fix: allow @ in branch names (used by Gastown and other multi-agent tools)#1305
Open
jerhinesmith wants to merge 1 commit into
Open
fix: allow @ in branch names (used by Gastown and other multi-agent tools)#1305jerhinesmith wants to merge 1 commit into
jerhinesmith wants to merge 1 commit into
Conversation
…ools)
Multi-agent orchestration tools like Gastown generate branch names of the
form "polecat/name/project@sessionid", where "@" separates a task name from
a session ID. The strict whitelist in validateBranchName rejected these names
with "Invalid branch name", causing claude-code-action to fail on any PR
opened from such a branch.
The "@{" sequence (git reflog syntax) is still explicitly rejected by the
dedicated check that follows. Bare "@" carries no injection risk since all
git calls use execFileSync, not shell interpolation — the same rationale
used when "+" and "#" were added to the allowlist.
Fixes branches like: polecat/nux/bo-gpl@moxcd5jj
References:
- Gastown: https://github.com/gastownhall/gastown
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
validateBranchNameuses a strict character whitelist that excludes@, causing the action to fail on PRs from branches likepolecat/nux/bo-gpl@moxcd5jjwith:Context
Multi-agent orchestration tools like Gastown generate branch names of the form
polecat/<name>/<project>@<sessionid>, where@separates a task name from a unique session ID. Engineers using these tools open PRs from these branches and see the review job fail immediately.Fix
Add
@to the whitelist pattern. The@{sequence (git reflog syntax) is still explicitly rejected by its own dedicated check later in the function — this PR doesn't touch that. Bare@carries no injection risk since all git calls useexecFileSync(not shell interpolation), which is the same rationale used when+was added in #1248 and#was added in #1167.Before:
After:
Changes
src/github/operations/branch.ts— add@to whitelist; update comment and error messagetest/validate-branch-name.test.ts— add test cases for@-containing branch names