fix: use GITHUB_SERVER_URL to determine email domain for GitHub Enterprise (#290)

* fix: use GITHUB_SERVER_URL to determine email domain for GitHub Enterprise

- Extract hostname from GITHUB_SERVER_URL environment variable
- Use users.noreply.github.com for GitHub.com
- Use users.noreply.{hostname} for GitHub Enterprise instances

Fixes #288

Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>

* lint

---------

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Ashwin Bhat <ashwin-ant@users.noreply.github.com>

.github/workflows/claude-review.yml

@@ -26,6 +26,7 @@ jobs:
             - Potential bugs or issues
             - Suggestions for improvements
             - Overall architecture and design decisions
+            - Documentation consistency: Verify that README.md and other documentation files are updated to reflect any code changes (especially new inputs, features, or configuration options)
 
             Be constructive and specific in your feedback. Give inline comments where applicable.
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

README.md

@@ -165,32 +165,34 @@ jobs:
 
 ## Inputs
 
-| Input                     | Description                                                                                                          | Required | Default   |
+| Input                          | Description                                                                                                          | Required | Default   |
-| ------------------------- | -------------------------------------------------------------------------------------------------------------------- | -------- | --------- |
+| ------------------------------ | -------------------------------------------------------------------------------------------------------------------- | -------- | --------- |
-| `anthropic_api_key`       | Anthropic API key (required for direct API, not needed for Bedrock/Vertex)                                           | No\*     | -         |
+| `anthropic_api_key`            | Anthropic API key (required for direct API, not needed for Bedrock/Vertex)                                           | No\*     | -         |
-| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key)                                                           | No\*     | -         |
+| `claude_code_oauth_token`      | Claude Code OAuth token (alternative to anthropic_api_key)                                                           | No\*     | -         |
-| `direct_prompt`           | Direct prompt for Claude to execute automatically without needing a trigger (for automated workflows)                | No       | -         |
+| `direct_prompt`                | Direct prompt for Claude to execute automatically without needing a trigger (for automated workflows)                | No       | -         |
-| `base_branch`             | The base branch to use for creating new branches (e.g., 'main', 'develop')                                           | No       | -         |
+| `base_branch`                  | The base branch to use for creating new branches (e.g., 'main', 'develop')                                           | No       | -         |
-| `max_turns`               | Maximum number of conversation turns Claude can take (limits back-and-forth exchanges)                               | No       | -         |
+| `max_turns`                    | Maximum number of conversation turns Claude can take (limits back-and-forth exchanges)                               | No       | -         |
-| `timeout_minutes`         | Timeout in minutes for execution                                                                                     | No       | `30`      |
+| `timeout_minutes`              | Timeout in minutes for execution                                                                                     | No       | `30`      |
-| `use_sticky_comment`      | Use just one comment to deliver PR comments (only applies for pull_request event workflows)                          | No       | `false`   |
+| `use_sticky_comment`           | Use just one comment to deliver PR comments (only applies for pull_request event workflows)                          | No       | `false`   |
-| `github_token`            | GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!** | No       | -         |
+| `github_token`                 | GitHub token for Claude to operate with. **Only include this if you're connecting a custom GitHub app of your own!** | No       | -         |
-| `model`                   | Model to use (provider-specific format required for Bedrock/Vertex)                                                  | No       | -         |
+| `model`                        | Model to use (provider-specific format required for Bedrock/Vertex)                                                  | No       | -         |
-| `fallback_model`          | Enable automatic fallback to specified model when primary model is unavailable                                       | No       | -         |
+| `fallback_model`               | Enable automatic fallback to specified model when primary model is unavailable                                       | No       | -         |
-| `anthropic_model`         | **DEPRECATED**: Use `model` instead. Kept for backward compatibility.                                                | No       | -         |
+| `anthropic_model`              | **DEPRECATED**: Use `model` instead. Kept for backward compatibility.                                                | No       | -         |
-| `use_bedrock`             | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API                                          | No       | `false`   |
+| `use_bedrock`                  | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API                                          | No       | `false`   |
-| `use_vertex`              | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API                                        | No       | `false`   |
+| `use_vertex`                   | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API                                        | No       | `false`   |
-| `allowed_tools`           | Additional tools for Claude to use (the base GitHub tools will always be included)                                   | No       | ""        |
+| `allowed_tools`                | Additional tools for Claude to use (the base GitHub tools will always be included)                                   | No       | ""        |
-| `disallowed_tools`        | Tools that Claude should never use                                                                                   | No       | ""        |
+| `disallowed_tools`             | Tools that Claude should never use                                                                                   | No       | ""        |
-| `custom_instructions`     | Additional custom instructions to include in the prompt for Claude                                                   | No       | ""        |
+| `custom_instructions`          | Additional custom instructions to include in the prompt for Claude                                                   | No       | ""        |
-| `mcp_config`              | Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers                          | No       | ""        |
+| `mcp_config`                   | Additional MCP configuration (JSON string) that merges with the built-in GitHub MCP servers                          | No       | ""        |
-| `assignee_trigger`        | The assignee username that triggers the action (e.g. @claude). Only used for issue assignment                        | No       | -         |
+| `assignee_trigger`             | The assignee username that triggers the action (e.g. @claude). Only used for issue assignment                        | No       | -         |
-| `label_trigger`           | The label name that triggers the action when applied to an issue (e.g. "claude")                                     | No       | -         |
+| `label_trigger`                | The label name that triggers the action when applied to an issue (e.g. "claude")                                     | No       | -         |
-| `trigger_phrase`          | The trigger phrase to look for in comments, issue/PR bodies, and issue titles                                        | No       | `@claude` |
+| `trigger_phrase`               | The trigger phrase to look for in comments, issue/PR bodies, and issue titles                                        | No       | `@claude` |
-| `branch_prefix`           | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)                         | No       | `claude/` |
+| `branch_prefix`                | The prefix to use for Claude branches (defaults to 'claude/', use 'claude-' for dash format)                         | No       | `claude/` |
-| `claude_env`              | Custom environment variables to pass to Claude Code execution (YAML format)                                          | No       | ""        |
+| `claude_env`                   | Custom environment variables to pass to Claude Code execution (YAML format)                                          | No       | ""        |
-| `settings`                | Claude Code settings as JSON string or path to settings JSON file                                                    | No       | ""        |
+| `settings`                     | Claude Code settings as JSON string or path to settings JSON file                                                    | No       | ""        |
-| `additional_permissions`  | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results                    | No       | ""        |
+| `additional_permissions`       | Additional permissions to enable. Currently supports 'actions: read' for viewing workflow results                    | No       | ""        |
+| `experimental_allowed_domains` | Restrict network access to these domains only (newline-separated).                                                   | No       | ""        |
+| `use_commit_signing`           | Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands    | No       | `false`   |
 
