From 99c18f99651594a9771d9c57038c5478ca32b237 Mon Sep 17 00:00:00 2001
From: chrisghill <chris@massdriver.cloud>
Date: Mon, 16 Mar 2026 22:07:04 -0600
Subject: [PATCH] Give Claude write permission so it can write to the PR

---
 .github/workflows/claude-code-review.yml |  4 ++--
 .github/workflows/claude.yml             |  6 +++---
 .github/workflows/release.yaml           | 18 ++++++++++++++++++
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
index 25f4ad18..e8609932 100644
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -21,8 +21,8 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      pull-requests: read
-      issues: read
+      pull-requests: write
+      issues: write
       id-token: write
 
     steps:
diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
index 9471a059..f0ec25d4 100644
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -19,9 +19,9 @@ jobs:
       (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
     runs-on: ubuntu-latest
     permissions:
-      contents: read
-      pull-requests: read
-      issues: read
+      contents: write
+      pull-requests: write
+      issues: write
       id-token: write
       actions: read # Required for Claude to read CI results on PRs
     steps:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c7b18525..4a835d19 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -7,6 +7,7 @@ on:
 
 permissions:
   contents: write
+  id-token: write
 
 jobs:
   goreleaser:
@@ -26,3 +27,20 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  release-notes:
+    runs-on: ubuntu-latest
+    needs: goreleaser
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          prompt: |
+            Generate release notes for the tag ${{ github.ref_name }}.
+            Use `git log` to find all commits since the previous tag.
+            Format the release notes in markdown with sections for Features, Bug Fixes, and Improvements (omit empty sections).
+            Use the `gh release edit ${{ github.ref_name }}` command to update the GitHub release body with the generated notes.