Skip to content

Feature request: Add read_only mode to disable automatic commit capabilities #1415

Description

@kevinvirk15

Problem

When using claude-code-action for security reviews or other read-only tasks, the action automatically grants Claude write capabilities that cannot be disabled via configuration.

In src/modes/tag/index.ts (lines 135-150), the action unconditionally adds git write tools:

if (!useApiCommitSigning) {
  tagModeTools.push(
    "Bash(git add:*)",
    "Bash(git commit:*)",
    `Bash(${gitPushWrapper}:*)`,
    "Bash(git rm:*)",
  );
} else {
  tagModeTools.push(
    "mcp__github_file_ops__commit_files",
    "mcp__github_file_ops__delete_files",
  );
}

This means even when a workflow explicitly configures limited tools via claude_args:

claude_args: |
  --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*)"

The action still adds git write capabilities, and Claude can (and does) make commits autonomously.

Use Case

We use claude-code-action for security reviews only - we want Claude to analyze PRs and post comments, but not make any changes to the code. However, Claude detected a CI failure and automatically committed a fix, which was unexpected behavior given our workflow configuration.

Requested Solution

Add a read_only input parameter (or similar) that prevents the action from adding any write tools:

- uses: anthropics/claude-code-action@v1
  with:
    read_only: true  # Prevents git/file write tools from being added
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}

When read_only: true:

  • Do not add Bash(git add:*), Bash(git commit:*), Bash(git rm:*), or the git push wrapper
  • Do not add mcp__github_file_ops__commit_files or mcp__github_file_ops__delete_files
  • Only allow the base read tools (Glob, Grep, LS, Read) plus user-specified tools

Alternatives Considered

  1. Forking the action - Works but requires maintaining a fork
  2. Using use_commit_signing - This only changes HOW commits are made (git CLI vs API), not WHETHER commits are allowed

Additional Context

This follows the principle of least privilege - workflows that only need read access shouldn't be granted write access by default. Many users may want Claude for code review, documentation generation, or analysis tasks where commits are not desired.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions