feat(action): ✨ Add confidence to inline comments

README.md

@@ -79,6 +79,8 @@ jobs:
           review_dimensions: general,security,performance,testing
           review_language: English
           min_finding_confidence: 0.72
+          missing_confidence_policy: na
+          fallback_confidence_value: 0.5
           coverage_first_round_primary_only: true
           auto_minimize_outdated_comments: true
           max_rounds: 8
@@ -104,6 +106,8 @@ jobs:
 | `review_dimensions` | no | `general,security,performance,testing` | Subagent dimensions |
 | `review_language` | no | `English` | Preferred language for review comments and summary |
 | `min_finding_confidence` | no | `0.72` | Keep only findings at or above this confidence (0-1) |
+| `missing_confidence_policy` | no | `na` | Handling for missing/invalid confidence: `drop`, `na`, or `fallback` |
+| `fallback_confidence_value` | no | `0.5` | Fallback confidence used only when `missing_confidence_policy=fallback` |
 | `coverage_first_round_primary_only` | no | `true` | Round 1 runs only primary dimension for faster file coverage |
 | `auto_minimize_outdated_comments` | no | `true` | Best-effort GraphQL minimize for outdated historical inline comments from this action |
 | `max_rounds` | no | `8` | Max planning/review rounds |
@@ -148,6 +152,14 @@ Practical guidance:
 | `uncovered_files` | Number of uncovered files |
 | `degraded` | `true` if summary-only degradation was triggered |
 
+## Confidence Semantics
+
+- Finding `confidence` can be `null` when the model cannot confidently estimate a value.
+- Inline comments show unknown values as `N/A`.
+- `min_finding_confidence` is applied only when confidence is numeric.
+- Use `missing_confidence_policy=fallback` if your downstream expects numeric confidence only.
+- When `missing_confidence_policy` is `drop` or `na`, `fallback_confidence_value` is ignored.
+
 ## Fork PR Notes
 
 - For public fork PRs, repository secrets are typically unavailable on `pull_request`.

action.yml

@@ -50,6 +50,14 @@ inputs:
     description: Minimum confidence (0-1) required for a finding to be kept.
     required: false
     default: "0.72"
+  missing_confidence_policy:
+    description: Policy when finding confidence is missing/invalid (drop|na|fallback).
+    required: false
+    default: "na"
+  fallback_confidence_value:
+    description: Fallback confidence (0-1) used only when missing_confidence_policy=fallback.
+    required: false
+    default: "0.5"
   coverage_first_round_primary_only:
     description: In round 1, run only primary dimension to maximize file coverage under budget.
     required: false

src/agents.js

@@ -25,7 +25,7 @@ const findingSchema = z.object({
   path: z.string().min(1),
   side: z.enum(['LEFT', 'RIGHT', 'FILE']).default('RIGHT'),
   line: z.number().int().positive().nullable().default(null),
-  confidence: z.number().min(0).max(1).default(0.8),
+  confidence: z.number().min(0).max(1).nullable().optional().default(null),
   evidence: z.array(z.string().min(1)).default([]),
   fingerprint: z.string().max(120).default(''),
   summary: z.string().min(1),
@@ -126,7 +126,8 @@ Rules:
 - Never emit line numbers that do not appear in the provided anchors.
 - Do not invent files or line numbers.
 - Severity must be one of critical/high/medium/low.
-- Set confidence in [0,1]. Include at least one concrete evidence item tied to provided diff context.
+- Set confidence in [0,1] when you can estimate it; otherwise use null.
+- Include at least one concrete evidence item tied to provided diff context.
 - If confidence is below 0.70, do not emit it as a finding; put it in file-level notes instead.
 - Use fingerprint as stable short key for same issue across dimensions (e.g. unsafe_openai_base_url, planner_done_ignored).
 - Keep findings concrete, actionable, and concise.

src/aggregate.js

@@ -70,6 +70,10 @@ function jaccardSimilarity(a, b) {
   return union.size === 0 ? 0 : intersection / union.size;
 }
 
