[PR-07b-code] Review feedback, CIs, Validation Report build-out, NeoIPC-Tools integration (code only)

[Brar]

Second Surveillance-Toolkit PR in the cross-repo PartnerReport
upstreaming effort. Picks up the post-feedback report iteration that
followed PR-07a-code's JSON-output milestone: integrates the partner-
side review feedback into Reference and Partner reports, finishes the
Validation Report build-out, wires confidence intervals through the
report layer, and integrates the NeoIPC-Tools PowerShell module set.

Code-only scope: this PR ships the source-file deltas (.qmd /
.Rmd / .R / .ps1 / *.yml / *.yaml / *.lua / *.tex /
workflow / module). The translation-artefact deltas produced by po4a
land separately as PR-07b-translations.

What the PR delivers

• Reference-Report iteration. Post-real-life-testing rewrite of the
  Reference-Report tables (secondary-BSI rates now properly
  localized; surgical-procedure intro rewritten; per-table headers
  hooked through the sR$<tbl-...> namespace); title-page +
  single-country edge-case fixes; methods-texts toggle.

• Partner-Report iteration. Layout + fine-grained CI control + methods
  texts; partner-feedback fixes for the antibiotic-resistance,
  infectious-agent-detection, and risk-density tables. Final-touches
  pass after partner real-life rendering of multiple sites.

• Validation Report. Revived for the current neoipcr API shape;
  department / hospital / country resolution wired through the
  metadata cascade; exclusion-of-test-data default; explicit
  -IncludeTestData switch; Get-NeoipcDepartments -ExcludeTestUnits plumbed through. Per-rule mapping +
  formatter scaffolding for the rule cohort introduced in PR-08.

• Confidence intervals at the report layer. Both Reference and
  Partner reports now render CIs alongside the point estimates from
  neoipcr's rate-table builders; the includeConfidenceIntervals
  parameter switches between full / pooled-only / off so output
  size stays in scope when CIs aren't needed.

• NeoIPC-Tools PowerShell module set. Integrated under
  scripts/modules/NeoIPC-Tools/ as a vendored module: cmdlets for
  reading event info, departments, hospitals, infectious-agent
  metadata; Find-NextFreeInfectiousAgentId for the
  infectious-agents authoring workflow; localized message
  string-resources per script.

• Multi-DHIS2-instance polish. Wrapper scripts and _setup.qmd
  files accept the dhis2Scheme / Hostname / Port / Path
  parameter family consistently; Resolve-NeoipcLocaleQmd
  centralises the per-locale wrapper discovery; auth flow is
  routed through neoipcr's env-var contract.

• Toolchain polish. Several PowerShell wrappers consolidate on
  the Invoke-WithNeoipcAuth + Invoke-QuartoRender helpers
  introduced in PR-07a-code; Update-Po4aYamlKeys.ps1
  empty-keys + comment-anchor hardening; Test-PoPlaceholders.ps1
  introduced for placeholder validation.

The deferred concerns flagged in PR-07a-code's review cycles are
addressed here — _tbl-secondary-bsi-rates.qmd is rewritten with full
sR$ localization; _tbl-intro-surgical-procedure.qmd is removed (it
was misleading prose, replaced with corrected text in the table chunk);
the Partner-Certificate \selectlanguage{british} hardcode is
replaced by a babel-language-name lookup. See
tmp/upstreaming-review-log.md for the cumulative deferral set.

[Copilot]

Pull request overview

This PR continues the Surveillance-Toolkit upstreaming effort by iterating on report rendering (incl. Validation Report build-out and localization/CI plumbing) and integrating vendored PowerShell tooling modules (NeoIPC-Tools / NeoIPC-BuildTools) into the scripts/ workflow.

Changes:

• Updated multiple PowerShell wrappers to import the vendored NeoIPC-Tools module, and added/adjusted parameters (e.g., locale handling, combined Validation Report mode).
• Added/updated NeoIPC-Tools + NeoIPC-BuildTools module content (DHIS2 HTTP helpers, user query cmdlet, module manifest), plus metadata tooling integration.
• Localization/tooling updates (po4a YAML key updater improvements, Greek locale code gr → el in Python tooling) and Validation/Reference report content tweaks.

