Harden documentation-fixing AI agent security and re-enable workflows#11573
Harden documentation-fixing AI agent security and re-enable workflows#11573ranuka-laksika wants to merge 1 commit into
Conversation
📝 WalkthroughWalkthroughThe changes enable conditional issue classification and queue labeling, activate and gate Claude runner execution, configure Node.js and Python documentation environments, and restrict Claude tools. Documentation automation now requires a successful 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 7
🧹 Nitpick comments (4)
.github/claude/system_prompt.txt (2)
34-34: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse a hyphen in "documentation-fixing agent".
"documentation fixing agent" should be "documentation-fixing agent" per standard compound adjective rules.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/claude/system_prompt.txt at line 34, Update the security label text in the prompt so it uses the hyphenated compound adjective “documentation-fixing agent” instead of “documentation fixing agent”; make this wording change in the JAILBREAK PROTECTION guidance while keeping the rest of the instruction unchanged.Source: Linters/SAST tools
101-106: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueDuplicate step number 9 in the issue workflow.
Steps 9 appears twice — line 101 ("Create PR within original repository") and line 106 ("Repeat for other versions"). The second should be step 10, with subsequent steps renumbered accordingly.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/claude/system_prompt.txt around lines 101 - 106, The issue is duplicate numbering in the workflow list: the second step labeled 9 in the system prompt should be renumbered to 10, and any following steps should be updated accordingly. Fix the numbering in the workflow text around the “Create PR within original repository” and “Repeat for other versions of the repository” entries so the sequence stays unique and ordered..github/scripts/pre-commit-hook.sh (1)
22-22: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueQuote
$STAGED_FILESto handle filenames with spaces.The unquoted
for file in $STAGED_FILESwill split on whitespace. While current allowed paths don't include spaces, quoting is a defensive best practice.♻️ Proposed refactor
-STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACMR) +STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACMR -z)And use a while-read loop:
-for file in $STAGED_FILES; do +while IFS= read -r -d '' file; do🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/scripts/pre-commit-hook.sh at line 22, The staged-files loop in the pre-commit hook is splitting on whitespace because $STAGED_FILES is unquoted. Update the loop around the for file in $STAGED_FILES iteration to safely handle paths with spaces, ideally by switching to a while-read style iteration as suggested, and keep the rest of the pre-commit-hook.sh logic unchanged..github/workflows/auto_lable.yml (1)
112-120: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueRedundant
is_validoutput write when a valid category is matched.When a match is found,
is_valid=trueis written to$GITHUB_OUTPUTon line 115, then the loop breaks. But execution continues to line 120, which writesis_valid=trueagain. This is harmless (GitHub Actions takes the last value) but indicates thebreakshould be an earlyexit 0or the final write should be in anelsebranch.♻️ Proposed refactor
for valid in "${VALID_CATEGORIES[@]}"; do if [[ "$CATEGORY" == "$valid" ]]; then - IS_VALID=true - echo "is_valid=$IS_VALID" >> $GITHUB_OUTPUT - break + echo "is_valid=true" >> $GITHUB_OUTPUT + exit 0 fi done - echo "is_valid=$IS_VALID" >> $GITHUB_OUTPUT + echo "is_valid=false" >> $GITHUB_OUTPUT🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/auto_lable.yml around lines 112 - 120, The validation block in auto_lable.yml writes is_valid twice when a category matches, so update the loop around VALID_CATEGORIES and IS_VALID to avoid the redundant $GITHUB_OUTPUT write. Either exit early immediately after setting IS_VALID=true inside the match branch, or restructure the final echo so it only runs when no match was found; keep the logic centered on the existing CATEGORY check and VALID_CATEGORIES loop.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/claude/system_prompt.txt:
- Around line 96-100: The secrets validation step contains a typo in the
command, causing `it diff` to fail instead of running the intended `git diff`.
Update the instruction in the “Validate changes before PR (MANDATORY)” section
to use the correct `git diff` command, keeping the rest of the secret-check
pipeline unchanged.
- Around line 96-100: The secret-detection grep in the validation step is too
broad because `\$[A-Z_]+` matches normal template placeholders like
`REPOSITORY`, `ISSUE_NUMBER`, `LATEST_VERSION`, and `BRANCH_NAME`. Update the
validation rule in the system prompt to use `it diff origin/{VERSION}...HEAD`
with a narrower set of secret-specific patterns, and remove the generic
uppercase dollar-variable match so legitimate documentation templates are not
flagged. Keep the change localized to the secret check text in the validation
section.
In @.github/scripts/pre-commit-hook.sh:
- Around line 72-77: The pre-commit hook is leaking matched secret values by
piping the staged diff through grep and echoing the full matches to stdout.
