workflows: CC: enable reviews and triaging, not DMs

.github/workflows/claude-dm.yml

@@ -24,7 +24,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-      issues: read
+      issues: write
       id-token: write
       actions: read # Required for Claude to read CI results on PRs
 
@@ -39,9 +39,8 @@ jobs:
         uses: anthropics/claude-code-action@v1
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          # Allow external users to trigger Claude assistance via @claude mentions
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          allowed_non_write_users: '*'
+
+          # Security: Only users with write access can trigger (DMs allow code execution)
 
           # This is an optional setting that allows Claude to read CI results on PRs
           additional_permissions: |

.github/workflows/claude-issue-triage.yml

@@ -30,7 +30,7 @@ jobs:
         uses: anthropics/claude-code-action@v1
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-          # Allow external users to trigger Claude assistance on issues
+          # Security: Allow any user to trigger triage (automated issue help is safe)
           github_token: ${{ secrets.GITHUB_TOKEN }}
           allowed_non_write_users: '*'
           # track_progress: true # Enables tracking comments

.github/workflows/claude-pr-review.yml

@@ -39,6 +39,9 @@ jobs:
         uses: anthropics/claude-code-action@v1
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          # Security: Allow any user to trigger reviews (read-only PR analysis is safe)
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          allowed_non_write_users: '*'
           # track_progress: true # Enables tracking comments
 
           # This setting allows Claude to read CI results on PRs