[FEATURE] Scoped GitHub API proxy for sandbox — enable issue reading & PR creation from iOS/Desktop
Problem
When using Claude Code from iOS or Claude Desktop (cloud sandbox environment), there is no way to interact with the GitHub API — Claude cannot read issues, create PRs, or list PR comments.
The gh CLI is not installed in the sandbox container, cannot be reliably installed (network restrictions), and even if installed, has no authentication token available. The existing git proxy at 127.0.0.1:<port> only supports git operations (/git/ path prefix) and returns "Invalid path format" for any API call.
This is a significant regression in usability. A few months ago (Nov-Dec 2025), this workflow was functional in Claude Desktop on iOS.
Broken Workflow
My (and likely many users') workflow is:
- Write detailed issue specs on GitHub with implementation steps, file lists, architecture decisions
- From my iPhone/iPad, open Claude Desktop → select the repo → tell Claude to work on issue #X
- Claude reads the issue, creates a branch, implements the feature, pushes code
- I review the PR from GitHub on my phone
Steps 1 and 4 work. Steps 2-3 are completely broken because Claude cannot read the issue content or create a PR from the sandbox. Claude tries gh issue view, gets "command not found", then spends 10+ tool calls trying to install gh, configure auth, use curl, hit the proxy — all failing. It never gets to the actual work.
This is the core value proposition of mobile Claude Code: delegate coding tasks on the go and review results later. Without GitHub API access in the sandbox, this workflow is dead.
Current Behavior
$ gh issue view 5
/bin/bash: line 1: gh: command not found
$ curl -s "http://local_proxy@127.0.0.1:46958/api/repos/owner/repo/issues/5"
Invalid path format
$ curl -s "https://api.github.com/repos/owner/repo/issues/5"
{ "message": "Not Found" } # Private repo, no auth token available
Proposed Solution: Scoped GitHub API Proxy
Extend the existing git proxy to support scoped GitHub API operations on the current repository only. The same security model used for git (scoped credentials, never exposed to the sandbox) can apply to the API:
Allowed operations (scoped to current repo only):
- Read issues:
GET /repos/{owner}/{repo}/issues/{number} - List issues:
GET /repos/{owner}/{repo}/issues - Read issue comments:
GET /repos/{owner}/{repo}/issues/{number}/comments - Create PR:
POST /repos/{owner}/{repo}/pulls - Read PRs:
GET /repos/{owner}/{repo}/pulls/{number} - Read PR comments:
GET /repos/{owner}/{repo}/pulls/{number}/comments - Read PR files:
GET /repos/{owner}/{repo}/pulls/{number}/files
NOT allowed (preserving security):
- Access to other repos
- Repo settings, secrets, webhooks
- Organization-level operations
- Destructive operations (delete branches, close issues, etc. — unless explicitly scoped)
This follows the same principle of least privilege as the existing git proxy: the sandbox gets exactly the API access it needs for the current repo, nothing more. The GitHub token stays outside the sandbox.
Alternative Solutions
- Pre-install
ghin the sandbox image and expose a repo-scoped token viaGH_TOKENenv var - Add a built-in Claude Code tool for GitHub operations (not relying on
ghCLI) - Route
ghAPI calls through the existing proxy transparently
Environment
- Claude Desktop on iOS (cloud sandbox only, no local environment option)
- Claude Desktop on macOS in "Default" mode (sandbox)
- Affects any user without a local machine (iPad-only developers, mobile workflows)
Related Issues
- #11139 — Claude Code Web Cannot Use gh CLI Commands (30 upvotes)
- #10998 — Add native GitHub Issues integration (17 upvotes)
- #14059 — GitHub CLI Support for iOS Claude Code (6 upvotes)
- #12224 — Claude Code defaults to gh CLI instead of alternatives (closed not planned)
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