Skip to content

Harden documentation-fixing AI agent security and re-enable workflows#11573

Open
ranuka-laksika wants to merge 1 commit into
wso2:masterfrom
ranuka-laksika:increase-security
Open

Harden documentation-fixing AI agent security and re-enable workflows#11573
ranuka-laksika wants to merge 1 commit into
wso2:masterfrom
ranuka-laksika:increase-security

Conversation

@ranuka-laksika

@ranuka-laksika ranuka-laksika commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Strengthens the security of the automated documentation-fixing agent and re-enables
the auto-label and Claude runner workflows that were previously disabled.

Changes

.github/claude/system_prompt.txt

  • Added Security Restrictions section: jailbreak protection, hidden-instruction protection (HTML comments, base64/encoded text, external content), and a mandatory secret-scan gate before any PR is created.
  • Added Path Restrictions: the agent may only modify en/docs/** Markdown, YAML, and safe image formats, plus en/mkdocs.yml — SVGs and all other paths are forbidden.
  • Made a successful mkdocs build a hard prerequisite before PR creation and clarified that build permission is already granted
  • Added a mandatory issue-summary comment step after fixing.

.github/scripts/pre-commit-hook.sh (new)

  • Enforces a path whitelist so only allowed documentation files can be committed.
  • Scans staged changes for secrets (GitHub tokens, API keys, AWS keys, Slack tokens, password/secret/token assignments) and blocks the commit if any are detected.

.github/workflows/auto_lable.yml

  • Re-enabled the workflow (removed if: false).
  • Split issue eligibility check and Claude classification into separate steps.
  • Added security rules to the classifier prompt and moved them into the API system field.
  • Added strict validation of the returned category against an allowed list.

.github/workflows/claude_runner.yml

  • Re-enabled the workflow and restored the schedule / workflow_dispatch triggers.
  • Added Node.js 24 and Python 3.8 setup and documentation dependency installation.
  • Installs the new security pre-commit hook into the checkout.
  • Tightened --allowedTools from a broad Bash(*) to a specific command whitelist.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The changes enable conditional issue classification and queue labeling, activate and gate Claude runner execution, configure Node.js and Python documentation environments, and restrict Claude tools. Documentation automation now requires a successful mkdocs build before commit or PR creation. A pre-commit hook validates staged paths and scans staged diffs for secret patterns. Completion instructions add the fixed label and an issue summary comment with PR and build information.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description covers summary and changes, but most required template sections are missing. Add the missing template sections, especially Purpose, Goals, Approach, Release note, Documentation, Security checks, and Test environment.
✅ Passed checks (4 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title matches the main scope: hardening the AI agent and re-enabling workflows.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

🧹 Nitpick comments (4)
.github/claude/system_prompt.txt (2)

34-34: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Use a hyphen in "documentation-fixing agent".

"documentation fixing agent" should be "documentation-fixing agent" per standard compound adjective rules.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/claude/system_prompt.txt at line 34, Update the security label text
in the prompt so it uses the hyphenated compound adjective “documentation-fixing
agent” instead of “documentation fixing agent”; make this wording change in the
JAILBREAK PROTECTION guidance while keeping the rest of the instruction
unchanged.

Source: Linters/SAST tools


101-106: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Duplicate step number 9 in the issue workflow.

Steps 9 appears twice — line 101 ("Create PR within original repository") and line 106 ("Repeat for other versions"). The second should be step 10, with subsequent steps renumbered accordingly.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/claude/system_prompt.txt around lines 101 - 106, The issue is
duplicate numbering in the workflow list: the second step labeled 9 in the
system prompt should be renumbered to 10, and any following steps should be
updated accordingly. Fix the numbering in the workflow text around the “Create
PR within original repository” and “Repeat for other versions of the repository”
entries so the sequence stays unique and ordered.
.github/scripts/pre-commit-hook.sh (1)

22-22: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Quote $STAGED_FILES to handle filenames with spaces.

The unquoted for file in $STAGED_FILES will split on whitespace. While current allowed paths don't include spaces, quoting is a defensive best practice.

