Merge pull request #5 from semgrep/austin/update_default_tools

update default tools

Author: ajbt200128

README.md

@@ -46,8 +46,12 @@ pre_action_steps:
 # the claude-code-action configuration
 action:
   prompt: "Check this PR for linting and style issues."
-  claude_args: "--timeout 300"
   plugins: "my-plugin"
+  # additional tools beyond the defaults (see below)
+  allowed_tools:
+    - Edit
+    - Write
+    - "Bash(npm test*)"
 
 # steps that run after claude-code-action
 post_action_steps:
@@ -74,14 +78,32 @@ You are a code review assistant. Follow these guidelines:
 | `description` | string | no | Human-readable description (used as the job name in the dispatcher) |
 | `action` | object | yes | Claude code action configuration |
 | `action.prompt` | string | yes | The prompt sent to Claude |
-| `action.claude_args` | string | no | Extra CLI args for Claude |
 | `action.plugins` | string | no | Plugins to enable |
+| `action.allowed_tools` | string[] | no | Additional tools to allow beyond the defaults (see below) |
 | `checkout` | object | no | Args passed to `actions/checkout@v4` |
 | `pre_action_steps` | array | no | GHA steps to run before the action |
 | `post_action_steps` | array | no | GHA steps to run after the action |
 
 Pre/post action steps are validated against the [GitHub Actions step schema](https://json.schemastore.org/github-workflow.json) — each step must have exactly one of `uses` or `run`, and `shell`/`working-directory` are only valid with `run`.
 
