chore: comment out release-base-action job in release workflow (#833)

Temporarily disable the release-base-action job that syncs releases
to the claude-code-base-action repository. The job checkout step
and subsequent tag/release creation steps are now commented out.


Claude-Generated-By: Claude Code (cli/claude-opus-4-5=100%)
Claude-Steers: 2
Claude-Permission-Prompts: 2
Claude-Escapes: 0

Co-authored-by: Claude <noreply@anthropic.com>

.github/workflows/release.yml

@@ -109,49 +109,48 @@ jobs:
 
           echo "Updated $major_version tag to point to $next_version"
 
-  release-base-action:
-    needs: create-release
-    if: ${{ !inputs.dry_run }}
-    runs-on: ubuntu-latest
-    environment: production
-    steps:
-      - name: Checkout base-action repo
-        uses: actions/checkout@v5
-        with:
-          repository: anthropics/claude-code-base-action
-          token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
-          fetch-depth: 0
-
-      - name: Create and push tag
-        run: |
-          set -e  # Exit on any error
-          next_version="${{ needs.create-release.outputs.next_version }}"
-
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-
-          # Create the version tag
-          git tag -a "$next_version" -m "Release $next_version - synced from claude-code-action"
-          git push origin "$next_version"
-
-          # Update the v1 tag
-          git tag -fa v1 -m "Update v1 tag to ${next_version}"
-          git push origin v1 --force
-
-      # - name: Create GitHub release
-      #   env:
-      #     GH_TOKEN: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
-      #   run: |
-      #     next_version="${{ needs.create-release.outputs.next_version }}"
-
-      #     # Create the release
-      #     gh release create "$next_version" \
-      #       --repo anthropics/claude-code-base-action \
-      #       --title "$next_version" \
-      #       --notes "Release $next_version - synced from anthropics/claude-code-action" \
-      #       --latest=false
-
-      #     # Update beta release to be latest
-      #     gh release edit beta \
-      #       --repo anthropics/claude-code-base-action \
-      #       --latest
+  # release-base-action:
+  #   needs: create-release
+  #   if: ${{ !inputs.dry_run }}
+  #   runs-on: ubuntu-latest
+  #   environment: production
+  #   steps:
+  #     - name: Checkout base-action repo
+  #       uses: actions/checkout@v5
+  #       with:
+  #         repository: anthropics/claude-code-base-action
+  #         token: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
+  #         fetch-depth: 0
+  #
+  #     - name: Create and push tag
+  #       run: |
+  #         next_version="${{ needs.create-release.outputs.next_version }}"
+  #
+  #         git config user.name "github-actions[bot]"
+  #         git config user.email "github-actions[bot]@users.noreply.github.com"
+  #
+  #         # Create the version tag
+  #         git tag -a "$next_version" -m "Release $next_version - synced from claude-code-action"
+  #         git push origin "$next_version"
+  #
+  #         # Update the beta tag
+  #         git tag -fa beta -m "Update beta tag to ${next_version}"
+  #         git push origin beta --force
+  #
+  #     - name: Create GitHub release
+  #       env:
+  #         GH_TOKEN: ${{ secrets.CLAUDE_CODE_BASE_ACTION_PAT }}
+  #       run: |
+  #         next_version="${{ needs.create-release.outputs.next_version }}"
+  #
+  #         # Create the release
+  #         gh release create "$next_version" \
+  #           --repo anthropics/claude-code-base-action \
+  #           --title "$next_version" \
+  #           --notes "Release $next_version - synced from anthropics/claude-code-action" \
+  #           --latest=false
+  #
+  #         # Update beta release to be latest
+  #         gh release edit beta \
+  #           --repo anthropics/claude-code-base-action \
+  #           --latest

action.yml

@@ -213,7 +213,7 @@ runs:
 
         # Install Claude Code if no custom executable is provided
         if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
-          CLAUDE_CODE_VERSION="2.1.7"
+          CLAUDE_CODE_VERSION="2.1.9"
           echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
           for attempt in 1 2 3; do
             echo "Installation attempt $attempt..."

