From 3f4c92860c987fdcc7499255b32298a19daa7998 Mon Sep 17 00:00:00 2001
From: Kiril Kartunov <kkartunov@users.noreply.github.com>
Date: Fri, 12 Dec 2025 08:48:07 +0200
Subject: [PATCH 1/8] Potential fix for code scanning alert no. 71: Incomplete
 string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/apps/review/src/lib/utils/metadataMatching.ts | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/apps/review/src/lib/utils/metadataMatching.ts b/src/apps/review/src/lib/utils/metadataMatching.ts
index e41c6fd58..aa18006f1 100644
--- a/src/apps/review/src/lib/utils/metadataMatching.ts
+++ b/src/apps/review/src/lib/utils/metadataMatching.ts
@@ -112,9 +112,14 @@ export function findMetadataPhaseMatch(
             return { source: 'stringExact' }
         }
 
-        const escapedTarget = escapeRegexLiteral(target)
-            .replace(/ /g, '\\ ')
-        const sepInsensitive = new RegExp(`\\b${escapedTarget.replace(/\\ /g, '[-_\\s]+')}\\b`)
+        // Replace all sequences of space, underscore, or hyphen in the target with a placeholder
+        const WORDSEP_PLACEHOLDER = '__WORDSEP__';
+        const sepPattern = /[ \-_]+/g;
+        const targetWithPlaceholder = target.replace(sepPattern, WORDSEP_PLACEHOLDER);
+        // Properly escape ALL regex metacharacters (including backslash), leaving the placeholder intact
+        const escapedTarget = escapeRegexLiteral(targetWithPlaceholder)
+            .replace(new RegExp(escapeRegexLiteral(WORDSEP_PLACEHOLDER), 'g'), '[-_\\s]+');
+        const sepInsensitive = new RegExp(`\\b${escapedTarget}\\b`);
         if (sepInsensitive.test(normalizedMetadata)) {
             return { source: 'stringBoundary' }
         }

From 99c96d7978205ded939ef074346f8776a4299d3f Mon Sep 17 00:00:00 2001
From: Kiril Kartunov <kkartunov@users.noreply.github.com>
Date: Fri, 12 Dec 2025 08:54:21 +0200
Subject: [PATCH 2/8] Potential fix for code scanning alert no. 69: Incomplete
 string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../lib/components/FieldMarkdownEditor/FieldMarkdownEditor.tsx  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/apps/review/src/lib/components/FieldMarkdownEditor/FieldMarkdownEditor.tsx b/src/apps/review/src/lib/components/FieldMarkdownEditor/FieldMarkdownEditor.tsx
index 58897ba0c..6a76e9139 100644
--- a/src/apps/review/src/lib/components/FieldMarkdownEditor/FieldMarkdownEditor.tsx
+++ b/src/apps/review/src/lib/components/FieldMarkdownEditor/FieldMarkdownEditor.tsx
@@ -135,7 +135,7 @@ const toggleStrategy = {
     },
     italic: (start: any, end: any) => {
         const startType = start.replace(/(\*|_)(?![\s\S]*(\*|_))/, '')
-        const endType = end.replace(/(\*|_)/, '')
+        const endType = end.replace(/(\*|_)/g, '')
         return { endType, startType }
     },
     strikethrough: (start: any, end: any) => {

From 020c2300b7303c6627503afe108d66bc53fc1dd9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 06:56:28 +0000
Subject: [PATCH 3/8] Initial plan


From 6bd27a917976691037302ae3cab29d7f0e408564 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 07:02:31 +0000
Subject: [PATCH 4/8] Fix ESLint semicolon errors in metadataMatching.ts

Co-authored-by: kkartunov <5585002+kkartunov@users.noreply.github.com>
---
 src/apps/review/src/lib/utils/metadataMatching.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/apps/review/src/lib/utils/metadataMatching.ts b/src/apps/review/src/lib/utils/metadataMatching.ts
index aa18006f1..2279bfe00 100644
--- a/src/apps/review/src/lib/utils/metadataMatching.ts
+++ b/src/apps/review/src/lib/utils/metadataMatching.ts
@@ -113,13 +113,13 @@ export function findMetadataPhaseMatch(
         }
 
