diff --git a/.claude/settings.json b/.claude/settings.json
deleted file mode 100644
index 9d82c6ccfb..0000000000
--- a/.claude/settings.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  "allowedTools": [
-    "Bash(gh pr view:*)",
-    "Bash(gh pr diff:*)",
-    "Bash(gh pr comment:*)",
-    "Bash(gh api:*)",
-    "Bash(gh search code:*)",
-    "Bash(cat:*)",
-    "Bash(ls:*)",
-    "Bash(grep:*)",
-    "Bash(python3:*)",
-    "Bash(git:*)"
-  ]
-}
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
index 729e98f267..a740392b1d 100644
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -10,68 +10,74 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-      issues: read
+      issues: write
       actions: read
       id-token: write
 
     steps:
-      - name: Checkout PR head (fork)
+      # IMPORTANT: checkout BASE repo only (safe on forks)
+      - name: Checkout base repo (safe)
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 1
 
       - name: Run Claude Code Review
-        id: claude-review
         uses: anthropics/claude-code-action@v1
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           github_token: ${{ github.token }}
 
-          plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
-          plugins: 'code-review@claude-code-plugins'
+          plugin_marketplaces: "https://github.com/anthropics/claude-code.git"
+          plugins: "code-review@claude-code-plugins"
 
           claude_args: >
-            --dangerouslyDisableSandbox
+            --dangerously-skip-permissions
             --max-turns 10
             --allowedTools
             "Bash(gh pr view:*)"
             "Bash(gh pr diff:*)"
             "Bash(gh pr comment:*)"
-            "Bash(gh api repos/*/pulls/*:*)"
-            "Bash(gh api repos/*/issues/*/comments:*)"
+            "Bash(gh pr list:*)"
+            "Bash(gh pr status:*)"
+            "Bash(gh issue comment:*)"
+            "Bash(gh api:*)"
             "Bash(cat:*)"
             "Bash(ls:*)"
             "Bash(grep:*)"
             "Bash(find:*)"
+            "Bash(sed:*)"
+            "Bash(awk:*)"
+            "Bash(head:*)"
+            "Bash(tail:*)"
+            "Bash(wc:*)"
+            "Bash(sort:*)"
+            "Bash(uniq:*)"
+            "Bash(cut:*)"
+            "Bash(xargs:*)"
+            "Bash(jq:*)"
+            "Bash(python3:*)"
 
           prompt: |
-            /code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}
+            You are running in pull_request_target. DO NOT execute or inspect the fork's checked-out code.
+            Review ONLY via GitHub API/gh commands.
 
-            Always use the numeric PR form with --repo, e.g.:
-            - gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...
-            - gh pr diff ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...
-            - gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} ...
+            Always use numeric PR form with --repo:
+            - gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --json files,title,body
+            - gh pr diff ${{ github.event.pull_request.number }} --repo ${{ github.repository }}
+
+            If CLAUDE.md exists in the base repo checkout, read it with:
+            - cat CLAUDE.md
+            Prefer jq/python3 for JSON parsing instead of shell loops.
 
             Output requirements (even if no issues):
-            - Start with: files changed count + list up to 15 changed file paths
-            - Then: a short summary of what the PR changes (3–6 bullets)
-            - Then: findings:
-              - If issues: list them with file path + line numbers when possible
-              - If no issues: list at least 3 concrete "improvement opportunities" with file paths
+            - Files changed count + list up to 15 file paths
+            - Summary (3–6 bullets)
+            - Findings:
+              - If issues: include file + line numbers when possible
+              - If no issues: at least 3 concrete improvement opportunities with file paths
 
-            Post the results as ONE top-level PR comment titled "Claude Code Review".
-            If you cannot access the diff/files, say exactly what is blocked.
+            Post ONE top-level PR comment titled "Claude Code Review".
             If posting a PR comment is blocked, write the full review to the GitHub Actions job summary instead.
 
-            IMPORTANT:
-            - Do NOT stop just because a previous "Claude Code Review" comment exists.
-            - If a prior Claude review exists, post a NEW comment titled "Claude Code Review (updated)" that includes:
-              - current head SHA: ${{ github.event.pull_request.head.sha }}
-              - files changed count + up to 15 file paths
-              - 3–6 bullet summary of changes
-              - findings or at least 3 improvement opportunities with file paths
-            Post as ONE top-level PR comment.
-
           additional_permissions: |
             actions: read