+function confidenceRank(value) {
+  return Number.isFinite(value) ? value : -1;
+}
+
 function isSemanticallySameIssue(a, b) {
   if (
     a.fingerprint &&
@@ -102,11 +106,14 @@ function isSemanticallySameIssue(a, b) {
 }
 
 function mergeFinding(base, incoming) {
-  const preferIncoming = incoming.confidence > base.confidence;
+  const baseRank = confidenceRank(base.confidence);
+  const incomingRank = confidenceRank(incoming.confidence);
+  const preferIncoming = incomingRank > baseRank;
   const mergedEvidence = [...new Set([...(base.evidence || []), ...(incoming.evidence || [])])].slice(0, 3);
   const severity = SEVERITY_RANK[incoming.severity] > SEVERITY_RANK[base.severity]
     ? incoming.severity
     : base.severity;
+  const mergedConfidence = incomingRank >= baseRank ? incoming.confidence : base.confidence;
   return {
     ...base,
     ...(preferIncoming
@@ -118,7 +125,7 @@ function mergeFinding(base, incoming) {
         }
       : {}),
     severity,
-    confidence: Math.max(base.confidence, incoming.confidence),
+    confidence: mergedConfidence,
     evidence: mergedEvidence,
     fingerprint: base.fingerprint || incoming.fingerprint,
     sourceDimension: preferIncoming
@@ -130,6 +137,13 @@ function mergeFinding(base, incoming) {
 function normalizeFindings(findings, allowedPaths, options = {}) {
   const pathSet = new Set(allowedPaths);
   const minConfidence = Number.isFinite(options.minConfidence) ? options.minConfidence : 0;
+  const missingConfidencePolicy = ['drop', 'na', 'fallback'].includes(options.missingConfidencePolicy)
+    ? options.missingConfidencePolicy
+    : 'na';
+  const fallbackConfidenceValueRaw = Number.parseFloat(String(options.fallbackConfidenceValue ?? '0.5'));
+  const fallbackConfidenceValue = Number.isFinite(fallbackConfidenceValueRaw)
+    ? clamp(fallbackConfidenceValueRaw, 0, 1)
+    : 0.5;
   const out = [];
 
   for (const finding of findings || []) {
@@ -143,11 +157,23 @@ function normalizeFindings(findings, allowedPaths, options = {}) {
     const line = Number.isInteger(finding.line) && finding.line > 0 ? finding.line : null;
     const title = String(finding.title || '').trim();
     const summary = String(finding.summary || '').trim();
-    const confidenceRaw = Number.parseFloat(String(finding.confidence ?? '0.8'));
-    const confidence = Number.isFinite(confidenceRaw) ? clamp(confidenceRaw, 0, 1) : 0.8;
+    const confidenceRaw = Number.parseFloat(String(finding.confidence));
+    let confidence = Number.isFinite(confidenceRaw) ? clamp(confidenceRaw, 0, 1) : null;
     const evidence = normalizeEvidence(finding.evidence);
 
-    if (!title || !summary || evidence.length === 0 || confidence < minConfidence) {
+    if (confidence === null) {
+      if (missingConfidencePolicy === 'drop') {
+        continue;
+      }
+      if (missingConfidencePolicy === 'fallback') {
+        confidence = fallbackConfidenceValue;
+      }
+    }
+
+    if (!title || !summary || evidence.length === 0) {
+      continue;
+    }
+    if (Number.isFinite(confidence) && confidence < minConfidence) {
       continue;
     }
 
@@ -216,7 +242,7 @@ function dedupeAndSortFindings(findings, maxFindings) {
       return pathDiff;
     }
 
-    const confidenceDiff = (b.confidence || 0) - (a.confidence || 0);
+    const confidenceDiff = confidenceRank(b.confidence) - confidenceRank(a.confidence);
     if (confidenceDiff !== 0) {
       return confidenceDiff;
     }

src/config.js

@@ -75,6 +75,15 @@ function parseFloatRangeInput(name, defaultValue, min, max) {
   return parsed;
 }
 