 \*Required when using direct Anthropic API (default and when not using Bedrock or Vertex)
 
@@ -572,6 +574,71 @@ Use a specific Claude model:
     # ... other inputs
 ```
 
+### Network Restrictions
+
+For enhanced security, you can restrict Claude's network access to specific domains only. This feature is particularly useful for:
+
+- Enterprise environments with strict security policies
+- Preventing access to external services
+- Limiting Claude to only your internal APIs and services
+
+When `experimental_allowed_domains` is set, Claude can only access the domains you explicitly list. You'll need to include the appropriate provider domains based on your authentication method.
+
+#### Provider-Specific Examples
+
+##### If using Anthropic API or subscription
+
+```yaml
+- uses: anthropics/claude-code-action@beta
+  with:
+    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+    # Or: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+    experimental_allowed_domains: |
+      .anthropic.com
+```
+
+##### If using AWS Bedrock
+
+```yaml
+- uses: anthropics/claude-code-action@beta
+  with:
+    use_bedrock: "true"
+    experimental_allowed_domains: |
+      bedrock.*.amazonaws.com
+      bedrock-runtime.*.amazonaws.com
+```
+
+##### If using Google Vertex AI
+
+```yaml
+- uses: anthropics/claude-code-action@beta
+  with:
+    use_vertex: "true"
+    experimental_allowed_domains: |
+      *.googleapis.com
+      vertexai.googleapis.com
+```
+
+#### Common GitHub Domains
+
+In addition to your provider domains, you may need to include GitHub-related domains. For GitHub.com users, common domains include:
+
+```yaml
+- uses: anthropics/claude-code-action@beta
+  with:
+    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+    experimental_allowed_domains: |
+      .anthropic.com  # For Anthropic API
+      .github.com
+      .githubusercontent.com
+      ghcr.io
+      .blob.core.windows.net
+```
+
+For GitHub Enterprise users, replace the GitHub.com domains above with your enterprise domains (e.g., `.github.company.com`, `packages.company.com`, etc.).
+
+To determine which domains your workflow needs, you can temporarily run without restrictions and monitor the network requests, or check your GitHub Enterprise configuration for the specific services you use.
+
 ### Claude Code Settings
 
 You can provide Claude Code settings to customize behavior such as model selection, environment variables, permissions, and hooks. Settings can be provided either as a JSON string or a path to a settings file.

action.yml

@@ -100,6 +100,10 @@ inputs:
     description: "Enable commit signing using GitHub's commit signature verification. When false, Claude uses standard git commands"
     required: false
     default: "false"
+  experimental_allowed_domains:
+    description: "Restrict network access to these domains only (newline-separated). If not set, no restrictions are applied. Provider domains are auto-detected."
+    required: false
+    default: ""
 
 outputs:
   execution_file:
@@ -146,10 +150,42 @@ runs:
         ADDITIONAL_PERMISSIONS: ${{ inputs.additional_permissions }}
         USE_COMMIT_SIGNING: ${{ inputs.use_commit_signing }}
 
+    - name: Setup Network Restrictions
+      if: steps.prepare.outputs.contains_trigger == 'true' && inputs.experimental_allowed_domains != ''
+      shell: bash
+      run: |
+        # Install and configure Squid proxy
+        sudo apt-get update && sudo apt-get install -y squid
+
+        echo "${{ inputs.experimental_allowed_domains }}" > $RUNNER_TEMP/whitelist.txt
+
+        # Configure Squid
+        sudo tee /etc/squid/squid.conf << EOF
+        http_port 127.0.0.1:3128
+        acl whitelist dstdomain "$RUNNER_TEMP/whitelist.txt"
+        acl localhost src 127.0.0.1/32
+        http_access allow localhost whitelist
+        http_access deny all
+        cache deny all
+        EOF
+
+        # Stop any existing squid instance and start with our config
+        sudo squid -k shutdown || true
+        sleep 2
+        sudo rm -f /run/squid.pid
+        sudo squid -N -d 1 &
+        sleep 5
+
+        # Set proxy environment variables
