From 27269be7bf314d5d71f9513f6619dc5b99e572da Mon Sep 17 00:00:00 2001 From: Nicholai Date: Thu, 12 Feb 2026 16:22:53 -0700 Subject: [PATCH] fix(ci): grant write permissions to Claude GitHub Action (#74) Update workflow permissions to allow Claude to create branches, push commits, and create PRs when tagged in issues or comments. - contents: write - create branches and push commits - pull-requests: write - create PRs and comments - issues: write - update issue comments Co-authored-by: Nicholai --- .github/workflows/claude.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index d300267..9f4c66e 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -19,11 +19,11 @@ jobs: (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) runs-on: ubuntu-latest permissions: - contents: read - pull-requests: read - issues: read - id-token: write - actions: read # Required for Claude to read CI results on PRs + contents: write # Create branches and push commits + pull-requests: write # Create PRs and comments + issues: write # Update issue comments + id-token: write # OIDC authentication + actions: read # Read CI results steps: - name: Checkout repository uses: actions/checkout@v4 @@ -36,8 +36,11 @@ jobs: with: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - # This is an optional setting that allows Claude to read CI results on PRs + # Permissions passed to Claude for repository operations additional_permissions: | + contents: write + pull-requests: write + issues: write actions: read # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.