- Replace --dangerously-skip-permissions with --allowedTools whitelist

jdalton · jdalton · commit 05358cd60c4e · 2026-04-03T23:44:14.000-04:00
(Bash pnpm/git only, Read, Write, Edit, Glob, Grep)
- Switch to --model haiku (cheapest, sufficient for dependency updates)
- Add --max-turns 25 to prevent runaway loops
- Fix SFW_BIN: use PATH wrapper instead of alias (propagates to subprocesses)
- Add post-agent diff validation (block unexpected file modifications)
- Gate push/PR on validation passing
- Reduce timeout-minutes from 30 to 15
diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml
@@ -67,22 +67,31 @@ jobs:
 
       - name: Run updating skill with Claude Code
         id: claude
-        timeout-minutes: 30
+        timeout-minutes: 15
         shell: bash
         env:
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           GITHUB_ACTIONS: 'true'
         run: |
-          alias pnpm="$SFW_BIN pnpm"
+          # Wrap pnpm through Socket firewall for all subprocesses (not just this shell).
+          if [ -n "$SFW_BIN" ]; then
+            mkdir -p /tmp/sfw-bin
+            printf '#!/bin/bash\nexec "%s" pnpm "$@"\n' "$SFW_BIN" > /tmp/sfw-bin/pnpm
+            chmod +x /tmp/sfw-bin/pnpm
+            export PATH="/tmp/sfw-bin:$PATH"
+          fi
+
           if [ -z "$ANTHROPIC_API_KEY" ]; then
             echo "ANTHROPIC_API_KEY not set - skipping automated update"
             echo "success=false" >> $GITHUB_OUTPUT
             exit 0
           fi
 
           set +e
-          claude --print --dangerously-skip-permissions \
-            --model sonnet \
+          claude --print \
+            --model haiku \
+            --max-turns 25 \
+            --allowedTools "Bash(pnpm:*)" "Bash(git:*)" "Read" "Write" "Edit" "Glob" "Grep" \
             "$(cat <<'PROMPT'
           /updating
 
@@ -115,6 +124,25 @@ jobs:
             echo "success=false" >> $GITHUB_OUTPUT
           fi
 
+      - name: Validate changes
+        id: validate
+        if: steps.claude.outputs.success == 'true'
+        run: |
+          # Only allow changes to dependency-related files.
+          UNEXPECTED=""
+          for file in $(git diff --name-only origin/main..HEAD); do
+            case "$file" in
+              package.json|*/package.json|pnpm-lock.yaml|*/pnpm-lock.yaml|.npmrc|pnpm-workspace.yaml) ;;
+              *) UNEXPECTED="$UNEXPECTED $file" ;;
+            esac
+          done
+          if [ -n "$UNEXPECTED" ]; then
+            echo "::error::Unexpected files modified by Claude:$UNEXPECTED"
+            echo "valid=false" >> $GITHUB_OUTPUT
+          else
+            echo "valid=true" >> $GITHUB_OUTPUT
+          fi
+
       - name: Check for changes
         id: changes
         run: |
@@ -125,13 +153,13 @@ jobs:
           fi
 
       - name: Push branch
-        if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
+        if: steps.claude.outputs.success == 'true' && steps.validate.outputs.valid == 'true' && steps.changes.outputs.has-changes == 'true'
         env:
           BRANCH_NAME: ${{ steps.branch.outputs.branch }}
         run: git push origin "$BRANCH_NAME"
 
       - name: Create Pull Request
-        if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
+        if: steps.claude.outputs.success == 'true' && steps.validate.outputs.valid == 'true' && steps.changes.outputs.has-changes == 'true'
         env:
           GH_TOKEN: ${{ github.token }}
           BRANCH_NAME: ${{ steps.branch.outputs.branch }}
@@ -160,7 +188,7 @@ jobs:
             --base main
 
       - name: Add job summary
-        if: steps.claude.outputs.success == 'true' && steps.changes.outputs.has-changes == 'true'
+        if: steps.claude.outputs.success == 'true' && steps.validate.outputs.valid == 'true' && steps.changes.outputs.has-changes == 'true'
         env:
           BRANCH_NAME: ${{ steps.branch.outputs.branch }}
         run: |
