fix(pr-review): expand severity-grep filter to cover ADDRESSED/RESOLVED suffixes (#257)

[cbeaulieu-gt]

Bug

The grep -v '✅' pre-filter introduced in #248 / #242 only stripped resolution-narration lines where the ✅ checkmark appeared on the same line as the severity token — e.g.:

#### ✅ 🔴 Critical (BLOCKING) - FIXED

The persona also uses a two-level narration structure where the ✅ appears on a section header and resolved findings appear as separate lines ending in a bold markdown suffix:

### ✅ Resolved Findings

- **Finding title** — **FIXED**
- **Another finding** — **ADDRESSED**

In this structure the per-finding lines contain the severity token but not the ✅ character, so they passed through the filter unmodified and triggered the quality gate on fully-resolved PRs. This was first observed in claude-configs#490.

Fix

Expand the pre-filter from grep -v '✅' to:

# Before
grep -v '✅'

# After
grep -vE '✅|\*\*(FIXED|ADDRESSED|RESOLVED)\*\*'

The \*\*(FIXED|ADDRESSED|RESOLVED)\*\* alternative covers all three bold-markdown resolution suffixes the persona uses consistently as terminal markup on resolved findings. A genuine open finding will never contain these bold-wrapped words.

All three callsites that apply this filter are updated and kept in sync:

• Line ~390 — authoritative quality gate
• Line ~471 — synthesis pre-filter (OPEN_BODY)
• Line ~571 — shadow gate (prose-regex path)

Comment blocks at each callsite are also updated to document the two-style narration pattern and reference #257.

Prior fixes in this chain

• Shadow gate still reports marker_missing on v2.4.0 — persona not emitting structured marker #242 — structured severity marker synthesis from review prose
• [pr-review v2.5.0] Incremental-review marker reflects historical findings, not current state — quality-gate blocks PRs even after every finding is fixed #248 — initial grep -v '✅' pre-filter for resolution-narration lines
• pr-review severity grep matches resolved findings using ### ✅ + — **FIXED** two-level narration #257 (this PR) — extend filter to cover two-level narration structure

Test plan

• actionlint passes (CI will run on this PR)
• Manual re-test: request a Claude review on a PR that uses the ### ✅ section header + — **FIXED** per-finding narration structure; quality gate should report success rather than failure

Dogfooding note: This repo's CI exercises the released @v2 composite action, not this branch's code. Manual validation via an external consumer repo pointing at this branch is required to confirm the new filter path executes. See CLAUDE.md § "We dogfooded it" for the structural limitation.

Fixes #257

🤖 Generated by Claude Code on behalf of @cbeaulieu-gt

[github-actions]

Claude finished @cbeaulieu-gt's task in 1m 59s —— View job

---

PR Review Complete

I've reviewed PR #258 for the expanded severity-grep filter changes.

Summary

The PR correctly updates all three callsites to use the extended regex filter, with consistent implementation and excellent documentation. However, there is one significant issue with the regex pattern that could cause false positives.

---

🔴 Critical Issue: Regex Pattern Not Anchored

Location: Lines 390, 471, 571 (all three callsites)

Problem: The regex pattern \*\*(FIXED|ADDRESSED|RESOLVED)\*\* matches these bold-wrapped words anywhere on a line, not just at the end where they appear as resolution suffixes.

According to the PR description, the persona's pattern is:

- **Finding title** — **FIXED**

The resolution suffix appears at the end of the line. However, the current regex will also match lines like:

- Investigate the **FIXED** constant usage — 🔴 Critical (BLOCKING)

This would incorrectly filter out a legitimate open finding that happens to contain the word "FIXED" in bold elsewhere on the line.

Suggested fix:

# Anchor to end of line with $
grep -vE '✅|\*\*(FIXED|ADDRESSED|RESOLVED)\*\*\s*$'

The \s*$ ensures the bold-wrapped resolution word is at the end of the line (allowing for optional trailing whitespace).

Why this matters: Without the anchor, any line that mentions FIXED, ADDRESSED, or RESOLVED in discussion or code snippets will be filtered out, even if it contains a genuine open finding with a severity marker. This could cause the quality gate to incorrectly pass PRs with unresolved Critical or High-Priority findings.

