)
|
||||
const user = {
|
||||
login: context.inputs.botName,
|
||||
id: parseInt(context.inputs.botId),
|
||||
};
|
||||
try {
|
||||
await configureGitAuth(githubToken, context, user);
|
||||
} catch (error) {
|
||||
console.error("Failed to configure git authentication:", error);
|
||||
throw error;
|
||||
}
|
||||
} else if (!useApiCommitSigning) {
|
||||
// Configure git authentication if not using commit signing
|
||||
if (!context.inputs.useCommitSigning) {
|
||||
// Use bot_id and bot_name from inputs directly
|
||||
const user = {
|
||||
login: context.inputs.botName,
|
||||
@@ -130,13 +108,22 @@ export const tagMode: Mode = {
|
||||
}
|
||||
}
|
||||
|
||||
// Create prompt file
|
||||
// Create prompt
|
||||
const modeContext = this.prepareContext(context, {
|
||||
commentId,
|
||||
baseBranch: branchInfo.baseBranch,
|
||||
claudeBranch: branchInfo.claudeBranch,
|
||||
});
|
||||
|
||||
// Generate prompt content - returns data instead of writing file
|
||||
const promptResult = generatePromptContent(
|
||||
tagMode,
|
||||
modeContext,
|
||||
githubData,
|
||||
context,
|
||||
);
|
||||
|
||||
// Also write file for backwards compatibility with current flow
|
||||
await createPrompt(tagMode, modeContext, githubData, context);
|
||||
|
||||
const userClaudeArgs = process.env.CLAUDE_ARGS || "";
|
||||
@@ -161,9 +148,8 @@ export const tagMode: Mode = {
|
||||
...userAllowedMCPTools,
|
||||
];
|
||||
|
||||
// Add git commands when using git CLI (no API commit signing, or SSH signing)
|
||||
// SSH signing still uses git CLI, just with signing enabled
|
||||
if (!useApiCommitSigning) {
|
||||
// Add git commands when not using commit signing
|
||||
if (!context.inputs.useCommitSigning) {
|
||||
tagModeTools.push(
|
||||
"Bash(git add:*)",
|
||||
"Bash(git commit:*)",
|
||||
@@ -174,7 +160,7 @@ export const tagMode: Mode = {
|
||||
"Bash(git rm:*)",
|
||||
);
|
||||
} else {
|
||||
// When using API commit signing, use MCP file ops tools
|
||||
// When using commit signing, use MCP file ops tools
|
||||
tagModeTools.push(
|
||||
"mcp__github_file_ops__commit_files",
|
||||
"mcp__github_file_ops__delete_files",
|
||||
@@ -215,6 +201,9 @@ export const tagMode: Mode = {
|
||||
commentId,
|
||||
branchInfo,
|
||||
mcpConfig: ourMcpConfig,
|
||||
promptContent: promptResult.promptContent,
|
||||
allowedTools: promptResult.allowedTools,
|
||||
disallowedTools: promptResult.disallowedTools,
|
||||
};
|
||||
},
|
||||
|
||||
|
||||
@@ -97,4 +97,10 @@ export type ModeResult = {
|
||||
currentBranch: string;
|
||||
};
|
||||
mcpConfig: string;
|
||||
/** Generated prompt content for Claude */
|
||||
promptContent?: string;
|
||||
/** Comma-separated list of allowed tools */
|
||||
allowedTools?: string;
|
||||
/** Comma-separated list of disallowed tools */
|
||||
disallowedTools?: string;
|
||||
};
|
||||
|
||||
@@ -10,6 +10,12 @@ export type PrepareResult = {
|
||||
currentBranch: string;
|
||||
};
|
||||
mcpConfig: string;
|
||||
/** Generated prompt content for Claude */
|
||||
promptContent?: string;
|
||||
/** Comma-separated list of allowed tools */
|
||||
allowedTools?: string;
|
||||
/** Comma-separated list of disallowed tools */
|
||||
disallowedTools?: string;
|
||||
};
|
||||
|
||||
export type PrepareOptions = {
|
||||
|
||||
@@ -1,99 +0,0 @@
|
||||
#!/usr/bin/env bun
|
||||
|
||||
/**
|
||||
* Branch name template parsing and variable substitution utilities
|
||||
*/
|
||||
|
||||
const NUM_DESCRIPTION_WORDS = 5;
|
||||
|
||||
/**
|
||||
* Extracts the first 5 words from a title and converts them to kebab-case
|
||||
*/
|
||||
function extractDescription(
|
||||
title: string,
|
||||
numWords: number = NUM_DESCRIPTION_WORDS,
|
||||
): string {
|
||||
if (!title || title.trim() === "") {
|
||||
return "";
|
||||
}
|
||||
|
||||
return title
|
||||
.trim()
|
||||
.split(/\s+/)
|
||||
.slice(0, numWords) // Only first `numWords` words
|
||||
.join("-")
|
||||
.toLowerCase()
|
||||
.replace(/[^a-z0-9-]/g, "") // Remove non-alphanumeric except hyphens
|
||||
.replace(/-+/g, "-") // Replace multiple hyphens with single
|
||||
.replace(/^-|-$/g, ""); // Remove leading/trailing hyphens
|
||||
}
|
||||
|
||||
export interface BranchTemplateVariables {
|
||||
prefix: string;
|
||||
entityType: string;
|
||||
entityNumber: number;
|
||||
timestamp: string;
|
||||
sha?: string;
|
||||
label?: string;
|
||||
description?: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces template variables in a branch name template
|
||||
* Template format: {{variableName}}
|
||||
*/
|
||||
export function applyBranchTemplate(
|
||||
template: string,
|
||||
variables: BranchTemplateVariables,
|
||||
): string {
|
||||
let result = template;
|
||||
|
||||
// Replace each variable
|
||||
Object.entries(variables).forEach(([key, value]) => {
|
||||
const placeholder = `{{${key}}}`;
|
||||
const replacement = value ? String(value) : "";
|
||||
result = result.replaceAll(placeholder, replacement);
|
||||
});
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generates a branch name from the provided `template` and set of `variables`. Uses a default format if the template is empty or produces an empty result.
|
||||
*/
|
||||
export function generateBranchName(
|
||||
template: string | undefined,
|
||||
branchPrefix: string,
|
||||
entityType: string,
|
||||
entityNumber: number,
|
||||
sha?: string,
|
||||
label?: string,
|
||||
title?: string,
|
||||
): string {
|
||||
const now = new Date();
|
||||
|
||||
const variables: BranchTemplateVariables = {
|
||||
prefix: branchPrefix,
|
||||
entityType,
|
||||
entityNumber,
|
||||
timestamp: `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}-${String(now.getHours()).padStart(2, "0")}${String(now.getMinutes()).padStart(2, "0")}`,
|
||||
sha: sha?.substring(0, 8), // First 8 characters of SHA
|
||||
label: label || entityType, // Fall back to entityType if no label
|
||||
description: title ? extractDescription(title) : undefined,
|
||||
};
|
||||
|
||||
if (template?.trim()) {
|
||||
const branchName = applyBranchTemplate(template, variables);
|
||||
|
||||
// Some templates could produce empty results- validate
|
||||
if (branchName.trim().length > 0) return branchName;
|
||||
|
||||
console.log(
|
||||
`Branch template '${template}' generated empty result, falling back to default format`,
|
||||
);
|
||||
}
|
||||
|
||||
const branchName = `${branchPrefix}${entityType}-${entityNumber}-${variables.timestamp}`;
|
||||
// Kubernetes compatible: lowercase, max 50 chars, alphanumeric and hyphens only
|
||||
return branchName.toLowerCase().substring(0, 50);
|
||||
}
|
||||
@@ -1,213 +0,0 @@
|
||||
#!/usr/bin/env bun
|
||||
|
||||
/**
|
||||
* Detects if a PR comment contains actionable suggestions that can be automatically fixed.
|
||||
*
|
||||
* This module identifies:
|
||||
* 1. GitHub inline committable suggestions (```suggestion blocks)
|
||||
* 2. Clear bug fix suggestions with specific patterns
|
||||
* 3. Code fix recommendations with explicit changes
|
||||
*/
|
||||
|
||||
/**
|
||||
* Patterns that indicate a comment contains a GitHub inline committable suggestion.
|
||||
* These are code blocks that GitHub renders with a "Commit suggestion" button.
|
||||
*/
|
||||
const COMMITTABLE_SUGGESTION_PATTERN = /```suggestion\b[\s\S]*?```/i;
|
||||
|
||||
/**
|
||||
* Patterns that indicate a clear, actionable bug fix suggestion.
|
||||
* These phrases typically precede concrete fix recommendations.
|
||||
*/
|
||||
const BUG_FIX_PATTERNS = [
|
||||
// Direct fix suggestions
|
||||
/\bshould\s+(?:be|use|return|change\s+to)\b/i,
|
||||
/\bchange\s+(?:this\s+)?to\b/i,
|
||||
/\breplace\s+(?:this\s+)?with\b/i,
|
||||
/\buse\s+(?:this\s+)?instead\b/i,
|
||||
/\binstead\s+of\s+.*?,?\s*use\b/i,
|
||||
|
||||
// Bug identification with fix
|
||||
/\b(?:bug|issue|error|problem):\s*.*(?:fix|change|update|replace)/i,
|
||||
/\bfix(?:ed)?\s+by\s+(?:chang|replac|updat)/i,
|
||||
/\bto\s+fix\s+(?:this|the)\b/i,
|
||||
|
||||
// Explicit code changes
|
||||
/\bthe\s+(?:correct|proper|right)\s+(?:code|syntax|value|approach)\s+(?:is|would\s+be)\b/i,
|
||||
/\bshould\s+(?:read|look\s+like)\b/i,
|
||||
|
||||
// Missing/wrong patterns
|
||||
/\bmissing\s+(?:a\s+)?(?:semicolon|bracket|parenthesis|quote|import|return|await)\b/i,
|
||||
/\bextra\s+(?:semicolon|bracket|parenthesis|quote)\b/i,
|
||||
/\bwrong\s+(?:type|value|variable|import|parameter)\b/i,
|
||||
/\btypo\s+(?:in|here)\b/i,
|
||||
];
|
||||
|
||||
/**
|
||||
* Patterns that suggest code alternatives (less strong than direct fixes but still actionable).
|
||||
*/
|
||||
const CODE_ALTERNATIVE_PATTERNS = [
|
||||
/```[\w]*\n[\s\S]+?\n```/, // Any code block (might contain the fix)
|
||||
/\b(?:try|consider)\s+(?:using|changing|replacing)\b/i,
|
||||
/\bhere'?s?\s+(?:the|a)\s+(?:fix|solution|correction)\b/i,
|
||||
/\b(?:correct|fixed|updated)\s+(?:version|code|implementation)\b/i,
|
||||
];
|
||||
|
||||
export interface ActionableSuggestionResult {
|
||||
/** Whether the comment contains an actionable suggestion */
|
||||
isActionable: boolean;
|
||||
/** Whether the comment contains a GitHub inline committable suggestion */
|
||||
hasCommittableSuggestion: boolean;
|
||||
/** Whether the comment contains clear bug fix language */
|
||||
hasBugFixSuggestion: boolean;
|
||||
/** Whether the comment contains code alternatives */
|
||||
hasCodeAlternative: boolean;
|
||||
/** Confidence level: 'high', 'medium', or 'low' */
|
||||
confidence: "high" | "medium" | "low";
|
||||
/** Reason for the determination */
|
||||
reason: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Detects if a comment contains actionable suggestions that can be automatically fixed.
|
||||
*
|
||||
* @param commentBody - The body of the PR comment to analyze
|
||||
* @returns Object with detection results and confidence level
|
||||
*
|
||||
* @example
|
||||
* ```ts
|
||||
* const result = detectActionableSuggestion("```suggestion\nfixed code\n```");
|
||||
* // { isActionable: true, hasCommittableSuggestion: true, confidence: 'high', ... }
|
||||
*
|
||||
* const result2 = detectActionableSuggestion("You should use `const` instead of `let` here");
|
||||
* // { isActionable: true, hasBugFixSuggestion: true, confidence: 'medium', ... }
|
||||
* ```
|
||||
*/
|
||||
export function detectActionableSuggestion(
|
||||
commentBody: string | undefined | null,
|
||||
): ActionableSuggestionResult {
|
||||
if (!commentBody) {
|
||||
return {
|
||||
isActionable: false,
|
||||
hasCommittableSuggestion: false,
|
||||
hasBugFixSuggestion: false,
|
||||
hasCodeAlternative: false,
|
||||
confidence: "low",
|
||||
reason: "Empty or missing comment body",
|
||||
};
|
||||
}
|
||||
|
||||
// Check for GitHub inline committable suggestion (highest confidence)
|
||||
const hasCommittableSuggestion =
|
||||
COMMITTABLE_SUGGESTION_PATTERN.test(commentBody);
|
||||
if (hasCommittableSuggestion) {
|
||||
return {
|
||||
isActionable: true,
|
||||
hasCommittableSuggestion: true,
|
||||
hasBugFixSuggestion: false,
|
||||
hasCodeAlternative: false,
|
||||
confidence: "high",
|
||||
reason: "Contains GitHub inline committable suggestion (```suggestion)",
|
||||
};
|
||||
}
|
||||
|
||||
// Check for clear bug fix patterns (medium-high confidence)
|
||||
const matchedBugFixPattern = BUG_FIX_PATTERNS.find((pattern) =>
|
||||
pattern.test(commentBody),
|
||||
);
|
||||
if (matchedBugFixPattern) {
|
||||
// Higher confidence if also contains a code block
|
||||
const hasCodeBlock = CODE_ALTERNATIVE_PATTERNS[0].test(commentBody);
|
||||
return {
|
||||
isActionable: true,
|
||||
hasCommittableSuggestion: false,
|
||||
hasBugFixSuggestion: true,
|
||||
hasCodeAlternative: hasCodeBlock,
|
||||
confidence: hasCodeBlock ? "high" : "medium",
|
||||
reason: hasCodeBlock
|
||||
? "Contains clear bug fix suggestion with code example"
|
||||
: "Contains clear bug fix suggestion",
|
||||
};
|
||||
}
|
||||
|
||||
// Check for code alternatives (medium confidence)
|
||||
const matchedAlternativePattern = CODE_ALTERNATIVE_PATTERNS.find((pattern) =>
|
||||
pattern.test(commentBody),
|
||||
);
|
||||
if (matchedAlternativePattern) {
|
||||
return {
|
||||
isActionable: true,
|
||||
hasCommittableSuggestion: false,
|
||||
hasBugFixSuggestion: false,
|
||||
hasCodeAlternative: true,
|
||||
confidence: "medium",
|
||||
reason: "Contains code alternative or fix suggestion",
|
||||
};
|
||||
}
|
||||
|
||||
return {
|
||||
isActionable: false,
|
||||
hasCommittableSuggestion: false,
|
||||
hasBugFixSuggestion: false,
|
||||
hasCodeAlternative: false,
|
||||
confidence: "low",
|
||||
reason: "No actionable suggestion patterns detected",
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a comment should be treated as actionable for autofix purposes,
|
||||
* even if it comes from a bot account like claude[bot].
|
||||
*
|
||||
* This is particularly useful for workflows that want to automatically apply
|
||||
* suggestions from code review comments.
|
||||
*
|
||||
* @param commentBody - The body of the PR comment
|
||||
* @param authorUsername - The username of the comment author
|
||||
* @returns Whether the comment should be treated as actionable
|
||||
*/
|
||||
export function isCommentActionableForAutofix(
|
||||
commentBody: string | undefined | null,
|
||||
authorUsername?: string,
|
||||
): boolean {
|
||||
const result = detectActionableSuggestion(commentBody);
|
||||
|
||||
// If it's already clearly actionable (high confidence), return true
|
||||
if (result.confidence === "high") {
|
||||
return true;
|
||||
}
|
||||
|
||||
// For medium confidence, be more lenient
|
||||
if (result.confidence === "medium" && result.isActionable) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts the suggested code from a GitHub inline committable suggestion block.
|
||||
*
|
||||
* @param commentBody - The body of the PR comment
|
||||
* @returns The suggested code content, or null if no suggestion block found
|
||||
*
|
||||
* @example
|
||||
* ```ts
|
||||
* const code = extractSuggestionCode("```suggestion\nconst x = 1;\n```");
|
||||
* // "const x = 1;"
|
||||
* ```
|
||||
*/
|
||||
export function extractSuggestionCode(
|
||||
commentBody: string | undefined | null,
|
||||
): string | null {
|
||||
if (!commentBody) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const match = commentBody.match(/```suggestion\b\n?([\s\S]*?)```/i);
|
||||
if (match && match[1] !== undefined) {
|
||||
return match[1].trim();
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
@@ -1,32 +0,0 @@
|
||||
/**
|
||||
* Extracts the user's request from a trigger comment.
|
||||
*
|
||||
* Given a comment like "@claude /review-pr please check the auth module",
|
||||
* this extracts "/review-pr please check the auth module".
