fix(pr-review-toolkit): restore scoring and embed inline diffs

[cblecker]

Summary

• Restore confidence scoring (0-100) to the finding schema — agent prompts already produce scores but the schema was silently discarding them
• Embed inline diffs directly in agent context so reviewers see the actual changes upfront instead of needing extra tool calls
• Add 100KB guard for oversized patches with graceful fallback
• Soften completeness claim to handle GitHub's per-file patch truncation
• Normalize var/function() to const/let/arrows for consistency

Test plan

• Run /review on a small PR to verify findings include confidence scores
• Run /review on a large PR (>100 changed files or large diffs) to verify the size guard and fallback behavior
• Validate plugin: claude plugin validate ./pr-review-toolkit

Summary by CodeRabbit

• New Features
  • Added confidence scores (0–100) to code review findings for better issue prioritization
  • Enhanced review context with file change summaries and improved diff handling for large pull requests
  • Findings now sorted by severity and confidence for optimized review workflow

[coderabbitai]

Warning

Review limit reached

@cblecker, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 41 minutes and 22 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 26af5de5-9d59-46cb-b273-c470868ddfd1

📥 Commits

Reviewing files that changed from the base of the PR and between b00edf8 and 6edcfbd.

📒 Files selected for processing (2)

• pr-review-toolkit/skills/review-pr/SKILL.md
• pr-review-toolkit/skills/review-pr/review-pr.js

📝 Walkthrough

Walkthrough

The review-pr skill gains a required confidence field (0–100) on each finding, a rewritten buildContext() that formats per-file metadata and conditionally inlines or omits diffs based on total patch size, and a secondary sort key on findings that breaks severity ties by descending confidence. SKILL.md is updated to document structured file objects, and the plugin manifest is bumped to 1.1.0.

Changes

review-pr skill: confidence, richer context, and updated docs

Layer / File(s)	Summary
Confidence field in finding schema and sorting pr-review-toolkit/skills/review-pr/review-pr.js	FINDING_SCHEMA adds confidence (number, 0–100) as a required field. allFindings sorting adds a default severity fallback and breaks ties with higher confidence first.
buildContext() rewrite and agent prompt pr-review-toolkit/skills/review-pr/review-pr.js	buildContext() now formats each file with additions/deletions, computes total patch size, includes full diff contents below a threshold, and emits omission guidance with local/remote reading instructions above it. The code-reviewer prompt adds an explicit instruction to review the provided diff.
SKILL.md and manifest version bump pr-review-toolkit/skills/review-pr/SKILL.md, pr-review-toolkit/.claude-plugin/plugin.json	Phase 1 now documents pull_request_read(get_files) returning per-file metadata objects with pagination. Phase 2 updates changedFiles from filename strings to file objects. Manifest version bumped 1.0.0 → 1.1.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• cblecker/claude-plugins#45: Introduced the workflow-based review-pr.js and the initial SKILL.md structure that this PR directly extends with confidence scoring and richer context generation.

Poem

🐇 Hopping through the diff with glee,
Each finding now has confidence, you see!
Big patches shrink, small ones shine bright,
Severity sorted, then confidence right.
Version bumped — 1.1.0 for me! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the two main changes: restoring confidence scoring and embedding inline diffs, which are the primary objectives of this PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/pr-review-scoring

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cblecker]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

pr-review-toolkit/skills/review-pr/review-pr.js (1)

94-95: ⚡ Quick win

Tighten doc-file detection to avoid false positives and unnecessary agent runs.

The regex at Line 94 matches any filename containing doc, which can enable comment-analyzer for unrelated code files. Prefer anchored extension/path checks (e.g., .md/.txt/.rst, README, docs/) to reduce unnecessary analyzer invocations.

Suggested diff

-  if (changedFiles.some(f => /\.md$|\.txt$|\.rst$|doc|readme/i.test(f.filename))
+  if (changedFiles.some(f => /(\.md$|\.txt$|\.rst$|(^|\/)readme(\.|$)|(^|\/)docs?(\/|$))/i.test(f.filename))
       || changedFiles.length >= 3) {
     agents.push('comment-analyzer')
   }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pr-review-toolkit/skills/review-pr/review-pr.js` around lines 94 - 95, The
regex pattern used in the documentation file detection is overly broad because
the "doc" portion lacks anchoring, causing it to match unrelated code files like
"document.js" or "docker.yml". Refactor the regex pattern to use anchored
extension and path checks instead - specifically, ensure documentation file
detection uses patterns like checking for `.md`, `.txt`, `.rst` extensions
(which are already properly anchored with $) and replace the loose "doc" and
"readme" patterns with more specific anchored checks such as anchoring to
directory names like `docs/` at the beginning of the path or anchoring README to
the start and end of the filename. This will prevent false positives and reduce
unnecessary invocations of the comment-analyzer.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pr-review-toolkit/skills/review-pr/review-pr.js`:
- Around line 20-24: The schema definition at line 24 requires both severity and
confidence fields in the structured output, but only the code-reviewer prompt
explicitly requests confidence scoring while the other four agent prompts use
free-form formats. This causes structured-output validation to fail silently,
and invalid results are filtered out at line 559. Update all five agent prompts
(code-reviewer, security-analyzer, performance-optimizer,
maintainability-scorer, and documentation-checker) to explicitly request
severity field with values critical/important/suggestion and confidence field
with integer values from 0-100 in their structured output requirements.

---

Nitpick comments:
In `@pr-review-toolkit/skills/review-pr/review-pr.js`:
- Around line 94-95: The regex pattern used in the documentation file detection
is overly broad because the "doc" portion lacks anchoring, causing it to match
unrelated code files like "document.js" or "docker.yml". Refactor the regex
pattern to use anchored extension and path checks instead - specifically, ensure
documentation file detection uses patterns like checking for `.md`, `.txt`,
`.rst` extensions (which are already properly anchored with $) and replace the
loose "doc" and "readme" patterns with more specific anchored checks such as
anchoring to directory names like `docs/` at the beginning of the path or
anchoring README to the start and end of the filename. This will prevent false
positives and reduce unnecessary invocations of the comment-analyzer.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 67a2b921-e3b9-4375-89d5-b4a0562c026a

📥 Commits

Reviewing files that changed from the base of the PR and between e0d32bc and b00edf8.

📒 Files selected for processing (3)

• pr-review-toolkit/.claude-plugin/plugin.json
• pr-review-toolkit/skills/review-pr/SKILL.md
• pr-review-toolkit/skills/review-pr/review-pr.js