♻️ Proposed refactor
-STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACMR)
+STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACMR -z)

And use a while-read loop:

-for file in $STAGED_FILES; do
+while IFS= read -r -d '' file; do
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/scripts/pre-commit-hook.sh at line 22, The staged-files loop in the
pre-commit hook is splitting on whitespace because $STAGED_FILES is unquoted.
Update the loop around the for file in $STAGED_FILES iteration to safely handle
paths with spaces, ideally by switching to a while-read style iteration as
suggested, and keep the rest of the pre-commit-hook.sh logic unchanged.
.github/workflows/auto_lable.yml (1)

112-120: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Redundant is_valid output write when a valid category is matched.

When a match is found, is_valid=true is written to $GITHUB_OUTPUT on line 115, then the loop breaks. But execution continues to line 120, which writes is_valid=true again. This is harmless (GitHub Actions takes the last value) but indicates the break should be an early exit 0 or the final write should be in an else branch.

♻️ Proposed refactor
             for valid in "${VALID_CATEGORIES[@]}"; do
               if [[ "$CATEGORY" == "$valid" ]]; then
-                IS_VALID=true
-                echo "is_valid=$IS_VALID" >> $GITHUB_OUTPUT
-                break
+                echo "is_valid=true" >> $GITHUB_OUTPUT
+                exit 0
               fi
             done
 
-            echo "is_valid=$IS_VALID" >> $GITHUB_OUTPUT
+            echo "is_valid=false" >> $GITHUB_OUTPUT
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/auto_lable.yml around lines 112 - 120, The validation
block in auto_lable.yml writes is_valid twice when a category matches, so update
the loop around VALID_CATEGORIES and IS_VALID to avoid the redundant
$GITHUB_OUTPUT write. Either exit early immediately after setting IS_VALID=true
inside the match branch, or restructure the final echo so it only runs when no
match was found; keep the logic centered on the existing CATEGORY check and
VALID_CATEGORIES loop.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/claude/system_prompt.txt:
- Around line 96-100: The secrets validation step contains a typo in the
command, causing `it diff` to fail instead of running the intended `git diff`.
Update the instruction in the “Validate changes before PR (MANDATORY)” section
to use the correct `git diff` command, keeping the rest of the secret-check
pipeline unchanged.
- Around line 96-100: The secret-detection grep in the validation step is too
broad because `\$[A-Z_]+` matches normal template placeholders like
`REPOSITORY`, `ISSUE_NUMBER`, `LATEST_VERSION`, and `BRANCH_NAME`. Update the
validation rule in the system prompt to use `it diff origin/{VERSION}...HEAD`
with a narrower set of secret-specific patterns, and remove the generic
uppercase dollar-variable match so legitimate documentation templates are not
flagged. Keep the change localized to the secret check text in the validation
section.

In @.github/scripts/pre-commit-hook.sh:
- Around line 72-77: The pre-commit hook is leaking matched secret values by
piping the staged diff through grep and echoing the full matches to stdout.
Update the secret-detection block in the pre-commit hook script so it uses the
existing grep checks only to determine whether a match exists, but prints a
redacted summary or count instead of the matched lines. Keep the current
detection patterns in place, and ensure the logging around STAGED_DIFF does not
reveal any secret content in GitHub Actions logs.
- Around line 70-71: The secret-detection regex in the pre-commit hook is too
loose for the base64-like token pattern and can trigger false positives on
ordinary long strings. Tighten the `[A-Za-z0-9+/]{40}=?$` part in the grep
within the staged diff check by adding a start anchor or word boundary so it
only matches standalone secrets, while keeping the existing patterns in the same
`pre-commit-hook.sh` guard logic.

In @.github/workflows/auto_lable.yml:
- Around line 99-107: The Anthropic classification step in the workflow does not
handle API failures before parsing the response, so HTTP errors can silently
turn into a null category. Update the Claude call in the classification block to
capture and check the HTTP status or use fail-on-error behavior, then inspect
the response for an error payload before reading .content[0].text. If the
request fails or returns an error, log the failure and skip labeling explicitly
instead of continuing with CATEGORY set to null.

