Add agent-approval-check composite action#1429
Conversation
Require N human approvals on PRs that contain agent-authored commits. Posts an agent-approval-check commit status that repos mark as a required check on protected branches. This is a sanitized port of the check Anthropic runs internally on every agent-authored PR — same detection rules, /approve <sha> comment flow, sibling-PR-same-SHA guard, and fail-closed semantics, with the Anthropic-specific path exemptions and kill-switch removed and config moved to action inputs. Co-Authored-By: Claude <[email protected]>
…ation + doc fixes 🏠 Remote-Dev: homespace
🏠 Remote-Dev: homespace
…its(last:100); docstring 🏠 Remote-Dev: homespace
…r and correct threat-model docs 🏠 Remote-Dev: homespace
…cstring API-call count 🏠 Remote-Dev: homespace
…dge; drop stale 'reviewed' from README 🏠 Remote-Dev: homespace
…fy author write-access requirement in README 🏠 Remote-Dev: homespace
…ass); validate REQUIRED_APPROVALS>=1; exempt_head_branches warning 🏠 Remote-Dev: homespace
bboswell-ant
left a comment
There was a problem hiding this comment.
Seems like it might be worth shipping this with an example folder that contains safe and secure usage examples. A few security risks/foot guns are in here as it sits:
- We default a few things to unsafe states and leave comments for users to fix it with no guidance.
- action.yml (27-31)
- README.md (82)
- We don't provide unit tests across any of the logic that's independent of the api layer.
- We don't have safe dependency management (see comments)
| if: github.event_name != 'issue_comment' || github.event.issue.pull_request | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: anthropics/claude-code-action/agent-approval-check@main |
There was a problem hiding this comment.
Tis is a mutable reference that pulls in and run s code in the users environment with write permissions to their environment.
- Upside, users get the latest version of what's in main by default. Self patching, always up to date.
- Downslide, as we've seen this pattern with libraries as static imports opens the door to malicious code. In this case it's malicious code with write access to their environment.
Probably worth a comment and an example line for how to pin this and to control this as users would with any other code resource.
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | ||
| with: | ||
| python-version: "3.12" | ||
| - run: pip install 'httpx==0.28.1' 'pyyaml==6.0.3' 'tenacity==9.1.4' |
There was a problem hiding this comment.
These are 3 pretty common libraries that could/should be hash pinned for the commit given that we're fully specifying the semantic version.
|
the agent-authored commit detection is the right gate — human approval before merge for agent work. one layer worth adding alongside the N-approvals gate: a verifiable audit trail proving what the agent actually did during the PR, not just that humans approved it. the approval proves humans were asked; the receipt proves what they were approving. the gap: if Claude authored 50 commits, the approval check confirms N humans approved the PR. it doesn't provide a tamper-evident record of which tool calls Claude made, what scope they operated within, and whether the commits match what was approved. the receipt layer for claude-code-action: each tool call (file write, shell command, API call) produces a signed receipt before and after execution. the receipt chain for the PR is exportable and verifiable by any reviewer against the public key — no GitHub infrastructure required.
