fix(claude): add write permissions for code changes and comments #17
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Security & verification improvements (best practice for 2025): - GitHub Artifact Attestations for crate package and all binaries - SLSA Build Level 2 compliance - SHA256 checksums for all release artifacts - Cryptographic proof artifacts came from GitHub Actions - Users can verify with: gh attestation verify <artifact> Enterprise Cloud feature - no GPG keys needed, automatic signing.
- Add contents: write for Claude to make code changes and commits - Add pull-requests: write for Claude to comment on PRs - Add issues: write for Claude to comment on issues Addresses review feedback about missing permissions.
Automatically creates and updates 'latest' tag on each release:
- Git tag 'latest' always points to newest release
- GitHub Release 'latest' with installation instructions
- Includes Mix (Elixir) dependency examples
- Binary download examples for all platforms
Usage in mix.exs:
{:singularity_language_registry, git: "...", tag: "latest"}
Download binary:
curl -L .../releases/download/latest/...-linux-x64.tar.gz
Covers all installation methods: - Mix (Elixir) dependencies with latest/pinned versions - Pre-built binaries for all platforms (Linux, macOS, Windows) - Checksum verification - Artifact attestation verification - Rust Cargo.toml usage - Troubleshooting common issues Users can now easily integrate via Mix or download binaries.
Added prominent link to INSTALLATION.md with Mix and binary instructions.
When Renovate merges dependency updates with version bumps: **Flow:** 1. Renovate creates PR to development with version bump (0.1.0 → 0.1.1) 2. PR auto-merges (if patch update) 3. Auto-release workflow detects version change 4. Creates PR from development → main with changelog 5. When main PR merges, auto-release tags and triggers release workflow 6. Release workflow builds artifacts, creates GitHub Release, updates 'latest' tag **Result:** - Dependency updates automatically trigger 0.1.x patch releases - Security fixes get immediate releases - All releases include attestations, checksums, binaries No manual intervention needed for routine dependency updates!
AGENTS.md is now part of the distributed crate package: - Users get AI/LLM documentation with the library - No longer duplicated in release-artifacts - Part of the core documentation alongside README Updated release summary to clarify what's in crate vs release reports.
All three engines now use GitHub git dependencies with version tags: - analysis-engine: fixed (commit 595cdf7) - linting-engine: fixed (commit 7f9342f) - parsing-engine: already correct, needs duplicate removal Renovate will now create PRs when registry updates. Created migration guide for parsing-engine to remove duplicate language_registry.rs file (777 lines).
mikkihugo
approved these changes
Nov 12, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Analyzing changes...
Commits:
Changed Files:
.github/workflows/claude.yml | 6 +++---
.github/workflows/release.yml | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+), 3 deletions(-)
Detailed Changes: