Use allowlist for author_association, point --ref to main

- Switch author_association from denylist (!= NONE) to allowlist
  (COLLABORATOR, MEMBER, OWNER) for defense in depth.
- Point workflow dispatch --ref to main (eng-dev-ecosystem PR will
  be merged first).

See: https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/

Co-authored-by: Isaac

Author: shreyas-goenka

.github/workflows/claude-code.yml

@@ -45,17 +45,20 @@ jobs:
         run: |
           gh workflow run cli-claude-code.yml \
             -R databricks-eng/eng-dev-ecosystem \
-            --ref add-claude-code-workflow \
+            --ref main \
             -F pull_request_number=${{ github.event.pull_request.number }} \
             -F event_type=review
         env:
           GH_TOKEN: ${{ steps.token.outputs.token }}
 
   # Interactive @claude mentions (PRs only, trusted authors only).
+  # Restrict to collaborators/members/owners to prevent untrusted users from
+  # triggering Claude with write access to the repo. See:
+  # https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
   assist:
     if: |
       github.event.comment.user.type != 'Bot' &&
-      github.event.comment.author_association != 'NONE' &&
+      contains(fromJson('["COLLABORATOR","MEMBER","OWNER"]'), github.event.comment.author_association) &&
       (
         (github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '@claude')) ||
         (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude'))