You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(base-action): default enableAllProjectMcpServers to false
Adds an enable_all_project_mcp_servers action input so workflow authors
explicitly opt in to auto-loading servers from the checkout's .mcp.json.
The wrapper action keeps a 'true' default since it restores .mcp.json
from the PR base ref before execution, so wrapper-action behavior is
unchanged.
Complements #1115 (setting_sources default).
:house: Remote-Dev: homespace
Copy file name to clipboardExpand all lines: action.yml
+5Lines changed: 5 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -62,6 +62,10 @@ inputs:
62
62
description: "Claude Code settings as JSON string or path to settings JSON file"
63
63
required: false
64
64
default: ""
65
+
enable_all_project_mcp_servers:
66
+
description: "Auto-enable every MCP server defined in the checkout's .mcp.json. Defaults to 'true' — safe here because .mcp.json is restored from the PR base branch before execution. Set to 'false' to ignore in-repo MCP servers entirely."
| `prompt` | The prompt to send to Claude Code | No\* | '' |
91
-
| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' |
92
-
| `allowed_tools` | Comma-separated list of allowed tools for Claude Code to use | No | '' |
93
-
| `disallowed_tools` | Comma-separated list of disallowed tools that Claude Code cannot use | No | '' |
94
-
| `max_turns` | Maximum number of conversation turns (default: no limit) | No | '' |
95
-
| `mcp_config` | Path to the MCP configuration JSON file, or MCP configuration JSON string | No | '' |
96
-
| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' |
97
-
| `system_prompt` | Override system prompt | No | '' |
98
-
| `append_system_prompt` | Append to system prompt | No | '' |
99
-
| `claude_env` | Custom environment variables to pass to Claude Code execution (YAML multiline format) | No | '' |
100
-
| `model` | Model to use (provider-specific format required for Bedrock/Vertex) | No | 'claude-4-0-sonnet-20250219' |
101
-
| `anthropic_model` | DEPRECATED: Use 'model' instead | No | 'claude-4-0-sonnet-20250219' |
102
-
| `fallback_model` | Enable automatic fallback to specified model when default model is overloaded | No | '' |
103
-
| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' |
104
-
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' |
105
-
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' |
106
-
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' |
107
-
| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' |
108
-
| `show_full_output` | Show full JSON output (⚠️ May expose secrets - see [security docs](../docs/security.md#️-full-output-security-warning)) | No | 'false'\*\* |
| `prompt` | The prompt to send to Claude Code | No\* | '' |
91
+
| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' |
92
+
| `allowed_tools` | Comma-separated list of allowed tools for Claude Code to use | No | '' |
93
+
| `disallowed_tools` | Comma-separated list of disallowed tools that Claude Code cannot use | No | '' |
94
+
| `max_turns` | Maximum number of conversation turns (default: no limit) | No | '' |
95
+
| `mcp_config` | Path to the MCP configuration JSON file, or MCP configuration JSON string | No | '' |
96
+
| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' |
97
+
| `enable_all_project_mcp_servers` | Auto-enable every MCP server in the checkout's `.mcp.json`. Off by default because `.mcp.json` is PR-controlled. | No | 'false' |
98
+
| `system_prompt` | Override system prompt | No | '' |
99
+
| `append_system_prompt` | Append to system prompt | No | '' |
100
+
| `claude_env` | Custom environment variables to pass to Claude Code execution (YAML multiline format) | No | '' |
101
+
| `model` | Model to use (provider-specific format required for Bedrock/Vertex) | No | 'claude-4-0-sonnet-20250219' |
102
+
| `anthropic_model` | DEPRECATED: Use 'model' instead | No | 'claude-4-0-sonnet-20250219' |
103
+
| `fallback_model` | Enable automatic fallback to specified model when default model is overloaded | No | '' |
104
+
| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' |
105
+
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' |
106
+
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' |
107
+
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' |
108
+
| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' |
109
+
| `show_full_output` | Show full JSON output (⚠️ May expose secrets - see [security docs](../docs/security.md#️-full-output-security-warning)) | No | 'false'\*\* |
109
110
110
111
\*Either `prompt` or `prompt_file` must be provided, but not both.
111
112
@@ -251,7 +252,7 @@ The settings file supports all Claude Code settings options including:
251
252
- `includeCoAuthoredBy`: Include co-authored-by in git commits
252
253
- And more...
253
254
254
-
**Note**: The `enableAllProjectMcpServers` setting is always set to `true` by this action to ensure MCP servers work correctly.
255
+
**Note**: The `enableAllProjectMcpServers` setting is controlled by the `enable_all_project_mcp_servers` input (default `false`) and overrides any value provided via `settings`. Set the input to `true` only when the checkout's `.mcp.json` is trusted.
Copy file name to clipboardExpand all lines: base-action/action.yml
+5Lines changed: 5 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -18,6 +18,10 @@ inputs:
18
18
description: "Claude Code settings as JSON string or path to settings JSON file"
19
19
required: false
20
20
default: ""
21
+
enable_all_project_mcp_servers:
22
+
description: "Auto-enable every MCP server defined in the checkout's .mcp.json. Defaults to 'false' because .mcp.json is PR-controlled in pull_request workflows; set to 'true' only when the checkout is trusted."
Copy file name to clipboardExpand all lines: docs/configuration.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -329,7 +329,7 @@ For a complete list of available settings and their descriptions, see the [Claud
329
329
330
330
**Notes**:
331
331
332
-
- The `enableAllProjectMcpServers` setting is always set to `true` by this action to ensure MCP servers work correctly.
332
+
- The `enableAllProjectMcpServers` setting is controlled by the `enable_all_project_mcp_servers` input (default `true` for this action) and overrides any value provided via `settings`.
333
333
- The `claude_args` input provides direct access to Claude Code CLI arguments and takes precedence over settings.
334
334
- We recommend using `claude_args` for simple configurations and `settings` for complex configurations with hooks and environment variables.
0 commit comments