From cd5e782232592e815dabfd20cf90638024077560 Mon Sep 17 00:00:00 2001
From: Brian Love <brian@liveloveapp.com>
Date: Thu, 18 Jun 2026 19:28:10 -0700
Subject: [PATCH] ci(claude-review): grant id-token: write so the review bot
 can fetch its OIDC token

The advisory PR-review bot (anthropics/claude-code-action, track_progress) has
failed on every run with 'Could not fetch an OIDC token. Did you remember to add
id-token: write'. The job had contents:read + pull-requests:write but not
id-token:write. Add it so the action can authenticate its comment posting.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---
 .github/workflows/claude-review.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index 295ed579..40c5e300 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -19,6 +19,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
+      id-token: write # claude-code-action fetches an OIDC token to auth its comment posting
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2