Add checks/statuses read permissions to Claude workflow

[justin808]

Applies the workflow update from shakacode/react_on_rails#2487:

• add checks: read and statuses: read to job permissions
• pass github_token: ${{ github.token }} to anthropics/claude-code-action
• add checks: read and statuses: read to additional_permissions

Admin merge requested to keep rollout fast across repos.

---

Note

Low Risk
Low risk workflow-only change that broadens the GitHub token’s read permissions (checks/statuses) so the Claude action can query CI results.

Overview
Updates the Claude Code GitHub Actions workflow to allow Claude to read CI check/status information.

Adds checks: read and statuses: read to the job permissions and additional_permissions, and passes github_token: ${{ github.token }} into anthropics/claude-code-action@v1 so it can access those GitHub APIs.

^{Written by Cursor Bugbot for commit 98e8143. Configure here.}

[coderabbitai]

Warning

Rate limit exceeded

@justin808 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 9 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 31e8c2f and 98e8143.

📒 Files selected for processing (1)

• .github/workflows/claude.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/apply-claude-yml-permissions-20260301

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Review: Add checks/statuses read permissions to Claude workflow. This is a minimal, well-scoped change. The new permissions (checks: read, statuses: read) are read-only, following least privilege. Adding github_token makes the token flow explicit. The permissions appear at both job level and in additional_permissions, mirroring the existing actions: read pattern. One pre-existing observation: the job only grants read access to pull-requests and issues - if Claude needs to post comments it may need write access, though the action may route writes through the Claude OAuth token. Overall: low-risk, correct change with no security concerns.

[greptile-apps]

Greptile Summary

Adds read-only permissions (checks: read, statuses: read) to the Claude Code workflow so the action can query CI check results and status information. The changes include:

• Added checks: read and statuses: read to job-level permissions
• Passed github_token: ${{ github.token }} to the anthropics/claude-code-action step
• Added both permissions to the additional_permissions configuration

These are read-only permissions with no security concerns. The change follows the pattern from react_on_rails#2487 and enables Claude to provide better context-aware assistance by accessing CI results.

Confidence Score: 5/5

• This PR is safe to merge with no risk
• The changes only add read-only GitHub Actions permissions and pass the standard workflow token to the action. No code logic is modified, and all permissions are minimal and appropriate for the intended functionality. The pattern has been validated in another repository.
• No files require special attention

Important Files Changed

Filename	Overview
.github/workflows/claude.yml	Adds read-only checks and statuses permissions to allow Claude to query CI results, passes github_token to action

_{Last reviewed commit: 98e8143}