|
||||
*
|
||||
* @param commentBody - The full comment body containing the trigger phrase
|
||||
* @param triggerPhrase - The trigger phrase (e.g., "@claude")
|
||||
* @returns The user's request (text after the trigger phrase), or null if not found
|
||||
*/
|
||||
export function extractUserRequest(
|
||||
commentBody: string | undefined,
|
||||
triggerPhrase: string,
|
||||
): string | null {
|
||||
if (!commentBody) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// Use string operations instead of regex for better performance and security
|
||||
// (avoids potential ReDoS with large comment bodies)
|
||||
const triggerIndex = commentBody
|
||||
.toLowerCase()
|
||||
.indexOf(triggerPhrase.toLowerCase());
|
||||
if (triggerIndex === -1) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const afterTrigger = commentBody
|
||||
.substring(triggerIndex + triggerPhrase.length)
|
||||
.trim();
|
||||
return afterTrigger || null;
|
||||
}
|
||||
@@ -1,247 +0,0 @@
|
||||
#!/usr/bin/env bun
|
||||
|
||||
import { describe, it, expect } from "bun:test";
|
||||
import {
|
||||
applyBranchTemplate,
|
||||
generateBranchName,
|
||||
} from "../src/utils/branch-template";
|
||||
|
||||
describe("branch template utilities", () => {
|
||||
describe("applyBranchTemplate", () => {
|
||||
it("should replace all template variables", () => {
|
||||
const template =
|
||||
"{{prefix}}{{entityType}}-{{entityNumber}}-{{timestamp}}";
|
||||
const variables = {
|
||||
prefix: "feat/",
|
||||
entityType: "issue",
|
||||
entityNumber: 123,
|
||||
timestamp: "20240301-1430",
|
||||
sha: "abcd1234",
|
||||
};
|
||||
|
||||
const result = applyBranchTemplate(template, variables);
|
||||
expect(result).toBe("feat/issue-123-20240301-1430");
|
||||
});
|
||||
|
||||
it("should handle custom templates with multiple variables", () => {
|
||||
const template =
|
||||
"{{prefix}}fix/{{entityType}}_{{entityNumber}}_{{timestamp}}_{{sha}}";
|
||||
const variables = {
|
||||
prefix: "claude-",
|
||||
entityType: "pr",
|
||||
entityNumber: 456,
|
||||
timestamp: "20240301-1430",
|
||||
sha: "abcd1234",
|
||||
};
|
||||
|
||||
const result = applyBranchTemplate(template, variables);
|
||||
expect(result).toBe("claude-fix/pr_456_20240301-1430_abcd1234");
|
||||
});
|
||||
|
||||
it("should handle templates with missing variables gracefully", () => {
|
||||
const template = "{{prefix}}{{entityType}}-{{missing}}-{{entityNumber}}";
|
||||
const variables = {
|
||||
prefix: "feat/",
|
||||
entityType: "issue",
|
||||
entityNumber: 123,
|
||||
timestamp: "20240301-1430",
|
||||
};
|
||||
|
||||
const result = applyBranchTemplate(template, variables);
|
||||
expect(result).toBe("feat/issue-{{missing}}-123");
|
||||
});
|
||||
});
|
||||
|
||||
describe("generateBranchName", () => {
|
||||
it("should use custom template when provided", () => {
|
||||
const template = "{{prefix}}custom-{{entityType}}_{{entityNumber}}";
|
||||
const result = generateBranchName(template, "feature/", "issue", 123);
|
||||
|
||||
expect(result).toBe("feature/custom-issue_123");
|
||||
});
|
||||
|
||||
it("should use default format when template is empty", () => {
|
||||
const result = generateBranchName("", "claude/", "issue", 123);
|
||||
|
||||
expect(result).toMatch(/^claude\/issue-123-\d{8}-\d{4}$/);
|
||||
});
|
||||
|
||||
it("should use default format when template is undefined", () => {
|
||||
const result = generateBranchName(undefined, "claude/", "pr", 456);
|
||||
|
||||
expect(result).toMatch(/^claude\/pr-456-\d{8}-\d{4}$/);
|
||||
});
|
||||
|
||||
it("should preserve custom template formatting (no automatic lowercase/truncation)", () => {
|
||||
const template = "{{prefix}}UPPERCASE_Branch-Name_{{entityNumber}}";
|
||||
const result = generateBranchName(template, "Feature/", "issue", 123);
|
||||
|
||||
expect(result).toBe("Feature/UPPERCASE_Branch-Name_123");
|
||||
});
|
||||
|
||||
it("should not truncate custom template results", () => {
|
||||
const template =
|
||||
"{{prefix}}very-long-branch-name-that-exceeds-the-maximum-allowed-length-{{entityNumber}}";
|
||||
const result = generateBranchName(template, "feature/", "issue", 123);
|
||||
|
||||
expect(result).toBe(
|
||||
"feature/very-long-branch-name-that-exceeds-the-maximum-allowed-length-123",
|
||||
);
|
||||
});
|
||||
|
||||
it("should apply Kubernetes-compatible transformations to default template only", () => {
|
||||
const result = generateBranchName(undefined, "Feature/", "issue", 123);
|
||||
|
||||
expect(result).toMatch(/^feature\/issue-123-\d{8}-\d{4}$/);
|
||||
expect(result.length).toBeLessThanOrEqual(50);
|
||||
});
|
||||
|
||||
it("should handle SHA in template", () => {
|
||||
const template = "{{prefix}}{{entityType}}-{{entityNumber}}-{{sha}}";
|
||||
const result = generateBranchName(
|
||||
template,
|
||||
"fix/",
|
||||
"pr",
|
||||
789,
|
||||
"abcdef123456",
|
||||
);
|
||||
|
||||
expect(result).toBe("fix/pr-789-abcdef12");
|
||||
});
|
||||
|
||||
it("should use label in template when provided", () => {
|
||||
const template = "{{prefix}}{{label}}/{{entityNumber}}";
|
||||
const result = generateBranchName(
|
||||
template,
|
||||
"feature/",
|
||||
"issue",
|
||||
123,
|
||||
undefined,
|
||||
"bug",
|
||||
);
|
||||
|
||||
expect(result).toBe("feature/bug/123");
|
||||
});
|
||||
|
||||
it("should fallback to entityType when label template is used but no label provided", () => {
|
||||
const template = "{{prefix}}{{label}}-{{entityNumber}}";
|
||||
const result = generateBranchName(template, "fix/", "pr", 456);
|
||||
|
||||
expect(result).toBe("fix/pr-456");
|
||||
});
|
||||
|
||||
it("should handle template with both label and entityType", () => {
|
||||
const template = "{{prefix}}{{label}}-{{entityType}}_{{entityNumber}}";
|
||||
const result = generateBranchName(
|
||||
template,
|
||||
"dev/",
|
||||
"issue",
|
||||
789,
|
||||
undefined,
|
||||
"enhancement",
|
||||
);
|
||||
|
||||
expect(result).toBe("dev/enhancement-issue_789");
|
||||
});
|
||||
|
||||
it("should use description in template when provided", () => {
|
||||
const template = "{{prefix}}{{description}}/{{entityNumber}}";
|
||||
const result = generateBranchName(
|
||||
template,
|
||||
"feature/",
|
||||
"issue",
|
||||
123,
|
||||
undefined,
|
||||
undefined,
|
||||
"Fix login bug with OAuth",
|
||||
);
|
||||
|
||||
expect(result).toBe("feature/fix-login-bug-with-oauth/123");
|
||||
});
|
||||
|
||||
it("should handle template with multiple variables including description", () => {
|
||||
const template =
|
||||
"{{prefix}}{{label}}/{{description}}-{{entityType}}_{{entityNumber}}";
|
||||
const result = generateBranchName(
|
||||
template,
|
||||
"dev/",
|
||||
"issue",
|
||||
456,
|
||||
undefined,
|
||||
"bug",
|
||||
"User authentication fails completely",
|
||||
);
|
||||
|
||||
expect(result).toBe(
|
||||
"dev/bug/user-authentication-fails-completely-issue_456",
|
||||
);
|
||||
});
|
||||
|
||||
it("should handle description with special characters in template", () => {
|
||||
const template = "{{prefix}}{{description}}-{{entityNumber}}";
|
||||
const result = generateBranchName(
|
||||
template,
|
||||
"fix/",
|
||||
"pr",
|
||||
789,
|
||||
undefined,
|
||||
undefined,
|
||||
"Add: User Registration & Email Validation",
|
||||
);
|
||||
|
||||
expect(result).toBe("fix/add-user-registration-email-789");
|
||||
});
|
||||
|
||||
it("should truncate descriptions to exactly 5 words", () => {
|
||||
const result = generateBranchName(
|
||||
"{{prefix}}{{description}}/{{entityNumber}}",
|
||||
"feature/",
|
||||
"issue",
|
||||
999,
|
||||
undefined,
|
||||
undefined,
|
||||
"This is a very long title with many more than five words in it",
|
||||
);
|
||||
expect(result).toBe("feature/this-is-a-very-long/999");
|
||||
});
|
||||
|
||||
it("should handle empty description in template", () => {
|
||||
const template = "{{prefix}}{{description}}-{{entityNumber}}";
|
||||
const result = generateBranchName(
|
||||
template,
|
||||
"test/",
|
||||
"issue",
|
||||
101,
|
||||
undefined,
|
||||
undefined,
|
||||
"",
|
||||
);
|
||||
|
||||
expect(result).toBe("test/-101");
|
||||
});
|
||||
|
||||
it("should fallback to default format when template produces empty result", () => {
|
||||
const template = "{{description}}"; // Will be empty if no title provided
|
||||
const result = generateBranchName(template, "claude/", "issue", 123);
|
||||
|
||||
expect(result).toMatch(/^claude\/issue-123-\d{8}-\d{4}$/);
|
||||
expect(result.length).toBeLessThanOrEqual(50);
|
||||
});
|
||||
|
||||
it("should fallback to default format when template produces only whitespace", () => {
|
||||
const template = " {{description}} "; // Will be " " if description is empty
|
||||
const result = generateBranchName(
|
||||
template,
|
||||
"fix/",
|
||||
"pr",