|
…updates [skip ci] Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) | `5.0.4` | `5.0.5` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.1.0` | `4.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` | | [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.159` | `1.0.165` | | [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` | | [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` | | [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` | | [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` | Updates `zgosalvez/github-actions-ensure-sha-pinned-actions` from 5.0.4 to 5.0.5 Release notes *Sourced from [zgosalvez/github-actions-ensure-sha-pinned-actions's releases](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases).* > v5.0.5 > ------ > > What's Changed > -------------- > > * Bump undici from 6.24.1 to 6.27.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#317](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/317) > * Bump actions/checkout from 6.0.2 to 6.0.3 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#316](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/316) > * Bump jest from 30.3.0 to 30.4.2 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#315](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/315) > * Bump eslint from 10.1.0 to 10.3.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#314](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/314) > * Bump yaml from 2.8.3 to 2.8.4 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#313](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/313) > * Bump actions/setup-node from 6.2.0 to 6.4.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#312](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/312) > * Bump actions/cache from 5.0.3 to 5.0.5 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#311](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/311) > * Bump `@actions/core` from 3.0.0 to 3.0.1 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#310](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/310) > * Bump `@actions/glob` from 0.6.1 to 0.7.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#309](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/309) > * Bump zgosalvez/github-actions-get-action-runs-using-version from 2.0.25 to 3.0.1 by [`@dependabot`](https://github.com/dependabot)[bot] in [zgosalvez/github-actions-ensure-sha-pinned-actions#305](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/305) > * Fix dependabot security alert 59 by [`@zgosalvez`](https://github.com/zgosalvez) in [zgosalvez/github-actions-ensure-sha-pinned-actions#318](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/318) > * Hotfix/security60 by [`@zgosalvez`](https://github.com/zgosalvez) in [zgosalvez/github-actions-ensure-sha-pinned-actions#319](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/319) > * Fix js-yaml dependency issue by [`@zgosalvez`](https://github.com/zgosalvez) in [zgosalvez/github-actions-ensure-sha-pinned-actions#320](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/pull/320) > > **Full Changelog**: <zgosalvez/github-actions-ensure-sha-pinned-actions@v5...v5.0.5> Commits * [`3db98c0`](zgosalvez/github-actions-ensure-sha-pinned-actions@3db98c0) Fix js-yaml dependency issue ([#320](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/320)) * [`6fd9901`](zgosalvez/github-actions-ensure-sha-pinned-actions@6fd9901) Hotfix/security60 ([#319](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/319)) * [`dcb5236`](zgosalvez/github-actions-ensure-sha-pinned-actions@dcb5236) Fix dependabot security alert 59 ([#318](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/318)) * [`afa7540`](zgosalvez/github-actions-ensure-sha-pinned-actions@afa7540) Bump zgosalvez/github-actions-get-action-runs-using-version ([#305](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/305)) * [`10d4404`](zgosalvez/github-actions-ensure-sha-pinned-actions@10d4404) Bump `@actions/glob` from 0.6.1 to 0.7.0 ([#309](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/309)) * [`28363be`](zgosalvez/github-actions-ensure-sha-pinned-actions@28363be) Bump `@actions/core` from 3.0.0 to 3.0.1 ([#310](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/310)) * [`0085b7f`](zgosalvez/github-actions-ensure-sha-pinned-actions@0085b7f) Bump actions/cache from 5.0.3 to 5.0.5 ([#311](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/311)) * [`4083b6a`](zgosalvez/github-actions-ensure-sha-pinned-actions@4083b6a) Bump actions/setup-node