GitHub App Permissions Overview
GitHub App Permissions Overview
This document outlines the specific GitHub permissions our app requests and explains why each permission is required for related features to function properly. We follow the principle of least privilege, requesting only the minimum permissions required.
Read-only permissions
| Permission | Usage | Current status |
|---|---|---|
| Code | Required for Code Connect functionality. Reads file names to offer autocompletion and, when a file is selected, reads file contents to suggest component names (when possible) and display its source code. | ✅ Used by Code Connect |
| Metadata | Provides access to basic repository information required during setup and configuration. | ✅ Used for setup |
| Deployments | Future-oriented permission. | 🔄 Used by in-development feature |
Read/write permissions
| Permission | Usage | Current status |
|---|---|---|
| Administration | Enables repository creation and management for exporting Make code to GitHub. | ✅ Used by Figma Make's Push to GitHub |
| Contents | Enables reading and writing of repository contents, including code, configuration files, and other assets. | ✅ Used by Figma Make's Push to GitHub |
| Checks | Enables creation and updating of status checks in pull requests to report mapping and validation results directly in GitHub’s PR interface. | 🔄 Used by in-development feature |
| Commit statuses | Allows reading existing commit statuses and creating new ones; used to reflect whether repository mappings are valid or require attention. | 🔄 Used by in-development feature |
| Pull requests | Read PR details, changed files, and metadata; add comments with mapping results and support PR-related automation. | 🔄 Used by in-development feature |
Changelog
- 2025-10-08
- Updated read/write permissions to include Administration and Contents required for Figma Make's Push to GitHub feature.
- Updated descriptions for other permissions to clarify their usage.