|
||||
456,
|
||||
undefined,
|
||||
undefined,
|
||||
"",
|
||||
);
|
||||
|
||||
expect(result).toMatch(/^fix\/pr-456-\d{8}-\d{4}$/);
|
||||
expect(result.length).toBeLessThanOrEqual(50);
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -61,7 +61,6 @@ describe("generatePrompt", () => {
|
||||
body: "This is a test PR",
|
||||
author: { login: "testuser" },
|
||||
state: "OPEN",
|
||||
labels: { nodes: [] },
|
||||
createdAt: "2023-01-01T00:00:00Z",
|
||||
additions: 15,
|
||||
deletions: 5,
|
||||
@@ -476,7 +475,6 @@ describe("generatePrompt", () => {
|
||||
body: "The login form is not working",
|
||||
author: { login: "testuser" },
|
||||
state: "OPEN",
|
||||
labels: { nodes: [] },
|
||||
createdAt: "2023-01-01T00:00:00Z",
|
||||
comments: {
|
||||
nodes: [],
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
import { describe, expect, it, jest } from "bun:test";
|
||||
import {
|
||||
extractTriggerTimestamp,
|
||||
extractOriginalTitle,
|
||||
fetchGitHubData,
|
||||
filterCommentsToTriggerTime,
|
||||
filterReviewsToTriggerTime,
|
||||
@@ -10,7 +9,6 @@ import {
|
||||
import {
|
||||
createMockContext,
|
||||
mockIssueCommentContext,
|
||||
mockPullRequestCommentContext,
|
||||
mockPullRequestReviewContext,
|
||||
mockPullRequestReviewCommentContext,
|
||||
mockPullRequestOpenedContext,
|
||||
@@ -65,47 +63,6 @@ describe("extractTriggerTimestamp", () => {
|
||||
});
|
||||
});
|
||||
|
||||
describe("extractOriginalTitle", () => {
|
||||
it("should extract title from IssueCommentEvent on PR", () => {
|
||||
const title = extractOriginalTitle(mockPullRequestCommentContext);
|
||||
expect(title).toBe("Fix: Memory leak in user service");
|
||||
});
|
||||
|
||||
it("should extract title from PullRequestReviewEvent", () => {
|
||||
const title = extractOriginalTitle(mockPullRequestReviewContext);
|
||||
expect(title).toBe("Refactor: Improve error handling in API layer");
|
||||
});
|
||||
|
||||
it("should extract title from PullRequestReviewCommentEvent", () => {
|
||||
const title = extractOriginalTitle(mockPullRequestReviewCommentContext);
|
||||
expect(title).toBe("Performance: Optimize search algorithm");
|
||||
});
|
||||
|
||||
it("should extract title from pull_request event", () => {
|
||||
const title = extractOriginalTitle(mockPullRequestOpenedContext);
|
||||
expect(title).toBe("Feature: Add user authentication");
|
||||
});
|
||||
|
||||
it("should extract title from issues event", () => {
|
||||
const title = extractOriginalTitle(mockIssueOpenedContext);
|
||||
expect(title).toBe("Bug: Application crashes on startup");
|
||||
});
|
||||
|
||||
it("should return undefined for event without title", () => {
|
||||
const context = createMockContext({
|
||||
eventName: "issue_comment",
|
||||
payload: {
|
||||
comment: {
|
||||
id: 123,
|
||||
body: "test",
|
||||
},
|
||||
} as any,
|
||||
});
|
||||
const title = extractOriginalTitle(context);
|
||||
expect(title).toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
describe("filterCommentsToTriggerTime", () => {
|
||||
const createMockComment = (
|
||||
createdAt: string,
|
||||
@@ -988,115 +945,4 @@ describe("fetchGitHubData integration with time filtering", () => {
|
||||
);
|
||||
expect(hasPrBodyInMap).toBe(false);
|
||||
});
|
||||
|
||||
it("should use originalTitle when provided instead of fetched title", async () => {
|
||||
const mockOctokits = {
|
||||
graphql: jest.fn().mockResolvedValue({
|
||||
repository: {
|
||||
pullRequest: {
|
||||
number: 123,
|
||||
title: "Fetched Title From GraphQL",
|
||||
body: "PR body",
|
||||
author: { login: "author" },
|
||||
createdAt: "2024-01-15T10:00:00Z",
|
||||
additions: 10,
|
||||
deletions: 5,
|
||||
state: "OPEN",
|
||||
commits: { totalCount: 1, nodes: [] },
|
||||
files: { nodes: [] },
|
||||
comments: { nodes: [] },
|
||||
reviews: { nodes: [] },
|
||||
},
|
||||
},
|
||||
user: { login: "trigger-user" },
|
||||
}),
|
||||
rest: jest.fn() as any,
|
||||
};
|
||||
|
||||
const result = await fetchGitHubData({
|
||||
octokits: mockOctokits as any,
|
||||
repository: "test-owner/test-repo",
|
||||
prNumber: "123",
|
||||
isPR: true,
|
||||
triggerUsername: "trigger-user",
|
||||
originalTitle: "Original Title From Webhook",
|
||||
});
|
||||
|
||||
expect(result.contextData.title).toBe("Original Title From Webhook");
|
||||
});
|
||||
|
||||
it("should use fetched title when originalTitle is not provided", async () => {
|
||||
const mockOctokits = {
|
||||
graphql: jest.fn().mockResolvedValue({
|
||||
repository: {
|
||||
pullRequest: {
|
||||
number: 123,
|
||||
title: "Fetched Title From GraphQL",
|
||||
body: "PR body",
|
||||
author: { login: "author" },
|
||||
createdAt: "2024-01-15T10:00:00Z",
|
||||
additions: 10,
|
||||
deletions: 5,
|
||||
state: "OPEN",
|
||||
commits: { totalCount: 1, nodes: [] },
|
||||
files: { nodes: [] },
|
||||
comments: { nodes: [] },
|
||||
reviews: { nodes: [] },
|
||||
},
|
||||
},
|
||||
user: { login: "trigger-user" },
|
||||
}),
|
||||
rest: jest.fn() as any,
|
||||
};
|
||||
|
||||
const result = await fetchGitHubData({
|
||||
octokits: mockOctokits as any,
|
||||
repository: "test-owner/test-repo",
|
||||
prNumber: "123",
|
||||
isPR: true,
|
||||
triggerUsername: "trigger-user",
|
||||
});
|
||||
|
||||
expect(result.contextData.title).toBe("Fetched Title From GraphQL");
|
||||
});
|
||||
|
||||
it("should use original title from webhook even if title was edited after trigger", async () => {
|
||||
const mockOctokits = {
|
||||
graphql: jest.fn().mockResolvedValue({
|
||||
repository: {
|
||||
pullRequest: {
|
||||
number: 123,
|
||||
title: "Edited Title (from GraphQL)",
|
||||
body: "PR body",
|
||||
author: { login: "author" },
|
||||
createdAt: "2024-01-15T10:00:00Z",
|
||||
lastEditedAt: "2024-01-15T12:30:00Z", // Edited after trigger
|
||||
additions: 10,
|
||||
deletions: 5,
|
||||
state: "OPEN",
|
||||
commits: { totalCount: 1, nodes: [] },
|
||||
files: { nodes: [] },
|
||||
comments: { nodes: [] },
|
||||
reviews: { nodes: [] },
|
||||
},
|
||||
},
|
||||
user: { login: "trigger-user" },
|
||||
}),
|
||||
rest: jest.fn() as any,
|
||||
};
|
||||
|
||||
const result = await fetchGitHubData({
|
||||
octokits: mockOctokits as any,
|
||||
repository: "test-owner/test-repo",
|
||||
prNumber: "123",
|
||||
isPR: true,
|
||||
triggerUsername: "trigger-user",
|
||||
triggerTime: "2024-01-15T12:00:00Z",
|
||||
originalTitle: "Original Title (from webhook at trigger time)",
|
||||
});
|
||||
|
||||
expect(result.contextData.title).toBe(
|
||||
"Original Title (from webhook at trigger time)",
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -28,9 +28,6 @@ describe("formatContext", () => {
|
||||
additions: 50,
|
||||
deletions: 30,
|
||||
state: "OPEN",
|
||||
labels: {
|
||||
nodes: [],
|
||||
},
|
||||
commits: {
|
||||
totalCount: 3,
|
||||
nodes: [],
|
||||
@@ -66,9 +63,6 @@ Changed Files: 2 files`,
|
||||
author: { login: "test-user" },
|
||||
createdAt: "2023-01-01T00:00:00Z",
|
||||
state: "OPEN",
|
||||
labels: {
|
||||
nodes: [],
|
||||
},
|
||||
comments: {
|
||||
nodes: [],
|
||||
},
|
||||
|
||||
@@ -1,309 +0,0 @@
|
||||
import { describe, expect, it } from "bun:test";
|
||||
import {
|
||||
detectActionableSuggestion,
|
||||
isCommentActionableForAutofix,
|
||||
extractSuggestionCode,
|
||||
} from "../src/utils/detect-actionable-suggestion";
|
||||
|
||||
describe("detectActionableSuggestion", () => {
|
||||
describe("GitHub inline committable suggestions", () => {
|
||||
it("should detect suggestion blocks with high confidence", () => {
|
||||
const comment = `Here's a fix:
|
||||
\`\`\`suggestion
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasCommittableSuggestion).toBe(true);
|
||||
expect(result.confidence).toBe("high");
|
||||
expect(result.reason).toContain("committable suggestion");
|
||||
});
|
||||
|
||||
it("should detect suggestion blocks with multiple lines", () => {
|
||||
const comment = `\`\`\`suggestion
|
||||
function foo() {
|
||||
return bar();
|
||||
}
|
||||
\`\`\``;
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasCommittableSuggestion).toBe(true);
|
||||
expect(result.confidence).toBe("high");
|
||||
});
|
||||
|
||||
it("should detect suggestion blocks case-insensitively", () => {
|
||||
const comment = `\`\`\`SUGGESTION
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasCommittableSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it("should not confuse regular code blocks with suggestion blocks", () => {
|
||||
const comment = `\`\`\`javascript
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.hasCommittableSuggestion).toBe(false);
|
||||
// But it should still detect the code alternative
|
||||
expect(result.hasCodeAlternative).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe("bug fix suggestions", () => {