from 6.2.0 to 6.4.0 ([#312](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/312)) * [`c2d39dd`](zgosalvez/github-actions-ensure-sha-pinned-actions@c2d39dd) Bump yaml from 2.8.3 to 2.8.4 ([#313](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/313)) * [`13e30ef`](zgosalvez/github-actions-ensure-sha-pinned-actions@13e30ef) Bump eslint from 10.1.0 to 10.3.0 ([#314](https://redirect.github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/issues/314)) * Additional commits viewable in [compare view](zgosalvez/github-actions-ensure-sha-pinned-actions@ca46236...3db98c0) Updates `docker/setup-qemu-action` from 4.1.0 to 4.2.0 Release notes *Sourced from [docker/setup-qemu-action's releases](https://github.com/docker/setup-qemu-action/releases).* > v4.2.0 > ------ > > * Preserve names in esbuild bundle by [`@crazy-max`](https://github.com/crazy-max) in [docker/setup-qemu-action#311](https://redirect.github.com/docker/setup-qemu-action/pull/311) > * Bump `@actions/core` from 3.0.0 to 3.0.1 in [docker/setup-qemu-action#295](https://redirect.github.com/docker/setup-qemu-action/pull/295) > * Bump `@docker/actions-toolkit` from 0.91.0 to 0.92.0 in [docker/setup-qemu-action#315](https://redirect.github.com/docker/setup-qemu-action/pull/315) > * Bump `@sigstore/core` from 3.1.0 to 3.2.1 in [docker/setup-qemu-action#312](https://redirect.github.com/docker/setup-qemu-action/pull/312) > * Bump js-yaml from 4.1.1 to 4.2.0 in [docker/setup-qemu-action#310](https://redirect.github.com/docker/setup-qemu-action/pull/310) > * Bump tmp from 0.2.6 to 0.2.7 in [docker/setup-qemu-action#304](https://redirect.github.com/docker/setup-qemu-action/pull/304) > * Bump undici from 6.26.0 to 6.27.0 in [docker/setup-qemu-action#308](https://redirect.github.com/docker/setup-qemu-action/pull/308) > * Bump vite from 7.3.2 to 7.3.6 in [docker/setup-qemu-action#307](https://redirect.github.com/docker/setup-qemu-action/pull/307) > > **Full Changelog**: <docker/setup-qemu-action@v4.1.0...v4.2.0> Commits * [`96fe6ef`](docker/setup-qemu-action@96fe6ef) Merge pull request [#315](https://redirect.github.com/docker/setup-qemu-action/issues/315) from docker/dependabot/npm\_and\_yarn/docker/actions-to... * [`31f08d3`](docker/setup-qemu-action@31f08d3) [dependabot skip] chore: update generated content * [`4e7017a`](docker/setup-qemu-action@4e7017a) build(deps): bump `@docker/actions-toolkit` from 0.91.0 to 0.92.0 * [`0eca235`](docker/setup-qemu-action@0eca235) Merge pull request [#314](https://redirect.github.com/docker/setup-qemu-action/issues/314) from crazy-max/fix-yarn-preapprove-actions-toolkit * [`ea66a41`](docker/setup-qemu-action@ea66a41) chore: allow actions-toolkit to bypass yarn age gate * [`451542b`](docker/setup-qemu-action@451542b) Merge pull request [#308](https://redirect.github.com/docker/setup-qemu-action/issues/308) from docker/dependabot/npm\_and\_yarn/undici-6.27.0 * [`532ae00`](docker/setup-qemu-action@532ae00) [dependabot skip] chore: update generated content * [`b6f5af6`](docker/setup-qemu-action@b6f5af6) build(deps): bump undici from 6.26.0 to 6.27.0 * [`cf96b86`](docker/setup-qemu-action@cf96b86) Merge pull request [#304](https://redirect.github.com/docker/setup-qemu-action/issues/304) from docker/dependabot/npm\_and\_yarn/tmp-0.2.7 * [`f0ba643`](docker/setup-qemu-action@f0ba643) [dependabot skip] chore: update generated content * Additional commits viewable in [compare view](docker/setup-qemu-action@0611638...96fe6ef) Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0 Release notes *Sourced from [docker/setup-buildx-action's releases](https://github.com/docker/setup-buildx-action/releases).* > v4.2.0 > ------ > > * Preserve names in esbuild bundle by [`@crazy-max`](https://github.com/crazy-max) in [docker/setup-buildx-action#572](https://redirect.github.com/docker/setup-buildx-action/pull/572) > * Bump `@actions/core` from 3.0.0 to 3.0.1 in [docker/setup-buildx-action#551](https://redirect.github.com/docker/setup-buildx-action/pull/551) > * Bump `@docker/actions-toolkit` from 0.90.0 to 0.92.0 in [docker/setup-buildx-action#557](https://redirect.github.com/docker/setup-buildx-action/pull/557) [docker/setup-buildx-action#580](https://redirect.github.com/docker/setup-buildx-action/pull/580) > * Bump `@sigstore/core` from 3.1.0 to 3.2.1 in [docker/setup-buildx-action#573](https://redirect.github.com/docker/setup-buildx-action/pull/573) > * Bump `@sigstore/verify` from 3.1.0 to 3.1.1 in [docker/setup-buildx-action#576](https://redirect.github.com/docker/setup-buildx-action/pull/576) > * Bump