mirror of
https://github.com/anthropics/claude-code-action.git
synced 2026-01-23 06:54:13 +08:00
a328bf4b16
Remote agent mode now exclusively uses MCP tools for all commit operations, eliminating the security risks associated with direct git command execution. ## Key Changes ### Security Enhancements - **Removed git authentication setup**: No longer configures local git credentials - **Eliminated dangerous git tools**: Blocked `git commit`, `git add`, `git push`, `git config`, `git rm` - **Enforced API-based commits**: All commits go through GitHub API with proper authentication - **Maintained read-only git access**: Preserved safe tools like `git status`, `git diff`, `git log` ### Implementation Details - **New specialized function**: `buildRemoteAgentAllowedToolsString()` replaces general tool builder - **Simplified system prompts**: Removed conditional logic since MCP is always used - **Cleaner codebase**: Eliminated git configuration complexity for remote agents ### Tool Changes **Added (always present):** - `mcp__github_file_ops__commit_files` - Atomic multi-file commits via GitHub API - `mcp__github_file_ops__delete_files` - File deletion via GitHub API **Removed (security risks):** - `Bash(git commit:*)` - Direct git commits - `Bash(git add:*)` - Git staging - `Bash(git push:*)` - Direct git pushes - `Bash(git config:*)` - Git configuration - `Bash(git rm:*)` - Git file removal **Preserved (safe operations):** - `Bash(git status:*)` - Repository status - `Bash(git diff:*)` - Change inspection - `Bash(git log:*)` - History viewing ## Testing - Added comprehensive test suite for `buildRemoteAgentAllowedToolsString()` - Verified security boundaries prevent dangerous tool inclusion - Ensured custom tools and GitHub Actions integration still work - All existing functionality preserved through MCP layer ## Benefits - **Enhanced Security**: All commits are signed and authenticated via GitHub API - **Consistent Attribution**: Proper commit authorship through GitHub's systems - **Audit Trail**: Complete tracking of all repository modifications - **Reduced Attack Surface**: No local git configuration or direct repository access Remote agent mode is now significantly more secure while maintaining full functionality through the existing MCP infrastructure. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Claude Code Action
A general-purpose Claude Code action for GitHub PRs and issues that can answer questions and implement code changes. This action listens for a trigger phrase in comments and activates Claude act on the request. It supports multiple authentication methods including Anthropic direct API, Amazon Bedrock, and Google Vertex AI.
Features
- 🤖 Interactive Code Assistant: Claude can answer questions about code, architecture, and programming
- 🔍 Code Review: Analyzes PR changes and suggests improvements
- ✨ Code Implementation: Can implement simple fixes, refactoring, and even new features
- 💬 PR/Issue Integration: Works seamlessly with GitHub comments and PR reviews
- 🛠️ Flexible Tool Access: Access to GitHub APIs and file operations (additional tools can be enabled via configuration)
- 📋 Progress Tracking: Visual progress indicators with checkboxes that dynamically update as Claude completes tasks
- 🏃 Runs on Your Infrastructure: The action executes entirely on your own GitHub runner (Anthropic API calls go to your chosen provider)
Quickstart
The easiest way to set up this action is through Claude Code in the terminal. Just open claude and run /install-github-app.
This command will guide you through setting up the GitHub app and required secrets.
Note:
- You must be a repository admin to install the GitHub app and add secrets
- This quickstart method is only available for direct Anthropic API users. For AWS Bedrock or Google Vertex AI setup, see docs/cloud-providers.md.
Documentation
- Setup Guide - Manual setup, custom GitHub apps, and security best practices
- Usage Guide - Basic usage, workflow configuration, and input parameters
- Custom Automations - Examples of automated workflows and custom prompts
- Configuration - MCP servers, permissions, environment variables, and advanced settings
- Experimental Features - Execution modes and network restrictions
- Cloud Providers - AWS Bedrock and Google Vertex AI setup
- Capabilities & Limitations - What Claude can and cannot do
- Security - Access control, permissions, and commit signing
- FAQ - Common questions and troubleshooting
📚 FAQ
Having issues or questions? Check out our Frequently Asked Questions for solutions to common problems and detailed explanations of Claude's capabilities and limitations.
License
This project is licensed under the MIT License—see the LICENSE file for details.