anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-23 06:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a328bf4b16653541de30b07002f461fe622861cf
claude-code-action/test/create-prompt.test.ts
Chris Lloyd a328bf4b16 feat: enforce MCP-only commits in remote agent mode for enhanced security 
Remote agent mode now exclusively uses MCP tools for all commit operations,
eliminating the security risks associated with direct git command execution.

## Key Changes

### Security Enhancements
- **Removed git authentication setup**: No longer configures local git credentials
- **Eliminated dangerous git tools**: Blocked `git commit`, `git add`, `git push`, `git config`, `git rm`
- **Enforced API-based commits**: All commits go through GitHub API with proper authentication
- **Maintained read-only git access**: Preserved safe tools like `git status`, `git diff`, `git log`

### Implementation Details
- **New specialized function**: `buildRemoteAgentAllowedToolsString()` replaces general tool builder
- **Simplified system prompts**: Removed conditional logic since MCP is always used
- **Cleaner codebase**: Eliminated git configuration complexity for remote agents

### Tool Changes
**Added (always present):**
- `mcp__github_file_ops__commit_files` - Atomic multi-file commits via GitHub API
- `mcp__github_file_ops__delete_files` - File deletion via GitHub API

**Removed (security risks):**
- `Bash(git commit:*)` - Direct git commits
- `Bash(git add:*)` - Git staging
- `Bash(git push:*)` - Direct git pushes
- `Bash(git config:*)` - Git configuration
- `Bash(git rm:*)` - Git file removal

**Preserved (safe operations):**
- `Bash(git status:*)` - Repository status
- `Bash(git diff:*)` - Change inspection
- `Bash(git log:*)` - History viewing

## Testing
- Added comprehensive test suite for `buildRemoteAgentAllowedToolsString()`
- Verified security boundaries prevent dangerous tool inclusion
- Ensured custom tools and GitHub Actions integration still work
- All existing functionality preserved through MCP layer

## Benefits
- **Enhanced Security**: All commits are signed and authenticated via GitHub API
- **Consistent Attribution**: Proper commit authorship through GitHub's systems
- **Audit Trail**: Complete tracking of all repository modifications
- **Reduced Attack Surface**: No local git configuration or direct repository access

Remote agent mode is now significantly more secure while maintaining full
functionality through the existing MCP infrastructure.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-21 20:20:39 -07:00

42 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink