docs(style): fix recipes/pattern-N commit convention (#427)

[trilamsr]

What this PR does

Closes #427 via the reviewer-recommended option B: keep current pattern OTTL stanza placement (docs/integrations/examples/<target>.yaml), fix the misleading PR-title convention going forward, and add an automated gate so it doesn't recur.

Audit issue #421 flagged that PR #406 ("feat(recipes): OTTL stanzas + bridge for pattern #7") and PR #415 ("feat(recipe): pattern-2 IB link flap OTTL stanza") imply a top-level recipes/pattern-N/{ottl.yaml,README.md} directory layout — but find . -maxdepth 2 -type d -name 'recipes' returns nothing. The actual placement is docs/integrations/examples/<target>.yaml. Option A (migrate) would rot cross-links across six-plus docs; option B (fix the convention) costs near-zero discoverability.

Linked issue(s)

Closes #427. Refs #406 #415 #421.

Changes

• STYLE.md §"Commits" — new bullet pointing PR titles / commit subjects at the real path and naming the three accepted subject shapes:

  • feat(integrations/examples): pattern-N OTTL stanza
  • feat(<target>): pattern-N ...
  • feat(pattern-N): OTTL stanza in docs/integrations/examples/

• .github/PULL_REQUEST_TEMPLATE.md — brief reminder pointing at STYLE.md §"Commits" and issue chore(recipes): create top-level recipes/ directory and migrate pattern-7 stanzas #427 for context.

• scripts/recipes-path-check.sh + _test.sh — TDD-driven gate. Two rules:

  1. Literal path recipes/pattern-N (with negative lookahead so internal/recipes/, module/recipes/, etc. pass).
  2. Bare feat(recipes): / feat(recipe): scope paired with a pattern N mention — the exact shape audit(wave-2026-06-01): post-wave cross-cut review #421 flagged on PRs feat(recipes): OTTL stanzas + bridge for pattern #7 (#364 #365) #406 / feat(recipe): pattern-2 IB link flap OTTL stanza (#393) #415.

  Test fixture: 5 reject cases (including the two historical PR titles verbatim) + 6 accept cases (real placement, per-target scope, pattern-N scope, unrelated subjects, the Go ./internal/recipes/... package path from HARDWARE-TESTING.md, empty input).

• Makefile — recipes-path-check target wired into ci-fast and ci-full. Runs the regression test suite, not a tree scan; the gate itself operates on a subject string passed as $1.

• .github/workflows/pr-lint.yml — new step invokes scripts/recipes-path-check.sh with ${{ github.event.pull_request.title }} and fails the workflow on a forbidden shape.

Audit results

• grep -rn 'recipes/pattern-' docs/ — only hit is ./internal/recipes/... in docs/HARDWARE-TESTING.md (a Go package path, not a docs path). The gate accepts it. No stale references to fix.
• grep -rn 'recipes/' docs/ .github/ CONTRIBUTING.md PRINCIPLES.md README.md | grep -v 'docs/integrations/examples' — same single hit. Clean.

Hard rules honoured

• No files migrated. Option B is documentation + lint only.
• No bureaucratic process docs. One bullet added to STYLE.md, one block in PR template, one TDD-tested gate script. Total diff: 6 files, +159 / -3.

Release notes

NONE

Test plan

• bash scripts/recipes-path-check_test.sh — 11/11 fixtures pass (5 reject + 6 accept).
• make recipes-path-check — runs the regression test via the new make target.
• make ci-fast — passes end-to-end including the new gate (lint + vet + mod-verify + attribute-namespace-check + doc-check + recipes-path-check).
• go tool actionlint .github/workflows/pr-lint.yml — clean.
• make zizmor — no findings; 28 suppressed, 32 ignored (baseline unchanged).
• Verified the gate rejects both historical titles verbatim: feat(recipes): OTTL stanzas + bridge for pattern #7 (#364 #365) and feat(recipe): pattern-2 IB link flap OTTL stanza (#393).

Checklist

• Tests added or updated (TDD: test written before gate; both ship in this PR).
• make ci-fast passes.
• Commits are signed off.
• PR title and Summary reflect the current diff.

[trilamsr]

Independent Adversarial Review — PR #431

Grading Criteria

B (acceptable): Adds STYLE.md + PR template + gate script + tests; no migrations (option B as recommended in #427); gate rejects both historical bad titles (#406, #415).

A (good): Does B + gate logic is sound (two rules); regex doesn't overcatch (negative lookahead excludes internal/recipes/, module/recipes/ Go paths); test fixture is comprehensive (5 reject + 6 accept cases).

A+ (excellent): Does A + audits tree for stale references (none found); STYLE.md bullet is terse + links #427 + lists 3 acceptable shapes; exact bad titles from #406/#415 in test fixture; rule 2 pairs pattern mention to avoid false positives on unrelated recipes uses; process overhead minimal (+159/-3, 6 files).

---

Findings

1. scripts/recipes-path-check.sh:26 — regex (^|[^A-Za-z0-9_/-]) allows accidental matches. Character class [^...] matches any non-word char including :, so foo:recipes/pattern-7 passes uncaught. Simpler: Use word boundary anchor \brecipes/pattern-[0-9]+ instead.

2. scripts/recipes-path-check.sh:62 — rule 2 regex [ -]?#?[0-9] is overpermissive. The space/dash/hash optionals are rarely used in practice; titles say "pattern 7" or "pattern-7", not "pattern#7" (that's GitHub issue syntax). Simpler: Use \s (single space) + drop the hash alternative; pattern\s+[0-9]+ is idiomatic.

3. .github/PULL_REQUEST_TEMPLATE.md:7–9 — reminder block is 3 lines and duplicates STYLE.md §"Commits" verbatim. Contributors will follow the STYLE.md link anyway. Simpler: Collapse to 1-line pointer: Pattern OTTL stanzas live in docs/integrations/examples/, not recipes/pattern-N/ — see STYLE.md §"Commits" #427. Saves 2 lines of template boilerplate.

4. scripts/recipes-path-check.sh + _test.sh — docstrings are 8–17 lines restating the gate's purpose. The test docstring says "Asserts the gate rejects PR titles that reference recipes/pattern-N/ directory layout" — same content in both. Simpler: One-liner per file: # Issue #427 convention gate: reject PR titles implying recipes/pattern-N/ layout. Cuts boilerplate; reference functions/comments for detail.

5. STYLE.md:184 — new bullet exceeds line length (240+ chars), inconsistent with other bullets in "Commits" section. Bullet is load-bearing (defines convention), but formatting is untidy. Simpler: Reflow as 3 sub-bullets: (1) rule (no recipes/pattern-N scope); (2) rationale (6+ doc cross-links); (3) acceptable shapes list.

6. .github/workflows/pr-lint.yml:98 — gate runs on drafts due to draft == false check. Drafts are allowed to break other CI gates in this repo. Simpler: Remove the draft check; use only if: github.actor != 'dependabot[bot]'. Consistency with rest of CI.

---

Simplification Sweep

Trim targets: Items 1, 2 (logic clarity), 3, 4, 6 (boilerplate), 5 (style consistency). None are load-bearing; all reduce false-positive surface or cut noise. Item 4 especially: 8-line docstring for a 2-rule grep script is scaffolding.

---

Verdict: A — gate + docs + tests are sound; implementation has low-hanging polish targets (regex simplification, template trim, docstring cut, workflow condition, STYLE.md reflow) but none change correctness. Audit trail is thorough (tree checked, historical bad titles included in fixtures, #427 context explained). PR option B (document + lint, no migration) is the right call over option A (migrate).

Recommendation: Merge pending cleanup (items 1, 2, 3, 4, 6 are optional sub-5-minute fixes; item 5 is nice-to-have for consistency). Do NOT block on polish.

[trilamsr]

Reviewer trim sweep applied — commit 04f54a7. All 6 findings addressed:

1. rule 1 boundary — switched to \brecipes/pattern-[0-9]+; added chore(foo):recipes/pattern-7 as a new reject fixture (12/12 pass, up from 11/11).
2. rule 2 optional chars — replaced [ -]?#? with [^a-zA-Z0-9]* (one quantifier instead of two). Deviation from the literal \s+ proposal: \s+ would have dropped coverage of pattern #7 (PR feat(recipes): OTTL stanzas + bridge for pattern #7 (#364 #365) #406) and pattern-2 (PR feat(recipe): pattern-2 IB link flap OTTL stanza (#393) #415), the exact audit-flagged shapes from issue audit(wave-2026-06-01): post-wave cross-cut review #421. The new form is simpler and keeps coverage — open to swapping if you'd rather narrow the gate.
3. PR template reminder — collapsed to a single STYLE.md §"Commits" pointer.
4. docstrings — recipes-path-check.sh and _test.sh headers are 1-liners now.
5. STYLE.md:184 — reflowed as parent bullet + 3 sub-bullets; line widths sit at 196–315 chars, within the existing per-bullet norm (peer bullets reach 247–465 chars).
6. pr-lint.yml draft guard — dropped the redundant pull_request.draft == false; kept the dependabot exclusion.

Verification (all exit 0):

• bash scripts/recipes-path-check_test.sh — 12/12 pass
• make ci-fast
• go tool actionlint .github/workflows/pr-lint.yml
• make zizmor

Net diff −37 lines across 5 files. Re-requesting review.

[trilamsr]

Independent Adversarial Re-Review — Commit 04f54a7

Resolution of 6 Prior Findings

✓ Finding 1 (word boundary) — switched to \brecipes/pattern-[0-9]+.
✓ Finding 2 (rule 2 quantifier) — replaced [ -]?#? with [^a-zA-Z0-9]*; coverage preserved.
✓ Finding 3 (PR template) — collapsed to 1-line pointer to STYLE.md §"Commits".
✓ Finding 4 (docstrings) — trimmed to 1-liners in both scripts.
✓ Finding 5 (STYLE.md formatting) — reflowed as parent + 3 sub-bullets.
✓ Finding 6 (draft guard) — removed redundant pull_request.draft == false.

Test suite reports 12/12 pass (up from 11/11, with new colon-prefix reject case).

---

New Finding: Rule 1 Regex Over-Broad

scripts/recipes-path-check.sh:12

Word boundary \brecipes/pattern-[0-9]+ is over-broad. It matches after any non-word character, including /. This means it would incorrectly reject valid commits about the Go package internal/recipes/:

Input:  "test: refactor internal/recipes/pattern-7 detector"
Status: Would REJECT (but should PASS — legitimate Go package ref)

Root cause: \b matches the boundary between non-word char / and word char r, so /recipes triggers the anchor.

Original intent (correct): The prior regex (^|[^A-Za-z0-9_/-])recipes/pattern-[0-9]+ required recipes/ to be at start or after a non-path char (excluding /, -, _), correctly exempting internal/recipes/.

Why tests pass: Test fixture uses ./internal/recipes/... (with ellipsis ...), which doesn't match the full pattern recipes/pattern-[0-9]+, so no regression is visible.

Fix: Use (^|[^/])recipes/pattern-[0-9]+ (require start-of-string or non-slash prefix).

---

Simplification Sweep Result

Clean. No additional trim targets. Docstrings, template, and style changes are all terse and load-bearing.

---

VERDICT: B

Gate logic is sound for the audit-flagged targets (PR #406, #415) and all test fixtures pass. However, rule 1 boundary is technically incorrect: the simpler \b anchor is over-broad and would emit false positives on legitimate commits mentioning internal/recipes/pattern-N. The fix is a one-line regex change. Recommend fixing rule 1 boundary before merge.

Not merging. File issue if out-of-scope for this PR.

[trilamsr]

Boundary regression fixed: rule 1 regex now (^|[^/])recipes/pattern-[0-9]+ (excludes path-prefixed contexts). Added accept fixture for internal/recipes/pattern-7 to lock. 13/13 fixtures pass (6 reject + 7 accept). Re-requesting review.

[trilamsr]

Review: Fix Verification + Final Judgment

Fix Verification ✓

Regex boundary corrected: Changed from \brecipes/pattern-[0-9]+ to (^|[^/])recipes/pattern-[0-9]+.

• The word-boundary \b after a slash was incorrectly matching internal/recipes/pattern-N paths
• The new explicit boundary (^|[^/]) allows path-prefixed contexts while still rejecting bare/scope/colon violations
• Root cause addressed: \b matches after any character transition, including slash→letter

Accept fixture added: test: refactor internal/recipes/pattern-7 detector now locks the boundary behavior.

Test suite: All 13 cases pass (6 reject + 7 accept). Boundary regression prevented.

Simplification Sweep: Clean

• Defensive bash (set -euo pipefail) present
• Regex is precise and minimal
• Test fixture is surgical—directly addresses the bug
• Commit message clearly explains semantic: \b ⟹ (^|[^/]) with reasoning

No new findings

Earlier B-verdict issue (boundary regression) is now fixed and locked by test.

---

VERDICT: A

Merge when ready.