+        echo "http_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV
+        echo "https_proxy=http://127.0.0.1:3128" >> $GITHUB_ENV
+        echo "HTTP_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV
+        echo "HTTPS_PROXY=http://127.0.0.1:3128" >> $GITHUB_ENV
+
     - name: Run Claude Code
       id: claude-code
       if: steps.prepare.outputs.contains_trigger == 'true'
-      uses: anthropics/claude-code-base-action@503cc7080e62d63d2cc1d80035ed04617d5efb47 # v0.0.35
+      uses: anthropics/claude-code-base-action@03e2a2d6923a9187c8e93b04ef2f8dae3219d0b1 # v0.0.36
       with:
         prompt_file: ${{ runner.temp }}/claude-prompts/claude-prompt.txt
         allowed_tools: ${{ env.ALLOWED_TOOLS }}

examples/claude.yml

@@ -36,3 +36,12 @@ jobs:
           # Or use OAuth token instead:
           # claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           timeout_minutes: "60"
+          # Optional: Restrict network access to specific domains only
+          # experimental_allowed_domains: |
+          #   .anthropic.com
+          #   .github.com
+          #   api.github.com
+          #   .githubusercontent.com
+          #   bun.sh
+          #   registry.npmjs.org
+          #   .blob.core.windows.net

src/entrypoints/prepare.ts

@@ -91,7 +91,8 @@ async function run() {
       githubToken,
       owner: context.repository.owner,
       repo: context.repository.repo,
-      branch: branchInfo.currentBranch,
+      branch: branchInfo.claudeBranch || branchInfo.currentBranch,
+      baseBranch: branchInfo.baseBranch,
       additionalMcpConfig,
       claudeCommentId: commentId.toString(),
       allowedTools: context.inputs.allowedTools,

src/github/operations/git-config.ts

@@ -21,6 +21,13 @@ export async function configureGitAuth(
 ) {
   console.log("Configuring git authentication for non-signing mode");
 
+  // Determine the noreply email domain based on GITHUB_SERVER_URL
+  const serverUrl = new URL(GITHUB_SERVER_URL);
+  const noreplyDomain =
+    serverUrl.hostname === "github.com"
+      ? "users.noreply.github.com"
+      : `users.noreply.${serverUrl.hostname}`;
+
   // Configure git user based on the comment creator
   console.log("Configuring git user...");
   if (user) {
@@ -28,12 +35,12 @@ export async function configureGitAuth(
     const botId = user.id;
     console.log(`Setting git user as ${botName}...`);
     await $`git config user.name "${botName}"`;
-    await $`git config user.email "${botId}+${botName}@users.noreply.github.com"`;
+    await $`git config user.email "${botId}+${botName}@${noreplyDomain}"`;
     console.log(`✓ Set git user as ${botName}`);
   } else {
     console.log("No user data in comment, using default bot user");
     await $`git config user.name "github-actions[bot]"`;
-    await $`git config user.email "41898282+github-actions[bot]@users.noreply.github.com"`;
+    await $`git config user.email "41898282+github-actions[bot]@${noreplyDomain}"`;
   }
 
   // Remove the authorization header that actions/checkout sets
@@ -47,7 +54,6 @@ export async function configureGitAuth(
 
   // Update the remote URL to include the token for authentication
   console.log("Updating remote URL with authentication...");
-  const serverUrl = new URL(GITHUB_SERVER_URL);
   const remoteUrl = `https://x-access-token:${githubToken}@${serverUrl.host}/${context.repository.owner}/${context.repository.repo}.git`;
   await $`git remote set-url origin ${remoteUrl}`;
   console.log("✓ Updated remote URL with authentication token");

src/mcp/github-file-ops-server.ts

@@ -78,11 +78,7 @@ async function getOrCreateBranchRef(
     throw new Error(`Failed to get branch reference: ${refResponse.status}`);
   }
 
-  // Branch doesn't exist, need to create it
+  const baseBranch = process.env.BASE_BRANCH!;
-  console.log(`Branch ${branch} does not exist, creating it...`);
-
-  // Get base branch from environment or determine it
-  const baseBranch = process.env.BASE_BRANCH || "main";
 
   // Get the SHA of the base branch
   const baseRefUrl = `${GITHUB_API_URL}/repos/${owner}/${repo}/git/refs/heads/${baseBranch}`;
@@ -139,7 +135,7 @@ async function getOrCreateBranchRef(
