claude-hub

claude-did-this/claude-hub

Fork 1

mirror of https://github.com/claude-did-this/claude-hub.git synced 2026-02-14 19:30:02 +01:00

Commit Graph

Author	SHA1	Message	Date
Cheffromspace	12e4589169	Fix: Merge entrypoint scripts and fix auto-tagging tool permissions (#146 ) * fix: merge entrypoint scripts and fix auto-tagging tool permissions - Merged duplicate claudecode-entrypoint.sh and claudecode-tagging-entrypoint.sh scripts - Added dynamic tool selection based on OPERATION_TYPE environment variable - Fixed auto-tagging permissions to include required Bash(gh:) commands - Removed 95% code duplication between entrypoint scripts - Simplified claudeService.ts to use unified entrypoint - Auto-tagging now uses: Read,GitHub,Bash(gh issue edit:),Bash(gh issue view:),Bash(gh label list:) - General operations continue to use full tool set 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: update Dockerfile to use unified entrypoint script - Remove references to deleted claudecode-tagging-entrypoint.sh - Update build process to use single unified entrypoint script * fix: remove unnecessary async from promisify mock to fix lint error * feat: add Husky pre-commit hooks with Prettier as primary formatter - Added Husky for Git pre-commit hooks - Configured eslint-config-prettier to avoid ESLint/Prettier conflicts - Prettier handles all formatting, ESLint handles code quality only - Pre-commit hooks: Prettier format, ESLint check, TypeScript check - Updated documentation with pre-commit hook setup - All code quality issues resolved * feat: consolidate workflows and fix permission issues with clean Docker runners - Replace 3 complex workflows with 2 lean ones (pull-request.yml, main.yml) - Add Docker runner configuration for clean, isolated builds - Remove file permission hacks - use ephemeral containers instead - Split workload: GitHub-hosted for tests/security, self-hosted for Docker builds - Add comprehensive pre-commit configuration for security - Update documentation to be more pragmatic - Fix credential file permissions and security audit 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: allow Husky prepare script to fail in production builds 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: update CI badge to reference new main.yml workflow 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>	2025-05-31 20:53:58 -05:00
Jonathan Flatt	7e545475d0	security: Implement comprehensive credential protection system Replace environment variable credentials with secure file-based mounting to prevent runtime credential exposure that was causing security leaks. Key security improvements: - Docker secrets integration for credential mounting - Secure credential loader utility (secureCredentials.js) - Enhanced logging redaction for all credential types - Pre-commit security scanning with multiple tools - Automated security audit workflow and scripts - File-based credentials with proper 600 permissions Services updated: - githubController.js: Use secure credentials for webhook verification - claudeService.js: Use secure credentials for GitHub/Anthropic APIs - githubService.js: Use secure credentials for GitHub API calls - logger.js: Enhanced redaction patterns for all credential types New security infrastructure: - ./scripts/setup/setup-secure-credentials.sh: Setup script for secure credentials - ./scripts/security/credential-audit.sh: Comprehensive security audit - .github/workflows/security-audit.yml: Automated security scanning - docker-compose.yml: Updated to use Docker secrets by default - k8s/secrets.yaml: Kubernetes secrets configuration - systemd/claude-webhook.service: Systemd service configuration This eliminates credential exposure in: - Environment variables and process lists - Container logs and debug output - Git commits and PR comments - Runtime error messages 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-05-21 23:03:07 -05:00
Jonathan Flatt	fc567071dd	Initial commit	2025-05-20 17:01:59 +00:00

Author

SHA1

Message

Date

Cheffromspace

12e4589169

Fix: Merge entrypoint scripts and fix auto-tagging tool permissions (#146 )

* fix: merge entrypoint scripts and fix auto-tagging tool permissions

- Merged duplicate claudecode-entrypoint.sh and claudecode-tagging-entrypoint.sh scripts
- Added dynamic tool selection based on OPERATION_TYPE environment variable
- Fixed auto-tagging permissions to include required Bash(gh:*) commands
- Removed 95% code duplication between entrypoint scripts
- Simplified claudeService.ts to use unified entrypoint
- Auto-tagging now uses: Read,GitHub,Bash(gh issue edit:*),Bash(gh issue view:*),Bash(gh label list:*)
- General operations continue to use full tool set

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: update Dockerfile to use unified entrypoint script

- Remove references to deleted claudecode-tagging-entrypoint.sh
- Update build process to use single unified entrypoint script

* fix: remove unnecessary async from promisify mock to fix lint error

* feat: add Husky pre-commit hooks with Prettier as primary formatter

- Added Husky for Git pre-commit hooks
- Configured eslint-config-prettier to avoid ESLint/Prettier conflicts
- Prettier handles all formatting, ESLint handles code quality only
- Pre-commit hooks: Prettier format, ESLint check, TypeScript check
- Updated documentation with pre-commit hook setup
- All code quality issues resolved

* feat: consolidate workflows and fix permission issues with clean Docker runners

- Replace 3 complex workflows with 2 lean ones (pull-request.yml, main.yml)
- Add Docker runner configuration for clean, isolated builds
- Remove file permission hacks - use ephemeral containers instead
- Split workload: GitHub-hosted for tests/security, self-hosted for Docker builds
- Add comprehensive pre-commit configuration for security
- Update documentation to be more pragmatic
- Fix credential file permissions and security audit

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: allow Husky prepare script to fail in production builds

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: update CI badge to reference new main.yml workflow

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>

2025-05-31 20:53:58 -05:00

Jonathan Flatt

7e545475d0

security: Implement comprehensive credential protection system

Replace environment variable credentials with secure file-based mounting
to prevent runtime credential exposure that was causing security leaks.

Key security improvements:
- Docker secrets integration for credential mounting
- Secure credential loader utility (secureCredentials.js)
- Enhanced logging redaction for all credential types
- Pre-commit security scanning with multiple tools
- Automated security audit workflow and scripts
- File-based credentials with proper 600 permissions

Services updated:
- githubController.js: Use secure credentials for webhook verification
- claudeService.js: Use secure credentials for GitHub/Anthropic APIs
- githubService.js: Use secure credentials for GitHub API calls
- logger.js: Enhanced redaction patterns for all credential types

New security infrastructure:
- ./scripts/setup/setup-secure-credentials.sh: Setup script for secure credentials
- ./scripts/security/credential-audit.sh: Comprehensive security audit
- .github/workflows/security-audit.yml: Automated security scanning
- docker-compose.yml: Updated to use Docker secrets by default
- k8s/secrets.yaml: Kubernetes secrets configuration
- systemd/claude-webhook.service: Systemd service configuration

This eliminates credential exposure in:
- Environment variables and process lists
- Container logs and debug output
- Git commits and PR comments
- Runtime error messages

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-05-21 23:03:07 -05:00

Jonathan Flatt

fc567071dd

Initial commit

2025-05-20 17:01:59 +00:00

3 Commits