|
||||
it('should detect "should be" patterns', () => {
|
||||
const comment = "This should be `const` instead of `let`";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
expect(result.confidence).toBe("medium");
|
||||
});
|
||||
|
||||
it('should detect "change to" patterns', () => {
|
||||
const comment = "Change this to use async/await";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "replace with" patterns', () => {
|
||||
const comment = "Replace this with Array.from()";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "use instead" patterns', () => {
|
||||
const comment = "Use this instead of the deprecated method";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "instead of X, use Y" patterns', () => {
|
||||
const comment = "Instead of forEach, use map";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "to fix this" patterns', () => {
|
||||
const comment = "To fix this, you need to add the await keyword";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "the correct code is" patterns', () => {
|
||||
const comment = "The correct code would be: return null;";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "missing semicolon" patterns', () => {
|
||||
const comment = "Missing a semicolon at the end";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "typo" patterns', () => {
|
||||
const comment = "Typo here: teh should be the";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "wrong type" patterns', () => {
|
||||
const comment = "Wrong type here, should be string not number";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it("should have high confidence when bug fix suggestion includes code block", () => {
|
||||
const comment = `You should use const here:
|
||||
\`\`\`javascript
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasBugFixSuggestion).toBe(true);
|
||||
expect(result.hasCodeAlternative).toBe(true);
|
||||
expect(result.confidence).toBe("high");
|
||||
});
|
||||
});
|
||||
|
||||
describe("code alternatives", () => {
|
||||
it('should detect "try using" patterns', () => {
|
||||
const comment = "Try using Array.map() instead";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
});
|
||||
|
||||
it('should detect "here\'s the fix" patterns', () => {
|
||||
const comment = "Here's the fix for this issue";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
});
|
||||
|
||||
it("should detect code blocks as potential alternatives", () => {
|
||||
const comment = `Try this approach:
|
||||
\`\`\`
|
||||
const result = [];
|
||||
\`\`\``;
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasCodeAlternative).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe("non-actionable comments", () => {
|
||||
it("should not flag general questions", () => {
|
||||
const comment = "Why is this returning undefined?";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(false);
|
||||
expect(result.confidence).toBe("low");
|
||||
});
|
||||
|
||||
it("should not flag simple observations", () => {
|
||||
const comment = "This looks interesting";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(false);
|
||||
});
|
||||
|
||||
it("should not flag approval comments", () => {
|
||||
const comment = "LGTM! :+1:";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(false);
|
||||
});
|
||||
|
||||
it("should handle empty comments", () => {
|
||||
const result = detectActionableSuggestion("");
|
||||
expect(result.isActionable).toBe(false);
|
||||
expect(result.reason).toContain("Empty");
|
||||
});
|
||||
|
||||
it("should handle null comments", () => {
|
||||
const result = detectActionableSuggestion(null);
|
||||
expect(result.isActionable).toBe(false);
|
||||
});
|
||||
|
||||
it("should handle undefined comments", () => {
|
||||
const result = detectActionableSuggestion(undefined);
|
||||
expect(result.isActionable).toBe(false);
|
||||
});
|
||||
});
|
||||
|
||||
describe("edge cases", () => {
|
||||
it("should handle comments with both suggestion block and bug fix language", () => {
|
||||
const comment = `This should be fixed. Here's the suggestion:
|
||||
\`\`\`suggestion
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
const result = detectActionableSuggestion(comment);
|
||||
// Suggestion block takes precedence (high confidence)
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasCommittableSuggestion).toBe(true);
|
||||
expect(result.confidence).toBe("high");
|
||||
});
|
||||
|
||||
it("should handle very long comments", () => {
|
||||
const longContent = "a".repeat(10000);
|
||||
const comment = `${longContent}
|
||||
\`\`\`suggestion
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
expect(result.hasCommittableSuggestion).toBe(true);
|
||||
});
|
||||
|
||||
it("should handle comments with special characters", () => {
|
||||
const comment =
|
||||
"You should be using `const` here! @#$%^&* Change this to `let`";
|
||||
const result = detectActionableSuggestion(comment);
|
||||
expect(result.isActionable).toBe(true);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("isCommentActionableForAutofix", () => {
|
||||
it("should return true for high confidence suggestions", () => {
|
||||
const comment = `\`\`\`suggestion
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
expect(isCommentActionableForAutofix(comment)).toBe(true);
|
||||
});
|
||||
|
||||
it("should return true for medium confidence suggestions", () => {
|
||||
const comment = "You should use const here instead of let";
|
||||
expect(isCommentActionableForAutofix(comment)).toBe(true);
|
||||
});
|
||||
|
||||
it("should return false for non-actionable comments", () => {
|
||||
const comment = "This looks fine to me";
|
||||
expect(isCommentActionableForAutofix(comment)).toBe(false);
|
||||
});
|
||||
|
||||
it("should handle bot authors correctly", () => {
|
||||
const comment = `\`\`\`suggestion
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
// Should still return true even for bot authors
|
||||
expect(isCommentActionableForAutofix(comment, "claude[bot]")).toBe(true);
|
||||
});
|
||||
|
||||
it("should handle empty comments", () => {
|
||||
expect(isCommentActionableForAutofix("")).toBe(false);
|
||||
expect(isCommentActionableForAutofix(null)).toBe(false);
|
||||
expect(isCommentActionableForAutofix(undefined)).toBe(false);
|
||||
});
|
||||
});
|
||||
|
||||
describe("extractSuggestionCode", () => {
|
||||
it("should extract code from suggestion block", () => {
|
||||
const comment = `Here's a fix:
|
||||
\`\`\`suggestion
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
expect(extractSuggestionCode(comment)).toBe("const x = 1;");
|
||||
});
|
||||
|
||||
it("should extract multi-line code from suggestion block", () => {
|
||||
const comment = `\`\`\`suggestion
|
||||
function foo() {
|
||||
return bar();
|
||||
}
|
||||
\`\`\``;
|
||||
expect(extractSuggestionCode(comment)).toBe(
|
||||
"function foo() {\n return bar();\n}",
|
||||
);
|
||||
});
|
||||
|
||||
it("should handle empty suggestion blocks", () => {
|
||||
const comment = `\`\`\`suggestion
|
||||
\`\`\``;
|
||||
expect(extractSuggestionCode(comment)).toBe("");
|
||||
});
|
||||
|
||||
it("should return null for comments without suggestion blocks", () => {
|
||||
const comment = "Just a regular comment";
|
||||
expect(extractSuggestionCode(comment)).toBe(null);
|
||||
});
|
||||
|
||||
it("should return null for empty comments", () => {
|
||||
expect(extractSuggestionCode("")).toBe(null);
|
||||
expect(extractSuggestionCode(null)).toBe(null);
|
||||
expect(extractSuggestionCode(undefined)).toBe(null);
|
||||
});
|
||||
|
||||
it("should not extract from regular code blocks", () => {
|
||||
const comment = `\`\`\`javascript
|
||||
const x = 1;
|
||||
\`\`\``;
|
||||
expect(extractSuggestionCode(comment)).toBe(null);
|
||||
});
|
||||
});
|
||||
@@ -1,77 +0,0 @@
|
||||
import { describe, test, expect } from "bun:test";
|
||||
import { extractUserRequest } from "../src/utils/extract-user-request";
|
||||
|
||||
describe("extractUserRequest", () => {
|
||||
test("extracts text after @claude trigger", () => {
|
||||
expect(extractUserRequest("@claude /review-pr", "@claude")).toBe(
|
||||
"/review-pr",
|
||||
);
|
||||
});
|
||||
|
||||
test("extracts slash command with arguments", () => {
|
||||
expect(
|
||||
extractUserRequest(
|
||||
"@claude /review-pr please check the auth module",
|
||||
"@claude",
|
||||
),
|
||||
).toBe("/review-pr please check the auth module");
|
||||
});
|
||||
|
||||
test("handles trigger phrase with extra whitespace", () => {
|
||||
expect(extractUserRequest("@claude /review-pr", "@claude")).toBe(
|
||||
"/review-pr",
|
||||
);
|
||||
});
|
||||
|
||||
test("handles trigger phrase at start of multiline comment", () => {
|
||||
const comment = `@claude /review-pr
|
||||
Please review this PR carefully.