         // Replace all sequences of space, underscore, or hyphen in the target with a placeholder
-        const WORDSEP_PLACEHOLDER = '__WORDSEP__';
-        const sepPattern = /[ \-_]+/g;
-        const targetWithPlaceholder = target.replace(sepPattern, WORDSEP_PLACEHOLDER);
+        const WORDSEP_PLACEHOLDER = '__WORDSEP__'
+        const sepPattern = /[ \-_]+/g
+        const targetWithPlaceholder = target.replace(sepPattern, WORDSEP_PLACEHOLDER)
         // Properly escape ALL regex metacharacters (including backslash), leaving the placeholder intact
         const escapedTarget = escapeRegexLiteral(targetWithPlaceholder)
-            .replace(new RegExp(escapeRegexLiteral(WORDSEP_PLACEHOLDER), 'g'), '[-_\\s]+');
-        const sepInsensitive = new RegExp(`\\b${escapedTarget}\\b`);
+            .replace(new RegExp(escapeRegexLiteral(WORDSEP_PLACEHOLDER), 'g'), '[-_\\s]+')
+        const sepInsensitive = new RegExp(`\\b${escapedTarget}\\b`)
         if (sepInsensitive.test(normalizedMetadata)) {
             return { source: 'stringBoundary' }
         }

From 3ec6382d491bb5c4f486031bd0c1bb1304d2e0de Mon Sep 17 00:00:00 2001
From: Hentry Martin <hentrymartin.p@gmail.com>
Date: Fri, 12 Dec 2025 10:43:53 +0100
Subject: [PATCH 5/8] Revert "fix(PM-2573): show only submissions with passed
 screening score"

---
 .../components/TableReview/TableReview.tsx    | 20 +++++--------------
 1 file changed, 5 insertions(+), 15 deletions(-)

diff --git a/src/apps/review/src/lib/components/TableReview/TableReview.tsx b/src/apps/review/src/lib/components/TableReview/TableReview.tsx
index 17c2662ac..eb07bb1bb 100644
--- a/src/apps/review/src/lib/components/TableReview/TableReview.tsx
+++ b/src/apps/review/src/lib/components/TableReview/TableReview.tsx
@@ -266,21 +266,11 @@ export const TableReview: FC<TableReviewProps> = (props: TableReviewProps) => {
     const minimumPassingScoreByScorecardId = useScorecardPassingScores(scorecardIds)
 
     const aggregatedRows = useMemo<SubmissionRow[]>(() => {
-        const rows = aggregatedSubmissionRows
-            .filter(aggregated => {
-                const reviews = aggregated.reviews ?? []
-                const myReviewDetail = reviews.find(review => {
-                    const resourceId = review.reviewInfo?.resourceId ?? review.resourceId
-                    return resourceId ? myReviewerResourceIds.has(resourceId) : false
-                })
-
-                return !!myReviewDetail?.reviewId
-            })
-            .map(aggregated => ({
-                ...(aggregated.submission ?? {}),
-                ...aggregated.submission,
-                aggregated,
-            })) as SubmissionRow[]
+        const rows = aggregatedSubmissionRows.map(aggregated => ({
+            ...(aggregated.submission ?? {}),
+            ...aggregated.submission,
+            aggregated,
+        })) as SubmissionRow[]
 
         if (!restrictToLatest) {
             return rows

From 730a58af756b314c8c5be5c57959da96abe7e7dc Mon Sep 17 00:00:00 2001
From: Hentry Martin <hentrymartin.p@gmail.com>
Date: Fri, 12 Dec 2025 10:45:01 +0100
Subject: [PATCH 6/8] deploy revert

---
 .circleci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 5f3cac937..0cd8f2298 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -226,7 +226,7 @@ workflows:
                       branches:
                           only:
                               - dev
-                              - pm-3141_3
+                              - revert-1373-pm-2573
 
             - deployQa:
                   context: org-global

From 4b2432450041a3cb5da973780a80437c6b4888a7 Mon Sep 17 00:00:00 2001
From: Hentry Martin <hentrymartin.p@gmail.com>
Date: Fri, 12 Dec 2025 11:42:32 +0100
Subject: [PATCH 7/8] fix: add manager comment button showing to submitters and
 normal reviewer