In @.github/workflows/claude_runner.yml:
- Line 19: The checkout steps in the workflow currently leave GitHub credentials
persisted in .git/config, which can expose the token to later git commands.
Update both actions/checkout uses in the run_claude job and the other checkout
step to set persist-credentials: false, and ensure any needed git auth is passed
through environment variables instead of relying on checkout persistence.
- Around line 83-84: The git config setup in the workflow currently interpolates
DOC_FIXING_AGENT_GIT_USER_NAME and DOC_FIXING_AGENT_GIT_USER_EMAIL directly into
the shell command, which can break with special characters. Update the
claude_runner workflow so the secrets are passed into environment variables and
then referenced from the git config commands in that same step, keeping the
existing git config user.name and git config user.email setup intact.

---

Nitpick comments:
In @.github/claude/system_prompt.txt:
- Line 34: Update the security label text in the prompt so it uses the
hyphenated compound adjective “documentation-fixing agent” instead of
“documentation fixing agent”; make this wording change in the JAILBREAK
PROTECTION guidance while keeping the rest of the instruction unchanged.
- Around line 101-106: The issue is duplicate numbering in the workflow list:
the second step labeled 9 in the system prompt should be renumbered to 10, and
any following steps should be updated accordingly. Fix the numbering in the
workflow text around the “Create PR within original repository” and “Repeat for
other versions of the repository” entries so the sequence stays unique and
ordered.

In @.github/scripts/pre-commit-hook.sh:
- Line 22: The staged-files loop in the pre-commit hook is splitting on
whitespace because $STAGED_FILES is unquoted. Update the loop around the for
file in $STAGED_FILES iteration to safely handle paths with spaces, ideally by
switching to a while-read style iteration as suggested, and keep the rest of the
pre-commit-hook.sh logic unchanged.

In @.github/workflows/auto_lable.yml:
- Around line 112-120: The validation block in auto_lable.yml writes is_valid
twice when a category matches, so update the loop around VALID_CATEGORIES and
IS_VALID to avoid the redundant $GITHUB_OUTPUT write. Either exit early
immediately after setting IS_VALID=true inside the match branch, or restructure
the final echo so it only runs when no match was found; keep the logic centered
on the existing CATEGORY check and VALID_CATEGORIES loop.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 295473e2-5c1b-436d-ac21-b890bba11569

📥 Commits

Reviewing files that changed from the base of the PR and between acd83ed and 22b8361.

📒 Files selected for processing (4)
  • .github/claude/system_prompt.txt
  • .github/scripts/pre-commit-hook.sh
  • .github/workflows/auto_lable.yml
  • .github/workflows/claude_runner.yml

Comment on lines +96 to +100
8. Validate changes before PR (MANDATORY):
# Check for secrets in staged/committed changes
it diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
# If secrets found → STOP, reset, label AI-Agent/Cannot-Fix

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Fix git diff typo in the secrets validation instruction.

Line 98 reads it diff origin/{VERSION}...HEAD — the missing g makes this it diff instead of git diff. The agent would encounter a command-not-found error when following this step.

🐛 Proposed fix
-   it diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
+   git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
8. Validate changes before PR (MANDATORY):
# Check for secrets in staged/committed changes
it diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
# If secrets found → STOP, reset, label AI-Agent/Cannot-Fix
8. Validate changes before PR (MANDATORY):
# Check for secrets in staged/committed changes
git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
# If secrets found → STOP, reset, label AI-Agent/Cannot-Fix
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/claude/system_prompt.txt around lines 96 - 100, The secrets
validation step contains a typo in the command, causing `it diff` to fail
instead of running the intended `git diff`. Update the instruction in the
“Validate changes before PR (MANDATORY)” section to use the correct `git diff`
command, keeping the rest of the secret-check pipeline unchanged.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Secret detection pattern \$[A-Z_]+ will produce false positives on legitimate template variables.

The grep pattern includes \$[A-Z_]+ which matches any dollar-sign-prefixed uppercase identifier. The prompt itself uses ${REPOSITORY}, ${ISSUE_NUMBER}, ${LATEST_VERSION}, and ${BRANCH_NAME} throughout. If these template variables appear in staged documentation files, the agent would falsely flag them as secrets and refuse to create the PR. Narrow the pattern to match actual credential patterns rather than any uppercase variable reference.