|
||||
Focus on security issues.`;
|
||||
expect(extractUserRequest(comment, "@claude")).toBe(
|
||||
`/review-pr
|
||||
Please review this PR carefully.
|
||||
Focus on security issues.`,
|
||||
);
|
||||
});
|
||||
|
||||
test("handles trigger phrase in middle of text", () => {
|
||||
expect(
|
||||
extractUserRequest("Hey team, @claude can you review this?", "@claude"),
|
||||
).toBe("can you review this?");
|
||||
});
|
||||
|
||||
test("returns null for empty comment body", () => {
|
||||
expect(extractUserRequest("", "@claude")).toBeNull();
|
||||
});
|
||||
|
||||
test("returns null for undefined comment body", () => {
|
||||
expect(extractUserRequest(undefined, "@claude")).toBeNull();
|
||||
});
|
||||
|
||||
test("returns null when trigger phrase not found", () => {
|
||||
expect(extractUserRequest("Please review this PR", "@claude")).toBeNull();
|
||||
});
|
||||
|
||||
test("returns null when only trigger phrase with no request", () => {
|
||||
expect(extractUserRequest("@claude", "@claude")).toBeNull();
|
||||
});
|
||||
|
||||
test("handles custom trigger phrase", () => {
|
||||
expect(extractUserRequest("/claude help me", "/claude")).toBe("help me");
|
||||
});
|
||||
|
||||
test("handles trigger phrase with special regex characters", () => {
|
||||
expect(
|
||||
extractUserRequest("@claude[bot] do something", "@claude[bot]"),
|
||||
).toBe("do something");
|
||||
});
|
||||
|
||||
test("is case insensitive", () => {
|
||||
expect(extractUserRequest("@CLAUDE /review-pr", "@claude")).toBe(
|
||||
"/review-pr",
|
||||
);
|
||||
expect(extractUserRequest("@Claude /review-pr", "@claude")).toBe(
|
||||
"/review-pr",
|
||||
);
|
||||
});
|
||||
});
|
||||
@@ -1,214 +0,0 @@
|
||||
import { describe, expect, it, beforeAll, afterAll } from "bun:test";
|
||||
import { validatePathWithinRepo } from "../src/mcp/path-validation";
|
||||
import { resolve } from "path";
|
||||
import { mkdir, writeFile, symlink, rm, realpath } from "fs/promises";
|
||||
import { tmpdir } from "os";
|
||||
|
||||
describe("validatePathWithinRepo", () => {
|
||||
// Use a real temp directory for tests that need filesystem access
|
||||
let testDir: string;
|
||||
let repoRoot: string;
|
||||
let outsideDir: string;
|
||||
// Real paths after symlink resolution (e.g., /tmp -> /private/tmp on macOS)
|
||||
let realRepoRoot: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
// Create test directory structure
|
||||
testDir = resolve(tmpdir(), `path-validation-test-${Date.now()}`);
|
||||
repoRoot = resolve(testDir, "repo");
|
||||
outsideDir = resolve(testDir, "outside");
|
||||
|
||||
await mkdir(repoRoot, { recursive: true });
|
||||
await mkdir(resolve(repoRoot, "src"), { recursive: true });
|
||||
await mkdir(outsideDir, { recursive: true });
|
||||
|
||||
// Create test files
|
||||
await writeFile(resolve(repoRoot, "file.txt"), "inside repo");
|
||||
await writeFile(resolve(repoRoot, "src", "main.js"), "console.log('hi')");
|
||||
await writeFile(resolve(outsideDir, "secret.txt"), "sensitive data");
|
||||
|
||||
// Get real paths after symlink resolution
|
||||
realRepoRoot = await realpath(repoRoot);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
// Cleanup
|
||||
await rm(testDir, { recursive: true, force: true });
|
||||
});
|
||||
|
||||
describe("valid paths", () => {
|
||||
it("should accept simple relative paths", async () => {
|
||||
const result = await validatePathWithinRepo("file.txt", repoRoot);
|
||||
expect(result).toBe(resolve(realRepoRoot, "file.txt"));
|
||||
});
|
||||
|
||||
it("should accept nested relative paths", async () => {
|
||||
const result = await validatePathWithinRepo("src/main.js", repoRoot);
|
||||
expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
|
||||
});
|
||||
|
||||
it("should accept paths with single dot segments", async () => {
|
||||
const result = await validatePathWithinRepo("./src/main.js", repoRoot);
|
||||
expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
|
||||
});
|
||||
|
||||
it("should accept paths that use .. but resolve inside repo", async () => {
|
||||
// src/../file.txt resolves to file.txt which is still inside repo
|
||||
const result = await validatePathWithinRepo("src/../file.txt", repoRoot);
|
||||
expect(result).toBe(resolve(realRepoRoot, "file.txt"));
|
||||
});
|
||||
|
||||
it("should accept absolute paths within the repo root", async () => {
|
||||
const absolutePath = resolve(repoRoot, "file.txt");
|
||||
const result = await validatePathWithinRepo(absolutePath, repoRoot);
|
||||
expect(result).toBe(resolve(realRepoRoot, "file.txt"));
|
||||
});
|
||||
|
||||
it("should accept the repo root itself", async () => {
|
||||
const result = await validatePathWithinRepo(".", repoRoot);
|
||||
expect(result).toBe(realRepoRoot);
|
||||
});
|
||||
|
||||
it("should handle new files (non-existent) in valid directories", async () => {
|
||||
const result = await validatePathWithinRepo("src/newfile.js", repoRoot);
|
||||
// For non-existent files, we validate the parent but return the initial path
|
||||
// (can't realpath a file that doesn't exist yet)
|
||||
expect(result).toBe(resolve(repoRoot, "src/newfile.js"));
|
||||
});
|
||||
});
|
||||
|
||||
describe("path traversal attacks", () => {
|
||||
it("should reject simple parent directory traversal", async () => {
|
||||
await expect(
|
||||
validatePathWithinRepo("../outside/secret.txt", repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
});
|
||||
|
||||
it("should reject deeply nested parent directory traversal", async () => {
|
||||
await expect(
|
||||
validatePathWithinRepo("../../../etc/passwd", repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
});
|
||||
|
||||
it("should reject traversal hidden within path", async () => {
|
||||
await expect(
|
||||
validatePathWithinRepo("src/../../outside/secret.txt", repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
});
|
||||
|
||||
it("should reject traversal at the end of path", async () => {
|
||||
await expect(
|
||||
validatePathWithinRepo("src/../..", repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
});
|
||||
|
||||
it("should reject absolute paths outside the repo root", async () => {
|
||||
await expect(
|
||||
validatePathWithinRepo("/etc/passwd", repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
});
|
||||
|
||||
it("should reject absolute paths to sibling directories", async () => {
|
||||
await expect(
|
||||
validatePathWithinRepo(resolve(outsideDir, "secret.txt"), repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
});
|
||||
});
|
||||
|
||||
describe("symlink attacks", () => {
|
||||
it("should reject symlinks pointing outside the repo", async () => {
|
||||
// Create a symlink inside the repo that points to a file outside
|
||||
const symlinkPath = resolve(repoRoot, "evil-link");
|
||||
await symlink(resolve(outsideDir, "secret.txt"), symlinkPath);
|
||||
|
||||
try {
|
||||
// The symlink path looks like it's inside the repo, but points outside
|
||||
await expect(
|
||||
validatePathWithinRepo("evil-link", repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
} finally {
|
||||
await rm(symlinkPath, { force: true });
|
||||
}
|
||||
});
|
||||
|
||||
it("should reject symlinks to parent directories", async () => {
|
||||
// Create a symlink to the parent directory
|
||||
const symlinkPath = resolve(repoRoot, "parent-link");
|
||||
await symlink(testDir, symlinkPath);
|
||||
|
||||
try {
|
||||
await expect(
|
||||
validatePathWithinRepo("parent-link/outside/secret.txt", repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
} finally {
|
||||
await rm(symlinkPath, { force: true });
|
||||
}
|
||||
});
|
||||
|
||||
