Skip to content

Support Cordon in Claude Code GitHub Actions workflows #14

Open
Feature
Open
Support Cordon in Claude Code GitHub Actions workflows#14
Feature
Assignees
tom-nash
Labels
enhancementNew feature or request
@tom-nash

Description

@tom-nash
tom-nash
opened on Apr 5, 2026

Description:

Enable Cordon to capture and enforce entitlement policies for Claude Code running as a GitHub Action via anthropics/claude-code-action.

Approach:

Add a pre-step to GitHub Actions workflows that installs the Cordon CLI, authenticates with a machine token, and runs cordon init to set up hooks before the Claude action executes. The Claude Code action runs Claude Code under the hood, which should load hooks from .claude/settings.local.json on the runner.

Deliverables:

  • Verify that claude-code-action respects PreToolUse hooks set up by cordon init on the runner
  • Ensure cordon login --token works for non-interactive auth in CI
  • Ensure cordon init works in ephemeral runner environments (no persistent state between runs)
  • Tool call events captured during the action are synced to cordon-web before the runner shuts down (may need a cordon flush or similar finalisation step)
  • Dashboard tags events from CI machine tokens as GitHub Actions sessions
  • Document the setup with a sample workflow YAML snippet
  • Consider packaging as a standalone GitHub Action (cordon-co/cordon-action@v1) that wraps install, auth, and init into a single step

Dependencies:

  • Machine token generation in cordon-web (see cloud environment support issue)
  • cordon login --token non-interactive auth mode

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions