Skip to content

feat: add read_only mode for tag workflows#1433

Draft
tarunag10 wants to merge 1 commit into
anthropics:mainfrom
tarunag10:codex/read-only-mode
Draft

feat: add read_only mode for tag workflows#1433
tarunag10 wants to merge 1 commit into
anthropics:mainfrom
tarunag10:codex/read-only-mode

Conversation

@tarunag10

Copy link
Copy Markdown
Contributor

Summary

Adds a read_only input for tag mode so review-only workflows can prevent Claude from receiving commit, push, or file-deletion tools.

Fixes #1415.

Root cause

Tag mode always added write-capable tools after parsing user claude_args:

  • git CLI commit/push/delete tools when use_commit_signing is false
  • GitHub file-op commit/delete tools when use_commit_signing is true

That meant workflows could narrow their own --allowedTools, but the action still reintroduced write tools required for autofix workflows. This is surprising and unsafe for security review or comment-only automations.

Changes

  • Adds read_only to action.yml and exports it as READ_ONLY.
  • Parses the input into context.inputs.readOnly.
  • Extracts tag-mode tool construction into buildTagModeTools.
  • When read_only: true, keeps read/comment/CI tools and user-specified GitHub MCP tools, but skips:
    • Bash(git add:*)
    • Bash(git commit:*)
    • git push wrapper
    • Bash(git rm:*)
    • mcp__github_file_ops__commit_files
    • mcp__github_file_ops__delete_files
  • Preserves existing default behavior when read_only is unset or false.

Validation

  • ./node_modules/.bin/prettier --check .
  • bun test test/modes/tag.test.ts test/github-context.test.ts
  • bun run typecheck

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Feature request: Add read_only mode to disable automatic commit capabilities

1 participant