🛡️ Proposed fix
-   git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
+   git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC_API_KEY|DOC_FIXING_AGENT|API_KEY|SECRET|PASSWORD|ghp_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,})' || echo "✓ No secrets detected"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
8. Validate changes before PR (MANDATORY):
# Check for secrets in staged/committed changes
it diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC|API_KEY|SECRET|PASSWORD|\$[A-Z_]+)' || echo "✓ No secrets detected"
# If secrets found → STOP, reset, label AI-Agent/Cannot-Fix
8. Validate changes before PR (MANDATORY):
# Check for secrets in staged/committed changes
git diff origin/{VERSION}...HEAD | grep -iE '(GITHUB_TOKEN|ANTHROPIC_API_KEY|DOC_FIXING_AGENT|API_KEY|SECRET|PASSWORD|ghp_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,})' || echo "✓ No secrets detected"
# If secrets found → STOP, reset, label AI-Agent/Cannot-Fix
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/claude/system_prompt.txt around lines 96 - 100, The secret-detection
grep in the validation step is too broad because `\$[A-Z_]+` matches normal
template placeholders like `REPOSITORY`, `ISSUE_NUMBER`, `LATEST_VERSION`, and
`BRANCH_NAME`. Update the validation rule in the system prompt to use `it diff
origin/{VERSION}...HEAD` with a narrower set of secret-specific patterns, and
remove the generic uppercase dollar-variable match so legitimate documentation
templates are not flagged. Keep the change localized to the secret check text in
the validation section.

Comment on lines +70 to +71
if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|[A-Za-z0-9+/]{40}=?$)' || \
echo "$STAGED_DIFF" | grep -qiE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]'; then

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Fix regex anchoring for the base64 secret pattern to reduce false positives.

The pattern [A-Za-z0-9+/]{40}=?$ is only anchored at the end ($), so it matches any line ending with 40+ base64-like characters regardless of preceding content. This causes false positives on legitimate content (e.g., long URLs, hash strings in documentation). Add a word boundary or start anchor.

🛡️ Proposed fix
-if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|[A-Za-z0-9+/]{40}=?$)' || \
+if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|\b[A-Za-z0-9+/]{40}=?\b)' || \
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|[A-Za-z0-9+/]{40}=?$)' || \
echo "$STAGED_DIFF" | grep -qiE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]'; then
if echo "$STAGED_DIFF" | grep -qE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16}|\b[A-Za-z0-9+/]{40}=?\b)' || \
echo "$STAGED_DIFF" | grep -qiE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]'; then
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/scripts/pre-commit-hook.sh around lines 70 - 71, The
secret-detection regex in the pre-commit hook is too loose for the base64-like
token pattern and can trigger false positives on ordinary long strings. Tighten
the `[A-Za-z0-9+/]{40}=?$` part in the grep within the staged diff check by
adding a start anchor or word boundary so it only matches standalone secrets,
while keeping the existing patterns in the same `pre-commit-hook.sh` guard
logic.

Comment on lines +72 to +77
echo "❌ COMMIT BLOCKED: Potential secrets detected in staged changes"
echo ""
echo "Detected patterns that may contain secrets:"
echo "$STAGED_DIFF" | grep -E '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true
echo "$STAGED_DIFF" | grep -iE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true
SECRETS_FOUND=true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Avoid printing matched secret content to workflow logs.

Lines 75-76 echo the matched lines from the diff to stdout, which would expose the actual secret value in GitHub Actions logs. This defeats the purpose of blocking secrets. Print only a redacted summary instead.