Update the secret-detection block in the pre-commit hook script so it uses the
existing grep checks only to determine whether a match exists, but prints a
redacted summary or count instead of the matched lines. Keep the current
detection patterns in place, and ensure the logging around STAGED_DIFF does not
reveal any secret content in GitHub Actions logs.
- Around line 70-71: The secret-detection regex in the pre-commit hook is too
loose for the base64-like token pattern and can trigger false positives on
ordinary long strings. Tighten the `[A-Za-z0-9+/]{40}=?$` part in the grep
within the staged diff check by adding a start anchor or word boundary so it
only matches standalone secrets, while keeping the existing patterns in the same
`pre-commit-hook.sh` guard logic.
In @.github/workflows/auto_lable.yml:
- Around line 99-107: The Anthropic classification step in the workflow does not
handle API failures before parsing the response, so HTTP errors can silently
turn into a null category. Update the Claude call in the classification block to
capture and check the HTTP status or use fail-on-error behavior, then inspect
the response for an error payload before reading .content[0].text. If the
request fails or returns an error, log the failure and skip labeling explicitly
instead of continuing with CATEGORY set to null.
In @.github/workflows/claude_runner.yml:
- Line 19: The checkout steps in the workflow currently leave GitHub credentials
persisted in .git/config, which can expose the token to later git commands.
Update both actions/checkout uses in the run_claude job and the other checkout
step to set persist-credentials: false, and ensure any needed git auth is passed
through environment variables instead of relying on checkout persistence.
- Around line 83-84: The git config setup in the workflow currently interpolates
DOC_FIXING_AGENT_GIT_USER_NAME and DOC_FIXING_AGENT_GIT_USER_EMAIL directly into
the shell command, which can break with special characters. Update the
claude_runner workflow so the secrets are passed into environment variables and
then referenced from the git config commands in that same step, keeping the
existing git config user.name and git config user.email setup intact.
---
Nitpick comments:
In @.github/claude/system_prompt.txt:
- Line 34: Update the security label text in the prompt so it uses the
hyphenated compound adjective “documentation-fixing agent” instead of
“documentation fixing agent”; make this wording change in the JAILBREAK
PROTECTION guidance while keeping the rest of the instruction unchanged.
- Around line 101-106: The issue is duplicate numbering in the workflow list:
the second step labeled 9 in the system prompt should be renumbered to 10, and
any following steps should be updated accordingly. Fix the numbering in the
workflow text around the “Create PR within original repository” and “Repeat for
other versions of the repository” entries so the sequence stays unique and
ordered.
In @.github/scripts/pre-commit-hook.sh:
- Line 22: The staged-files loop in the pre-commit hook is splitting on
whitespace because $STAGED_FILES is unquoted. Update the loop around the for
file in $STAGED_FILES iteration to safely handle paths with spaces, ideally by
switching to a while-read style iteration as suggested, and keep the rest of the
pre-commit-hook.sh logic unchanged.
In @.github/workflows/auto_lable.yml:
- Around line 112-120: The validation block in auto_lable.yml writes is_valid
twice when a category matches, so update the loop around VALID_CATEGORIES and
IS_VALID to avoid the redundant $GITHUB_OUTPUT write. Either exit early
immediately after setting IS_VALID=true inside the match branch, or restructure
the final echo so it only runs when no match was found; keep the logic centered
on the existing CATEGORY check and VALID_CATEGORIES loop.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 295473e2-5c1b-436d-ac21-b890bba11569
📒 Files selected for processing (4)
.github/claude/system_prompt.txt.github/scripts/pre-commit-hook.sh.github/workflows/auto_lable.yml.github/workflows/claude_runner.yml
| 8. Validate changes before PR (MANDATORY): | ||
| # Check for secrets in staged/committed changes | ||
| it diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected" | ||
| # If secrets found → STOP, reset, label AI-Agent/Cannot-Fix | ||
|
|
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Fix git diff typo in the secrets validation instruction.
Line 98 reads it diff origin/{VERSION}...HEAD — the missing g makes this it diff instead of git diff. The agent would encounter a command-not-found error when following this step.
🐛 Proposed fix
- it diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
+ git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 8. Validate changes before PR (MANDATORY): | |
| # Check for secrets in staged/committed changes | |
| it diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected" | |
| # If secrets found → STOP, reset, label AI-Agent/Cannot-Fix | |
| 8. Validate changes before PR (MANDATORY): | |
| # Check for secrets in staged/committed changes | |
| git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected" | |
| # If secrets found → STOP, reset, label AI-Agent/Cannot-Fix |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/claude/system_prompt.txt around lines 96 - 100, The secrets
validation step contains a typo in the command, causing `it diff` to fail
instead of running the intended `git diff`. Update the instruction in the
“Validate changes before PR (MANDATORY)” section to use the correct `git diff`
command, keeping the rest of the secret-check pipeline unchanged.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Secret detection pattern \$[A-Z_]+ will produce false positives on legitimate template variables.
