Skip to content

security: Restrict Claude and improve Dependabot handling #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
niksacdev merged 6 commits into from
Aug 25, 2025
Merged

security: Restrict Claude and improve Dependabot handling #29

niksacdev merged 6 commits into from
Aug 25, 2025

Conversation

@niksacdev
Copy link
Owner

@niksacdev niksacdev commented Aug 25, 2025

Summary

  • Restrict Claude AI assistant to repository owner only
  • Fix Dependabot PR handling in workflows
  • Create GitHub issues for future enhancements

Changes

Security Improvements

  • Modified to only allow @niksacdev to trigger Claude
  • Added to notify users about restrictions
  • Updated with AI assistant usage policy (v1.1)

Workflow Fixes

  • Skip Claude Code Review for Dependabot PRs (they don't have access to secrets)
  • Added dedicated workflow
  • Auto-approve and merge Dependabot version updates

Documentation

Test Plan

  • Claude restrictions tested locally
  • Workflow changes validated
  • Dependabot auto-merge to be tested when PRs are recreated

🤖 Generated with Claude Code

niksacdev and others added 6 commits August 20, 2025 12:44
@niksacdev @claude
docs: add security and contribution guidelines for public release
c5175f8 
- Add SECURITY.md with vulnerability reporting policy
- Add CONTRIBUTING.md with development guidelines
- Add .pre-commit-config.yaml for automated security checks
- Add .github/dependabot.yml for dependency updates
- Enhance .gitignore with comprehensive project-specific exclusions
- Include results folders and temporary files in .gitignore
- Add security best practices and compliance information

Prepares repository for public release with proper security policies,
contribution guidelines, and automated dependency management.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@niksacdev
security: restrict Claude AI assistant to repository owner only
c0bb9fa 
- Modified claude.yml to only allow @niksacdev to trigger Claude
- Added claude-restricted-message.yml to notify other users about restriction
- Updated SECURITY.md with AI assistant usage policy (v1.1)
- Prevents API abuse while maintaining public repository access

This ensures responsible API usage and cost management for the public repository.
@niksacdev
fix: handle Dependabot PRs properly in workflows
0ab8c1d 
- Skip Claude Code Review for Dependabot PRs (no access to secrets)
- Add dedicated Dependabot auto-merge workflow
- Auto-approve and merge Dependabot version updates
- Prevents CI failures on dependency update PRs
@niksacdev
chore: replace github_issues.md with actual GitHub issues
fd94721 
Created proper GitHub issues (#19-#28) for:
- Future MCP server implementations (OCR, fraud detection, credit bureaus, etc.)
- Agent enhancements (parallel processing, ML risk scoring, appeals agent)
- Each issue has acceptance criteria, technical details, and priorities
@niksacdev
docs: add branch management rules to CLAUDE.md
4dcbd60 
- Always delete branches after PR merge
- Create new branches for new work
- Use descriptive branch naming conventions
- Keep main branch clean
@niksacdev
merge: resolve conflicts with main branch
e560421 
- Keep AI Assistant section for Claude restrictions
- Update project maintainer to @niksacdev
- Bump version to 1.1
@github-actions
Copy link

github-actions bot commented Aug 25, 2025

🔬 Expert Engineer Review Analysis

Target Branch: main
Changes Analysis:

📁 File Changes

  • 📝 Modified: .github/workflows/claude-code-review.yml
  • Added: .github/workflows/claude-restricted-message.yml
  • 📝 Modified: .github/workflows/claude.yml
  • Added: .github/workflows/dependabot-auto-merge.yml
  • 📝 Modified: CLAUDE.md
  • 📝 Modified: SECURITY.md
  • Deleted: github_issues.md

🧪 Test Coverage Analysis

Test failures detected - Review required

ImportError while importing test module '/home/runner/work/multi-agent-system/multi-agent-system/tests/test_agent_registry.py'.
Hint: make sure your test modules/packages have valid Python names.
Traceback:
/opt/hostedtoolcache/Python/3.10.18/x64/lib/python3.10/importlib/__init__.py:126: in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
tests/test_agent_registry.py:10: in <module>
    from agents import Agent
E   ImportError: cannot import name 'Agent' from 'agents' (/home/runner/work/multi-agent-system/multi-agent-system/loan_processing/agents/__init__.py)
------------------------------- Captured stdout --------------------------------
📝 Using console logging (set AZURE_MONITOR_CONNECTION_STRING for Azure integration)
=============================== warnings summary ===============================
.venv/lib/python3.10/site-packages/pydantic/_internal/_generate_schema.py:298: 10 warnings
  /home/runner/work/multi-agent-system/multi-agent-system/.venv/lib/python3.10/site-packages/pydantic/_internal/_generate_schema.py:298: PydanticDeprecatedSince20: `json_encoders` is deprecated. See https://docs.pydantic.dev/2.11/concepts/serialization/#custom-serializers for alternatives. Deprecated in Pydantic V2.0 to be removed in V3.0. See Pydantic V2 Migration Guide at https://errors.pydantic.dev/2.11/migration/
    warnings.warn(

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
=========================== short test summary info ============================
ERROR tests/test_agent_registry.py
!!!!!!!!!!!!!!!!!!!! Interrupted: 1 error during collection !!!!!!!!!!!!!!!!!!!!
======================== 10 warnings, 1 error in 0.31s =========================

🏗️ Architecture Impact Analysis

Low Impact: No core architecture files modified

🔒 Security Analysis

⚠️ Potential hardcoded secrets detected

⚠️ Manual security review recommended

📊 Code Quality Metrics

⚠️ Linting: 4 issues found

View linting issues 
error: invalid value 'text' for '--output-format <OUTPUT_FORMAT>'
  [possible values: concise, full, json, json-lines, junit, grouped, github, gitlab, pylint, rdjson, azure, sarif]

For more information, try '--help'.
✅ **Formatting:** Code properly formatted

🎯 Review Recommendations

  1. 📋 General Checklist
    • All tests pass (✅ automated check)
    • Coverage ≥90% on core components (✅ automated check)
    • Code follows established patterns
    • Documentation updated if needed
    • Breaking changes documented

🤖 This review was automatically generated. Human expert review may still be required for complex changes.

@github-actions github-actions bot added the documentation Improvements or additions to documentation label Aug 25, 2025
@niksacdev niksacdev merged commit d7ad59b into main Aug 25, 2025
8 of 9 checks passed
@niksacdev niksacdev deleted the feat/public-release-preparation branch August 25, 2025 19:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@niksacdev