diff --git a/.github/workflows/claude-executor.yml b/.github/workflows/claude-executor.yml
index c2e1ac3..cf1e593 100644
--- a/.github/workflows/claude-executor.yml
+++ b/.github/workflows/claude-executor.yml
@@ -67,6 +67,11 @@ on:
         required: false
         type: string
         default: 'us-east-1'
+      allowed_bots:
+        description: 'Comma-separated bot usernames allowed to trigger the action, or "*" for all bots. Defaults to "claude" so the Claude Code GitHub App can trigger reviews; pass "" to block all bots.'
+        required: false
+        type: string
+        default: 'claude'
     secrets:
       ANTHROPIC_API_KEY:
         description: 'Anthropic API key — required when provider=anthropic-api, ignored otherwise'
@@ -185,6 +190,7 @@ jobs:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           prompt: ${{ inputs.prompt }}
           claude_args: ${{ steps.args.outputs.composed }}
+          allowed_bots: ${{ inputs.allowed_bots }}
           use_sticky_comment: "true"
           track_progress: "true"
 
@@ -197,6 +203,7 @@ jobs:
           use_bedrock: "true"
           prompt: ${{ inputs.prompt }}
           claude_args: ${{ steps.args.outputs.composed }}
+          allowed_bots: ${{ inputs.allowed_bots }}
           use_sticky_comment: "true"
           track_progress: "true"
         env:
diff --git a/.github/workflows/claude-orchestrator.yml b/.github/workflows/claude-orchestrator.yml
index b2f98e7..3487706 100644
--- a/.github/workflows/claude-orchestrator.yml
+++ b/.github/workflows/claude-orchestrator.yml
@@ -82,6 +82,11 @@ on:
         required: false
         type: string
         default: ''
+      allowed_bots:
+        description: 'Comma-separated bot usernames allowed to trigger the action, or "*" for all bots. Defaults to "claude" so the Claude Code GitHub App can trigger reviews; pass "" to block all bots. Applies to the Anthropic path only.'
+        required: false
+        type: string
+        default: 'claude'
     secrets:
       ANTHROPIC_API_KEY:
         description: 'Anthropic API key — required only when using the direct Anthropic API path (model_id empty)'
@@ -186,6 +191,7 @@ jobs:
       model_id: ${{ inputs.model_id }}
       bedrock_role_arn: ${{ inputs.bedrock_role_arn }}
       aws_region: ${{ inputs.aws_region }}
+      allowed_bots: ${{ inputs.allowed_bots }}
     secrets:
       ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
 
diff --git a/CLAUDE.md b/CLAUDE.md
index 7e8d0c9..49cf579 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -248,6 +248,7 @@ Sophisticated version comparison supporting dotCMS format: `YY.MM.DD[-REBUILD][_
 - **Default Tools**: `git status` and `git diff`
 - **Mention Detection**: Case-insensitive @claude in comments, reviews, issues, and PRs
 - **Concurrency**: Consumer repositories should implement concurrency control to prevent duplicate runs
+- **Allowed Bots**: `allowed_bots` defaults to `claude`, so the Claude Code GitHub App can trigger reviews on PRs/pushes it initiates. `claude-code-action` otherwise blocks bot-initiated runs. Pass `allowed_bots: ""` to block all bots, or `"*"` to allow any (e.g. dependabot, renovate). Applies to the Anthropic path only.
 
 ### Deployment Guard
 - **Organization bypass**: Disabled by default (must configure `trusted_organization`)