---

✅ Strengths

1. Consistency: All three callsites are updated identically ✓
2. Documentation: Excellent inline comments explaining both narration styles and referencing issue numbers
3. Code Quality: Clean implementation, appropriate use of -E flag for extended regex
4. Escaping: Correct escaping of * characters as \*\* to match literal markdown bold markers
5. No Security/Performance Concerns: The grep filter is safe and efficient

---

📋 Test Coverage Note

As documented in CLAUDE.md, this repo's dogfooding limitation means the PR cannot test its own changes in CI. The PR description correctly notes manual validation is required in an external consumer repo. Given the regex anchoring issue above, testing is especially important to verify the pattern doesn't filter legitimate findings.

---

Recommendation

Fix the regex pattern to anchor to the end of line before merging. The rest of the implementation is solid.

Suggested change at all three callsites:

-BLOCKER_HITS=$(printf '%s' "$BODY" | grep -vE '✅|\*\*(FIXED|ADDRESSED|RESOLVED)\*\*' | grep -E -c "$SEVERITY_BLOCKER_RE" || true)
+BLOCKER_HITS=$(printf '%s' "$BODY" | grep -vE '✅|\*\*(FIXED|ADDRESSED|RESOLVED)\*\*\s*$' | grep -E -c "$SEVERITY_BLOCKER_RE" || true)

Fix this →

---

[github-actions]

Claude finished @cbeaulieu-gt's task in 1m 42s —— View job

---

PR Review Complete ✅

I've reviewed the incremental changes from this push (245777f → 9e8459b).

---

Summary

The author has correctly implemented the critical fix identified in the previous review. The regex pattern is now properly anchored to end-of-line at all three callsites, with excellent documentation explaining the rationale.

---

What Changed

Before: grep -vE '✅|\*\*(FIXED|ADDRESSED|RESOLVED)\*\*'
After: grep -vE '✅|\*\*(FIXED|ADDRESSED|RESOLVED)\*\*\s*$'

The \s*$ anchor ensures the pattern only matches these bold-wrapped resolution words when they appear at the end of the line (the persona's terminal suffix), not when they appear mid-line in discussion or code snippets.

Three callsites updated (lines 392, 475, 577):

1. ✅ Authoritative quality gate
2. ✅ Synthesis pre-filter (OPEN_BODY)
3. ✅ Shadow gate (prose-regex path)

All three use the identical pattern and include updated comment blocks documenting:

• Why the anchor is needed
• What false positives it prevents
• Issue references ([pr-review v2.5.0] Incremental-review marker reflects historical findings, not current state — quality-gate blocks PRs even after every finding is fixed #248, pr-review severity grep matches resolved findings using ### ✅ + — **FIXED** two-level narration #257, fix(pr-review): expand severity-grep filter to cover ADDRESSED/RESOLVED suffixes (#257) #258)
• Explicit note that all three callsites must stay in sync

---

Review Across Dimensions

✅ Code Quality

• Consistency: All three callsites updated identically
• Clarity: Regex pattern is clear and self-documenting
• Documentation: Comprehensive inline comments at each callsite
• Maintainability: Explicit notes that the three sites must stay in sync

✅ Security

• No security concerns
• Properly escaped regex metacharacters (\* for literal asterisks)
• No injection risks (hardcoded pattern)

✅ Performance

• Minimal overhead from \s*$ addition
• Pattern is actually more precise (fewer false matches to process)
• Efficient grep pipeline unchanged

⚠️ Test Coverage

• Acknowledged limitation: Per CLAUDE.md § "Dogfooding limitation", this repo's CI tests the released @v2 tag, not this branch's changes
• PR description correctly notes: "Manual validation via an external consumer repo pointing at this branch is required"
• This is an inherent architectural constraint, not a flaw in this PR

✅ Documentation

• Excellent inline comments explaining the "why" not just the "what"
• Clear issue references for traceability
• PR description includes test plan

---

Correctness Verification

The fix prevents false positives like:

- Investigate the **FIXED** constant usage — 🔴 Critical (BLOCKING)

(Would incorrectly filter out without the $ anchor)

While correctly matching the persona's actual terminal suffix:

- **Finding title** — **FIXED**

(Correctly filtered with the $ anchor)

---

Recommendation

APPROVE ✓

This PR correctly implements the critical fix from the previous review with excellent consistency and documentation. The only limitation (test coverage) is inherent to the repository architecture and is properly documented in both CLAUDE.md and the PR description.

The implementation is ready to merge pending manual validation in an external consumer repo as noted in the test plan.

---

[cbeaulieu-gt]

Overriding gate check since this fixes the gate and dogfooding only happens post merge