Reviewed changes

Copilot reviewed 166 out of 251 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
scripts/Update-Po4aYamlKeys.ps1	Adds # manual-keys support while parsing po4a YAML entries (key regeneration skip).
scripts/Update-NeoipcSiteCache.ps1	Switches from helper dot-sourcing to importing vendored NeoIPC-Tools.
scripts/update-glossary-po.py	Updates default language list / language names (Greek code el).
scripts/sync-html-to-po-v2.py	Updates default locales list (Greek code el).
scripts/New-ValidationReports.ps1	Adds combined/per-site mode parameters and switches to module-based helpers.
scripts/New-PatientDataReport.ps1	Switches to NeoIPC-Tools imports; renames Language → Locale and adds -JsonReport.
scripts/ConvertFrom-JsonMetadata.ps1	Imports NeoIPC-BuildTools for metadata conversion pipeline.
scripts/modules/NeoIPC-Tools/Public/UserInfo.ps1	Introduces Read-UserInfo cmdlet for querying DHIS2 users with filtering.
scripts/modules/NeoIPC-Tools/Private/DHIS2Http.ps1	Adds centralized DHIS2 GET/DELETE helpers used by NeoIPC-Tools cmdlets.
scripts/modules/NeoIPC-BuildTools/NeoIPC-BuildTools.psd1	Adds NeoIPC-BuildTools module manifest and export list.
reports/Reference-Report/content/_nosocomial_infections.Rmd	Updates Reference Report narrative content and string-resource insertion.
reports/Validation-Report/rules/_rule_0033.Rmd	Adds/updates Validation Report rule implementation for rule 33.
reports/Validation-Report/en/_problem_detail_0014.Rmd	Updates English problem-detail guidance text.
reports/Validation-Report/de/_problem_detail_0014.Rmd	Updates German problem-detail guidance text.
reports/Validation-Report/de/_problem_detail_0012.Rmd	Updates German problem-detail guidance text.

[Brar]

Round 1 — fa59028

7 fixed, 1 false positive, 1 deferred to a coordinated follow-up.

#	Location	Finding	Disposition
1	Update-Po4aYamlKeys.ps1:101	Inner # manual-keys regex overwrote $Matches before the YAML path was captured	Fixed — hoisted the path capture above the manual-keys check
2	New-ValidationReports.ps1:94	$sites = Get-NeoipcDepartments ran twice unconditionally; $isCombined was undefined (param is $Combined)	Fixed — branch on $Combined once, single Get-NeoipcDepartments call only on the per-site path
3	New-ValidationReports.ps1:128	$Language referenced after rename to $Locale; Resolve-NeoipcLocaleQmd -Language after helper signature changed to -Locale; -Combined not implemented	Fixed as part of #2's rewrite — derives $language via Split-NeoipcLocale, calls helper with -Locale $Locale, implements $Combined (renders once without -P departmentFilter:...)
4	New-PatientDataReport.ps1:70	Same Language → Locale rename incomplete; $timestamp not defined	Fixed — added $timestamp = [datetime]::Now.ToString(...) and $language = (Split-NeoipcLocale -Locale $Locale).Language; updated all references
5	ConvertFrom-JsonMetadata.ps1:16	# Dev mode block forced $ForExcel = $true, overriding the user-passed switch	Fixed — removed the override
6	DHIS2Http.ps1:47	$uriBuilder.Query = '?' + (...) produced ?? in URL (setter prepends ? automatically)	Fixed — $uriBuilder.Query = (...)
7	UserInfo.ps1:22	ArgumentCompleter reads data/local/<serverKey>/site-codes.txt, flagged as guardrail-pattern issue	Deferred — the cache pattern is used by 9 sites across 7 scripts (consumers + the Update-NeoipcSiteCache.ps1 writer); fixing only UserInfo.ps1 would create asymmetric paths. Filed as a coordinated follow-up to move all consumers + the writer to $env:LOCALAPPDATA / $env:XDG_CACHE_HOME. Also clarifying: the data/local/ guardrail is an agent-behavior restriction (no Claude/Copilot reads/writes), not a runtime constraint on the shipped scripts — moving the cache is a workflow improvement, not a guardrail-violation fix
8	NeoIPC-BuildTools.psd1:20	Author = '...' flagged as personal-names guardrail violation	False positive — the workspace + submodule guardrails both have an explicit exception: "except in copyright statements and file-header attribution lines (e.g. Author:, @author, Copyright (c) fields)". The .psd1 Author = '...' field is exactly this case
9	_nosocomial_infections.Rmd:1	Missing spaces around inline R expressions — would render InTable 4, found inSEC1.4.2.	Fixed

All 9 threads resolved.

[Copilot]

Pull request overview

Copilot reviewed 166 out of 251 changed files in this pull request and generated 14 comments.

[Brar]

Round 2 — 9fe5dcc

Five unique findings (Copilot duplicated each 2-3 times, so 14 inline comments — the duplicates were resolved without per-thread replies since the canonical thread for each finding has the detailed disposition).

#	Location	Finding	Disposition
1	New-PatientDataReport.ps1:69 (-JsonReport never used)	Real rebase artefact — PR-07b chronological commits added the full build-report machinery (Write-NeoipcBuildReport at the end, error/outputFiles accumulation, ShouldProcess gates, Write-Progress, JsonReport gating), but rebase --onto -X ours dropped most of it	Fixed — restored the whole script to its dev-tip shape and re-applied PR-07a-code round 2 Dhis2Port-null guards on top
2	New-PatientDataReport.ps1:1 (SupportsShouldProcess + no ShouldProcess call)	Same rebase artefact — ShouldProcess() gates were in the dev-tip body but the rebase dropped them	Fixed — same wholesale restore as #1; ShouldProcess gates now wrap both Quarto and Rscript invocations
3	_infectious_agents.Rmd:5 (missing inline-R spaces)	Real — itr dR$refAgentPerInfTable rendered as `itTable 3`, same for `infections`r dR$refDetectionTable	Fixed — added spaces around both inline expressions, matching the same fix pattern as PR-07a-code round 8
4	_fig-ga.qmd:175 (sR$outlier$heading undefined)	Real — outlier: section has no heading sub-key; figure_interpretation.heading does exist	Fixed — replaced with sR$figure_interpretation$heading
5	_fig-bw.qmd:174 (same as #4)	Real	Fixed — same replacement as #4

The two New-PatientDataReport.ps1 findings (#1, #2) — plus the corresponding New-ValidationReports.ps1 omissions — are the same class of rebase-artefact damage that surfaced on PR-08 round 2: the rebase --onto -X ours strategy aggressively chose ours-side resolution where PR-07a-code's earlier fixes touched lines that PR-07b chronologically rewrote, dropping the chronological rewrite. The fix here was a wholesale dev-tip restore plus targeted re-application of the still-valid earlier-round fix on top. New-ValidationReports.ps1 had the same damage; restored in the same commit even though Copilot didn't separately flag it.

All 14 threads resolved (5 canonical + 9 duplicates).

[Copilot]

Pull request overview

Copilot reviewed 166 out of 251 changed files in this pull request and generated 6 comments.

[Brar]

Round 3 summary (head 7e1cd8b)

Fixed (2 unique findings, 6 duplicate threads):

• scripts/ConvertFrom-JsonMetadata.ps1: parameter IncudeIds -> IncludeIds, 3 call sites updated to the corrected spelling. Long-standing typo (also present at dev tip); straight rename, no alias.
• scripts/modules/NeoIPC-Tools/Public/{UserInfo,OrgUnits,Tracker}.ps1: ArgumentCompleter cache-dir path was off by one Split-Path level (resolved to scripts/ instead of repo root). Added the missing Split-Path so site-code tab completion now finds data/local//site-codes.txt at repo root, matching Update-NeoipcSiteCache.ps1's writer. Same one-line fix applied to all three modules with the identical pattern.

Note: both findings predate PR-07b at the dev tip — these are bugs the upstreaming squash-merged main will start out without.

[Copilot]

Pull request overview

Copilot reviewed 166 out of 251 changed files in this pull request and generated 3 comments.

[Brar]

Round 4 summary (head 01224fc)

Fixed:

• reports/Reference-Report/content/_infectious_agents.Rmd: reverted round 2's added spaces. The dR$ref*Table values built in _setup.qmd already begin with ' (@tbl-...)' when non-empty, so an outer space before the inline R produced visible ' .' on the empty-string path. Dev tip is also without outer spaces — round 2 was wrong from me.
• scripts/modules/NeoIPC-Tools/Public/UserInfo.ps1: Read-UserInfo now accepts -Path. Threaded through:
  • ArgumentCompleter's Get-NeoipcServerKey call, so the cache key matches Update-NeoipcSiteCache.ps1's writer when running against a non-default-path DHIS2 instance.
  • Endpoint passed to Invoke-NeoipcDhis2Get (prepended to 'api/users').
  • Edit URL base.

Deferred:

• OrgUnits.ps1 and Tracker.ps1 carry the identical completer pattern, but their cmdlets currently don't accept -Path. Wiring -Path through their cmdlet signatures is a separate enhancement — not flagged by Copilot in this round, left for a follow-up.

[Copilot]

Pull request overview

Copilot reviewed 166 out of 251 changed files in this pull request and generated no new comments.

[Brar]

Round 5 summary (head e328dc2)

Copilot's round 5 review reported 'no new comments' but actually generated 18 stored comments (9 unique findings posted twice) that failed to upload to the PR API — recovered via the Running Copilot Code Review Actions run log (run 26776267817) per the CLAUDE.md fallback recipe, and confirmed verbatim against the agent-task session.

Fixed:

• reports/Validation-Report/rules/_rule_0033.Rmd:5 — duplicate DEPARTMENT_CODE in the initial select() removed (bug, moderate severity). All neighboring rules (0030-0036) use the canonical 7-column shape without the duplicate.
• reports/Validation-Report/en/_problem_detail_0014.Rmd:10 — 'find the these codes' -> 'find these codes'.
• reports/Validation-Report/en/_problem_detail_0014.Rmd:15 — 'to bebe reopened' -> 'to be reopened'; 'need reopen' -> 'need to reopen'.
• reports/Validation-Report/de/_solution_0001.Rmd:7 — 'nicht nicht' -> 'nicht'.
• reports/Validation-Report/de/_problem_detail_0020.Rmd:3 — 'Surveilance' -> 'Surveillance'.
• reports/Validation-Report/de/_problem_detail_0014.Rmd:1 — 'ungülitgen' -> 'ungültigen'.
• reports/Validation-Report/de/_problem_detail_0012.Rmd:7 — 'kan' -> 'kann'.
• reports/Validation-Report/de/_problem_detail_0002.Rmd:5 — 'funktionert' -> 'funktioniert'.
• reports/Validation-Report/de/_problem_detail_0011.Rmd:20 — 'unwahrscheilich' -> 'unwahrscheinlich'.

No threads to resolve since the inline comments never reached the PR API. Recording the upload-failure pattern in the upstreaming review log for future reference.

[Copilot]

Pull request overview

Copilot reviewed 174 out of 251 changed files in this pull request and generated 15 comments.

[Brar]

Round 6 summary (head 9290d0c)

5 unique findings on this round (each posted 3 times = 15 inline threads, all replied + resolved).

Fixed:

• scripts/modules/NeoIPC-BuildTools/NeoIPC-BuildTools.psd1:87 — VariablesToExport = '*' -> VariablesToExport = @(), matching the analogous NeoIPC-Tools.psd1.
• scripts/modules/NeoIPC-Tools/Private/DHIS2Http.ps1:2 — softened the header comment to 'Preferred entry point for new public cmdlets that call the DHIS2 API' instead of the absolute claim that all public functions go through this layer. The one remaining direct Invoke-RestMethod call (Get-NeoipcDepartments in ReportHelpers.ps1) predates this layer; routing it through is deferred as a parallel refactor.
• scripts/modules/NeoIPC-Tools/Private/DHIS2Http.ps1:133 — Invoke-NeoipcDhis2Delete now throws on non-2xx DHIS2 status instead of Write-Error + returning the failed response. The only caller (Remove-NeoipcPATs in PAT.ps1) only adds successful responses to a results list, so failures now bubble up rather than getting silently filed alongside successes.
• scripts/modules/NeoIPC-Tools/Public/UserInfo.ps1 -Path semantics — now treats -Path as the DHIS2 API base path (default '/api'), consistent with Get-NeoipcServerKey's convention. Endpoint is always $apiBase/users (no more double-/api); UI base derived by stripping a trailing '/api'.

Pushed back (workspace guardrail exception):

• NeoIPC-BuildTools.psd1:19 Author field. The workspace personal-names guardrail has an explicit exception for attribution fields (Author:, @author, Copyright (c)). A PowerShell module manifest's Author = '...' is exactly that documented exception.

[Copilot]

Pull request overview

Copilot reviewed 174 out of 251 changed files in this pull request and generated 1 comment.

[Brar]

Round 7 summary (head 0001607)

Fixed:

• reports/Reference-Report/content/_nosocomial_infections.Rmd: removed the literal space before r dR$refIDRTable on line 1 and the trailing space inside the paste0 leading text on line 5. The dR$ref*Table values supply their own ' (@tbl-...)' leading space when non-empty and an empty string when disabled, so both inline call sites now render correctly in both states. Same correction pattern as round 4's _infectious_agents.Rmd; dev tip already had this shape.

[Brar]

Round 7 followup (head a8b43e2) — recovered missing finding

Copilot stored 2 findings this round but only 1 (the _nosocomial_infections.Rmd spacing issue, addressed in 0001607) reached the PR API. Recovered the second from the Running Copilot Code Review Actions run (id 26778645600) per the CLAUDE.md fallback recipe, then verified verbatim against the agent-task session bodies the user pasted.

Fixed (critical):

• reports/Validation-Report/rules/_rule_0006.Rmd:11 — rule 6 (surveillance-end-event not completed) had EVENT_DATE = admission_occurredAt. Since the rule is keyed on surveillanceEnd_event, EVENT_DATE should be SURVEILLANCE_END_DATE (which _setup.qmd:73 derives from surveillanceEnd_occurredAt). The old value made the exception join inconsistent and mislabeled the event date in the output.

No inline thread to resolve — the upload failed silently on this finding. Second occurrence of the partial-upload failure pattern documented under PR-07b-code round 5 in the upstreaming review log.

[Copilot]

Pull request overview

Copilot reviewed 175 out of 251 changed files in this pull request and generated 1 comment.

[Brar]

Round 8 followup (head 8a4cde1) — recovery + false-positive batch

The new workspace guardrail's PR/run-log count cross-check caught a 20-of-21 partial upload failure. The PR review body claimed 'generated 1 comment'; Actions run 26779380886 stored 21 unique findings.

Of those 21:

• ✅ 1 uploaded and fixed in 8a4cde1: scripts/modules/NeoIPC-Tools/Private/DHIS2Http.ps1:121-123 — simplified the result-capture subexpression/stream-redirect to a plain assignment.
• ❌ 20 dropped silently, all severity = critical, all false positives. Each is identical: 'The R code chunk header isn't valid knitr/Quarto syntax (e.g. {r Validation rule N: "..."}). Chunk labels can't contain spaces/colons/quoted strings…' Targeted _rule_0001..0020.Rmd:1 (excluding _rule_0006.Rmd which Copilot itself rejected with 'not within any of the specified regions'), and _rule_0042.Rmd:1.

Why false positive: knitr's chunk-label parsing is permissive. Empirical test of {r Validation rule 1: "The patient does not have an enrollment"} and {r rule-0002} in the same .Rmd file: both render cleanly. The knitr render log explicitly tags the first chunk as [Validation rule 1: "The patient does not have an enrollment"] — knitr treats the entire string up to } as the chunk label when no , introduces a comma-separated option. Dev tip uses the same chunk-label shape ({r Validation rule 1: patient without enrolment}), so this codebase has been rendering with these labels for the whole PartnerReport history.

No code changes from the 20 dropped findings. Recording the false-positive pattern in the upstreaming review log.

