diff --git a/.github/workflows/copilot-review.yml b/.github/workflows/copilot-review.yml
index 244a2cfa0..bc8b8e8f1 100644
--- a/.github/workflows/copilot-review.yml
+++ b/.github/workflows/copilot-review.yml
@@ -8,22 +8,13 @@ permissions:
   pull-requests: write
 
 jobs:
-  debug-event:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Print gate inputs
-        run: |
-          echo "action=${{ github.event.action }}"
-          echo "draft=${{ github.event.pull_request.draft }}"
-          echo "assoc=${{ github.event.pull_request.author_association }}"
-          echo "user=${{ github.event.pull_request.user.login }}"
-          echo "head_repo=${{ github.event.pull_request.head.repo.full_name }}"
-          echo "base_repo=${{ github.event.pull_request.base.repo.full_name }}"
-
   request-copilot-review:
+    # Same-repo PRs only. author_association in the pull_request_target payload
+    # reports CONTRIBUTOR for org members on same-repo branches, so head==base
+    # is the reliable maintainer signal (it requires push access to the base repo).
     if: >-
       github.event.pull_request.draft == false &&
-      contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association)
+      github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
     runs-on: ubuntu-latest
     steps:
       - name: Request Copilot review