Skip to content

fix: restrict Claude comment triggers to trusted repo actors#139

Merged
jmcte merged 1 commit into
mainfrom
codex/fix-unauthenticated-claude-trigger-vulnerability
Jun 22, 2026
Merged

fix: restrict Claude comment triggers to trusted repo actors#139
jmcte merged 1 commit into
mainfrom
codex/fix-unauthenticated-claude-trigger-vulnerability

Conversation

@jmcte

@jmcte jmcte commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Motivation

  • The Claude workflow could be started by any issue or PR comment containing @claude, and recent changes moved that job to the public self-hosted runner pool which exposes long-lived fleet credentials and secrets to untrusted actors.
  • To close this critical attack surface, comment-driven executions must be limited to trusted repository actors while preserving manual runs.
  • Add an automated regression to prevent reintroducing the unauthenticated trigger in future changes.

Description

  • Updated .github/workflows/claude.yml to require author_association to be one of OWNER, MEMBER, or COLLABORATOR for issue_comment, pull_request_review_comment, and pull_request_review triggers while keeping workflow_dispatch intact.
  • The if condition now checks contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event...author_association) alongside the @claude body checks.
  • Added a regression test in test/workflow.test.ts that parses the workflow and asserts the new author-association guard and that untrusted association strings like FIRST_TIME_CONTRIBUTOR, CONTRIBUTOR, and NONE are not present.

Testing

  • Ran the workflow unit tests with pnpm test -- test/workflow.test.ts, and the test suite passed.
  • Ran the project typecheck/lint with pnpm lint (TypeScript --noEmit) and it completed successfully.
  • The new test exercises the claude.yml condition and verifies the presence of the author-association guards.

Codex Task

@athena-omt athena-omt left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Athena review: approves. The change is focused, tests cover the new guard, and I don't see a blocker in the diff.

@pheidon pheidon left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pheidon review: approves. The change is focused, tests cover the new guard, and I don't see a blocker in the diff.

@jmcte jmcte merged commit 44a4f4f into main Jun 22, 2026
17 checks passed
@jmcte jmcte deleted the codex/fix-unauthenticated-claude-trigger-vulnerability branch June 22, 2026 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants