]> git.ipfire.org Git - thirdparty/openwrt.git/commitdiff
projects / thirdparty / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4517ace)
github: prevent Claude from making commits during PR review
authorHauke Mehrtens <hauke@hauke-m.de>
Sat, 11 Apr 2026 16:06:40 +0000 (18:06 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 12 Apr 2026 15:02:00 +0000 (17:02 +0200)
The workflow already uses contents: read which prevents GitHub from
accepting any push. The --disallowedTools setting adds a second layer
by stopping Claude from even attempting git write operations.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Link: https://github.com/openwrt/openwrt/pull/22897
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
.github/workflows/claude-code-review.yml patch | blob | blame | history

diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
index 3d7957420ab1e144371403b32aedfea735a5a222..6115d33428ecaf4b21bc5683d572bae44325a732 100644 (file)
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -33,3 +33,4 @@ jobs:
           trigger_phrase: "/claude"
           claude_args: >-
             --allowedTools "mcp__github_inline_comment__create_inline_comment"
+            --disallowedTools "Bash(git add:*),Bash(git commit:*),Bash(git rm:*),Bash(git push:*)"
Mirror of https://github.com/openwrt/openwrt.git