+function parseEnumInput(name, defaultValue, allowedValues) {
+  const raw = core.getInput(name) || String(defaultValue);
+  const normalized = String(raw).trim().toLowerCase();
+  if (!allowedValues.includes(normalized)) {
+    throw new Error(`Input ${name} must be one of [${allowedValues.join(', ')}], got: ${raw}`);
+  }
+  return normalized;
+}
+
 function uniqueLowercase(items) {
   const seen = new Set();
   const out = [];
@@ -123,6 +132,8 @@ function loadConfig() {
     reviewDimensions: normalizedDimensions,
     reviewLanguage,
     minFindingConfidence: parseFloatRangeInput('min_finding_confidence', 0.72, 0, 1),
+    missingConfidencePolicy: parseEnumInput('missing_confidence_policy', 'na', ['drop', 'na', 'fallback']),
+    fallbackConfidenceValue: parseFloatRangeInput('fallback_confidence_value', 0.5, 0, 1),
     coverageFirstRoundPrimaryOnly: parseBooleanInput('coverage_first_round_primary_only', true),
     autoMinimizeOutdatedComments: parseBooleanInput('auto_minimize_outdated_comments', true),
     maxRounds: parsePositiveIntInput('max_rounds', 8),

src/index.js

@@ -30,6 +30,8 @@ function getTextBundle(language) {
     return {
       suggestionLabel: 'Suggestion',
       riskLabel: 'Risk',
+      confidenceLabel: 'Confidence',
+      unknownConfidenceValue: 'N/A',
       summaryTitle: 'AI Code Review Summary',
       preferredLanguage: 'Preferred language',
       overallAssessment: 'Overall Assessment',
@@ -40,6 +42,7 @@ function getTextBundle(language) {
       fileLevelCoverage: 'File-Level Coverage Notes',
       inlineDowngraded: 'Inline Downgraded Items (processed but not inline)',
       coverageStatus: 'Coverage Status',
+      unknownConfidenceFindings: 'Findings with unknown confidence (N/A)',
       uncoveredList: 'Uncovered list',
       noPatchCoveredList: 'No-patch covered list',
       runtimeBudget: 'Runtime/Budget',
@@ -80,6 +83,8 @@ function getTextBundle(language) {
   return {
     suggestionLabel: '建议',
     riskLabel: '风险',
+    confidenceLabel: '置信度',
+    unknownConfidenceValue: 'N/A',
     summaryTitle: 'AI 代码审查汇总',
     preferredLanguage: '指定语言',
     overallAssessment: '总体评价',
@@ -90,6 +95,7 @@ function getTextBundle(language) {
     fileLevelCoverage: '文件级覆盖说明',
     inlineDowngraded: '无法 inline 的已处理项',
     coverageStatus: '覆盖状态',
+    unknownConfidenceFindings: '置信度未知（N/A）的问题数',
     uncoveredList: '未覆盖文件清单',
     noPatchCoveredList: '无 patch 文件覆盖清单',
     runtimeBudget: '轮次与预算',
@@ -187,6 +193,16 @@ function summarizePlannerBatchesForLog(batches, maxEntries = 12) {
   }).join(' | ');
 }
 
+function formatConfidenceValue(confidence, unknownValue = 'N/A') {
+  const value = Number.parseFloat(String(confidence));
+  if (!Number.isFinite(value)) {
+    return unknownValue;
+  }
+
+  const clamped = Math.min(1, Math.max(0, value));
+  return clamped.toFixed(2);
+}
+
 function buildInlineBody(finding, text) {
   const lines = [];
   const subAgent = String(finding.sourceDimension || 'general').trim().toLowerCase() || 'general';
@@ -202,12 +218,32 @@ function buildInlineBody(finding, text) {
     lines.push(`${text.riskLabel}: ${finding.risk}`);
   }
 
