Expensify · mountiny · Nov 13, 2025 · Nov 12, 2025 · Nov 12, 2025
@@ -249,7 +249,7 @@ const {amountColumnSize, dateColumnSize, taxAmountColumnSize} = useMemo(() => {
 6. **Each comment must reference exactly one Rule ID.**
 7. **Output must consist exclusively of calls to mcp__github_inline_comment__create_inline_comment in the required format.** No other text, Markdown, or prose is allowed.
 8. **If no violations are found, add a reaction to the PR**:
-   Add a 👍 (+1) reaction to the PR body using the `.github/scripts/addPrReaction.sh` script.
+   Add a 👍 (+1) reaction to the PR using the `addPrReaction` script (available in PATH from `.claude/scripts/`). The script takes ONLY the PR number as argument - it always adds a "+1" reaction, so do NOT pass any reaction type or emoji.
 9. **Add reaction if and only if**:
    - You examined EVERY changed line in EVERY changed file (via diff + targeted grep/read)
    - You checked EVERY changed file against ALL rules
@@ -276,10 +276,10 @@ mcp__github_inline_comment__create_inline_comment:
 If ZERO violations are found, use the Bash tool to add a reaction to the PR body:
 
 ```bash
-.github/scripts/addPrReaction.sh <PR_NUMBER>
+addPrReaction.sh <PR_NUMBER>
 ```
 
-**IMPORTANT**: Always use the `.github/scripts/addPrReaction.sh` script instead of calling `gh api` directly. This script provides a secure, restricted interface that only allows adding +1 reactions to PRs, preventing arbitrary GitHub API calls.
+**IMPORTANT**: Always use the `addPrReaction.sh` script (available in PATH from `.claude/scripts/`) instead of calling `gh api` directly. 
 
 ## Comment Format
 

@@ -1,5 +1,5 @@
 ---
-allowed-tools: Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(.github/scripts/addPrReaction.sh:*),mcp__github_inline_comment__create_inline_comment
+allowed-tools: Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(addPrReaction.sh:*),mcp__github_inline_comment__create_inline_comment
 description: Review a code contribution pull request
 ---
 

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Secure proxy script to add a +1 reaction to a GitHub PR
+set -eu
+
+if [[ $# -lt 1 ]] || ! [[ "$1" =~ ^[0-9]+$ ]]; then
+    echo "Usage: $0 <PR_NUMBER>" >&2
+    exit 1
+fi
+
+PR_NUMBER="$1"
+REPO="${GITHUB_REPOSITORY}"
+
+gh api -X POST "/repos/$REPO/issues/$PR_NUMBER/reactions" -f content="+1"
+
@@ -33,6 +33,10 @@ jobs:
               - 'docs/**/*.md'
               - 'docs/**/*.csv'
 
+      - name: Add claude utility scripts to PATH
+        run: |
+          echo "$GITHUB_WORKSPACE/.claude/scripts" >> "$GITHUB_PATH"
+
       - name: Run Claude Code (code)
         if: steps.filter.outputs.code == 'true'
         uses: anthropics/claude-code-action@f30f5eecfce2f34fa72e40fa5f7bcdbdcad12eb8 # v1.0.14
@@ -42,7 +46,7 @@ jobs:
           allowed_non_write_users: "*"
           prompt: "/review-code-pr REPO: ${{ github.repository }} PR_NUMBER: ${{ github.event.pull_request.number }}"
           claude_args: |
-            --allowedTools "Task,Glob,Grep,Read,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(.github/scripts/addPrReaction.sh:*),mcp__github_inline_comment__create_inline_comment"
+            --allowedTools "Task,Glob,Grep,Read,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(addPrReaction.sh:*),mcp__github_inline_comment__create_inline_comment"
 
       - name: Run Claude Code (docs)
         if: steps.filter.outputs.docs == 'true'