mirror of
https://github.com/anthropics/claude-code-action.git
synced 2026-01-23 23:14:13 +08:00
a1507aefdc
* Add GitHub token redaction to update_claude_comment tool - Add redactGitHubTokens() function to sanitizer.ts that detects and redacts all GitHub token formats (ghp_, gho_, ghs_, ghr_, github_pat_) - Update sanitizeContent() to include token redaction in the sanitization pipeline - Apply sanitization to comment body in github-comment-server.ts before updating comments - Add comprehensive tests covering all token formats, edge cases, and integration scenarios - Prevents accidental exposure of GitHub tokens in PR/issue comments while preserving existing functionality 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Add GitHub token redaction to inline comment server - Apply sanitizeContent() to comment body in github-inline-comment-server.ts before creating inline PR comments - Ensures consistency in token redaction across all comment creation tools - Prevents GitHub tokens from being exposed in inline PR review comments 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
102 lines
2.7 KiB
JavaScript
102 lines
2.7 KiB
JavaScript
#!/usr/bin/env node
|
|
// GitHub Comment MCP Server - Minimal server that only provides comment update functionality
|
|
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
|
|
import { z } from "zod";
|
|
import { GITHUB_API_URL } from "../github/api/config";
|
|
import { Octokit } from "@octokit/rest";
|
|
import { updateClaudeComment } from "../github/operations/comments/update-claude-comment";
|
|
import { sanitizeContent } from "../github/utils/sanitizer";
|
|
|
|
// Get repository information from environment variables
|
|
const REPO_OWNER = process.env.REPO_OWNER;
|
|
const REPO_NAME = process.env.REPO_NAME;
|
|
|
|
if (!REPO_OWNER || !REPO_NAME) {
|
|
console.error(
|
|
"Error: REPO_OWNER and REPO_NAME environment variables are required",
|
|
);
|
|
process.exit(1);
|
|
}
|
|
|
|
const server = new McpServer({
|
|
name: "GitHub Comment Server",
|
|
version: "0.0.1",
|
|
});
|
|
|
|
server.tool(
|
|
"update_claude_comment",
|
|
"Update the Claude comment with progress and results (automatically handles both issue and PR comments)",
|
|
{
|
|
body: z.string().describe("The updated comment content"),
|
|
},
|
|
async ({ body }) => {
|
|
try {
|
|
const githubToken = process.env.GITHUB_TOKEN;
|
|
const claudeCommentId = process.env.CLAUDE_COMMENT_ID;
|
|
const eventName = process.env.GITHUB_EVENT_NAME;
|
|
|
|
if (!githubToken) {
|
|
throw new Error("GITHUB_TOKEN environment variable is required");
|
|
}
|
|
if (!claudeCommentId) {
|
|
throw new Error("CLAUDE_COMMENT_ID environment variable is required");
|
|
}
|
|
|
|
const owner = REPO_OWNER;
|
|
const repo = REPO_NAME;
|
|
const commentId = parseInt(claudeCommentId, 10);
|
|
|
|
const octokit = new Octokit({
|
|
auth: githubToken,
|
|
baseUrl: GITHUB_API_URL,
|
|
});
|
|
|
|
const isPullRequestReviewComment =
|
|
eventName === "pull_request_review_comment";
|
|
|
|
const sanitizedBody = sanitizeContent(body);
|
|
|
|
const result = await updateClaudeComment(octokit, {
|
|
owner,
|
|
repo,
|
|
commentId,
|
|
body: sanitizedBody,
|
|
isPullRequestReviewComment,
|
|
});
|
|
|
|
return {
|
|
content: [
|
|
{
|
|
type: "text",
|
|
text: JSON.stringify(result, null, 2),
|
|
},
|
|
],
|
|
};
|
|
} catch (error) {
|
|
const errorMessage =
|
|
error instanceof Error ? error.message : String(error);
|
|
return {
|
|
content: [
|
|
{
|
|
type: "text",
|
|
text: `Error: ${errorMessage}`,
|
|
},
|
|
],
|
|
error: errorMessage,
|
|
isError: true,
|
|
};
|
|
}
|
|
},
|
|
);
|
|
|
|
async function runServer() {
|
|
const transport = new StdioServerTransport();
|
|
await server.connect(transport);
|
|
process.on("exit", () => {
|
|
server.close();
|
|
});
|
|
}
|
|
|
|
runServer().catch(console.error);
|