js-yaml from 4.1.1 to 5.2.0 in [docker/setup-buildx-action#562](https://redirect.github.com/docker/setup-buildx-action/pull/562) > * Bump sigstore from 4.1.0 to 4.1.1 in [docker/setup-buildx-action#577](https://redirect.github.com/docker/setup-buildx-action/pull/577) > * Bump tmp from 0.2.5 to 0.2.7 in [docker/setup-buildx-action#556](https://redirect.github.com/docker/setup-buildx-action/pull/556) > * Bump undici from 6.25.0 to 6.27.0 in [docker/setup-buildx-action#570](https://redirect.github.com/docker/setup-buildx-action/pull/570) > * Bump vite from 7.3.2 to 7.3.6 in [docker/setup-buildx-action#569](https://redirect.github.com/docker/setup-buildx-action/pull/569) > > **Full Changelog**: <docker/setup-buildx-action@v4.1.0...v4.2.0> Commits * [`bb05f3f`](docker/setup-buildx-action@bb05f3f) Merge pull request [#580](https://redirect.github.com/docker/setup-buildx-action/issues/580) from docker/dependabot/npm\_and\_yarn/docker/actions-to... * [`321c814`](docker/setup-buildx-action@321c814) [dependabot skip] chore: update generated content * [`b9a36ef`](docker/setup-buildx-action@b9a36ef) build(deps): bump `@docker/actions-toolkit` from 0.91.0 to 0.92.0 * [`ebeab24`](docker/setup-buildx-action@ebeab24) Merge pull request [#570](https://redirect.github.com/docker/setup-buildx-action/issues/570) from docker/dependabot/npm\_and\_yarn/undici-6.27.0 * [`5c7b8ae`](docker/setup-buildx-action@5c7b8ae) [dependabot skip] chore: update generated content * [`037e618`](docker/setup-buildx-action@037e618) build(deps): bump undici from 6.25.0 to 6.27.0 * [`66080e5`](docker/setup-buildx-action@66080e5) Merge pull request [#577](https://redirect.github.com/docker/setup-buildx-action/issues/577) from docker/dependabot/npm\_and\_yarn/sigstore-4.1.1 * [`409aef0`](docker/setup-buildx-action@409aef0) Merge pull request [#562](https://redirect.github.com/docker/setup-buildx-action/issues/562) from docker/dependabot/npm\_and\_yarn/js-yaml-4.2.0 * [`49c6e42`](docker/setup-buildx-action@49c6e42) build(deps): bump sigstore from 4.1.0 to 4.1.1 * [`2211273`](docker/setup-buildx-action@2211273) [dependabot skip] chore: update generated content * Additional commits viewable in [compare view](docker/setup-buildx-action@d7f5e7f...bb05f3f) Updates `anthropics/claude-code-action` from 1.0.159 to 1.0.165 Release notes *Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).* > v1.0.165 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.165> > > v1.0.164 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.164> > > v1.0.163 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.163> > > v1.0.162 > -------- > > What's Changed > -------------- > > * Add agent-approval-check composite action by [`@km-anthropic`](https://github.com/km-anthropic) in [anthropics/claude-code-action#1429](https://redirect.github.com/anthropics/claude-code-action/pull/1429) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.162> > > v1.0.161 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.161> > > v1.0.160 > -------- > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.160> Commits * [`558b1d6`](anthropics/claude-code-action@558b1d6) chore: bump Claude Code to 2.1.201 and Agent SDK to 0.3.201 * [`01872cc`](anthropics/claude-code-action@01872cc) chore: bump Claude Code to 2.1.200 and Agent SDK to 0.3.200 * [`769e3bd`](anthropics/claude-code-action@769e3bd) chore: bump Claude Code to 2.1.199 and Agent SDK to 0.3.199 * [`6c0083b`](anthropics/claude-code-action@6c0083b) chore: bump Claude Code to 2.1.198 and Agent SDK to 0.3.198 * [`846d5d8`](anthropics/claude-code-action@846d5d8) Add agent-approval-check composite action ([#1429](https://redirect.github.com/anthropics/claude-code-action/issues/1429)) * [`fad22eb`](anthropics/claude-code-action@fad22eb) chore: bump Claude Code to 2.1.197 and Agent SDK to 0.3.197 * [`4633baf`](anthropics/claude-code-action@4633baf) chore: bump Claude Code to 2.1.196 and Agent SDK to 0.3.196 * See full diff in [compare view](anthropics/claude-code-action@a92e7c7...558b1d6) Updates `github/codeql-action/upload-sarif` from 4.36.2 to 4.36.3 Release notes *Sourced from [github/codeql-action/upload-sarif's releases](https://github.com/github/codeql-action/releases).* > v4.36.3 > ------- > > No user facing changes. Changelog *Sourced from [github/codeql-action/upload-sarif's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).