The grep pattern includes \$[A-Z_]+ which matches any dollar-sign-prefixed uppercase identifier. The prompt itself uses ${REPOSITORY}, ${ISSUE_NUMBER}, ${LATEST_VERSION}, and ${BRANCH_NAME} throughout. If these template variables appear in staged documentation files, the agent would falsely flag them as secrets and refuse to create the PR. Narrow the pattern to match actual credential patterns rather than any uppercase variable reference.
🛡️ Proposed fix
- git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
+ git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC_API_KEY|DOC_FIXING_AGENT|API_KEY|SECRET|PASSWORD|ghp_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,})' || echo "✓ No secrets detected"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 8. Validate changes before PR (MANDATORY): | |
| # Check for secrets in staged/committed changes | |
| it diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected" | |
| # If secrets found → STOP, reset, label AI-Agent/Cannot-Fix | |
| 8. Validate changes before PR (MANDATORY): | |
| # Check for secrets in staged/committed changes | |
| git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC_API_KEY|DOC_FIXING_AGENT|API_KEY|SECRET|PASSWORD|ghp_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,})' || echo "✓ No secrets detected" | |
| # If secrets found → STOP, reset, label AI-Agent/Cannot-Fix |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/claude/system_prompt.txt around lines 96 - 100, The secret-detection
grep in the validation step is too broad because `\$[A-Z_]+` matches normal
template placeholders like `REPOSITORY`, `ISSUE_NUMBER`, `LATEST_VERSION`, and
`BRANCH_NAME`. Update the validation rule in the system prompt to use `it diff
origin/{VERSION}...HEAD` with a narrower set of secret-specific patterns, and
remove the generic uppercase dollar-variable match so legitimate documentation
templates are not flagged. Keep the change localized to the secret check text in
the validation section.
| if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|[A-Za-z0-9+/]{40}=?$)' || \ | ||
| echo "$STAGED_DIFF" | grep -qiE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]'; then |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Fix regex anchoring for the base64 secret pattern to reduce false positives.
The pattern [A-Za-z0-9+/]{40}=?$ is only anchored at the end ($), so it matches any line ending with 40+ base64-like characters regardless of preceding content. This causes false positives on legitimate content (e.g., long URLs, hash strings in documentation). Add a word boundary or start anchor.
🛡️ Proposed fix
-if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|[A-Za-z0-9+/]{40}=?$)' || \
+if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|\b[A-Za-z0-9+/]{40}=?\b)' || \📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|[A-Za-z0-9+/]{40}=?$)' || \ | |
| echo "$STAGED_DIFF" | grep -qiE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]'; then | |
| if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|\b[A-Za-z0-9+/]{40}=?\b)' || \ | |
| echo "$STAGED_DIFF" | grep -qiE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]'; then |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/scripts/pre-commit-hook.sh around lines 70 - 71, The
secret-detection regex in the pre-commit hook is too loose for the base64-like
token pattern and can trigger false positives on ordinary long strings. Tighten
the `[A-Za-z0-9+/]{40}=?$` part in the grep within the staged diff check by
adding a start anchor or word boundary so it only matches standalone secrets,
while keeping the existing patterns in the same `pre-commit-hook.sh` guard
logic.
| echo "❌ COMMIT BLOCKED: Potential secrets detected in staged changes" | ||
| echo "" | ||
| echo "Detected patterns that may contain secrets:" | ||
| echo "$STAGED_DIFF" | grep -E '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true | ||
| echo "$STAGED_DIFF" | grep -iE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true | ||
| SECRETS_FOUND=true |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Avoid printing matched secret content to workflow logs.
Lines 75-76 echo the matched lines from the diff to stdout, which would expose the actual secret value in GitHub Actions logs. This defeats the purpose of blocking secrets. Print only a redacted summary instead.
🛡️ Proposed fix
echo "❌ COMMIT BLOCKED: Potential secrets detected in staged changes"
echo ""
- echo "Detected patterns that may contain secrets:"
- echo "$STAGED_DIFF" | grep -E '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true
- echo "$STAGED_DIFF" | grep -iE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true
+ echo "Detected secret-like patterns in staged changes (content redacted for security)."