-  lines.push(`<!-- ai-code-review-agent:inline-key ${inlineKey} -->`);
+  lines.push(`${text.confidenceLabel}: ${formatConfidenceValue(finding.confidence, text.unknownConfidenceValue)}`);
   lines.push(`<div align="right">${text.fromSubAgentTag(subAgent)}</div>`);
+  lines.push(`<!-- ai-code-review-agent:inline-key ${inlineKey} -->`);
 
   return lines.join('\n\n');
 }
 
+function buildReviewBody({
+  text,
+  findingsKept,
+  unknownConfidenceFindings,
+  inlineCommentsAttempted,
+  coverage
+}) {
+  return [
+    text.reviewCompleted,
+    `- Findings kept: ${findingsKept}`,
+    `- Findings with unknown confidence: ${unknownConfidenceFindings}`,
+    `- Inline comments attempted: ${inlineCommentsAttempted}`,
+    `- Target files: ${coverage.target}`,
+    `- Covered files: ${coverage.covered}`,
+    `- Uncovered files: ${coverage.uncovered}`,
+    text.reviewSeeSummary
+  ].join('\n');
+}
+
 function summarizeSeverity(groups, text, limitEach = 8) {
   const order = ['critical', 'high', 'medium', 'low'];
   const lines = [];
@@ -300,6 +336,9 @@ function formatSummaryMarkdown({
   const degradedText = degradedSummaryOnly
     ? `${text.yes}\n\n${text.reasons}:\n${degradedReasons.map((x) => `- ${x}`).join('\n') || '- unknown'}`
     : text.no;
+  const unknownConfidenceFindings = Number.isFinite(coverage.unknownConfidenceFindings)
+    ? coverage.unknownConfidenceFindings
+    : 0;
 
   return [
     `## ${text.summaryTitle}`,
@@ -333,6 +372,7 @@ function formatSummaryMarkdown({
     `- Covered files: ${coverage.covered}`,
     `- Uncovered files: ${coverage.uncovered}`,
     `- No-patch/binary covered as file-level: ${coverage.noPatch}`,
+    `- ${text.unknownConfidenceFindings}: ${unknownConfidenceFindings}`,
     '',
     `${text.uncoveredList}:`,
     uncoveredLines,
@@ -774,10 +814,13 @@ async function runAction() {
 
   const normalizedFindings = dedupeAndSortFindings(
     normalizeFindings(rawFindings, targetPaths, {
-      minConfidence: config.minFindingConfidence
+      minConfidence: config.minFindingConfidence,
+      missingConfidencePolicy: config.missingConfidencePolicy,
+      fallbackConfidenceValue: config.fallbackConfidenceValue
     }),
     config.maxFindings
   );
+  const unknownConfidenceFindings = normalizedFindings.filter((finding) => !Number.isFinite(finding.confidence)).length;
 
   const diffLineMap = buildDiffLineMaps(patchFiles);
   const inlineComments = [];
@@ -895,7 +938,8 @@ async function runAction() {
     target: filteredFiles.length,
     covered: filteredFiles.length - uncovered.length,
     uncovered: uncovered.length,
-    noPatch: noPatchCovered.length
+    noPatch: noPatchCovered.length,
+    unknownConfidenceFindings
   };
 
   if (filteredFiles.length === 0) {
@@ -944,15 +988,13 @@ async function runAction() {
   );
 
   if (!degradedSummaryOnly) {
-    const reviewBody = [
-      text.reviewCompleted,
-      `- Findings kept: ${normalizedFindings.length}`,
-      `- Inline comments attempted: ${inlineComments.length}`,
-      `- Target files: ${coverage.target}`,
-      `- Covered files: ${coverage.covered}`,
-      `- Uncovered files: ${coverage.uncovered}`,
-      text.reviewSeeSummary
-    ].join('\n');
+    const reviewBody = buildReviewBody({
+      text,
+      findingsKept: normalizedFindings.length,
+      unknownConfidenceFindings,
+      inlineCommentsAttempted: inlineComments.length,
+      coverage
+    });
 
     const reviewResult = await createReview(octokit, {
       owner,
@@ -1026,7 +1068,9 @@ module.exports = {
     shouldUseSummaryOnlyMode,
     sanitizePlannedBatches,
     summarizePlannerBatchesForLog,
+    formatConfidenceValue,
     buildInlineBody,
+    buildReviewBody,
     summarizeSeverity,
     summarizeFileConclusions,
     formatSummaryMarkdown