* > CodeQL Action Changelog > ======================= > > See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. > > [UNRELEASED] > ------------ > > No user facing changes. > > 4.36.3 - 01 Jul 2026 > -------------------- > > No user facing changes. > > 4.36.2 - 04 Jun 2026 > -------------------- > > * Cache CodeQL CLI version information across Actions steps. [#3943](https://redirect.github.com/github/codeql-action/pull/3943) > * Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. [#3937](https://redirect.github.com/github/codeql-action/pull/3937) > * Update default CodeQL bundle version to [2.25.6](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6). [#3948](https://redirect.github.com/github/codeql-action/pull/3948) > > 4.36.1 - 02 Jun 2026 > -------------------- > > No user facing changes. > > 4.36.0 - 22 May 2026 > -------------------- > > * *Breaking change*: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://redirect.github.com/github/codeql-action/pull/3894) > * Add support for SHA-256 Git object IDs. [#3893](https://redirect.github.com/github/codeql-action/pull/3893) > * Update default CodeQL bundle version to [2.25.5](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5). [#3926](https://redirect.github.com/github/codeql-action/pull/3926) > > 4.35.5 - 15 May 2026 > -------------------- > > * We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. [#3899](https://redirect.github.com/github/codeql-action/pull/3899) > * For performance and accuracy reasons, [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. [#3791](https://redirect.github.com/github/codeql-action/pull/3791) > * If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://redirect.github.com/github/codeql-action/pull/3892) > * Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://redirect.github.com/github/codeql-action/pull/3880) > > 4.35.4 - 07 May 2026 > -------------------- > > * Update default CodeQL bundle version to [2.25.4](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4). [#3881](https://redirect.github.com/github/codeql-action/pull/3881) > > 4.35.3 - 01 May 2026 > -------------------- > > * *Upcoming breaking change*: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://redirect.github.com/github/codeql-action/pull/3837) > * Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://redirect.github.com/github/codeql-action/pull/3850) > * Best-effort connection tests for private registries now use `GET` requests instead of `HEAD` for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. [#3853](https://redirect.github.com/github/codeql-action/pull/3853) > * Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://redirect.github.com/github/codeql-action/pull/3852) > * Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://redirect.github.com/github/codeql-action/pull/3865) > > 4.35.2 - 15 Apr 2026 > -------------------- > > * The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://redirect.github.com/github/codeql-action/pull/3795) ... (truncated) Commits * [`54f647b`](github/codeql-action@54f647b) Merge pull request [#3984](https://redirect.github.com/github/codeql-action/issues/3984) from github/update-v4.36.3-1f34ec164 * [`e78819e`](github/codeql-action@e78819e) Trigger checks * [`2c9d3d6`](github/codeql-action@2c9d3d6) Update changelog for v4.36.3 * [`1f34ec1`](github/codeql-action@1f34ec1) Merge pull request [#3983](https://redirect.github.com/github/codeql-action/issues/3983) from github/mbg/repo-props/ff-for-config-file-prop * [`d5f0145`](github/codeql-action@d5f0145) Log when repository property has a value but is ignored * [`f27f563`](github/codeql-action@f27f563) Add test for when the FF is off * [`0025d0f`](github/codeql-action@0025d0f) Use FF * [`f7fa18f`](github/codeql-action@f7fa18f) Add FF for config file repo property * [`628fc3f`](github/codeql-action@628fc3f) Merge pull request [#3979](https://redirect.github.com/github/codeql-action/issues/3979) from github/henrymercer/overlay-db-cleanup-size-tele... * [`9cfb67b`](github/codeql-action@9cfb67b) Add clarifying comments * Additional commits viewable in [compare view](github/codeql-action@8aad20d...54f647b) Updates `docker/login-action` from 4.2.0 to 4.4.0 Release notes *Sourced from [docker/login-action's releases](https://github.com/docker/login-action/releases).* > v4.4.0 > ------ > > * Skip empty `registry-auth` secret mask by [`@crazy-max`](https://github.com/crazy-max) in [docker/login-action#1035](https://redirect.github.com/docker/login-action/pull/1035) > * Bump `@aws-sdk/client-ecr` and `@aws-sdk/client-ecr-public` to 3.1077.0 [docker/login-action#1034](https://redirect.github.com/docker/login-action/pull/1034) > > **Full Changelog**: <docker/login-action@v4.3.0...v4.4.0> > > v4.3.0 > ------ > > * Preserve names in esbuild bundle by [`@crazy-max`](https://github.com/crazy-max) in [docker/login-action#1022](https://redirect.github.com/docker/login-action/pull/1022) > * Bump `@aws-sdk/client-ecr` and `@aws-sdk/client-ecr-public` to 3.1076.0 [docker/login-action#999](https://redirect.github.com/docker/login-action/pull/999) [docker/login-action#1030](https://redirect.github.com/docker/login-action/pull/1030) > * Bump `@docker/actions-toolkit` from 0.90.0 to 0.92.0 in [docker/login-action#1004](https://redirect.github.com/docker/login-action/pull/1004) [docker/login-action#1027](https://redirect.github.com/docker/login-action/pull/1027) > * Bump `@sigstore/core` from 3.1.0 to 3.2.1 in [docker/login-action#1023](https://redirect.github.com/docker/login-action/pull/1023) > * Bump `@sigstore/verify` from 3.1.0 to 3.1.1 in [docker/login-action#1029](https://redirect.github.com/docker/login-action/pull/1029) > * Bump http-proxy-agent and https-proxy-agent to 9.1.0 in [docker/login-action#1017](https://redirect.github.com/docker/login-action/pull/1017) > * Bump js-yaml from 4.1.1 to 5.2.0 in [docker/login-action#1028](https://redirect.github.com/docker/login-action/pull/1028) > * Bump sigstore from 4.1.0 to 4.1.1 in [docker/login-action#1031](https://redirect.github.com/docker/login-action/pull/1031) > * Bump tmp from 0.2.5 to 0.2.7 in [docker/login-action#1002](https://redirect.github.com/docker/login-action/pull/1002) > * Bump undici from 6.24.1 to 6.27.0 in [docker/login-action#1020](https://redirect.github.com/docker/login-action/pull/1020) > * Bump vite from 7.3.3 to 7.3.6 in [docker/login-action#1019](https://redirect.github.com/docker/login-action/pull/1019) > > **Full Changelog**: <docker/login-action@v4.2.0...v4.3.0> Commits * [`af1e73f`](docker/login-action@af1e73f) Merge pull request [#1034](https://redirect.github.com/docker/login-action/issues/1034) from docker/dependabot/npm\_and\_yarn/aws-sdk-dependen... * [`da722bd`](docker/login-action@da722bd) [dependabot skip] chore: update generated content * [`2916ad6`](docker/login-action@2916ad6) build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up... * [`ca0a662`](docker/login-action@ca0a662) Merge pull request [#1035](https://redirect.github.com/docker/login-action/issues/1035) from crazy-max/fix-registry-auth-empty-mask * [`c455755`](docker/login-action@c455755) chore: update generated content * [`4835190`](docker/login-action@4835190) skip empty registry-auth secret mask * [`992421c`](docker/login-action@992421c) Merge pull request [#1033](https://redirect.github.com/docker/login-action/issues/1033) from docker/dependabot/github\_actions/docker/bake-ac... * [`b249b43`](docker/login-action@b249b43) Merge pull request [#1032](https://redirect.github.com/docker/login-action/issues/1032) from docker/dependabot/github\_actions/docker/bake-ac... * [`1b67977`](docker/login-action@1b67977) build(deps): bump docker/bake-action from 7.2.0 to 7.3.0 * [`9d49d6a`](docker/login-action@9d49d6a) build(deps): bump docker/bake-action/subaction/matrix * Additional commits viewable in [compare view](docker/login-action@650006c...af1e73f) Updates `github/codeql-action/init` from 4.36.2 to 4.36.3 Release notes *Sourced from [github/codeql-action/init's releases](https://github.com/github/codeql-action/releases).* > v4.36.3 > ------- > > No user facing changes. Changelog *Sourced from [github/codeql-action/init's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).* > CodeQL Action Changelog > ======================= > > See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. > > [UNRELEASED] > ------------ > > No user facing changes. > > 4.36.3 - 01 Jul 2026 > -------------------- > > No user facing changes. > > 4.36.2 - 04 Jun 2026 > -------------------- > > * Cache CodeQL CLI version information across Actions steps. [#3943](https://redirect.github.com/github/codeql-action/pull/3943) > * Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. [#3937](https://redirect.github.com/github/codeql-action/pull/3937) > * Update default CodeQL bundle version to [2.25.6](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6). [#3948](https://redirect.github.com/github/codeql-action/pull/3948) > > 4.36.1 - 02 Jun 2026 > -------------------- > > No user facing changes. > > 4.36.0 - 22 May 2026 > -------------------- > > * *Breaking change*: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://redirect.github.com/github/codeql-action/pull/3894) > * Add support for SHA-256 Git object IDs. [#3893](https://redirect.github.com/github/codeql-action/pull/3893) > * Update default CodeQL bundle version to [2.25.5](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5). [#3926](https://redirect.github.com/github/codeql-action/pull/3926) > > 4.35.5 - 15 May 2026 > -------------------- > > * We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. [#3899](https://redirect.github.com/github/codeql-action/pull/3899) > * For performance and accuracy reasons, [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. [#3791](https://redirect.github.com/github/codeql-action/pull/3791) > * If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://redirect.github.com/github/codeql-action/pull/3892) > * Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://redirect.github.com/github/codeql-action/pull/3880) > > 4.35.4 - 07 May 2026 > -------------------- > > * Update default CodeQL bundle version to [2.25.4](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4). [#3881](https://redirect.github.com/github/codeql-action/pull/3881) > > 4.35.3 - 01 May 2026 > -------------------- > > * *Upcoming breaking change*: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://redirect.github.com/github/codeql-action/pull/3837) > * Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://redirect.github.com/github/codeql-action/pull/3850) > * Best-effort connection tests for private registries now use `GET` requests instead of `HEAD` for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. [#3853](https://redirect.github.com/github/codeql-action/pull/3853) > * Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://redirect.github.com/github/codeql-action/pull/3852) > * Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://redirect.github.com/github/codeql-action/pull/3865) > > 4.35.2 - 15 Apr 2026 > -------------------- > > * The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://redirect.github.com/github/codeql-action/pull/3795) ... (truncated) Commits * [`54f647b`](github/codeql-action@54f647b) Merge pull request [#3984](https://redirect.github.com/github/codeql-action/issues/3984) from github/update-v4.36.3-1f34ec164 * [`e78819e`](github/codeql-action@e78819e) Trigger checks * [`2c9d3d6`](github/codeql-action@2c9d3d6) Update changelog for v4.36.3 * [`1f34ec1`](github/codeql-action@1f34ec1) Merge pull request [#3983](https://redirect.github.com/github/codeql-action/issues/3983) from github/mbg/repo-props/ff-for-config-file-prop * [`d5f0145`](github/codeql-action@d5f0145) Log when repository property has a value but is ignored * [`f27f563`](github/codeql-action@f27f563) Add test for when the FF is off * [`0025d0f`](github/codeql-action@0025d0f) Use FF * [`f7fa18f`](github/codeql-action@f7fa18f) Add FF for config file repo property * [`628fc3f`](github/codeql-action@628fc3f) Merge pull request [#3979](https://redirect.github.com/github/codeql-action/issues/3979) from github/henrymercer/overlay-db-cleanup-size-tele... * [`9cfb67b`](github/codeql-action@9cfb67b) Add clarifying comments * Additional commits viewable in [compare view](github/codeql-action@8aad20d...54f647b) Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3 Release notes *Sourced from [github/codeql-action/analyze's releases](https://github.com/github/codeql-action/releases).* > v4.36.3 > ------- > > No user facing changes. Changelog *Sourced from [github/codeql-action/analyze's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).* > CodeQL Action Changelog > ======================= > > See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. > > [UNRELEASED] > ------------ > > No user facing changes. > > 4.36.3 - 01 Jul 2026 > -------------------- > > No user facing changes. > > 4.36.2 - 04 Jun 2026 > -------------------- > > * Cache CodeQL CLI version information across Actions steps. [#3943](https://redirect.github.com/github/codeql-action/pull/3943) > * Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. [#3937](https://redirect.github.com/github/codeql-action/pull/3937) > * Update default CodeQL bundle version to [2.25.6](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6). [#3948](https://redirect.github.com/github/codeql-action/pull/3948) > > 4.36.1 - 02 Jun 2026 > -------------------- > > No user facing changes. > > 4.36.0 - 22 May 2026 > -------------------- > > * *Breaking change*: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://redirect.github.com/github/codeql-action/pull/3894) > * Add support for SHA-256 Git object IDs. [#3893](https://redirect.github.com/github/codeql-action/pull/3893) > * Update