[BUG] /install-github-app generates workflows with incorrect read-only permissions

Resolved 💬 2 comments Opened Sep 16, 2025 by adriangilliam Closed Oct 6, 2025

Bug Description

The /install-github-app command generates GitHub workflow files with read-only permissions that cause Claude to fail with permission errors. The generated templates need to be manually corrected to use write permissions for proper functionality.

Environment

  • Claude Code CLI Version: 1.0.115 (latest as of Sept 16, 2025)
  • Installation method: npm
  • Platform: macOS Darwin

Current Behavior

When running /install-github-app, the generated workflow files contain:

permissions:
  contents: read
  pull-requests: read
  issues: read
  id-token: write

This causes Claude to encounter permission errors when attempting to:

  • Create or update pull request comments
  • Push commits to branches
  • Update issue comments

Expected Behavior

Based on the official documentation and the current examples in the claude-code-action repository, the permissions should be:

permissions:
  contents: write
  pull-requests: write
  issues: write
  id-token: write

Supporting Evidence

  1. Official Documentation: The GitHub Actions setup documentation at https://docs.anthropic.com/en/docs/claude-code/github-actions shows write permissions for all three scopes.
  1. claude-code-action Repository: As of Sept 2, 2025, the official example at examples/claude.yml uses write permissions (commit a6ca653).
  1. PR Review Examples: All PR review workflow examples in the claude-code-action repository use the correct permissions structure.

Reproduction Steps

  1. Install Claude Code CLI version 1.0.115
  2. Run /install-github-app command
  3. Follow the installation process for any repository
  4. Examine the generated .github/workflows/claude.yml and .github/workflows/claude-code-review.yml files
  5. Observe that permissions are set to read instead of write

Impact

Users must manually edit the workflow files after installation to correct the permissions, otherwise Claude will fail with permission errors when attempting to perform its intended functions.

Potential Fix

The template generation code in the CLI should be updated to match the permissions shown in the official documentation and the claude-code-action examples.

Additional Context

I noticed that PR #314 in the claude-code-action repository attempted to address this in July 2025 but was closed without merging. The examples were eventually updated in September 2025, but it appears the CLI templates haven't been synchronized with these changes.

Please let me know if additional information would be helpful or if there's a specific reason for the read-only permissions that I may have overlooked.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