mirror of
https://github.com/anthropics/claude-code.git
synced 2026-01-30 04:02:03 +00:00
0b86fdb0e0
* fix(security): Remove overly broad gh api permission from dedupe command Remove `Bash(gh api:*)` from dedupe.md allowed-tools to prevent potential secret exfiltration via prompt injection. The dedupe workflow only needs gh issue view/list/comment and gh search commands - it doesn't require raw API access. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * feat: Add comment-on-duplicates script for safer duplicate handling Replace `gh issue comment:*` permission with a constrained script that: - Only accepts validated issue numbers - Enforces max 3 duplicates - Uses a fixed comment format - Prevents arbitrary comment content injection 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
87 lines
2.0 KiB
Bash
Executable File
87 lines
2.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#
|
|
# Comments on a GitHub issue with a list of potential duplicates.
|
|
# Usage: ./comment-on-duplicates.sh --base-issue 123 --potential-duplicates 456 789 101
|
|
#
|
|
|
|
set -euo pipefail
|
|
|
|
REPO="anthropics/claude-code"
|
|
BASE_ISSUE=""
|
|
DUPLICATES=()
|
|
|
|
# Parse arguments
|
|
while [[ $# -gt 0 ]]; do
|
|
case $1 in
|
|
--base-issue)
|
|
BASE_ISSUE="$2"
|
|
shift 2
|
|
;;
|
|
--potential-duplicates)
|
|
shift
|
|
while [[ $# -gt 0 && ! "$1" =~ ^-- ]]; do
|
|
DUPLICATES+=("$1")
|
|
shift
|
|
done
|
|
;;
|
|
*)
|
|
echo "Unknown option: $1" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# Validate base issue
|
|
if [[ -z "$BASE_ISSUE" ]]; then
|
|
echo "Error: --base-issue is required" >&2
|
|
exit 1
|
|
fi
|
|
|
|
if ! [[ "$BASE_ISSUE" =~ ^[0-9]+$ ]]; then
|
|
echo "Error: --base-issue must be a number, got: $BASE_ISSUE" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Validate duplicates
|
|
if [[ ${#DUPLICATES[@]} -eq 0 ]]; then
|
|
echo "Error: --potential-duplicates requires at least one issue number" >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [[ ${#DUPLICATES[@]} -gt 3 ]]; then
|
|
echo "Error: --potential-duplicates accepts at most 3 issues" >&2
|
|
exit 1
|
|
fi
|
|
|
|
for dup in "${DUPLICATES[@]}"; do
|
|
if ! [[ "$dup" =~ ^[0-9]+$ ]]; then
|
|
echo "Error: duplicate issue must be a number, got: $dup" >&2
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
# Build comment body
|
|
COUNT=${#DUPLICATES[@]}
|
|
if [[ $COUNT -eq 1 ]]; then
|
|
HEADER="Found 1 possible duplicate issue:"
|
|
else
|
|
HEADER="Found $COUNT possible duplicate issues:"
|
|
fi
|
|
|
|
BODY="$HEADER"$'\n\n'
|
|
INDEX=1
|
|
for dup in "${DUPLICATES[@]}"; do
|
|
BODY+="$INDEX. https://github.com/$REPO/issues/$dup"$'\n'
|
|
((INDEX++))
|
|
done
|
|
|
|
BODY+=$'\n'"This issue will be automatically closed as a duplicate in 3 days."$'\n\n'
|
|
BODY+="- If your issue is a duplicate, please close it and 👍 the existing issue instead"$'\n'
|
|
BODY+="- To prevent auto-closure, add a comment or 👎 this comment"$'\n\n'
|
|
BODY+="🤖 Generated with [Claude Code](https://claude.ai/code)"
|
|
|
|
# Post the comment
|
|
gh issue comment "$BASE_ISSUE" --repo "$REPO" --body "$BODY"
|
|
|
|
echo "Posted duplicate comment on issue #$BASE_ISSUE"
|