[Copilot]

Pull request overview

Copilot reviewed 175 out of 251 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (3)

reports/Reference-Report/tables/_tbl-abr-infection-rate.qmd:66

• fmt_number() is using columns = !sR$table_headers$n, which is fragile/ambiguous because sR$table_headers$n is a string (set via the earlier rename()), and !<character> can be interpreted as a logical negation rather than a tidyselect negation. This can break table rendering at runtime. Use tidyselect explicitly to exclude the N column (consistent with the Partner Report tables).
  reports/Reference-Report/tables/_tbl-abr-infection-rate.qmd:66
• fmt_number() is using columns = !sR$table_headers$n, which is fragile/ambiguous because sR$table_headers$n is a string (set via the earlier rename()), and !<character> can be interpreted as a logical negation rather than a tidyselect negation. This can break table rendering at runtime. Use tidyselect explicitly to exclude the N column (consistent with the Partner Report tables).
  reports/Reference-Report/tables/_tbl-abr-infection-rate.qmd:33
• stringr::str_extract() only accepts (string, pattern). Passing a third positional argument (the capture-group index) will raise an "unused argument" error at runtime, so this table chunk will fail to render. Use stringr::str_match() (or str_match_first()) to access capture groups instead.

[Brar]

Round 9 cross-check (head f07cd67) — direct postfilter evidence + 1 resolved fix

The PR review body says 'generated no new comments' but includes an explicit 'Comments suppressed due to low confidence (3)' section. Actions run 26780871467 stored 5 events (3 unique findings × dedup duplicates).

Suppressed-due-to-low-confidence (2 unique findings shown by Copilot, both documented false positives):

1. reports/Reference-Report/tables/_tbl-abr-infection-rate.qmd:66 — 'fmt_number() is using columns = !sR$table_headers$n, which is fragile/ambiguous because sR$table_headers$n is a string and ! can be interpreted as logical negation'. Documented FP pattern 'columns = !sR$x applies ! to character' (first seen PR-07a-code round 6); tidyselect's ! correctly inverts on string column names. No change.
2. reports/Reference-Report/tables/_tbl-abr-infection-rate.qmd:33 — 'stringr::str_extract() only accepts (string, pattern). Passing a third positional argument will raise an unused argument error.' Documented FP pattern (first seen PR-07a-code round 6); stringr ≥1.5.0 added a positional group= parameter, neoipcr DESCRIPTION pins >=1.5.1. No change.

This is direct empirical confirmation of the confidence-based postfilter — and Copilot got both calls correct.

Silently dropped (1 unique finding, NOT listed in suppressed section) — now fixed:

• reports/Validation-Report/rules/_rule_0004.Rmd:5-8 (severity=moderate, type=bug). Body recovered (rule title vs filter mismatch — title claimed 'same as or earlier than the admission date' but the filter at line 7 is strict <). Copilot's suggested_fix was to loosen the filter to <=; we went the OPPOSITE direction in f07cd67 — tightened the chunk title to drop 'same as or', matching the round 2 neoipcr-side validation_rule_4 canonicalization to 'before the admission date'. Single-line title change keeps the strict-< filter that's consistent with the rest of the upstreaming stack.

[Copilot]

Pull request overview

Copilot reviewed 176 out of 251 changed files in this pull request and generated 2 comments.

[Brar]

Round 10 summary (head f07cd67)

Pre-flight per the count cross-check guardrail: Actions run 26781907657 stored 1 unique finding; PR review body claims 2 comments (inline threads); no 'Comments suppressed due to low confidence' section. Mismatch is the opposite direction this time — 1 unique store event produced 2 inline threads (Copilot's known dedup-duplication quirk; same body posted twice on PR-API). Run-log count 1 = unique findings; PR-API count 2 = dedup-inflated thread count.

Pushed back (no code change):

• scripts/modules/NeoIPC-BuildTools/NeoIPC-BuildTools.psd1:19 (Author field personal name) — same finding re-raised from round 6. Workspace CLAUDE.md guardrail's exception for attribution fields (Author:, @author, Copyright) makes this a documented false-positive pattern; tracked in the cross-PR FP table. Both inline threads replied + resolved.