diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml
index d529936..0546e22 100644
--- a/.github/workflows/code-review.yml
+++ b/.github/workflows/code-review.yml
@@ -11,9 +11,11 @@ on:
         required: false
 
 permissions:
+  actions: read
   contents: read
-  pull-requests: write
   id-token: write
+  issues: write
+  pull-requests: write
 
 concurrency:
   group: claude-review-${{ github.event.pull_request.number || github.run_id }}
@@ -44,6 +46,10 @@ jobs:
             Analyze the diff in the context of the full codebase.
             Post your findings as review comments on the specific lines where issues are found.
             Follow the guidelines in REVIEW.md if present.
-          claude_args: "--max-turns 5"
+          claude_args: |
+            --model opus
+            --max-turns 5
+            --allowedTools "WebSearch,WebFetch,mcp__github_inline_comment__create_inline_comment,Bash(gh api:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr checks:*),Bash(git log:*),Bash(git blame:*),Bash(git diff:*),"
         env:
-          ANTHROPIC_BASE_URL: ${{ secrets.ANTHROPIC_BASE_URL }}
+          ANTHROPIC_BASE_URL: ${{ vars.ANTHROPIC_BASE_URL }}
+          ANTHROPIC_CUSTOM_HEADERS: '{"anthropic-beta": "context-1m-2025-08-07,interleaved-thinking-2025-05-14"}'