From: Daan De Meyer <daan@amutable.com>
Date: Wed, 18 Mar 2026 12:40:13 +0000 (+0100)
Subject: ci: Don't read claude settings from the repo
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fb2cf9f557e6a23dbf48b39e776e84cdf673a5c1;p=thirdparty%2Fsystemd.git

ci: Don't read claude settings from the repo

Shouldn't be possible, but extra hardening never hurts.
---

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index 4e750b11fcd..91f98f695e2 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -264,6 +264,7 @@ jobs:
             --model us.anthropic.claude-opus-4-6-v1
             --max-turns 200
             --disallowedTools "WebFetch,WebSearch,Agent,TaskCreate"
+            --setting-sources user
             --json-schema '${{ env.REVIEW_SCHEMA }}'
           prompt: |
               REPO: ${{ github.repository }}