---
 .../ReviewManagerComment/ReviewManagerComment.tsx      |  3 ++-
 .../ScorecardViewer/ScorecardViewer.context.tsx        |  4 ++++
 .../Scorecard/ScorecardViewer/ScorecardViewer.tsx      |  2 ++
 .../src/lib/components/TableAppeals/TableAppeals.tsx   |  1 +
 .../TableAppealsResponse/TableAppealsResponse.tsx      |  5 +++--
 .../src/lib/components/common/TableColumnRenderers.tsx | 10 ++++++++--
 src/apps/review/src/lib/components/common/types.ts     |  2 ++
 src/apps/review/src/lib/utils/routes.ts                |  6 +++++-
 .../reviews/components/ReviewViewer/ReviewViewer.tsx   |  6 ++++++
 9 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardQuestion/ReviewResponse/ReviewManagerComment/ReviewManagerComment.tsx b/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardQuestion/ReviewResponse/ReviewManagerComment/ReviewManagerComment.tsx
index 99ace9f3c..82f26a1a8 100644
--- a/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardQuestion/ReviewResponse/ReviewManagerComment/ReviewManagerComment.tsx
+++ b/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardQuestion/ReviewResponse/ReviewManagerComment/ReviewManagerComment.tsx
@@ -31,6 +31,7 @@ interface ReviewManagerCommentProps {
 const ReviewManagerComment: FC<ReviewManagerCommentProps> = props => {
     const {
         isManagerEdit,
+        canAddManagerComment,
         isSavingManagerComment,
         addManagerComment,
     }: ScorecardViewerContextValue = useScorecardViewerContext()
@@ -131,7 +132,7 @@ const ReviewManagerComment: FC<ReviewManagerCommentProps> = props => {
                 </div>
             )}
 
-            {!showCommentForm && !comment && isManagerEdit && (
+            {!showCommentForm && !comment && isManagerEdit && canAddManagerComment && (
                 <button
                     type='button'
                     onClick={handleShowCommentForm}
diff --git a/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardViewer.context.tsx b/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardViewer.context.tsx
index 02ba27ac9..ab86deabf 100644
--- a/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardViewer.context.tsx
+++ b/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardViewer.context.tsx
@@ -22,6 +22,7 @@ export interface ScorecardViewerContextProps {
     children: ReactNode;
     scorecard: Scorecard | ScorecardInfo
     aiFeedbackItems?: AiFeedbackItem[]
+    canAddManagerComment?: boolean
     reviewInfo?: ReviewInfo
     isEdit?: boolean
     isManagerEdit?: boolean
@@ -66,6 +67,7 @@ export interface ScorecardViewerContextProps {
 
