If you discover a security vulnerability in this repository, please report it responsibly:

1. Do NOT create a public GitHub issue for security vulnerabilities
2. Use GitHub Security Advisories to report privately
3. Include detailed steps to reproduce the vulnerability
4. Allow reasonable time for fixes before public disclosure

We aim to respond to security reports within 48 hours and provide fixes within 7 days for critical issues.

This repository implements the following security controls:

• Trusted User Restriction: Only repository OWNER, MEMBER, and COLLABORATOR can trigger Claude workflows
• Tool Restrictions: Claude's capabilities are limited via --allowed-tools to prevent unauthorized actions
• Pinned Actions: All GitHub Actions are pinned to commit SHAs to prevent supply chain attacks
• Concurrency Controls: Prevents race conditions and abuse via concurrent workflow runs
• Timeout Limits: 15-minute maximum to prevent runaway workflows

The CLAUDE_CODE_OAUTH_TOKEN secret is a long-lived OAuth token that requires manual rotation. Since the Claude Code Action does not currently support OIDC token exchange, we implement the following compensating controls:

Required rotation schedule:

• Every 90 days (maximum) under normal circumstances
• Every 30 days for high-security environments
• Immediately after any security incident or suspected compromise
• Before any team member with access leaves the organization

1. Generate a new OAuth token at Claude Code Settings
2. Update the CLAUDE_CODE_OAUTH_TOKEN secret in GitHub:
   • Go to Repository Settings > Secrets and variables > Actions
   • Update the CLAUDE_CODE_OAUTH_TOKEN secret with the new value
3. Revoke the old token in the Anthropic console
4. Document the rotation in your security log

The OAuth token should have minimal required scopes only:

• Repository read access (for code review)
• Issue/PR comment write access (for responses)

Do NOT grant:

• Repository write access (unless explicitly needed)
• Organization admin access
• Workflow modification access

• Review GitHub Actions workflow logs regularly for anomalies
• Monitor Claude API usage for unexpected patterns
• Set up alerts for failed authentication attempts

GitHub Actions workflows can accidentally expose secrets in logs. We implement the following protections:

• Workflows abort if RUNNER_DEBUG=1 is detected
• This prevents verbose logging that could expose secrets
• Debug mode should only be enabled for non-sensitive workflows

GitHub automatically masks secrets in logs, but this can be bypassed. Our protections:

• No direct shell interpolation: Secrets passed via with: parameters, not ${{ }} in shell commands
• Environment variable isolation: Secrets not exported to shell environment where possible
• Tool restrictions: AI agent cannot execute arbitrary commands that might dump env vars

If you fork or modify these workflows, avoid:

# DANGEROUS - Secret may appear in logs
- run: echo "Token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}"

# DANGEROUS - Base64 encoding bypasses masking
- run: echo "${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}" | base64

# DANGEROUS - Error messages may contain secrets
- run: curl -H "Authorization: Bearer ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}" https://invalid-url

# SAFE - Secret passed via action input, not shell
- uses: anthropics/claude-code-action@sha
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

• Never commit secrets: All secrets stored in GitHub Secrets
• Local settings gitignored: .claude/settings.local.json is never committed
• Audit reports gitignored: .audit/ directory excluded from version control

1. Immediately revoke the token at Claude Code Settings
2. Generate and configure a new token (see rotation steps above)
3. Review workflow runs for suspicious activity: Actions tab > Filter by date
4. Check repository commits for unauthorized changes
5. Report via Security Advisories if external

1. Rotate the secret immediately - assume it's compromised
2. Remove from git history using git filter-repo or BFG Repo-Cleaner
3. Force push cleaned history (coordinate with collaborators)
4. Invalidate any exposed credentials at their source

1. Disable the workflow: Actions > Workflow > Disable workflow
2. Review recent runs and their triggers
3. Check for unauthorized workflow file changes
4. Re-enable only after investigation complete

This repository undergoes regular security audits. See .audit/README.md for:

• Current security posture
• Open findings and remediation status
• Audit methodology and standards

Last audit: 2025-12-12 Next scheduled audit: 2026-01-12

Only the latest version on the main branch receives security updates.

For security-related questions or concerns:

• Open a GitHub Discussion (non-sensitive)
• Use Security Advisories (sensitive)