base-action/README.md

@@ -11,7 +11,7 @@ Add the following to your workflow file:
 ```yaml
 # Using a direct prompt
 - name: Run Claude Code with direct prompt
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
@@ -19,7 +19,7 @@ Add the following to your workflow file:
 
 # Or using a prompt from a file
 - name: Run Claude Code with prompt file
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt_file: "/path/to/prompt.txt"
     allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
@@ -27,7 +27,7 @@ Add the following to your workflow file:
 
 # Or limiting the conversation turns
 - name: Run Claude Code with limited turns
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
@@ -36,7 +36,7 @@ Add the following to your workflow file:
 
 # Using custom system prompts
 - name: Run Claude Code with custom system prompt
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Build a REST API"
     system_prompt: "You are a senior backend engineer. Focus on security, performance, and maintainability."
@@ -45,7 +45,7 @@ Add the following to your workflow file:
 
 # Or appending to the default system prompt
 - name: Run Claude Code with appended system prompt
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Create a database schema"
     append_system_prompt: "After writing code, be sure to code review yourself."
@@ -54,7 +54,7 @@ Add the following to your workflow file:
 
 # Using custom environment variables
 - name: Run Claude Code with custom environment variables
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Deploy to staging environment"
     claude_env: |
@@ -66,7 +66,7 @@ Add the following to your workflow file:
 
 # Using fallback model for handling API errors
 - name: Run Claude Code with fallback model
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Review and fix TypeScript errors"
     model: "claude-opus-4-1-20250805"
@@ -76,7 +76,7 @@ Add the following to your workflow file:
 
 # Using OAuth token instead of API key
 - name: Run Claude Code with OAuth token
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Update dependencies"
     allowed_tools: "Bash(git:*),View,GlobTool,GrepTool,BatchTool"
@@ -130,7 +130,7 @@ Example usage:
 
 ```yaml
 - name: Run Claude Code with Node.js 20
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   env:
     NODE_VERSION: "20.x"
   with:
@@ -146,7 +146,7 @@ The `claude_env` input accepts YAML multiline format with key-value pairs:
 
 ```yaml
 - name: Deploy with custom environment
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Deploy the application to the staging environment"
     claude_env: |
@@ -200,7 +200,7 @@ Provide a path to a JSON file containing Claude Code settings:
 
 ```yaml
 - name: Run Claude Code with settings file
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     settings: "path/to/settings.json"
@@ -214,7 +214,7 @@ Provide the settings configuration directly as a JSON string:
 
 ```yaml
 - name: Run Claude Code with inline settings
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     settings: |
@@ -263,7 +263,7 @@ Provide a path to a JSON file containing MCP configuration:
 
 ```yaml
 - name: Run Claude Code with MCP config file
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     mcp_config: "path/to/mcp-config.json"
@@ -277,7 +277,7 @@ Provide the MCP configuration directly as a JSON string:
 
 ```yaml
 - name: Run Claude Code with inline MCP config
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     mcp_config: |
@@ -317,7 +317,7 @@ You can combine MCP config with other inputs like allowed tools:
 ```yaml
 # Using multiple inputs together
 - name: Run Claude Code with MCP and custom tools
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Access the custom MCP server and use its tools"
     mcp_config: "mcp-config.json"
@@ -345,7 +345,7 @@ jobs:
 
