Skip to content

Enable WebSearch and WebFetch for Claude workflow #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
danielorbach merged 3 commits into from
Jan 1, 2026
Merged

Enable WebSearch and WebFetch for Claude workflow #38

danielorbach merged 3 commits into from
Jan 1, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 1, 2026
edited
Loading

The Claude GitHub Action was restricted to Go tooling only, preventing web-based research requests. This became apparent when Claude couldn't fulfill documentation research in issue #8, showing permission denial messages for WebSearch and WebFetch.

Changes

  • Workflow configuration: Added WebSearch,WebFetch to allowed tools in .github/workflows/claude.yml
  • Configuration format: Separated Go tooling and web access tools into distinct --allowedTools flags using multiline YAML format for better organization
# Before
claude_args: '--allowedTools "Bash(go:*)"'

# After
claude_args: |
  --allowedTools "Bash(go:*)"
  --allowedTools "WebSearch,WebFetch"

Security Context

This is a public repository with no sensitive data. Web tools are significantly less privileged than the existing Bash execution and repository write permissions already granted to Claude.

Validation

  • ✅ YAML syntax validated
  • ✅ actionlint validation passed
Original prompt

This section details on the original issue you should resolve

<issue_title>Considering web access capabilities for Claude in GitHub Actions</issue_title>
<issue_description>The Claude Code GitHub Action currently disables WebSearch and WebFetch tools by default for security reasons. This is an intentional design decision in the claude-code-action where these capabilities are explicitly blocked in "tag mode" (when triggered via @claude mentions).

When attempting to ask Claude for web-based research (see issue danielorbach/go-component#8 comment), Claude cannot fulfill the request because the tools are unavailable. The workflow summary shows:

"Claude requested permissions to use WebSearch, but you haven't granted it yet."
"Claude requested permissions to use WebFetch, but you haven't granted it yet."

Enabling these tools would allow Claude to:

  • Search the web for documentation, best practices, and solutions
  • Fetch content from URLs to analyze documentation or specifications
  • Provide more informed responses to research-oriented requests

Security considerations:

  • WebSearch queries are sent to external search providers
  • WebFetch can retrieve content from arbitrary URLs
  • Both tools could potentially leak context about the repository or queries
  • The action maintainers disabled these by default citing "security"

To enable, the workflow would need:

claude_args: '--allowedTools "Bash(go:*),WebSearch,WebFetch"'

This issue exists to discuss whether enabling web access aligns with this repository's security posture before making any changes.</issue_description>

<agent_instructions>The comment by Claude contains the accepted recommendation.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@danielorbach
Enable WebSearch and WebFetch tools for Claude
659d9e2 
Co-authored-by: danielorbach <49489492+danielorbach@users.noreply.github.com>
Copilot AI changed the title [WIP] Enable web access capabilities for Claude in GitHub Actions Enable WebSearch and WebFetch for Claude workflow Jan 1, 2026
Copilot AI requested a review from danielorbach January 1, 2026 13:57
danielorbach
danielorbach reviewed Jan 1, 2026
View reviewed changes
@danielorbach
Separate Go and web tools into distinct --allowedTools flags
960bd0b 
Co-authored-by: danielorbach <49489492+danielorbach@users.noreply.github.com>
Copilot AI requested a review from danielorbach January 1, 2026 15:29
@danielorbach danielorbach marked this pull request as ready for review January 1, 2026 16:06
@danielorbach danielorbach merged commit de2b650 into main Jan 1, 2026
9 checks passed
@danielorbach danielorbach deleted the copilot/enable-web-access-tools branch January 1, 2026 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@danielorbach danielorbach danielorbach approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@danielorbach danielorbach

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Considering web access capabilities for Claude in GitHub Actions

2 participants

@danielorbach