fix(ci): grant write permissions to Claude GitHub Action (#74)

Update workflow permissions to allow Claude to create branches,
push commits, and create PRs when tagged in issues or comments.

- contents: write - create branches and push commits
- pull-requests: write - create PRs and comments
- issues: write - update issue comments

Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>

.github/workflows/claude.yml

@@ -19,11 +19,11 @@ jobs:
       (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write      # Create branches and push commits
-      pull-requests: read
+      pull-requests: write # Create PRs and comments
-      issues: read
+      issues: write        # Update issue comments
-      id-token: write
+      id-token: write      # OIDC authentication
-      actions: read # Required for Claude to read CI results on PRs
+      actions: read        # Read CI results
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -36,8 +36,11 @@ jobs:
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
 
-          # This is an optional setting that allows Claude to read CI results on PRs
+          # Permissions passed to Claude for repository operations
           additional_permissions: |
+            contents: write
+            pull-requests: write
+            issues: write
             actions: read
 
           # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.