GitHub App Permissions Overview
GitHub App Permissions Overview
This document outlines the specific GitHub permissions our app requests and explains why each permission is necessary for Code Connect to function properly. We follow the principle of least privilege, requesting only the minimum permissions required.
All permissions are transparently explained below, with clear reasoning for each access level.
Read-only permissions
| Permission | Usage | Current status |
|---|---|---|
| Code | Required for Code Connect functionality. Reads file names to offer autocompletion and, when a file is selected, reads file contents to suggest component names (when possible) and display its source code. | ✅ Used by Code Connect |
| Deployments | Future-oriented permission. | 🔄 Used by in-development feature |
| Metadata | Provides access to basic repository information required during setup and configuration. | ✅ Used for setup |
Read/write permissions
| Permission | Usage | Current status |
|---|---|---|
| Checks | Enables creation and updating of status checks in pull requests to report mapping and validation results directly in GitHub’s PR interface. | 🔄 Used by in-development feature |
| Commit statuses | Allows reading existing commit statuses and creating new ones; used to reflect whether repository mappings are valid or require attention. | 🔄 Used by in-development feature |
| Pull requests | Read PR details, changed files, and metadata; add comments with mapping results and support PR-related automation. | 🔄 Used by in-development feature |