+ echo "$STAGED_DIFF" | grep -cE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true
+ echo "$STAGED_DIFF" | grep -ciE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| echo "❌ COMMIT BLOCKED: Potential secrets detected in staged changes" | |
| echo "" | |
| echo "Detected patterns that may contain secrets:" | |
| echo "$STAGED_DIFF" | grep -E '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true | |
| echo "$STAGED_DIFF" | grep -iE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true | |
| SECRETS_FOUND=true | |
| echo "❌ COMMIT BLOCKED: Potential secrets detected in staged changes" | |
| echo "" | |
| echo "Detected secret-like patterns in staged changes (content redacted for security)." | |
| echo "$STAGED_DIFF" | grep -cE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true | |
| echo "$STAGED_DIFF" | grep -ciE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true | |
| SECRETS_FOUND=true |
🧰 Tools
🪛 ast-grep (0.44.1)
[warning] 76-76: A credential-bearing variable (e.g. PASSWORD, PASSWD, SECRET, TOKEN, API_KEY) is assigned a hardcoded string literal. Secrets committed to a script are exposed in source control, process listings, and shell history, and cannot be rotated without a code change. Read the value from a secrets manager or an injected environment variable at runtime instead (e.g. PASSWORD="${DB_PASSWORD:?must be set}"), and never commit the literal.
Context: SECRETS_FOUND=true
Note: [CWE-798] Use of Hard-coded Credentials.
(hardcoded-password-assignment-bash)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/scripts/pre-commit-hook.sh around lines 72 - 77, The pre-commit hook
is leaking matched secret values by piping the staged diff through grep and
echoing the full matches to stdout. Update the secret-detection block in the
pre-commit hook script so it uses the existing grep checks only to determine
whether a match exists, but prints a redacted summary or count instead of the
matched lines. Keep the current detection patterns in place, and ensure the
logging around STAGED_DIFF does not reveal any secret content in GitHub Actions
logs.
| # Call Claude API with required anthropic-version header | ||
| RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \ | ||
| -H "Content-Type: application/json" \ | ||
| -H "x-api-key: $ANTHROPIC_API_KEY" \ | ||
| -H "anthropic-version: 2023-06-01" \ | ||
| -d "$DATA") | ||
|
|
||
| CATEGORY=$(echo "$RESPONSE" | jq -r '.content[0].text' | tr -d '\n' | tr '[:upper:]' '[:lower:]' | xargs) | ||
| echo "Claude classified the issue as: $CATEGORY" |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
Add API error handling for the Anthropic classification call.
The curl call uses -s without --fail, so HTTP errors (401, 429, 500) produce a response body that is silently passed to jq. If the API returns an error, .content[0].text will be null, CATEGORY becomes the string "null", and the issue is simply not labeled — with no log visibility into why. Consider checking the HTTP status or inspecting the response for an error field before parsing the category.
🛡️ Proposed fix
RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \
-H "Content-Type: application/json" \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-d "$DATA")
+ # Check for API errors
+ API_ERROR=$(echo "$RESPONSE" | jq -r '.error.message // empty')
+ if [ -n "$API_ERROR" ]; then
+ echo "::error::Claude API error: $API_ERROR"
+ echo "is_valid=false" >> $GITHUB_OUTPUT
+ exit 0
+ fi
+
CATEGORY=$(echo "$RESPONSE" | jq -r '.content[0].text' | tr -d '\n' | tr '[:upper:]' '[:lower:]' | xargs)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # Call Claude API with required anthropic-version header | |
| RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \ | |
| -H "Content-Type: application/json" \ | |
| -H "x-api-key: $ANTHROPIC_API_KEY" \ | |
| -H "anthropic-version: 2023-06-01" \ | |
| -d "$DATA") | |
| CATEGORY=$(echo "$RESPONSE" | jq -r '.content[0].text' | tr -d '\n' | tr '[:upper:]' '[:lower:]' | xargs) | |
| echo "Claude classified the issue as: $CATEGORY" | |
| # Call Claude API with required anthropic-version header | |
| RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \ | |
| -H "Content-Type: application/json" \ | |
| -H "x-api-key: $ANTHROPIC_API_KEY" \ | |
| -H "anthropic-version: 2023-06-01" \ | |
| -d "$DATA") | |
| # Check for API errors | |
| API_ERROR=$(echo "$RESPONSE" | jq -r '.error.message // empty') | |
| if [ -n "$API_ERROR" ]; then | |
| echo "::error::Claude API error: $API_ERROR" | |
| echo "is_valid=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| CATEGORY=$(echo "$RESPONSE" | jq -r '.content[0].text' | tr -d '\n' | tr '[:upper:]' '[:lower:]' | xargs) | |
| echo "Claude classified the issue as: $CATEGORY" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/auto_lable.yml around lines 99 - 107, The Anthropic
classification step in the workflow does not handle API failures before parsing
the response, so HTTP errors can silently turn into a null category. Update the
Claude call in the classification block to capture and check the HTTP status or
use fail-on-error behavior, then inspect the response for an error payload
before reading .content[0].text. If the request fails or returns an error, log
the failure and skip labeling explicitly instead of continuing with CATEGORY set
to null.
