Claude Code Action 1.0.142 Ships Fable 5 Into CI, Where Model Upgrades Need Change Control
Claude Code Action 1.0.142 is the kind of release that looks harmless in a dependency dashboard and deserves a change-control note anyway. The GitHub Action bumps Claude Code to 2.1.170 and the Claude Agent SDK to 0.3.170. On paper, that is one chore commit across six files. In practice, it moves Claude Fable 5 access into the GitHub workflow surface where models read pull requests, inspect repositories, post comments, and sometimes operate with write permissions.
The release was published on June 9, 2026 at 17:29 UTC, minutes after Claude Code 2.1.170. The compare from v1.0.141 to v1.0.142 showed a single commit, 11ba6048, with the message: “chore: bump Claude Code to 2.1.170 and Agent SDK to 0.3.170.” During research, the anthropics/claude-code-action repository had roughly 7,927 stars, 1,888 forks, and 578 open issues. None of those numbers tell you whether to upgrade. The important fact is what 2.1.170 brings with it: Fable 5 access, plus a fix for transcript saving and --resume visibility when sessions launch from VS Code terminals or shells inheriting Claude Code environment variables.
Local Claude Code gaining a stronger model is a productivity story. Claude Code Action gaining the same runtime is a governance story. CI is where untrusted prose, repository state, workflow tokens, comments, logs, issue events, and automation permissions meet. A more capable model can produce better reviews and solve harder code-modification tasks. It can also make the automation more valuable to attack, more expensive to run accidentally, and more important to observe.
Fable in CI is not just a better reviewer
Anthropic positions Fable 5 as a generally available Mythos-class model, with pricing at $10 per million input tokens and $50 per million output tokens, a 1 million-token context window, and safeguard behavior that falls back to Opus 4.8 for certain cyber, bio/chemistry, or distillation requests. In a developer terminal, that makes Fable a high-end option for hard work. In CI, it becomes a routed capability inside an automation system. The distinction matters.
A pull request review bot may read code written by a trusted teammate. It may also read text from a fork, issue comment, or external contributor who is explicitly trying to influence the bot. A code-modification job may run on a protected branch after human approval, or it may run too eagerly because a label or mention triggered a workflow. A model upgrade changes what the agent can infer, how well it can follow complex instructions, and how attractive it is to use on broader tasks. Capability is not neutral when the runtime has permissions.
Microsoft’s June 5 security case study remains the right threat-model backdrop. The issue it described was not “AI bad” in the abstract. It was a composition failure: untrusted GitHub content, model-followed instructions, tool access, environment variables, and output channels. One prompt-injection path in Claude Code GitHub Action could expose workflow secrets through /proc/self/environ; Anthropic mitigated that specific issue in Claude Code 2.1.128 after Microsoft reported it on April 29 and mitigation landed May 5. The lesson was not limited to one path. It was that CI agents collapse content, code, and control plane into the same runner.
That lesson gets sharper with Fable. A stronger model may be better at refusing bad instructions, but it may also be better at using whatever capabilities the workflow grants. Security does not come from the model being “smart.” It comes from restricting what the runner can see, which tools it can call, which tokens it receives, and where outputs can go. Logs, PR comments, job summaries, artifacts, WebFetch, and MCP servers can all become exfiltration paths if the workflow is carelessly composed.
Runtime bumps need an owner
The dangerous habit is treating action bumps as janitorial. For a normal GitHub Action, a dependency bump might update a Node package or fix an install path. For Claude Code Action, the embedded runtime defines model availability, tool behavior, permission handling, transcript behavior, and sometimes cost profile. The release after 1.0.141 is not just “newer than yesterday.” It changes the highest-capability public model available to the action path.
That means teams should pin versions intentionally. Floating tags are convenient until they turn model upgrades into surprise production changes. If you allow floating versions, log the resolved Claude Code and Agent SDK versions in every run. If you pin exact versions, create an explicit review process for upgrades, especially when the paired Claude Code release touches model routing, permissions, MCP behavior, transcript persistence, or security fixes. Either path is defensible. Pretending the bot is just a script is not.
Cost visibility deserves the same treatment. Fable-priced CI runs can be rational for high-value tasks: deep review on trusted branches, migration assistance after human approval, spec conformance checks, or security review with bounded scope. They are harder to justify for every typo fix, drive-by issue comment, or noisy PR. If the action can route to Fable, label those runs. Track token usage by workflow, repository, trigger type, and model. Put cost summaries where developers will see them, not only in a billing dashboard after the damage is done.
The transcript fix from Claude Code 2.1.170 is more than a local UX patch. Agentic CI needs durable evidence. If a bot reviews code, suggests a patch, fails a job, retries, or comments on a PR, the organization needs a transcript of what it saw and did. Session persistence is part of auditability. A disappearing transcript is not just inconvenient; it makes incident review and trust calibration harder.
For builders, the checklist is not exotic. Pin Claude Code Action versions or record resolved runtime versions. Keep GITHUB_TOKEN read-only by default. Split triage/comment workflows from code-modifying workflows. Do not expose secrets to jobs triggered by forks or untrusted users. Restrict allowed tools and MCP servers. Treat workflow logs, job summaries, PR comments, artifacts, and external fetches as possible output channels. Start Fable in CI on bounded, trusted, high-value jobs before letting it react to the internet with repo permissions.
The release is small because the diff is small. The blast radius is not. Claude Code Action 1.0.142 puts Anthropic’s newest public model on the robot that may have access to your repository. That can be excellent engineering leverage. It just deserves the same adult supervision as every other piece of CI infrastructure with credentials and write paths.
Sources: Anthropic Claude Code Action v1.0.142 GitHub release, Claude Code v2.1.170 release, Claude Code Action compare v1.0.141...v1.0.142, Claude Code GitHub Actions docs, Microsoft security case study