actions/claude-code-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
claude-code-action/base-action/test
History
chyipin f37c786ad3
Strip OIDC token request env vars from Claude session (#1011) 
When id-token: write permission is enabled, ACTIONS_ID_TOKEN_REQUEST_URL
and ACTIONS_ID_TOKEN_REQUEST_TOKEN are passed to the Claude session via
the process.env spread in parseSdkOptions(). This allows Claude to mint
new OIDC tokens, which is an unintended capability.

This commit deletes these two variables from the env object before passing
it to the Claude SDK. The OIDC flow in token.ts reads directly from
process.env and runs before parseSdkOptions(), so it is unaffected.

Fixes #1010
2026-04-04 20:13:05 -07:00
..
mcp-test
fix: resolve high vulnerability CVE-2025-66414 (#792)
2026-01-07 12:53:45 +05:30
install-plugins.test.ts
feat: support local plugin marketplace paths (#761)
2026-01-05 16:13:32 +05:30
parse-sdk-options.test.ts
Strip OIDC token request env vars from Claude session (#1011)
2026-04-04 20:13:05 -07:00
parse-shell-args.test.ts
feat: implement Claude Code GitHub Action v1.0 with auto-detection and slash commands (#421)
2025-08-25 12:51:37 -07:00
prepare-prompt.test.ts
feat: integrate claude-code-base-action as local subaction (#285)
2025-07-18 13:52:56 -07:00
setup-claude-code-settings.test.ts
feat: implement Claude Code GitHub Action v1.0 with auto-detection and slash commands (#421)
2025-08-25 12:51:37 -07:00
validate-env.test.ts
feat: add Microsoft Foundry provider support (#684)
2025-11-20 13:50:13 -08:00