Enhance workflow with local bin setup and tool updates

[sbryngelson]

User description

Added a step to ensure ~/.local/bin exists and is on PATH. Updated allowed tools for Claude Code Review.

Description

Summarize your changes and the motivation behind them.

Fixes #(issue)

Type of change

• Bug fix
• New feature
• Refactor
• Documentation
• Other: describe

Testing

How did you test your changes?

Checklist

• I added or updated tests for new behavior
• I updated documentation if user-facing behavior changed

See the developer guide for full coding standards.

GPU changes (expand if you modified src/simulation/)

• GPU results match CPU results
• Tested on NVIDIA GPU or AMD GPU

---

CodeAnt-AI Description

Add local bin setup and broaden/clarify Claude Code Review capabilities

What Changed

• CI now creates and adds ~/.local/bin to PATH so tools installed there are available during the workflow
• Claude Code Review action emits full output to logs so review results and diagnostics are visible
• Allowed review commands expanded to permit any gh and cat usages (instead of a few specific gh subcommands and file cats), enabling broader repository inspection during automated reviews
• Removed a specific allowed find command (reduces one previously permitted shell operation)

Impact

✅ Fewer CI failures due to missing ~/.local/bin
✅ Clearer code-review logs for faster debugging
✅ Broader repository inspection during automated reviews

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[coderabbitai]

Warning

Rate limit exceeded

@sbryngelson has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 2 minutes and 51 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 29f0da5 and 5eebb68.

📒 Files selected for processing (1)

• .github/workflows/claude-code-review.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch new-claude

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[Copilot]

Pull request overview

Updates the Claude Code Review GitHub Action workflow to better support tools installed in ~/.local/bin and to adjust Claude’s allowed tool list and output verbosity.

Changes:

• Add a workflow step to create ~/.local/bin and append it to GITHUB_PATH.
• Broaden Claude’s --allowedTools entries (notably gh and cat).
• Enable show_full_output for the code review action.

[Copilot]

show_full_output: true can increase the risk of leaking sensitive information into GitHub Actions logs (e.g., tool output that includes tokens, headers, or other secrets). Consider keeping this off by default, gating it behind an input/conditional (e.g., only for trusted branches), or ensuring the action reliably redacts secrets in full output.

Suggested change

	show_full_output: true
	show_full_output: false

[Copilot]

The change from narrowly-scoped tool patterns (e.g., gh pr view:*, cat CLAUDE.md:*) to broad patterns (Bash(gh:*), Bash(cat:*)) significantly expands what the workflow allows Claude to execute/read. This increases blast radius (arbitrary gh operations and reading arbitrary files). Prefer restoring least-privilege by enumerating only the required gh subcommands and restricting cat to specific paths/files needed for review.