Restrict @claude bot to mcp org only, fix fork behavior #819
+33
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a maintainer check to the Claude workflow to ensure only registry maintainers can trigger @claude. This enables the bot to work on external fork PRs when triggered by maintainers, while preventing unauthorized usage. Also adds maintainer onboarding documentation covering the full checklist for adding/removing maintainers. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Replace the hardcoded maintainer list with a dynamic GitHub API check for modelcontextprotocol org membership. This allows any org member to trigger @claude without needing to update the workflow file. Requires adding an ORG_MEMBERSHIP_TOKEN secret with read:org scope. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Parse the users.ts file from modelcontextprotocol/access to get the list of org members. This avoids needing a PAT with read:org scope. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Remove id-token: write (not needed for API key auth, causes issues on forks) - Add write permissions for contents/pull-requests/issues - Detect fork PRs and checkout via refs/pull/N/head instead of branch name - This allows @claude to work on external fork PRs when triggered by org members 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
The claude-code-action uses its own GitHub App token for write operations, so the workflow token only needs read permissions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
tadasant
changed the title
tadasant
changed the title
Member
|
tldr: username matching logic seems safe, although looks spooky I was initially concerned about the username matching logic. If there's an approved user called |
domdomegg
approved these changes
Dec 8, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Written by Claude Code, reviewed by me.
Summary
Fixes
@claudeto work on external fork PRs by:refs/pull/N/headBackground
The
@claudeGitHub app was failing on external forks (example) because the action tried to fetch branches by name, which doesn't work for forks.Changes
Org membership check
modelcontextprotocol/accessrepo'susers.ts@claude(prevents strangers from using it)github.triggering_actorso the person commenting must be an org memberFork PR checkout fix
refs/pull/{number}/headto checkout fork code (instead of branch name)How it works
@claudeon a fork PRmodelcontextprotocol/accessmember listrefs/pull/N/head🤖 Generated with Claude Code