Describe the bug

After PR #1132 was merged (commit 32156b1), git fetch fails with authentication error when allowed_non_write_users is configured. The new credential helper approach sets GH_TOKEN in the Node.js process env, but the subprocess env scrub (CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1), which is automatically enabled when allowed_non_write_users is set, strips GH_TOKEN from subprocess environments — making the credential helper unable to authenticate.

The root cause is in git-config.ts: when ALLOWED_NON_WRITE_USERS is truthy, the action uses a credential helper that reads $GH_TOKEN at auth time. But CLAUDE_CODE_SUBPROCESS_ENV_SCRUB (auto-set to 1 by the same condition) removes GH_TOKEN from subprocess environments, so git fetch via the credential helper fails.

To Reproduce

1. Configure workflow with allowed_non_write_users: '*'
2. Open a PR from a non-write user
3. Action triggers, credential helper is configured successfully
4. Action attempts git fetch origin <branch> --depth=1 to restore .claude, .mcp.json, etc.
5. fatal: Authentication failed — credential helper returns empty password because $GH_TOKEN is scrubbed

Expected behavior

git fetch should succeed using the credential helper, as it did before PR #1132 when the token was embedded directly in the remote URL.

Screenshots

Configuring git credential helper...
✓ Configured credential helper
Git authentication configured successfully
Installing Claude Code v2.1.89...
✅ Installation complete!
Claude Code installed successfully
Restoring .claude, .mcp.json, .claude.json, .gitmodules, .ripgreprc from origin/master (PR head is untrusted)
remote: Invalid username or token. Password authentication is not supported for Git operations.
fatal: Authentication failed for 'https://github.com/<org>/<repo>.git/'
Error: Action failed with error: Command failed: git fetch origin master --depth=1
Error: Process completed with exit code 1.

Workflow yml file

name: Claude PR Action

permissions:
  contents: write
  pull-requests: write
  issues: write
  id-token: write
  actions: read

on:
  pull_request:
    types: [opened, synchronize, ready_for_review, reopened]
  issue_comment:
    types: [created]

jobs:
  claude:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: anthropics/claude-code-action@v1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          allowed_non_write_users: '*'
          trigger_phrase: "@claude"
          use_vertex: "true"

API Provider

• GCP Vertex

Additional context

• This started immediately after PR Add subprocess isolation setup and git credential helper #1132 (merged Mar 31, 2026) was picked up via @v1
• Pinning to parent commit 7225f04 (before Add subprocess isolation setup and git credential helper #1132) resolves the issue
• The conflict: allowed_non_write_users != '' triggers both the credential helper path in git-config.ts AND sets CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 — these two features are incompatible since the credential helper needs GH_TOKEN in the subprocess env
• Possible fix: exempt GH_TOKEN from env scrub, or fall back to URL-embedded token for the action's own git fetch operations (not Claude's subprocesses)