🛡️ Proposed fix
     echo "❌ COMMIT BLOCKED: Potential secrets detected in staged changes"
     echo ""
-    echo "Detected patterns that may contain secrets:"
-    echo "$STAGED_DIFF" | grep -E '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true
-    echo "$STAGED_DIFF" | grep -iE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true
+    echo "Detected secret-like patterns in staged changes (content redacted for security)."
+    echo "$STAGED_DIFF" | grep -cE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true
+    echo "$STAGED_DIFF" | grep -ciE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo "❌ COMMIT BLOCKED: Potential secrets detected in staged changes"
echo ""
echo "Detected patterns that may contain secrets:"
echo "$STAGED_DIFF" | grep -E '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true
echo "$STAGED_DIFF" | grep -iE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true
SECRETS_FOUND=true
echo "❌ COMMIT BLOCKED: Potential secrets detected in staged changes"
echo ""
echo "Detected secret-like patterns in staged changes (content redacted for security)."
echo "$STAGED_DIFF" | grep -cE '(ghp_[a-zA-Z0-9]{36}|ghs_[a-zA-Z0-9]{36}|sk-[a-zA-Z0-9]{32,}|xox[baprs]-[a-zA-Z0-9-]+|AKIA[0-9A-Z]{16})' || true
echo "$STAGED_DIFF" | grep -ciE '(password|secret|api[_-]?key|token)\s*[:=]\s*["\x27][^"\x27\s]{8,}["\x27]' || true
SECRETS_FOUND=true
🧰 Tools
🪛 ast-grep (0.44.1)

[warning] 76-76: A credential-bearing variable (e.g. PASSWORD, PASSWD, SECRET, TOKEN, API_KEY) is assigned a hardcoded string literal. Secrets committed to a script are exposed in source control, process listings, and shell history, and cannot be rotated without a code change. Read the value from a secrets manager or an injected environment variable at runtime instead (e.g. PASSWORD="${DB_PASSWORD:?must be set}"), and never commit the literal.
Context: SECRETS_FOUND=true
Note: [CWE-798] Use of Hard-coded Credentials.

(hardcoded-password-assignment-bash)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/scripts/pre-commit-hook.sh around lines 72 - 77, The pre-commit hook
is leaking matched secret values by piping the staged diff through grep and
echoing the full matches to stdout. Update the secret-detection block in the
pre-commit hook script so it uses the existing grep checks only to determine
whether a match exists, but prints a redacted summary or count instead of the
matched lines. Keep the current detection patterns in place, and ensure the
logging around STAGED_DIFF does not reveal any secret content in GitHub Actions
logs.

Comment on lines +99 to +107
# Call Claude API with required anthropic-version header
RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \
-H "Content-Type: application/json" \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-d "$DATA")

CATEGORY=$(echo "$RESPONSE" | jq -r '.content[0].text' | tr -d '\n' | tr '[:upper:]' '[:lower:]' | xargs)
echo "Claude classified the issue as: $CATEGORY"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Add API error handling for the Anthropic classification call.

The curl call uses -s without --fail, so HTTP errors (401, 429, 500) produce a response body that is silently passed to jq. If the API returns an error, .content[0].text will be null, CATEGORY becomes the string "null", and the issue is simply not labeled — with no log visibility into why. Consider checking the HTTP status or inspecting the response for an error field before parsing the category.

🛡️ Proposed fix
             RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \
               -H "Content-Type: application/json" \
               -H "x-api-key: $ANTHROPIC_API_KEY" \
               -H "anthropic-version: 2023-06-01" \
               -d "$DATA")
 
+            # Check for API errors
+            API_ERROR=$(echo "$RESPONSE" | jq -r '.error.message // empty')
+            if [ -n "$API_ERROR" ]; then
+              echo "::error::Claude API error: $API_ERROR"
+              echo "is_valid=false" >> $GITHUB_OUTPUT
+              exit 0
+            fi
+
             CATEGORY=$(echo "$RESPONSE" | jq -r '.content[0].text' | tr -d '\n' | tr '[:upper:]' '[:lower:]' | xargs)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Call Claude API with required anthropic-version header
RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \
-H "Content-Type: application/json" \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-d "$DATA")
CATEGORY=$(echo "$RESPONSE" | jq -r '.content[0].text' | tr -d '\n' | tr '[:upper:]' '[:lower:]' | xargs)
echo "Claude classified the issue as: $CATEGORY"
# Call Claude API with required anthropic-version header
RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \
-H "Content-Type: application/json" \
-H "x-api-key: $ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-d "$DATA")
# Check for API errors
API_ERROR=$(echo "$RESPONSE" | jq -r '.error.message // empty')
if [ -n "$API_ERROR" ]; then
echo "::error::Claude API error: $API_ERROR"
echo "is_valid=false" >> $GITHUB_OUTPUT
exit 0
fi
CATEGORY=$(echo "$RESPONSE" | jq -r '.content[0].text' | tr -d '\n' | tr '[:upper:]' '[:lower:]' | xargs)
echo "Claude classified the issue as: $CATEGORY"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/auto_lable.yml around lines 99 - 107, The Anthropic
classification step in the workflow does not handle API failures before parsing
the response, so HTTP errors can silently turn into a null category. Update the
Claude call in the classification block to capture and check the HTTP status or
use fail-on-error behavior, then inspect the response for an error payload
before reading .content[0].text. If the request fails or returns an error, log
the failure and skip labeling explicitly instead of continuing with CATEGORY set
to null.

if: false # Workflow disabled
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
steps:
- uses: actions/checkout@v4

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Set persist-credentials: false on checkout steps to prevent token leakage.

Both actions/checkout steps (lines 19 and 64-69) do not set persist-credentials: false. By default, the checkout action saves the provided token in .git/config for subsequent git operations. Since the Claude agent has Bash(git *) access, it could read the token from .git/config and exfiltrate it. Add persist-credentials: false and configure git credentials via environment variables instead.

🛡️ Proposed fix
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false

And for the run_claude job checkout:

       - name: Checkout original repository
         uses: actions/checkout@v5
         with:
           repository: ${{ vars.DOC_FIXING_AGENT_REPOSITORY }}  
           token: ${{ secrets.DOC_FIXING_AGENT_GITHUB_TOKEN }}
           fetch-depth: 0 
+          persist-credentials: false

Also applies to: 64-69

🧰 Tools
🪛 zizmor (1.26.1)

[warning] 19-19: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/claude_runner.yml at line 19, The checkout steps in the
workflow currently leave GitHub credentials persisted in .git/config, which can
expose the token to later git commands. Update both actions/checkout uses in the
run_claude job and the other checkout step to set persist-credentials: false,
and ensure any needed git auth is passed through environment variables instead
of relying on checkout persistence.

Source: Linters/SAST tools

Comment on lines 83 to 84
git config user.name ${{secrets.DOC_FIXING_AGENT_GIT_USER_NAME}}
git config user.email ${{secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL}}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Use environment variables for git config secrets instead of direct interpolation.

Secret values are interpolated directly into the shell script via ${{ secrets.* }}. If a secret contains shell metacharacters (spaces, quotes, $, etc.), the command may break or produce unexpected behavior. Pass secrets through environment variables and reference them in the script.

🛡️ Proposed fix
       - name: Configure git for commits
+        env:
+          GIT_USER_NAME: ${{ secrets.DOC_FIXING_AGENT_GIT_USER_NAME }}
+          GIT_USER_EMAIL: ${{ secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL }}
         run: |
           # Show current remotes for debugging
           echo "Current remotes:"
           git remote -v
 
           # Configure git for commits
-          git config user.name ${{secrets.DOC_FIXING_AGENT_GIT_USER_NAME}}
-          git config user.email ${{secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL}}
+          git config user.name "$GIT_USER_NAME"
+          git config user.email "$GIT_USER_EMAIL"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
git config user.name ${{secrets.DOC_FIXING_AGENT_GIT_USER_NAME}}
git config user.email ${{secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL}}
- name: Configure git for commits
env:
GIT_USER_NAME: ${{ secrets.DOC_FIXING_AGENT_GIT_USER_NAME }}
GIT_USER_EMAIL: ${{ secrets.DOC_FIXING_AGENT_GIT_USER_EMAIL }}
run: |
# Show current remotes for debugging
echo "Current remotes:"
git remote -v
# Configure git for commits
git config user.name "$GIT_USER_NAME"
git config user.email "$GIT_USER_EMAIL"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/claude_runner.yml around lines 83 - 84, The git config
setup in the workflow currently interpolates DOC_FIXING_AGENT_GIT_USER_NAME and
DOC_FIXING_AGENT_GIT_USER_EMAIL directly into the shell command, which can break
with special characters. Update the claude_runner workflow so the secrets are
passed into environment variables and then referenced from the git config
commands in that same step, keeping the existing git config user.name and git
config user.email setup intact.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant