diff --git a/.github/workflows/_review-code.yml b/.github/workflows/_review-code.yml
index 8e42a541..871ab2ce 100644
--- a/.github/workflows/_review-code.yml
+++ b/.github/workflows/_review-code.yml
@@ -109,24 +109,56 @@ jobs:
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
           keyvault: gh-org-bitwarden
-          secrets: "ANTHROPIC-CODE-REVIEW-API-KEY"
+          secrets: "ANTHROPIC-CODE-REVIEW-API-KEY,BW-GHAPP-ID,BW-GHAPP-KEY"
 
       - name: Log out from Azure
         uses: bitwarden/gh-actions/azure-logout@main
 
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: ai-plugins
+      
+      - name: Check out AI plugins marketplace
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          repository: bitwarden/ai-plugins
+          path: .ai-plugins
+          token: ${{ steps.app-token.outputs.token }}
+          persist-credentials: false
+
+      - name: Configure Claude Code with local marketplace
+        run: |
+          mkdir -p ~/.claude
+          cat > ~/.claude/settings.json << 'EOF'
+          {
+            "extraKnownMarketplaces": {
+              "bitwarden-marketplace": {
+                "source": {
+                  "source": "directory",
+                  "path": "${{ github.workspace }}/.ai-plugins"
+                }
+              }
+            },
+            "enabledPlugins": {
+              "claude-config-validator@bitwarden-marketplace": true,
+              "bitwarden-code-review@bitwarden-marketplace": true
+            }
+          }
+          EOF
+          echo "✅ Claude Code configured with local marketplace"
+
       - name: Review with Claude Code
         timeout-minutes: 10
         uses: anthropics/claude-code-action@8a1c4371755898f67cd97006ba7c97702d5fc4bf # v1.0.16
         with:
           anthropic_api_key: ${{ steps.get-kv-secrets.outputs.ANTHROPIC-CODE-REVIEW-API-KEY }}
-          github_token: ${{ github.token }}
           track_progress: true
           use_sticky_comment: true
-          plugin_marketplaces: |
-            https://github.com/bitwarden/ai-plugins.git
-          plugins: |
-            claude-config-validator@bitwarden-marketplace
-            bitwarden-code-review@bitwarden-marketplace
           prompt: "Use @agent-bitwarden-code-review:bitwarden-code-reviewer to review the currently checked out pull request changes."
           claude_args: |
             --allowedTools "mcp__github_comment__update_claude_comment,mcp__github_inline_comment__create_inline_comment,Bash(gh pr diff:*),Bash(gh pr view:*)"