       - name: Run Code Review with Claude
         id: code-review
-        uses: anthropics/claude-code-base-action@v1
+        uses: anthropics/claude-code-base-action@beta
         with:
           prompt: "Review the PR changes. Focus on code quality, potential bugs, and performance issues. Suggest improvements where appropriate. Write your review as markdown text."
           allowed_tools: "Bash(git diff --name-only HEAD~1),Bash(git diff HEAD~1),View,GlobTool,GrepTool,Write"
@@ -408,7 +408,7 @@ Use provider-specific model names based on your chosen provider:
 ```yaml
 # For direct Anthropic API (default)
 - name: Run Claude Code with Anthropic API
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     model: "claude-3-7-sonnet-20250219"
@@ -422,7 +422,7 @@ Use provider-specific model names based on your chosen provider:
     aws-region: us-west-2
 
 - name: Run Claude Code with Bedrock
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     model: "anthropic.claude-3-7-sonnet-20250219-v1:0"
@@ -436,7 +436,7 @@ Use provider-specific model names based on your chosen provider:
     service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
 
 - name: Run Claude Code with Vertex AI
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     model: "claude-3-7-sonnet@20250219"
@@ -455,7 +455,7 @@ This example shows how to use OIDC authentication with AWS Bedrock:
     aws-region: us-west-2
 
 - name: Run Claude Code with AWS OIDC
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     use_bedrock: "true"
@@ -475,7 +475,7 @@ This example shows how to use OIDC authentication with GCP Vertex AI:
     service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
 
 - name: Run Claude Code with GCP OIDC
-  uses: anthropics/claude-code-base-action@v1
+  uses: anthropics/claude-code-base-action@beta
   with:
     prompt: "Your prompt here"
     use_vertex: "true"

base-action/action.yml

@@ -124,7 +124,7 @@ runs:
         PATH_TO_CLAUDE_CODE_EXECUTABLE: ${{ inputs.path_to_claude_code_executable }}
       run: |
         if [ -z "$PATH_TO_CLAUDE_CODE_EXECUTABLE" ]; then
-          CLAUDE_CODE_VERSION="2.1.7"
+          CLAUDE_CODE_VERSION="2.1.9"
           echo "Installing Claude Code v${CLAUDE_CODE_VERSION}..."
           for attempt in 1 2 3; do
             echo "Installation attempt $attempt..."

base-action/bun.lock

@@ -6,7 +6,7 @@
       "name": "@anthropic-ai/claude-code-base-action",
       "dependencies": {
         "@actions/core": "^1.10.1",
-        "@anthropic-ai/claude-agent-sdk": "^0.2.7",
+        "@anthropic-ai/claude-agent-sdk": "^0.2.9",
         "shell-quote": "^1.8.3",
       },
       "devDependencies": {
@@ -27,7 +27,7 @@
 
     "@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
 
-    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.7", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-I1/zcnLah74kZeRkj/1QnDaC6ItJ2m/Bftlm25uoaRkZx7i7SkcpqM9jGE/r2A8PMxnw5WpabP60Xgj99CrTuw=="],
+    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.9", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-b4JD6ZKCZeVDqpWBnb+zJISWi3HzlweNlV7Oy/uo5G2XAfUV2M5AJ/tomKZCvZsvmr1fYbmmfyde3GL2h0pksA=="],
 
     "@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
 

base-action/package.json

@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@anthropic-ai/claude-agent-sdk": "^0.2.7",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.9",
     "shell-quote": "^1.8.3"
   },
   "devDependencies": {

bun.lock

@@ -7,7 +7,7 @@
       "dependencies": {
         "@actions/core": "^1.10.1",
         "@actions/github": "^6.0.1",
-        "@anthropic-ai/claude-agent-sdk": "^0.2.7",
+        "@anthropic-ai/claude-agent-sdk": "^0.2.9",
         "@modelcontextprotocol/sdk": "^1.11.0",
         "@octokit/graphql": "^8.2.2",
         "@octokit/rest": "^21.1.1",
@@ -37,7 +37,7 @@
 
     "@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
 
-    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.7", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-I1/zcnLah74kZeRkj/1QnDaC6ItJ2m/Bftlm25uoaRkZx7i7SkcpqM9jGE/r2A8PMxnw5WpabP60Xgj99CrTuw=="],
+    "@anthropic-ai/claude-agent-sdk": ["@anthropic-ai/claude-agent-sdk@0.2.9", "", { "optionalDependencies": { "@img/sharp-darwin-arm64": "^0.33.5", "@img/sharp-darwin-x64": "^0.33.5", "@img/sharp-linux-arm": "^0.33.5", "@img/sharp-linux-arm64": "^0.33.5", "@img/sharp-linux-x64": "^0.33.5", "@img/sharp-linuxmusl-arm64": "^0.33.5", "@img/sharp-linuxmusl-x64": "^0.33.5", "@img/sharp-win32-x64": "^0.33.5" }, "peerDependencies": { "zod": "^4.0.0" } }, "sha512-b4JD6ZKCZeVDqpWBnb+zJISWi3HzlweNlV7Oy/uo5G2XAfUV2M5AJ/tomKZCvZsvmr1fYbmmfyde3GL2h0pksA=="],
 
     "@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
 

docs/security.md

@@ -13,6 +13,16 @@
 - **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
 - **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions
 
+## Pull Request Creation
+
+In its default configuration, **Claude does not create pull requests automatically** when responding to `@claude` mentions. Instead:
+
+- Claude commits code changes to a new branch
+- Claude provides a **link to the GitHub PR creation page** in its response
+- **The user must click the link and create the PR themselves**, ensuring human oversight before any code is proposed for merging
+