it("should accept symlinks that resolve within the repo", async () => {
|
||||
// Create a symlink inside the repo that points to another file inside
|
||||
const symlinkPath = resolve(repoRoot, "good-link");
|
||||
await symlink(resolve(repoRoot, "file.txt"), symlinkPath);
|
||||
|
||||
try {
|
||||
const result = await validatePathWithinRepo("good-link", repoRoot);
|
||||
// Should resolve to the actual file location
|
||||
expect(result).toBe(resolve(realRepoRoot, "file.txt"));
|
||||
} finally {
|
||||
await rm(symlinkPath, { force: true });
|
||||
}
|
||||
});
|
||||
|
||||
it("should reject directory symlinks that escape the repo", async () => {
|
||||
// Create a symlink to outside directory
|
||||
const symlinkPath = resolve(repoRoot, "escape-dir");
|
||||
await symlink(outsideDir, symlinkPath);
|
||||
|
||||
try {
|
||||
await expect(
|
||||
validatePathWithinRepo("escape-dir/secret.txt", repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
} finally {
|
||||
await rm(symlinkPath, { force: true });
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
describe("edge cases", () => {
|
||||
it("should handle empty path (current directory)", async () => {
|
||||
const result = await validatePathWithinRepo("", repoRoot);
|
||||
expect(result).toBe(realRepoRoot);
|
||||
});
|
||||
|
||||
it("should handle paths with multiple consecutive slashes", async () => {
|
||||
const result = await validatePathWithinRepo("src//main.js", repoRoot);
|
||||
expect(result).toBe(resolve(realRepoRoot, "src/main.js"));
|
||||
});
|
||||
|
||||
it("should handle paths with trailing slashes", async () => {
|
||||
const result = await validatePathWithinRepo("src/", repoRoot);
|
||||
expect(result).toBe(resolve(realRepoRoot, "src"));
|
||||
});
|
||||
|
||||
it("should reject prefix attack (repo root as prefix but not parent)", async () => {
|
||||
// Create a sibling directory with repo name as prefix
|
||||
const evilDir = repoRoot + "-evil";
|
||||
await mkdir(evilDir, { recursive: true });
|
||||
await writeFile(resolve(evilDir, "file.txt"), "evil");
|
||||
|
||||
try {
|
||||
await expect(
|
||||
validatePathWithinRepo(resolve(evilDir, "file.txt"), repoRoot),
|
||||
).rejects.toThrow(/resolves outside the repository root/);
|
||||
} finally {
|
||||
await rm(evilDir, { recursive: true, force: true });
|
||||
}
|
||||
});
|
||||
|
||||
it("should throw error for non-existent repo root", async () => {
|
||||
await expect(
|
||||
validatePathWithinRepo("file.txt", "/nonexistent/repo"),
|
||||
).rejects.toThrow(/does not exist/);
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -32,13 +32,11 @@ describe("prepareMcpConfig", () => {
|
||||
branchPrefix: "",
|
||||
useStickyComment: false,
|
||||
useCommitSigning: false,
|
||||
sshSigningKey: "",
|
||||
botId: String(CLAUDE_APP_BOT_ID),
|
||||
botName: CLAUDE_BOT_LOGIN,
|
||||
allowedBots: "",
|
||||
allowedNonWriteUsers: "",
|
||||
trackProgress: false,
|
||||
includeFixLinks: true,
|
||||
},
|
||||
};
|
||||
|
||||
|
||||
@@ -20,13 +20,11 @@ const defaultInputs = {
|
||||
branchPrefix: "claude/",
|
||||
useStickyComment: false,
|
||||
useCommitSigning: false,
|
||||
sshSigningKey: "",
|
||||
botId: String(CLAUDE_APP_BOT_ID),
|
||||
botName: CLAUDE_BOT_LOGIN,
|
||||
allowedBots: "",
|
||||
allowedNonWriteUsers: "",
|
||||
trackProgress: false,
|
||||
includeFixLinks: true,
|
||||
};
|
||||
|
||||
const defaultRepository = {
|
||||
|
||||
@@ -177,6 +177,7 @@ describe("Agent Mode", () => {
|
||||
claudeBranch: undefined,
|
||||
},
|
||||
mcpConfig: expect.any(String),
|
||||
promptContent: expect.any(String),
|
||||
});
|
||||
|
||||
// Clean up
|
||||
|
||||
@@ -20,13 +20,11 @@ describe("detectMode with enhanced routing", () => {
|
||||
branchPrefix: "claude/",
|
||||
useStickyComment: false,
|
||||
useCommitSigning: false,
|
||||
sshSigningKey: "",
|
||||
botId: "123456",
|
||||
botName: "claude-bot",
|
||||
allowedBots: "",
|
||||
allowedNonWriteUsers: "",
|
||||
trackProgress: false,
|
||||
includeFixLinks: true,
|
||||
},
|
||||
};
|
||||
|
||||
|
||||
@@ -35,44 +35,12 @@ describe("parseAllowedTools", () => {
|
||||
expect(parseAllowedTools("")).toEqual([]);
|
||||
});
|
||||
|
||||
test("handles --allowedTools followed by another --allowedTools flag", () => {
|
||||
test("handles duplicate --allowedTools flags", () => {
|
||||
const args = "--allowedTools --allowedTools mcp__github__*";
|
||||
// The second --allowedTools is consumed as a value of the first, then skipped.
|
||||
// This is an edge case with malformed input - returns empty.
|
||||
// Should not match the first one since the value is another flag
|
||||
expect(parseAllowedTools(args)).toEqual([]);
|
||||
});
|
||||
|
||||
test("parses multiple separate --allowed-tools flags", () => {
|
||||
const args =
|
||||
"--allowed-tools 'mcp__context7__*' --allowed-tools 'Read,Glob' --allowed-tools 'mcp__github_inline_comment__*'";
|
||||
expect(parseAllowedTools(args)).toEqual([
|
||||
"mcp__context7__*",
|
||||
"Read",
|
||||
"Glob",
|
||||
"mcp__github_inline_comment__*",
|
||||
]);
|
||||
});
|
||||
|
||||
test("parses multiple --allowed-tools flags on separate lines", () => {
|
||||
const args = `--model 'claude-haiku'
|
||||
--allowed-tools 'mcp__context7__*'
|
||||
--allowed-tools 'Read,Glob,Grep'
|
||||
--allowed-tools 'mcp__github_inline_comment__create_inline_comment'`;
|
||||
expect(parseAllowedTools(args)).toEqual([
|
||||
"mcp__context7__*",
|
||||
"Read",
|
||||
"Glob",
|
||||
"Grep",
|
||||
"mcp__github_inline_comment__create_inline_comment",
|
||||
]);
|
||||
});
|
||||
|
||||
test("deduplicates tools from multiple flags", () => {
|
||||
const args =
|
||||
"--allowed-tools 'Read,Glob' --allowed-tools 'Glob,Grep' --allowed-tools 'Read'";
|
||||
expect(parseAllowedTools(args)).toEqual(["Read", "Glob", "Grep"]);
|
||||
});
|
||||
|
||||
test("handles typo --alloedTools", () => {
|
||||
const args = "--alloedTools mcp__github__*";
|
||||
expect(parseAllowedTools(args)).toEqual([]);
|
||||
|
||||
@@ -68,13 +68,11 @@ describe("checkWritePermissions", () => {
|
||||
branchPrefix: "claude/",
|
||||
useStickyComment: false,
|
||||
useCommitSigning: false,
|
||||
sshSigningKey: "",
|
||||
botId: String(CLAUDE_APP_BOT_ID),
|
||||
botName: CLAUDE_BOT_LOGIN,
|
||||
allowedBots: "",
|
||||
allowedNonWriteUsers: "",
|
||||
trackProgress: false,
|
||||
includeFixLinks: true,
|
||||
},
|
||||
});
|
||||
|
||||
|
||||
@@ -87,7 +87,6 @@ describe("pull_request_target event support", () => {
|
||||
},
|
||||
comments: { nodes: [] },
|
||||
reviews: { nodes: [] },
|
||||
labels: { nodes: [] },
|
||||
},
|
||||
comments: [],
|
||||
changedFiles: [],
|
||||
|
||||
@@ -1,250 +0,0 @@
|
||||
#!/usr/bin/env bun
|
||||
|
||||
import {
|
||||
describe,
|
||||
test,
|
||||
expect,
|
||||
afterEach,
|
||||
beforeAll,
|
||||
afterAll,
|
||||
} from "bun:test";
|
||||
import { mkdir, writeFile, rm, readFile, stat } from "fs/promises";
|
||||
import { join } from "path";
|
||||
import { tmpdir } from "os";
|
||||
|
||||
describe("SSH Signing", () => {
|
||||
// Use a temp directory for tests
|
||||
const testTmpDir = join(tmpdir(), "claude-ssh-signing-test");
|
||||
const testSshDir = join(testTmpDir, ".ssh");
|
||||
const testKeyPath = join(testSshDir, "claude_signing_key");
|
||||
const testKey =
|
||||
"-----BEGIN OPENSSH PRIVATE KEY-----\ntest-key-content\n-----END OPENSSH PRIVATE KEY-----";
|
||||
|
||||
beforeAll(async () => {
|
||||
await mkdir(testTmpDir, { recursive: true });
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
await rm(testTmpDir, { recursive: true, force: true });
|
||||
});
|
||||
|
||||
afterEach(async () => {
|
||||
// Clean up test key if it exists
|
||||