     baseSha = baseRefData.object.sha;
   }
 
-  // Create the new branch
+  // Create the new branch using the same pattern as octokit
   const createRefUrl = `${GITHUB_API_URL}/repos/${owner}/${repo}/git/refs`;
   const createRefResponse = await fetch(createRefUrl, {
     method: "POST",

src/mcp/install-mcp-server.ts

@@ -8,6 +8,7 @@ type PrepareConfigParams = {
   owner: string;
   repo: string;
   branch: string;
+  baseBranch: string;
   additionalMcpConfig?: string;
   claudeCommentId?: string;
   allowedTools: string[];
@@ -54,6 +55,7 @@ export async function prepareMcpConfig(
     owner,
     repo,
     branch,
+    baseBranch,
     additionalMcpConfig,
     claudeCommentId,
     allowedTools,
@@ -100,7 +102,7 @@ export async function prepareMcpConfig(
           REPO_OWNER: owner,
           REPO_NAME: repo,
           BRANCH_NAME: branch,
-          BASE_BRANCH: process.env.BASE_BRANCH || "",
+          BASE_BRANCH: baseBranch,
           REPO_DIR: process.env.GITHUB_WORKSPACE || process.cwd(),
           GITHUB_EVENT_NAME: process.env.GITHUB_EVENT_NAME || "",
           IS_PR: process.env.IS_PR || "false",

test/install-mcp-server.test.ts

@@ -88,6 +88,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: mockContext,
     });
@@ -118,6 +119,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: contextWithSigning,
     });
@@ -143,6 +145,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [
         "mcp__github__create_issue",
         "mcp__github_file_ops__commit_files",
@@ -174,6 +177,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [
         "mcp__github_file_ops__commit_files",
         "mcp__github_file_ops__update_claude_comment",
@@ -193,6 +197,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: ["Edit", "Read", "Write"],
       context: mockContext,
     });
@@ -210,6 +215,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: "",
       allowedTools: [],
       context: mockContext,
@@ -228,6 +234,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: "   \n\t  ",
       allowedTools: [],
       context: mockContext,
@@ -258,6 +265,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: additionalConfig,
       allowedTools: [
         "mcp__github__create_issue",
@@ -296,6 +304,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: additionalConfig,
       allowedTools: [
         "mcp__github__create_issue",
@@ -337,6 +346,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: additionalConfig,
       allowedTools: [],
       context: mockContextWithSigning,
@@ -357,6 +367,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: invalidJson,
       allowedTools: [],
       context: mockContextWithSigning,
@@ -378,6 +389,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: nonObjectJson,
       allowedTools: [],
       context: mockContextWithSigning,
@@ -402,6 +414,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: nullJson,
       allowedTools: [],
       context: mockContextWithSigning,
@@ -426,6 +439,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: arrayJson,
       allowedTools: [],
       context: mockContextWithSigning,
@@ -473,6 +487,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       additionalMcpConfig: additionalConfig,
       allowedTools: [],
       context: mockContextWithSigning,
@@ -496,6 +511,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: mockContextWithSigning,
     });
@@ -517,6 +533,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: mockContextWithSigning,
     });
@@ -545,6 +562,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: contextWithPermissions,
     });
@@ -564,6 +582,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: mockContextWithSigning,
     });
@@ -582,6 +601,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: mockPRContextWithSigning,
     });
@@ -613,6 +633,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: contextWithPermissions,
     });
@@ -641,6 +662,7 @@ describe("prepareMcpConfig", () => {
       owner: "test-owner",
       repo: "test-repo",
       branch: "test-branch",
+      baseBranch: "main",
       allowedTools: [],
       context: contextWithPermissions,
     });