Security hardening from self-review

- Add author_association allowlist to review job (prevents external
  fork PRs from consuming model serving resources)
- Fix assist job ref: was still pointing to feature branch instead
  of main

Co-authored-by: Isaac

Author: shreyas-goenka

.github/workflows/claude-code.yml

@@ -19,8 +19,13 @@ on:
 
 jobs:
   # Automatic review on PR open. For re-reviews, comment "@claude review".
+  # Restrict to collaborators/members/owners to prevent untrusted users
+  # (e.g. external fork PRs) from consuming model serving resources. See:
+  # https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
   review:
-    if: github.event_name == 'pull_request'
+    if: |
+      github.event_name == 'pull_request' &&
+      contains(fromJson('["COLLABORATOR","MEMBER","OWNER"]'), github.event.pull_request.author_association)
     concurrency:
       group: claude-review-${{ github.event.pull_request.number }}
       cancel-in-progress: true
@@ -101,7 +106,7 @@ jobs:
               owner: 'databricks-eng',
               repo: 'eng-dev-ecosystem',
               workflow_id: 'cli-claude-code.yml',
-              ref: 'add-claude-code-workflow',
+              ref: 'main',
               inputs: {
                 pull_request_number: '${{ steps.pr.outputs.number }}',
                 event_type: 'assist',