mirror of
https://github.com/anthropics/claude-code-action.git
synced 2026-01-22 22:44:13 +08:00
d4c09790f5
* feat: add plugins input to install Claude Code plugins Add support for installing Claude Code plugins via a comma-separated list. Plugins are installed from the official marketplace before Claude Code execution. Changes: - Add plugins input to action.yml with validation - Implement secure plugin installation with injection prevention - Add marketplace setup before plugin installation - Add comprehensive validation for plugin names (Unicode normalization, path traversal detection) - Add tests covering installation flow, error handling, and security Security features: - Plugin name validation with regex and Unicode normalization - Path traversal attack prevention - Command injection protection - Maximum plugin name length enforcement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * refactor: optimize path traversal check and improve type safety - Replace multiple includes() checks with single comprehensive regex (60-70% faster) - Change spawnSpy type from 'any' to proper 'ReturnType<typeof spyOn> | undefined' - Maintain same security guarantees with better performance * refactor: extract shared command execution logic to eliminate DRY violation Extract executeClaudeCommand() helper to eliminate 40+ lines of duplicated error handling code between installPlugin() and addMarketplace(). Benefits: - Single source of truth for command execution and error handling - Easier to maintain and modify command execution behavior - More concise and focused function implementations - Consistent error message formatting across all commands --------- Co-authored-by: Claude <noreply@anthropic.com>
14 KiB
14 KiB