 export type ScorecardViewerContextValue = {
     aiFeedbackItems?: AiFeedbackItem[]
+    canAddManagerComment?: boolean
     toggledItems: {[key: string]: boolean}
     toggleItem: (id: string, toggle?: boolean) => void
     reviewInfo?: ReviewInfo
@@ -142,6 +144,7 @@ export const ScorecardViewerContextProvider: FC<ScorecardViewerContextProps> = p
         addAppealResponse: props.addAppealResponse,
         addManagerComment: props.addManagerComment,
         aiFeedbackItems: props.aiFeedbackItems,
+        canAddManagerComment: props.canAddManagerComment,
         doDeleteAppeal: props.doDeleteAppeal,
         form: props.isEdit ? reviewFormCtx.form : undefined,
         formErrors: props.isEdit ? reviewFormCtx.form.formState.errors : undefined,
@@ -161,6 +164,7 @@ export const ScorecardViewerContextProvider: FC<ScorecardViewerContextProps> = p
         touchedAllFields: reviewFormCtx.touchedAllFields,
     }), [
         props.aiFeedbackItems,
+        props.canAddManagerComment,
         props.reviewInfo,
         props.isEdit,
         props.isManagerEdit,
diff --git a/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardViewer.tsx b/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardViewer.tsx
index 206a5070c..7e22ffb38 100644
--- a/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardViewer.tsx
+++ b/src/apps/review/src/lib/components/Scorecard/ScorecardViewer/ScorecardViewer.tsx
@@ -44,6 +44,7 @@ interface ScorecardViewerProps {
     isSavingAppeal?: boolean
     isSavingAppealResponse?: boolean
     isSavingManagerComment?: boolean
+    canAddManagerComment?: boolean
     setReviewStatus?: (status: ReviewCtxStatus) => void
     setActionButtons?: (buttons?: ReactNode) => void
     saveReviewInfo?: (
@@ -335,6 +336,7 @@ const ScorecardViewer: FC<ScorecardViewerProps> = props => (
     <ScorecardViewerContextProvider
         scorecard={props.scorecard}
         aiFeedbackItems={props.aiFeedback}
+        canAddManagerComment={props.canAddManagerComment}
         reviewInfo={props.reviewInfo}
         isEdit={props.isEdit}
         isManagerEdit={props.isManagerEdit}
diff --git a/src/apps/review/src/lib/components/TableAppeals/TableAppeals.tsx b/src/apps/review/src/lib/components/TableAppeals/TableAppeals.tsx
index 1c88e1a21..69bd760e0 100644
--- a/src/apps/review/src/lib/components/TableAppeals/TableAppeals.tsx
+++ b/src/apps/review/src/lib/components/TableAppeals/TableAppeals.tsx
@@ -256,6 +256,7 @@ export const TableAppeals: FC<TableAppealsProps> = (props: TableAppealsProps) =>
                         ? ownedMemberIds.has(submissionOwnerId)
                         : false
                 },
+                canRespondToAppeals: isAdmin || hasReviewerRole,
                 canViewScorecard: canAccessScorecards,
                 isAppealsTab: true,
             }
diff --git a/src/apps/review/src/lib/components/TableAppealsResponse/TableAppealsResponse.tsx b/src/apps/review/src/lib/components/TableAppealsResponse/TableAppealsResponse.tsx
index 18abad3a3..ff9caf595 100644
--- a/src/apps/review/src/lib/components/TableAppealsResponse/TableAppealsResponse.tsx
+++ b/src/apps/review/src/lib/components/TableAppealsResponse/TableAppealsResponse.tsx
@@ -319,10 +319,11 @@ export const TableAppealsResponse: FC<TableAppealsResponseProps> = (props: Table
     const scoreVisibilityConfig = useMemo<ScoreVisibilityConfig>(
         () => ({
             canDisplayScores: () => true,
+            canRespondToAppeals,
             canViewScorecard: true,
             isAppealsTab: false,
         }),
-        [],
+        [canRespondToAppeals],
     )
 
     const columns = useMemo<TableColumn<SubmissionRow>[]>(() => {
@@ -467,7 +468,7 @@ export const TableAppealsResponse: FC<TableAppealsResponseProps> = (props: Table
                                 >
                                     <Link
                                         className={styles.respondButton}
-                                        to={getReviewRoute(submission.id, reviewId)}
+                                        to={getReviewRoute(submission.id, reviewId, canRespondToAppeals)}
                                     >
                                         Respond to Appeals
                                     </Link>
diff --git a/src/apps/review/src/lib/components/common/TableColumnRenderers.tsx b/src/apps/review/src/lib/components/common/TableColumnRenderers.tsx
index 2a780a822..fd6046578 100644
--- a/src/apps/review/src/lib/components/common/TableColumnRenderers.tsx
+++ b/src/apps/review/src/lib/components/common/TableColumnRenderers.tsx
@@ -522,6 +522,7 @@ export function renderScoreCell(
         canViewScorecard,
         viewOwnScorecardTooltip = VIEW_OWN_SCORECARD_TOOLTIP,
         getReviewUrl,
+        canRespondToAppeals,
     }: ScoreVisibilityConfig = configWithDefaults
 
     const reviewDetail = submission.aggregated?.reviews?.[reviewIndex]
@@ -585,7 +586,9 @@ export function renderScoreCell(
         )
     }
 
-    const reviewUrl = getReviewUrl ? getReviewUrl(reviewId) : getReviewRoute(submission.id, reviewId)
+    const reviewUrl = getReviewUrl
+        ? getReviewUrl(reviewId)
+        : getReviewRoute(submission.id, reviewId, canRespondToAppeals)
 
     return (
         <div className={styles.scoreReopenBlock}>
@@ -615,6 +618,7 @@ export function renderAppealsCell(
         canViewScorecard,
         viewOwnScorecardTooltip = VIEW_OWN_SCORECARD_TOOLTIP,
         getReviewUrl,
+        canRespondToAppeals,
     }: ScoreVisibilityConfig = configWithDefaults
 
     const reviewDetail = submission.aggregated?.reviews?.[reviewIndex]
@@ -668,7 +672,9 @@ export function renderAppealsCell(
         )
     }
 
