v1.0.81

Full Changelog: v1...v1.0.81

Claude Code GitHub Action v1.0

🎉 Claude Code GitHub Action v1.0 - Now Generally Available!

We're excited to announce the v1.0 release of Claude Code GitHub Action! This major release brings significant improvements in simplicity, flexibility, and power to AI-assisted development workflows.

🚀 What's New in v1.0

Simplified Configuration

• Automatic mode detection - No more manual mode configuration. The action intelligently determines whether to run in interactive or automation mode based on your setup
• Unified interface - All prompts now go through a single prompt input, and all CLI options through claude_args
• Better SDK alignment - Closer integration with the Claude Code CLI for a consistent experience

More Powerful & Flexible

• Direct access to all Claude Code CLI capabilities through claude_args
• Support for custom system prompts, tool configurations, and model selection
• Enhanced compatibility with AWS Bedrock and Google Vertex AI

⚠️ Breaking Changes

This release includes breaking changes from v0.x. Key deprecated inputs have been replaced with a cleaner, more intuitive API:

• mode, direct_prompt, override_prompt → unified prompt input
• custom_instructions, model, allowed_tools, mcp_config → claude_args with CLI format
• Other deprecated: disallowed_tools, anthropic_model, trigger_phrase, timeout_minutes

📚 Please review our Migration Guide for detailed upgrade instructions and examples.

💡 New Use Cases & Examples

Explore the expanded possibilities with v1.0! We've created comprehensive examples showcasing various workflows:

• Automated PR Reviews - Intelligent code review on every pull request
• CI Failure Fixes - Automatically diagnose and fix failing tests
• Issue Triage - Smart categorization and response to new issues
• Documentation Generation - Keep docs in sync with code changes
• Security Scanning - Proactive vulnerability detection
• And many more!

🔧 Check out all examples at github.com/anthropics/claude-code-action/tree/main/examples

🏃 Quick Start

# Interactive mode - responds to @claude mentions
- uses: anthropics/claude-code-action@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

# Automation mode - runs immediately with prompt
- uses: anthropics/claude-code-action@v1
  with:
    prompt: "Review this PR for security issues"
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    claude_args: |
      --model claude-4-0-sonnet-20250805
      --max-turns 10

📖 Resources

• Migration Guide - Step-by-step upgrade instructions
• Examples - Ready-to-use workflow templates
• Documentation - Complete setup and configuration guide

🙏 Thank You

Thank you to our beta users for your invaluable feedback that shaped this release. We're excited to see what you'll build with Claude Code GitHub Action v1.0!

v1.0.80

Full Changelog: v1...v1.0.80

v1.0.79

Full Changelog: v1...v1.0.79

v1.0.78

Full Changelog: v1...v1.0.78

v1.0.77

Subprocess environment scrubbing for untrusted-input workflows

Workflows that configure allowed_non_write_users now automatically get CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1, which makes Claude Code (v2.1.79+) strip Anthropic and cloud provider credentials from the environment of subprocesses it spawns (Bash tool, hooks, MCP stdio servers). The parent Claude process keeps these vars for its own API calls — only child subprocess environments are scrubbed.

Why: Workflows that process untrusted input (issue triage, PR review from non-write users) are exposed to prompt injection. A malicious issue body could trick Claude into running a Bash command that reads $ANTHROPIC_API_KEY via shell expansion and leaks it through an observable side channel. Scrubbing the subprocess environment removes the read primitive entirely.

What's scrubbed: Anthropic auth tokens, cloud provider credentials, GitHub Actions OIDC and runtime tokens, OTEL auth headers.

What's kept: GITHUB_TOKEN / GH_TOKEN — so wrapper scripts can still call the GitHub API.

Opt out: Set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB: "0" at the job or step level if your workflow legitimately needs a subprocess to inherit these credentials.

No action required for most users — if you've configured allowed_non_write_users, scrubbing is now on automatically. If your workflow breaks because a subprocess expected inherited credentials, re-inject them explicitly (e.g., via MCP server env: config) or use the opt-out.

What's Changed

• Auto-set subprocess env scrub when allowed_non_write_users is configured by @OctavianGuzu in #1093

Full Changelog: v1.0.76...v1.0.77

v1.0.76

Full Changelog: v1...v1.0.76

v1.0.75

Full Changelog: v1...v1.0.75

v1.0.74

What's Changed

• Restore .claude/ and .mcp.json from PR base branch before CLI runs by @km-anthropic in #1066
• Remove redundant git status/diff/log from tag mode allowlist by @ddworken in #1075

Full Changelog: v1...v1.0.74

v1.0.73

Full Changelog: v1...v1.0.73