DEV Community

shibayu36
shibayu36

Posted on

Solving Claude Code's gh Command Permission Prompts with a Readonly Wrapper

#claude #ai #programming #github

(This is an English translation of my original Japanese article: 日本語版はこちら: https://blog.shibayu36.org/entry/2026/03/09/173000)

When I use gh api from Claude Code to fetch information from GitHub, a permission prompt pops up every single time, which is painful. Even a harmless command like the one below — just listing commits — needs my approval each run.

gh api "repos/anthropics/claude-code/commits?per_page=100&page=1"
Enter fullscreen mode Exit fullscreen mode

Claude Code asking for permission to run gh api

But blanket-allowing gh api for convenience feels scary. The gh command can also do write operations like creating issues or merging PRs, so there's a real risk of unintended changes. I kept thinking: I wish I could allow only readonly operations.

While looking for a workaround, I found that the gh command supports switching profiles via the GH_CONFIG_DIR environment variable. So I used that to set up a dedicated readonly gh profile, wrapped it in a small command called ghro, and allowlisted only that wrapper in Claude Code.

First, create a Fine-grained personal access token on GitHub. Limit the permissions to readonly repository scopes only, and keep things like secret access closed.

Next, authenticate with a separate readonly profile. Changing GH_CONFIG_DIR lets you keep credentials separate from your normal gh.

GH_CONFIG_DIR=~/.config/ghro gh auth login --with-token <<< "<your-token>"
Enter fullscreen mode Exit fullscreen mode

Then create the ghro wrapper script and place it somewhere on your PATH.

#!/bin/sh
GH_CONFIG_DIR=~/.config/ghro exec gh "$@"
Enter fullscreen mode Exit fullscreen mode 
chmod +x ghro
Enter fullscreen mode Exit fullscreen mode

Finally, instruct Claude Code in CLAUDE.md to use ghro. I have it set up like this:

## When fetching information or content from GitHub
- Use the ghro command for readonly access to GitHub information
- Fetch cannot retrieve file contents — use the ghro command instead
- For any write operations, use the gh command instead of ghro
Enter fullscreen mode Exit fullscreen mode

Now readonly operations run without permission prompts, and write operations still go through the regular gh command and properly trigger a permission prompt. By splitting read and write, I can have guardrails and convenience at the same time.

Top comments (0)