default CodeQL bundle version to [2.25.5](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5). [#3926](https://redirect.github.com/github/codeql-action/pull/3926) > > 4.35.5 - 15 May 2026 > -------------------- > > * We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. [#3899](https://redirect.github.com/github/codeql-action/pull/3899) > * For performance and accuracy reasons, [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. [#3791](https://redirect.github.com/github/codeql-action/pull/3791) > * If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://redirect.github.com/github/codeql-action/pull/3892) > * Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://redirect.github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://redirect.github.com/github/codeql-action/pull/3880) > > 4.35.4 - 07 May 2026 > -------------------- > > * Update default CodeQL bundle version to [2.25.4](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4). [#3881](https://redirect.github.com/github/codeql-action/pull/3881) > > 4.35.3 - 01 May 2026 > -------------------- > > * *Upcoming breaking change*: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://redirect.github.com/github/codeql-action/pull/3837) > * Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. [#3850](https://redirect.github.com/github/codeql-action/pull/3850) > * Best-effort connection tests for private registries now use `GET` requests instead of `HEAD` for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. [#3853](https://redirect.github.com/github/codeql-action/pull/3853) > * Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://redirect.github.com/github/codeql-action/pull/3852) > * Update default CodeQL bundle version to [2.25.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3). [#3865](https://redirect.github.com/github/codeql-action/pull/3865) > > 4.35.2 - 15 Apr 2026 > -------------------- > > * The undocumented TRAP cache cleanup feature that could be enabled using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the `trap-caching: false` input to the `init` Action. [#3795](https://redirect.github.com/github/codeql-action/pull/3795) ... (truncated) Commits * [`54f647b`](github/codeql-action@54f647b) Merge pull request [#3984](https://redirect.github.com/github/codeql-action/issues/3984) from github/update-v4.36.3-1f34ec164 * [`e78819e`](github/codeql-action@e78819e) Trigger checks * [`2c9d3d6`](github/codeql-action@2c9d3d6) Update changelog for v4.36.3 * [`1f34ec1`](github/codeql-action@1f34ec1) Merge pull request [#3983](https://redirect.github.com/github/codeql-action/issues/3983) from github/mbg/repo-props/ff-for-config-file-prop * [`d5f0145`](github/codeql-action@d5f0145) Log when repository property has a value but is ignored * [`f27f563`](github/codeql-action@f27f563) Add test for when the FF is off * [`0025d0f`](github/codeql-action@0025d0f) Use FF * [`f7fa18f`](github/codeql-action@f7fa18f) Add FF for config file repo property * [`628fc3f`](github/codeql-action@628fc3f) Merge pull request [#3979](https://redirect.github.com/github/codeql-action/issues/3979) from github/henrymercer/overlay-db-cleanup-size-tele... * [`9cfb67b`](github/codeql-action@9cfb67b) Add clarifying comments * Additional commits viewable in [compare view](github/codeql-action@8aad20d...54f647b)
What this does
Adds
agent-approval-check: a composite action that requires N human approvals on any PR containing agent-authored commits (Claude / Claude Code / any configured bot). It posts anagent-approval-checkcommit status that repos mark as a required check on protected branches; PRs without agent activity pass through untouched.Users drop one workflow file into
.github/workflows/(seeexamples/agent-approval-check.yml) and add the status to branch protection.Why
We want a drop-in answer to "how do I make sure a human reviewed what Claude pushed before it merges." This is the gate Anthropic already runs internally on every agent-authored PR.
What changed
Security-load-bearing logic kept verbatim: agent detection (committer email ∪ PR-author login ∪ agent-submitted APPROVED review),
/approve <sha>parsing pinned to head, dedup'd approver counting, the sibling-PR-same-SHA guard, >250-commit fail-closed, and exit-nonzero-on-error.How we know it works
A pre-publish secret/internal-reference scan came back clean (no internal hostnames, links, tokens, or package imports).
After merge
agent-approval-check-v1(or fold into the next action release tag).🤖 Generated with Claude Code