[BUG] /install-github-app generates workflows with incorrect read-only permissions
Bug Description
The /install-github-app command generates GitHub workflow files with read-only permissions that cause Claude to fail with permission errors. The generated templates need to be manually corrected to use write permissions for proper functionality.
Environment
- Claude Code CLI Version: 1.0.115 (latest as of Sept 16, 2025)
- Installation method: npm
- Platform: macOS Darwin
Current Behavior
When running /install-github-app, the generated workflow files contain:
permissions:
contents: read
pull-requests: read
issues: read
id-token: write
This causes Claude to encounter permission errors when attempting to:
- Create or update pull request comments
- Push commits to branches
- Update issue comments
Expected Behavior
Based on the official documentation and the current examples in the claude-code-action repository, the permissions should be:
permissions:
contents: write
pull-requests: write
issues: write
id-token: write
Supporting Evidence
- Official Documentation: The GitHub Actions setup documentation at https://docs.anthropic.com/en/docs/claude-code/github-actions shows write permissions for all three scopes.
- claude-code-action Repository: As of Sept 2, 2025, the official example at examples/claude.yml uses write permissions (commit a6ca653).
- PR Review Examples: All PR review workflow examples in the claude-code-action repository use the correct permissions structure.
Reproduction Steps
- Install Claude Code CLI version 1.0.115
- Run
/install-github-appcommand - Follow the installation process for any repository
- Examine the generated
.github/workflows/claude.ymland.github/workflows/claude-code-review.ymlfiles - Observe that permissions are set to
readinstead ofwrite
Impact
Users must manually edit the workflow files after installation to correct the permissions, otherwise Claude will fail with permission errors when attempting to perform its intended functions.
Potential Fix
The template generation code in the CLI should be updated to match the permissions shown in the official documentation and the claude-code-action examples.
Additional Context
I noticed that PR #314 in the claude-code-action repository attempted to address this in July 2025 but was closed without merging. The examples were eventually updated in September 2025, but it appears the CLI templates haven't been synchronized with these changes.
Please let me know if additional information would be helpful or if there's a specific reason for the read-only permissions that I may have overlooked.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