🔧 chore: grant write permissions to Claude Code Action workflow#13173
Conversation
Allow Claude Code to push branches and create PRs by upgrading contents/pull-requests/issues permissions from read to write, and adding git/gh to allowed tools. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
@nekomeowww - This is a workflow/DevOps change (GitHub Actions permissions). Please take a look. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## canary #13173 +/- ##
=======================================
Coverage 74.29% 74.29%
=======================================
Files 1531 1531
Lines 125714 125714
Branches 16516 16516
=======================================
Hits 93396 93396
Misses 32207 32207
Partials 111 111
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5dbccec113
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # These tools are restricted to code analysis and build operations only | ||
| claude_args: | | ||
| --allowedTools "Bash(bun run:*),Bash(pnpm run:*),Bash(npm run:*),Bash(npx:*),Bash(bunx:*),Bash(vitest:*),Bash(rg:*),Bash(find:*),Bash(sed:*),Bash(grep:*),Bash(awk:*),Bash(wc:*),Bash(xargs:*)" | ||
| --allowedTools "Bash(git:*),Bash(gh:*),Bash(bun run:*),Bash(pnpm run:*),Bash(npm run:*),Bash(npx:*),Bash(bunx:*),Bash(vitest:*),Bash(rg:*),Bash(find:*),Bash(sed:*),Bash(grep:*),Bash(awk:*),Bash(wc:*),Bash(xargs:*)" |
There was a problem hiding this comment.
Remove unrestricted
gh commands from Claude's allowlist
Bash(gh:*) opens a direct privilege-escalation path in this workflow. I checked the GitHub CLI manual: gh auth token prints the current authentication token, and gh api makes authenticated API requests (defaulting to POST once fields are provided). Since this job is invoked from issue/review text and the same commit also upgrades .github/workflows/claude.yml lines 22-24 to contents/issues/pull-requests: write, a prompt-injected issue or PR can now coerce Claude into leaking the repo token or performing arbitrary writes through GitHub's API. Please keep gh disallowed here or whitelist only the exact subcommands you need.
Useful? React with 👍 / 👎.
|
❤️ Great PR @arvinxx ❤️ The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world. |
Summary
contents,pull-requests,issuespermissions fromreadtowriteso Claude Code can push branches and create PRsBash(git:*)andBash(gh:*)to allowed toolsContext
Claude Code Action was failing with 403 when trying to push fix branches because the workflow only had read permissions.
🤖 Generated with Claude Code