+This design ensures that users retain full control over what pull requests are created and can review the changes before initiating the PR workflow.
+
 ## ⚠️ Prompt Injection Risks
 
 **Beware of potential hidden markdown when tagging Claude on untrusted content.** External contributors may include hidden instructions through HTML comments, invisible characters, hidden attributes, or other techniques. The action sanitizes content by stripping HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities, but new bypass techniques may emerge. We recommend reviewing the raw content of all input coming from external contributors before allowing Claude to process it.

package.json

@@ -12,7 +12,7 @@
   "dependencies": {
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.1",
-    "@anthropic-ai/claude-agent-sdk": "^0.2.7",
+    "@anthropic-ai/claude-agent-sdk": "^0.2.9",
     "@modelcontextprotocol/sdk": "^1.11.0",
     "@octokit/graphql": "^8.2.2",
     "@octokit/rest": "^21.1.1",

src/github/validation/actor.ts

@@ -6,11 +6,11 @@
  */
 
 import type { Octokit } from "@octokit/rest";
-import type { ParsedGitHubContext } from "../context";
+import type { GitHubContext } from "../context";
 
 export async function checkHumanActor(
   octokit: Octokit,
-  githubContext: ParsedGitHubContext,
+  githubContext: GitHubContext,
 ) {
   // Fetch user information from GitHub API
   const { data: userData } = await octokit.users.getByUsername({

src/modes/agent/index.ts

@@ -8,6 +8,7 @@ import {
   configureGitAuth,
   setupSshSigning,
 } from "../../github/operations/git-config";
+import { checkHumanActor } from "../../github/validation/actor";
 import type { GitHubContext } from "../../github/context";
 import { isEntityContext } from "../../github/context";
 
@@ -80,7 +81,14 @@ export const agentMode: Mode = {
     return false;
   },
 
-  async prepare({ context, githubToken }: ModeOptions): Promise<ModeResult> {
+  async prepare({
+    context,
+    octokit,
+    githubToken,
+  }: ModeOptions): Promise<ModeResult> {
+    // Check if actor is human (prevents bot-triggered loops)
+    await checkHumanActor(octokit.rest, context);
+
     // Configure git authentication for agent mode (same as tag mode)
     // SSH signing takes precedence if provided
     const useSshSigning = !!context.inputs.sshSigningKey;

test/modes/agent.test.ts

@@ -145,12 +145,12 @@ describe("Agent Mode", () => {
         users: {
           getAuthenticated: mock(() =>
             Promise.resolve({
-              data: { login: "test-user", id: 12345 },
+              data: { login: "test-user", id: 12345, type: "User" },
             }),
           ),
           getByUsername: mock(() =>
             Promise.resolve({
-              data: { login: "test-user", id: 12345 },
+              data: { login: "test-user", id: 12345, type: "User" },
             }),
           ),
         },
@@ -187,6 +187,65 @@ describe("Agent Mode", () => {
       process.env.GITHUB_REF_NAME = originalRefName;
   });
 
+  test("prepare method rejects bot actors without allowed_bots", async () => {
+    const contextWithPrompts = createMockAutomationContext({
+      eventName: "workflow_dispatch",
+    });
+    contextWithPrompts.actor = "claude[bot]";
+    contextWithPrompts.inputs.allowedBots = "";
+
+    const mockOctokit = {
+      rest: {
+        users: {
+          getByUsername: mock(() =>
+            Promise.resolve({
+              data: { login: "claude[bot]", id: 12345, type: "Bot" },
+            }),
+          ),
+        },
+      },
+    } as any;
+
+    await expect(
+      agentMode.prepare({
+        context: contextWithPrompts,
+        octokit: mockOctokit,
+        githubToken: "test-token",
+      }),
+    ).rejects.toThrow(
+      "Workflow initiated by non-human actor: claude (type: Bot)",
+    );
+  });
+
+  test("prepare method allows bot actors when in allowed_bots list", async () => {
+    const contextWithPrompts = createMockAutomationContext({
+      eventName: "workflow_dispatch",
+    });
+    contextWithPrompts.actor = "dependabot[bot]";
+    contextWithPrompts.inputs.allowedBots = "dependabot";
+
+    const mockOctokit = {
+      rest: {
+        users: {
+          getByUsername: mock(() =>
+            Promise.resolve({
+              data: { login: "dependabot[bot]", id: 12345, type: "Bot" },
+            }),
+          ),
+        },
+      },
+    } as any;
+
+    // Should not throw - bot is in allowed list
+    await expect(
+      agentMode.prepare({
+        context: contextWithPrompts,
+        octokit: mockOctokit,
+        githubToken: "test-token",
+      }),
+    ).resolves.toBeDefined();
+  });
+
   test("prepare method creates prompt file with correct content", async () => {
     const contextWithPrompts = createMockAutomationContext({
       eventName: "workflow_dispatch",
@@ -199,12 +258,12 @@ describe("Agent Mode", () => {
         users: {
           getAuthenticated: mock(() =>
             Promise.resolve({
-              data: { login: "test-user", id: 12345 },
+              data: { login: "test-user", id: 12345, type: "User" },
             }),
           ),
           getByUsername: mock(() =>
             Promise.resolve({
-              data: { login: "test-user", id: 12345 },
+              data: { login: "test-user", id: 12345, type: "User" },
             }),
           ),
         },