Add SRE workflow for automated issue investigation#3236
Conversation
Adds a GitHub Actions workflow that triggers on issues labeled for automated investigation. Integrates with Grafana API for live metric queries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
x3c41a
force-pushed
the
add-sre-workflow
branch
from
8b52f7a to
3844e16
Compare
Add write permissions and checkout step so Claude can create branches and open pull requests to fix issues, not just comment. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
(TL;DR - please don't merge this before resolving my runner security worries !!) I'm concerned by the lack of a boundary between untrusted text and the agent here. Let me check I understand: PR takes external data from GH Issues/Comments -> GH action runner -> Claude API What prevents an indirect prompt injection from a malicious user opening an issue? - this could include hidden instructions in the issue body telling the agent to ignore its system prompt and exfiltrate data. On the Claude side - what APIs are you using, where are the tokens stored, and what are the exact permissions granted to the GITHUB_TOKEN running this action? Have you used least privilege, granular as possible, read-only by default (e.g., contents: read, issues: write)? Finally, how are we ensuring Claude only comments and doesn't attempt to execute bash commands locally on the runner to "investigate"? |
| (github.event_name == 'issues' && contains(github.event.issue.labels.*.name, 'claude')) || | ||
| (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) |
There was a problem hiding this comment.
Any user can create an issue and invoke claude. Are you sure that this is planned behaviour?
3 participants
Adds a Claude SRE workflow that triggers on issues labeled
claudeor@claudecomments. Claude can read the repo, query Grafana metrics, and open PRs with fixes.Required secrets
ANTHROPIC_API_KEYGRAFANA_URL/GRAFANA_TOKEN(optional, for live metric queries)🤖 Generated with Claude Code