feat: add opt-in write access for all token-visible repos

docs/write-mode.md

@@ -7,7 +7,8 @@ Write mode introduces mutation risk (issue/PR changes, metadata updates). Risks
 ## Default Posture
 
 - `WRITE_MODE=false` by default.
-- Even when enabled, writes require repository whitelist membership.
+- When enabled, writes require repository whitelist membership by default.
+- Optional opt-in: `WRITE_ALLOW_ALL_TOKEN_REPOS=true` allows writes to any repo the token can access.
 - Policy engine remains authoritative and may deny specific write tools.
 
 ## Supported Write Tools
@@ -24,7 +25,9 @@ Not supported (explicitly forbidden): merge actions, branch deletion, force push
 ## Enablement Steps
 
 1. Set `WRITE_MODE=true`.
-2. Set `WRITE_REPOSITORY_WHITELIST=owner/repo,...`.
+2. Choose one:
+   - `WRITE_REPOSITORY_WHITELIST=owner/repo,...` (recommended)
+   - `WRITE_ALLOW_ALL_TOKEN_REPOS=true` (broader scope)
 3. Review policy file for write-tool scope.
 4. Verify audit logging and alerting before rollout.