try {
|
||||
await rm(testKeyPath, { force: true });
|
||||
} catch {
|
||||
// Ignore cleanup errors
|
||||
}
|
||||
});
|
||||
|
||||
describe("setupSshSigning file operations", () => {
|
||||
test("should write key file atomically with correct permissions", async () => {
|
||||
// Create the directory with secure permissions (same as setupSshSigning does)
|
||||
await mkdir(testSshDir, { recursive: true, mode: 0o700 });
|
||||
|
||||
// Write key atomically with proper permissions (same as setupSshSigning does)
|
||||
await writeFile(testKeyPath, testKey, { mode: 0o600 });
|
||||
|
||||
// Verify key was written
|
||||
const keyContent = await readFile(testKeyPath, "utf-8");
|
||||
expect(keyContent).toBe(testKey);
|
||||
|
||||
// Verify permissions (0o600 = 384 in decimal for permission bits only)
|
||||
const stats = await stat(testKeyPath);
|
||||
const permissions = stats.mode & 0o777; // Get only permission bits
|
||||
expect(permissions).toBe(0o600);
|
||||
});
|
||||
|
||||
test("should create .ssh directory with secure permissions", async () => {
|
||||
// Clean up first
|
||||
await rm(testSshDir, { recursive: true, force: true });
|
||||
|
||||
// Create directory with secure permissions (same as setupSshSigning does)
|
||||
await mkdir(testSshDir, { recursive: true, mode: 0o700 });
|
||||
|
||||
// Verify directory exists
|
||||
const dirStats = await stat(testSshDir);
|
||||
expect(dirStats.isDirectory()).toBe(true);
|
||||
|
||||
// Verify directory permissions
|
||||
const dirPermissions = dirStats.mode & 0o777;
|
||||
expect(dirPermissions).toBe(0o700);
|
||||
});
|
||||
});
|
||||
|
||||
describe("setupSshSigning validation", () => {
|
||||
test("should reject empty SSH key", () => {
|
||||
const emptyKey = "";
|
||||
expect(() => {
|
||||
if (!emptyKey.trim()) {
|
||||
throw new Error("SSH signing key cannot be empty");
|
||||
}
|
||||
}).toThrow("SSH signing key cannot be empty");
|
||||
});
|
||||
|
||||
test("should reject whitespace-only SSH key", () => {
|
||||
const whitespaceKey = " \n\t ";
|
||||
expect(() => {
|
||||
if (!whitespaceKey.trim()) {
|
||||
throw new Error("SSH signing key cannot be empty");
|
||||
}
|
||||
}).toThrow("SSH signing key cannot be empty");
|
||||
});
|
||||
|
||||
test("should reject invalid SSH key format", () => {
|
||||
const invalidKey = "not a valid key";
|
||||
expect(() => {
|
||||
if (
|
||||
!invalidKey.includes("BEGIN") ||
|
||||
!invalidKey.includes("PRIVATE KEY")
|
||||
) {
|
||||
throw new Error("Invalid SSH private key format");
|
||||
}
|
||||
}).toThrow("Invalid SSH private key format");
|
||||
});
|
||||
|
||||
test("should accept valid SSH key format", () => {
|
||||
const validKey =
|
||||
"-----BEGIN OPENSSH PRIVATE KEY-----\nkey-content\n-----END OPENSSH PRIVATE KEY-----";
|
||||
expect(() => {
|
||||
if (!validKey.trim()) {
|
||||
throw new Error("SSH signing key cannot be empty");
|
||||
}
|
||||
if (!validKey.includes("BEGIN") || !validKey.includes("PRIVATE KEY")) {
|
||||
throw new Error("Invalid SSH private key format");
|
||||
}
|
||||
}).not.toThrow();
|
||||
});
|
||||
});
|
||||
|
||||
describe("cleanupSshSigning file operations", () => {
|
||||
test("should remove the signing key file", async () => {
|
||||
// Create the key file first
|
||||
await mkdir(testSshDir, { recursive: true });
|
||||
await writeFile(testKeyPath, testKey, { mode: 0o600 });
|
||||
|
||||
// Verify it exists
|
||||
const existsBefore = await stat(testKeyPath)
|
||||
.then(() => true)
|
||||
.catch(() => false);
|
||||
expect(existsBefore).toBe(true);
|
||||
|
||||
// Clean up (same operation as cleanupSshSigning)
|
||||
await rm(testKeyPath, { force: true });
|
||||
|
||||
// Verify it's gone
|
||||
const existsAfter = await stat(testKeyPath)
|
||||
.then(() => true)
|
||||
.catch(() => false);
|
||||
expect(existsAfter).toBe(false);
|
||||
});
|
||||
|
||||
test("should not throw if key file does not exist", async () => {
|
||||
// Make sure file doesn't exist
|
||||
await rm(testKeyPath, { force: true });
|
||||
|
||||
// Should not throw (rm with force: true doesn't throw on missing files)
|
||||
await expect(rm(testKeyPath, { force: true })).resolves.toBeUndefined();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("SSH Signing Mode Detection", () => {
|
||||
test("sshSigningKey should take precedence over useCommitSigning", () => {
|
||||
// When both are set, SSH signing takes precedence
|
||||
const sshSigningKey = "test-key";
|
||||
const useCommitSigning = true;
|
||||
|
||||
const useSshSigning = !!sshSigningKey;
|
||||
const useApiCommitSigning = useCommitSigning && !useSshSigning;
|
||||
|
||||
expect(useSshSigning).toBe(true);
|
||||
expect(useApiCommitSigning).toBe(false);
|
||||
});
|
||||
|
||||
test("useCommitSigning should work when sshSigningKey is not set", () => {
|
||||
const sshSigningKey = "";
|
||||
const useCommitSigning = true;
|
||||
|
||||
const useSshSigning = !!sshSigningKey;
|
||||
const useApiCommitSigning = useCommitSigning && !useSshSigning;
|
||||
|
||||
expect(useSshSigning).toBe(false);
|
||||
expect(useApiCommitSigning).toBe(true);
|
||||
});
|
||||
|
||||
test("neither signing method when both are false/empty", () => {
|
||||
const sshSigningKey = "";
|
||||
const useCommitSigning = false;
|
||||
|
||||
const useSshSigning = !!sshSigningKey;
|
||||
const useApiCommitSigning = useCommitSigning && !useSshSigning;
|
||||
|
||||
expect(useSshSigning).toBe(false);
|
||||
expect(useApiCommitSigning).toBe(false);
|
||||
});
|
||||
|
||||
test("git CLI tools should be used when sshSigningKey is set", () => {
|
||||
// This tests the logic in tag mode for tool selection
|
||||
const sshSigningKey = "test-key";
|
||||
const useCommitSigning = true; // Even if this is true
|
||||
|
||||
const useSshSigning = !!sshSigningKey;
|
||||
const useApiCommitSigning = useCommitSigning && !useSshSigning;
|
||||
|
||||
// When SSH signing is used, we should use git CLI (not API)
|
||||
const shouldUseGitCli = !useApiCommitSigning;
|
||||
expect(shouldUseGitCli).toBe(true);
|
||||
});
|
||||
|
||||
test("MCP file ops should only be used with API commit signing", () => {
|
||||
// Case 1: API commit signing
|
||||
{
|
||||
const sshSigningKey = "";
|
||||
const useCommitSigning = true;
|
||||
|
||||
const useSshSigning = !!sshSigningKey;
|
||||
const useApiCommitSigning = useCommitSigning && !useSshSigning;
|
||||
|
||||
expect(useApiCommitSigning).toBe(true);
|
||||
}
|
||||
|
||||
// Case 2: SSH signing (should NOT use API)
|
||||
{
|
||||
const sshSigningKey = "test-key";
|
||||
const useCommitSigning = true;
|
||||
|
||||
const useSshSigning = !!sshSigningKey;
|
||||
const useApiCommitSigning = useCommitSigning && !useSshSigning;
|
||||
|
||||
expect(useApiCommitSigning).toBe(false);
|
||||
}
|
||||
|
||||
// Case 3: No signing (should NOT use API)
|
||||
{
|
||||
const sshSigningKey = "";
|
||||
const useCommitSigning = false;
|
||||
|
||||
const useSshSigning = !!sshSigningKey;
|
||||
const useApiCommitSigning = useCommitSigning && !useSshSigning;
|
||||
|
||||
expect(useApiCommitSigning).toBe(false);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
describe("Context parsing", () => {
|
||||
test("sshSigningKey should be parsed from environment", () => {
|
||||
// Test that context.ts parses SSH_SIGNING_KEY correctly
|
||||
const testCases = [
|
||||
{ env: "test-key", expected: "test-key" },
|
||||
{ env: "", expected: "" },
|
||||
{ env: undefined, expected: "" },
|
||||
];
|
||||
|
||||
for (const { env, expected } of testCases) {
|
||||
const result = env || "";
|
||||
expect(result).toBe(expected);
|
||||
}
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user