ci: skip claude-code-review on fork PRs

The CLAUDE_CODE_OAUTH_TOKEN secret is not available in fork-PR
contexts (GitHub security model), so the action always fails
on PRs from raifdmueller/vibe-coding-risk-radar.

For fork PRs, CodeRabbit already provides AI review automatically,
and @claude mentions (via claude.yml, event-triggered) still work
on demand.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: raifdmueller

.github/workflows/claude-code-review.yml

@@ -12,11 +12,11 @@ on:
 
 jobs:
   claude-review:
-    # Optional: Filter by PR author
-    # if: |
-    #   github.event.pull_request.user.login == 'external-contributor' ||
-    #   github.event.pull_request.user.login == 'new-developer' ||
-    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+    # Skip on fork PRs — the CLAUDE_CODE_OAUTH_TOKEN secret is not
+    # available in fork-PR contexts (GitHub security model), so the
+    # action would fail. For fork PRs, CodeRabbit provides AI review
+    # and @claude mentions (via claude.yml) still work on demand.
+    if: github.event.pull_request.head.repo.full_name == github.repository
 
     runs-on: ubuntu-latest
     permissions:
@@ -41,4 +41,3 @@ jobs:
           prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
           # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
           # or https://code.claude.com/docs/en/cli-reference for available options
-