mirror of
https://github.com/anthropics/claude-code-action.git
synced 2026-01-23 23:14:13 +08:00
a328bf4b16
Remote agent mode now exclusively uses MCP tools for all commit operations, eliminating the security risks associated with direct git command execution. ## Key Changes ### Security Enhancements - **Removed git authentication setup**: No longer configures local git credentials - **Eliminated dangerous git tools**: Blocked `git commit`, `git add`, `git push`, `git config`, `git rm` - **Enforced API-based commits**: All commits go through GitHub API with proper authentication - **Maintained read-only git access**: Preserved safe tools like `git status`, `git diff`, `git log` ### Implementation Details - **New specialized function**: `buildRemoteAgentAllowedToolsString()` replaces general tool builder - **Simplified system prompts**: Removed conditional logic since MCP is always used - **Cleaner codebase**: Eliminated git configuration complexity for remote agents ### Tool Changes **Added (always present):** - `mcp__github_file_ops__commit_files` - Atomic multi-file commits via GitHub API - `mcp__github_file_ops__delete_files` - File deletion via GitHub API **Removed (security risks):** - `Bash(git commit:*)` - Direct git commits - `Bash(git add:*)` - Git staging - `Bash(git push:*)` - Direct git pushes - `Bash(git config:*)` - Git configuration - `Bash(git rm:*)` - Git file removal **Preserved (safe operations):** - `Bash(git status:*)` - Repository status - `Bash(git diff:*)` - Change inspection - `Bash(git log:*)` - History viewing ## Testing - Added comprehensive test suite for `buildRemoteAgentAllowedToolsString()` - Verified security boundaries prevent dangerous tool inclusion - Ensured custom tools and GitHub Actions integration still work - All existing functionality preserved through MCP layer ## Benefits - **Enhanced Security**: All commits are signed and authenticated via GitHub API - **Consistent Attribution**: Proper commit authorship through GitHub's systems - **Audit Trail**: Complete tracking of all repository modifications - **Reduced Attack Surface**: No local git configuration or direct repository access Remote agent mode is now significantly more secure while maintaining full functionality through the existing MCP infrastructure. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>