ci: reduce wasted turns in Claude Code review workflow

[lklimek]

Summary

• A1: Expose GH_TOKEN to the review step so the claudius MCP server can authenticate GitHub API calls (was causing permission-denied errors that stalled the entire review)
• A2: Add missing Bash(git status/remote/merge-base) patterns to allowedTools; remove overly broad Bash(bash *) wildcard
• A3: Inject PR context (number, repo, base/head branches, title) directly into the prompt — eliminates 3-5 wasted turns of the agent discovering what it's reviewing
• A5: Disable MemCan tools (unavailable in CI) to prevent wasted MCP calls
• Bonus: replace rigid "prefer MCP, never use gh CLI" with resilient "use MCP, fall back to gh CLI" guidance; instruct agent not to chain bash commands

Estimated savings: ~8-13 API turns per review session, plus fixing the MCP auth failure that was killing sessions entirely.

Test plan

• Non-functional CI change — no manual test scenarios needed
• Validate by applying claudius-review label to a test PR and confirming the review completes without permission errors

_{🤖 Co-authored by Claudius the Magnificent AI Agent}

Summary by CodeRabbit

• Chores
  • Enhanced automated code review workflow with improved PR context handling, including PR metadata integration.
  • Expanded tool configuration for more comprehensive automated review capabilities and optimized CI/CD reliability.

[coderabbitai]

Warning

Rate limit exceeded

@lklimek has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 14 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 12edce4c-3926-47b6-8f8a-0745112f8061

📥 Commits

Reviewing files that changed from the base of the PR and between 4bae236 and ac31c90.

📒 Files selected for processing (1)

• .github/workflows/claude-code-review.yml

📝 Walkthrough

Walkthrough

The GitHub Actions workflow for Claude code review is updated with PR metadata context (PR number, repository, base/head branches, title), GH_TOKEN authentication configuration, adjusted tool usage guidance prioritizing GitHub MCP tools for API operations, and expanded allowedTools list including additional git and bash commands.

Changes

Cohort / File(s)	Summary
Claude Code Review Workflow Configuration .github/workflows/claude-code-review.yml	Added GH_TOKEN environment variable for authentication. Expanded prompt with PR metadata (number, repository, branches, title). Updated tool usage guidance to prioritize GitHub MCP for API operations. Expanded allowedTools list to include additional git commands (status, remote, merge-base) and related bash commands.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• ci: fix Claude Code review workflow context and history #717: Modifies the same Claude code review workflow to improve PR metadata handling and expand allowed git/shell commands.

Suggested labels

claudius-review

Poem

A rabbit hops with glee and cheer, 🐰
Claude's workflow grows more clear,
With tokens and git commands in tow,
MCP tools steal the show!
Better reviews will now appear! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main objective of the PR—optimizing the Claude Code review workflow by reducing unnecessary API turns and fixing authentication issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/ci-review-workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}