Upgrade Claude Code review to Opus 4.7 with scoped tool permissions

[syed-ahsan-ishtiaque]

Summary

• Upgrades the Claude Code review model from Opus 4.6 to Opus 4.7
• Scopes allowedTools patterns to the current PR number instead of wildcards. This prevents Claude from accidentally posting review comments on other PRs (e.g. previously merged PRs).
• Adds an explicit prompt guardrail telling Claude to only interact with the current PR

Context

On aws-otel-js-instrumentation, a review run for PR #406 accidentally posted 10 review comments on the already-merged PR #391. The cause was the wildcard pattern in allowedTools (repos/*/pulls/*) allowing Claude to post to any PR.

Test plan

• Verify Claude still posts review comments on new PRs
• Verify Claude cannot post to other PRs (by checking only current PR gets comments)

[github-actions]

Claude Code Review - PR #1366

Overall Assessment: No bugs or security issues found. Good security improvement.

This PR correctly addresses the issue where wildcard allowedTools patterns allowed Claude to post review comments on unrelated PRs (as happened with aws-otel-js-instrumentation PR #406 posting to #391).

Changes reviewed:

1. Scoped tool permissions - Replacing wildcard patterns with PR-number-scoped patterns properly restricts the review agent to only interact with the triggering PR. The PR number and repository values are set by GitHub (not user-controlled), so this is safe from injection.

2. Scoped repository - The API path is similarly restricted to the correct repo.

3. Prompt guardrail - The explicit instruction to not interact with any other PR adds defense-in-depth.

4. Model upgrade - Upgrades from Opus 4.6 to Opus 4.7.

LGTM.