| if: false # Workflow disabled | ||
| if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' | ||
| steps: | ||
| - uses: actions/checkout@v4 |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Set persist-credentials: false on checkout steps to prevent token leakage.
Both actions/checkout steps (lines 19 and 64-69) do not set persist-credentials: false. By default, the checkout action saves the provided token in .git/config for subsequent git operations. Since the Claude agent has Bash(git *) access, it could read the token from .git/config and exfiltrate it. Add persist-credentials: false and configure git credentials via environment variables instead.
🛡️ Proposed fix
- uses: actions/checkout@v4
+ with:
+ persist-credentials: falseAnd for the run_claude job checkout:
- name: Checkout original repository
uses: actions/checkout@v5
with:
repository: ${{ vars.DOC_FIXING_AGENT_REPOSITORY }}
token: ${{ secrets.DOC_FIXING_AGENT_GITHUB_TOKEN }}
fetch-depth: 0
+ persist-credentials: falseAlso applies to: 64-69
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 19-19: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/claude_runner.yml at line 19, The checkout steps in the
workflow currently leave GitHub credentials persisted in .git/config, which can
expose the token to later git commands. Update both actions/checkout uses in the
run_claude job and the other checkout step to set persist-credentials: false,
and ensure any needed git auth is passed through environment variables instead
of relying on checkout persistence.
Source: Linters/SAST tools
| git config user.name ${{secrets.DOC_FIXING_AGENT_GIT_USER_NAME}} | ||
| git config user.email ${{secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL}} |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Use environment variables for git config secrets instead of direct interpolation.
Secret values are interpolated directly into the shell script via ${{ secrets.* }}. If a secret contains shell metacharacters (spaces, quotes, $, etc.), the command may break or produce unexpected behavior. Pass secrets through environment variables and reference them in the script.
🛡️ Proposed fix
- name: Configure git for commits
+ env:
+ GIT_USER_NAME: ${{ secrets.DOC_FIXING_AGENT_GIT_USER_NAME }}
+ GIT_USER_EMAIL: ${{ secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL }}
run: |
# Show current remotes for debugging
echo "Current remotes:"
git remote -v
# Configure git for commits
- git config user.name ${{secrets.DOC_FIXING_AGENT_GIT_USER_NAME}}
- git config user.email ${{secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL}}
+ git config user.name "$GIT_USER_NAME"
+ git config user.email "$GIT_USER_EMAIL"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| git config user.name ${{secrets.DOC_FIXING_AGENT_GIT_USER_NAME}} | |
| git config user.email ${{secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL}} | |
| - name: Configure git for commits | |
| env: | |
| GIT_USER_NAME: ${{ secrets.DOC_FIXING_AGENT_GIT_USER_NAME }} | |
| GIT_USER_EMAIL: ${{ secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL }} | |
| run: | | |
| # Show current remotes for debugging | |
| echo "Current remotes:" | |
| git remote -v | |
| # Configure git for commits | |
| git config user.name "$GIT_USER_NAME" | |
| git config user.email "$GIT_USER_EMAIL" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/claude_runner.yml around lines 83 - 84, The git config
setup in the workflow currently interpolates DOC_FIXING_AGENT_GIT_USER_NAME and
DOC_FIXING_AGENT_GIT_USER_EMAIL directly into the shell command, which can break
with special characters. Update the claude_runner workflow so the secrets are
passed into environment variables and then referenced from the git config
commands in that same step, keeping the existing git config user.name and git
config user.email setup intact.
Summary
Strengthens the security of the automated documentation-fixing agent and re-enables
the auto-label and Claude runner workflows that were previously disabled.
Changes
.github/claude/system_prompt.txten/docs/**Markdown, YAML, and safe image formats, plusen/mkdocs.yml— SVGs and all other paths are forbidden.mkdocs builda hard prerequisite before PR creation and clarified that build permission is already granted.github/scripts/pre-commit-hook.sh(new).github/workflows/auto_lable.ymlif: false).systemfield..github/workflows/claude_runner.ymlworkflow_dispatchtriggers.--allowedToolsfrom a broadBash(*)to a specific command whitelist.