+### Default Allowed Tools
+
+Every generated workflow automatically allows a set of safe, non-mutating tools via `--allowedTools`. These are passed as CLI args to Claude and do not need to be specified in your spec:
+
+| Category | Tools |
+|---|---|
+| File reading / search | `Read`, `Grep`, `Glob` |
+| Subagents & task management | `Agent`, `Skill`, `TaskCreate`, `TaskGet`, `TaskList`, `TaskOutput`, `TaskStop`, `TaskUpdate`, `TodoWrite` |
+| Worktree management | `EnterWorktree`, `ExitWorktree` |
+| Scheduling | `CronCreate`, `CronDelete`, `CronList` |
+| Tool discovery | `ToolSearch` |
+| Code intelligence | `LSP` |
+| MCP resources | `ListMcpResourcesTool`, `ReadMcpResourceTool` |
+| Plan mode | `EnterPlanMode`, `ExitPlanMode` |
+| Scoped Bash | `Bash(git diff*)`, `Bash(git log*)`, `Bash(git show*)`, `Bash(gh pr *)` |
+
+To allow additional tools (e.g. mutation tools like `Edit`, `Write`, or scoped `Bash` patterns), use `action.allowed_tools` in your spec. Duplicates with the defaults are automatically removed.
+
 ## CLI Usage
 
 ```bash
@@ -175,3 +197,4 @@ src/
 - **Strict schemas**: The root spec and `action` block use strict Zod schemas (reject unknown keys) to catch typos. Pre/post steps are validated against the GHA step spec from SchemaStore.
 - **`secrets: inherit`**: Reusable workflows get secrets from the dispatcher, keeping configuration simple.
 - **Hardcoded permissions**: Reusable workflows set `contents: write`, `pull-requests: write`, `issues: write`, `id-token: write` — what claude-code-action needs.
+- **Default allowed tools**: Every workflow gets a safe baseline set of non-mutating tools. Users can extend this via `action.allowed_tools` without needing to re-specify the defaults.

src/generator/workflow.ts

@@ -30,22 +30,74 @@ function stepToYaml(step: GhaStep): Record<string, unknown> {
 /**
  * Builds the claude-code-action step.
  */
+/**
+ * Default tools that are always allowed. These are all safe, non-mutating
+ * tools (no permission required) plus scoped Bash patterns for git/gh.
+ */
+const DEFAULT_ALLOWED_TOOLS = [
+  // File reading / search
+  "Read",
+  "Grep",
+  "Glob",
+  // Subagents & task management
+  "Agent",
+  "Skill",
+  "TaskCreate",
+  "TaskGet",
+  "TaskList",
+  "TaskOutput",
+  "TaskStop",
+  "TaskUpdate",
+  "TodoWrite",
+  // Worktree management
+  "EnterWorktree",
+  "ExitWorktree",
+  // Scheduling
+  "CronCreate",
+  "CronDelete",
+  "CronList",
+  // Tool discovery
+  "ToolSearch",
+  // Code intelligence
+  "LSP",
+  // MCP resources
+  "ListMcpResourcesTool",
+  "ReadMcpResourceTool",
+  // Plan mode
+  "EnterPlanMode",
+  "ExitPlanMode",
+  // Scoped Bash for git/gh
+  "Bash(git diff*)",
+  "Bash(git log*)",
+  "Bash(git show*)",
+  "Bash(gh pr *)",
+];
+
 function buildActionStep(
   prompt: string,
   systemPrompt: string | null,
   options: {
     claude_args?: string;
     plugins?: string;
+    allowed_tools?: string[];
     actionVersion: string;
   }
 ): Record<string, unknown> {
+  const allowedTools = [
+    ...new Set([...DEFAULT_ALLOWED_TOOLS, ...(options.allowed_tools || [])]),
+  ];
+
   const withBlock: Record<string, unknown> = {
     anthropic_api_key: "${{ secrets.ANTHROPIC_API_KEY }}",
-    use_sticky_comment: true,
+    github_token: "${{ secrets.GITHUB_TOKEN }}",
+    track_progress: true,
     prompt,
   };
 
-  let claudeArgs = options.claude_args || "";
+  const toolArgs = allowedTools.map((t) => `--allowedTools '${t}'`).join(" ");
+  let claudeArgs = options.claude_args
+    ? `${options.claude_args} ${toolArgs}`
+    : toolArgs;
 
   if (systemPrompt) {
     const escaped = systemPrompt.replace(/'/g, "'\\''");
@@ -98,6 +150,7 @@ export function generateWorkflow(
     buildActionStep(spec.spec.action.prompt, systemPrompt, {
       claude_args: spec.spec.action.claude_args,
       plugins: spec.spec.action.plugins,
+      allowed_tools: spec.spec.action.allowed_tools,
       actionVersion,
     })
   );

src/schema.ts

@@ -29,6 +29,7 @@ export const ActionSchema = z
     prompt: z.string().min(1, "Action prompt cannot be empty"),
     claude_args: z.string().optional(),
     plugins: z.string().optional(),
+    allowed_tools: z.array(z.string()).optional(),
   })
   .strict();
 

test/generator/workflow.test.ts

@@ -44,7 +44,7 @@ describe("generateWorkflow", () => {
     expect(steps[0].uses).toBe("actions/checkout@v4");
   });
 
-  test("includes claude-code-action step", () => {
+  test("includes claude-code-action step with required fields", () => {
     const result = generateWorkflow(minimalSpec, null);
     const jobs = result.content.jobs as any;
     const steps = jobs.task.steps;
@@ -53,6 +53,77 @@ describe("generateWorkflow", () => {
     );
     expect(actionStep).toBeTruthy();
     expect(actionStep.with.prompt).toBe("Review this code");
+    expect(actionStep.with.github_token).toBe("${{ secrets.GITHUB_TOKEN }}");
+    expect(actionStep.with.track_progress).toBe(true);
+    // default allowed tools passed via claude_args
+    const args: string = actionStep.with.claude_args;
+    for (const tool of [
+      "Read", "Grep", "Glob", "Agent", "Skill",
+      "TaskCreate", "TaskGet", "TaskList", "TaskOutput", "TaskStop", "TaskUpdate",
+      "TodoWrite", "EnterWorktree", "ExitWorktree",
+      "CronCreate", "CronDelete", "CronList",
+      "ToolSearch", "LSP", "ListMcpResourcesTool", "ReadMcpResourceTool",
+      "EnterPlanMode", "ExitPlanMode",
+    ]) {
+      expect(args).toContain(`--allowedTools '${tool}'`);
+    }
+    expect(args).toContain("--allowedTools 'Bash(git diff*)'");
+    expect(args).toContain("--allowedTools 'Bash(git log*)'");
+    expect(args).toContain("--allowedTools 'Bash(git show*)'");
+    expect(args).toContain("--allowedTools 'Bash(gh pr *)'");
+  });
+
+  test("merges user-specified allowed_tools with defaults", () => {
+    const spec: ValidatedSpec = {
+      filename: "test.yml",
+      taskName: "test",
+      spec: {
+        name: "test",
+        action: {
+          prompt: "Test",
+          allowed_tools: ["Edit", "Write", "Bash(npm test*)"],
+        },
+      },
+    };
+    const result = generateWorkflow(spec, null);
+    const jobs = result.content.jobs as any;
+    const actionStep = jobs.task.steps.find(
+      (s: any) => s.uses === "anthropics/claude-code-action@v1"
+    );
+    const args: string = actionStep.with.claude_args;
+    // defaults still present
+    expect(args).toContain("--allowedTools 'Read'");
+    expect(args).toContain("--allowedTools 'Agent'");
+    // user tools appended
+    expect(args).toContain("--allowedTools 'Edit'");
+    expect(args).toContain("--allowedTools 'Write'");
+    expect(args).toContain("--allowedTools 'Bash(npm test*)'");
+  });
+
+  test("deduplicates user-specified tools that overlap with defaults", () => {
+    const spec: ValidatedSpec = {
+      filename: "test.yml",
+      taskName: "test",
+      spec: {
+        name: "test",
+        action: {
+          prompt: "Test",
+          allowed_tools: ["Read", "Grep", "Edit"],
+        },
+      },
+    };
+    const result = generateWorkflow(spec, null);
+    const jobs = result.content.jobs as any;
+    const actionStep = jobs.task.steps.find(
+      (s: any) => s.uses === "anthropics/claude-code-action@v1"
+    );
+    const args: string = actionStep.with.claude_args;
+    const readMatches = args.match(/--allowedTools 'Read'/g);
+    expect(readMatches).toHaveLength(1);
+    const grepMatches = args.match(/--allowedTools 'Grep'/g);
+    expect(grepMatches).toHaveLength(1);
+    // non-default tool still added
+    expect(args).toContain("--allowedTools 'Edit'");
   });
 
   test("passes system prompt via --append-system-prompt", () => {
@@ -62,7 +133,8 @@ describe("generateWorkflow", () => {
       (s: any) => s.uses === "anthropics/claude-code-action@v1"
     );
     expect(actionStep.with.prompt).toBe("Review this code");
-    expect(actionStep.with.claude_args).toBe("--append-system-prompt 'Be helpful.'");
+    expect(actionStep.with.claude_args).toContain("--append-system-prompt 'Be helpful.'");
+    expect(actionStep.with.claude_args).toContain("--allowedTools");
   });
 
   test("appends system prompt to existing claude_args", () => {
@@ -79,7 +151,9 @@ describe("generateWorkflow", () => {
     const actionStep = jobs.task.steps.find(
       (s: any) => s.uses === "anthropics/claude-code-action@v1"
     );
-    expect(actionStep.with.claude_args).toBe("--timeout 600 --append-system-prompt 'Be helpful.'");
+    expect(actionStep.with.claude_args).toContain("--timeout 600");
+    expect(actionStep.with.claude_args).toContain("--append-system-prompt 'Be helpful.'");
+    expect(actionStep.with.claude_args).toContain("--allowedTools");
   });
 
   test("includes pre and post action steps", () => {
@@ -136,7 +210,8 @@ describe("generateWorkflow", () => {
     const actionStep = jobs.task.steps.find(
       (s: any) => s.uses === "anthropics/claude-code-action@v1"
     );
-    expect(actionStep.with.claude_args).toBe("--timeout 600");
+    expect(actionStep.with.claude_args).toContain("--timeout 600");
+    expect(actionStep.with.claude_args).toContain("--allowedTools");
     expect(actionStep.with.plugins).toBe("my-plugin");
   });
 });

test/schema.test.ts

@@ -37,6 +37,22 @@ describe("ActionSchema", () => {
     });
     expect(result.success).toBe(true);
   });
+
+  test("accepts allowed_tools as string array", () => {
+    const result = ActionSchema.safeParse({
+      prompt: "hello",
+      allowed_tools: ["Edit", "Write", "Bash(npm test*)"],
+    });
+    expect(result.success).toBe(true);
+  });
+
+  test("rejects allowed_tools as non-array", () => {
+    const result = ActionSchema.safeParse({
+      prompt: "hello",
+      allowed_tools: "Edit",
+    });
+    expect(result.success).toBe(false);
+  });
 });
 
 describe("GhaStepSchema", () => {