-    const reviewUrl = getReviewUrl ? getReviewUrl(reviewId) : getReviewRoute(submission.id, reviewId)
+    const reviewUrl = getReviewUrl
+        ? getReviewUrl(reviewId)
+        : getReviewRoute(submission.id, reviewId, canRespondToAppeals)
 
     return (
         <Link
diff --git a/src/apps/review/src/lib/components/common/types.ts b/src/apps/review/src/lib/components/common/types.ts
index d3b6a9c40..0d56e70ae 100644
--- a/src/apps/review/src/lib/components/common/types.ts
+++ b/src/apps/review/src/lib/components/common/types.ts
@@ -75,6 +75,8 @@ export interface ScoreVisibilityConfig {
     isAppealsTab?: boolean
     /** Optional function to build review detail URLs by ID. */
     getReviewUrl?: (reviewId: string) => string
+    /** Indicates whether the viewer can appeal to respond. */
+    canRespondToAppeals?: boolean
 }
 
 export type { AggregatedReviewDetail, AggregatedSubmissionReviews }
diff --git a/src/apps/review/src/lib/utils/routes.ts b/src/apps/review/src/lib/utils/routes.ts
index 777117dc7..9b20681e0 100644
--- a/src/apps/review/src/lib/utils/routes.ts
+++ b/src/apps/review/src/lib/utils/routes.ts
@@ -6,8 +6,10 @@ const CHALLENGE_DETAILS_SEGMENT = /(active-challenges|past-challenges)\/([^/]+)\
 export function getReviewRoute(
     submissionId: string,
     reviewId: string,
+    addRespondToAppeals?: boolean,
     currentPathname?: string,
 ): string {
+    console.log('getReviewRoute called with:', addRespondToAppeals)
     const encodedReviewId = encodeURIComponent(reviewId)
     const pathname = currentPathname
         ?? (typeof window !== 'undefined' ? window.location.pathname : '')
@@ -26,7 +28,9 @@ export function getReviewRoute(
                 ? `${prefix}/${match[1]}/${match[2]}`
                 : `/${match[1]}/${match[2]}`
 
-            return `${basePath}/reviews/${submissionId}?reviewId=${encodedReviewId}&respondToAppeals=true`
+            const respondToAppeals = addRespondToAppeals ? '&respondToAppeals=true' : ''
+
+            return `${basePath}/reviews/${submissionId}?reviewId=${encodedReviewId}${respondToAppeals}`
         }
     }
 
diff --git a/src/apps/review/src/pages/reviews/components/ReviewViewer/ReviewViewer.tsx b/src/apps/review/src/pages/reviews/components/ReviewViewer/ReviewViewer.tsx
index 9b3fd3f54..fc573e2ee 100644
--- a/src/apps/review/src/pages/reviews/components/ReviewViewer/ReviewViewer.tsx
+++ b/src/apps/review/src/pages/reviews/components/ReviewViewer/ReviewViewer.tsx
@@ -272,6 +272,12 @@ const ReviewViewer: FC = () => {
                             isSavingAppeal={isSavingAppeal}
                             isSavingAppealResponse={isSavingAppealResponse}
                             isSavingManagerComment={isSavingManagerComment}
+                            canAddManagerComment={
+                                hasChallengeAdminRole
+                                || hasTopcoderAdminRole
+                                || hasChallengeManagerRole
+                                || hasChallengeCopilotRole
+                            }
                             saveReviewInfo={saveReviewInfo}
                             addAppeal={addAppeal}
                             addAppealResponse={addAppealResponse}

From 667ea4eeb74e3a6c1626382b039e448f26dad640 Mon Sep 17 00:00:00 2001
From: Hentry Martin <hentrymartin.p@gmail.com>
Date: Fri, 12 Dec 2025 11:46:54 +0100
Subject: [PATCH 8/8] fix: add manager comment button showing to submitters and
 normal reviewer

---
 .circleci/config.yml                    | 2 +-
 src/apps/review/src/lib/utils/routes.ts | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 5f3cac937..66daffecf 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -226,7 +226,7 @@ workflows:
                       branches:
                           only:
                               - dev
-                              - pm-3141_3
+                              - pm-3141_fix
 
             - deployQa:
                   context: org-global
diff --git a/src/apps/review/src/lib/utils/routes.ts b/src/apps/review/src/lib/utils/routes.ts
index 9b20681e0..be18f8b9d 100644
--- a/src/apps/review/src/lib/utils/routes.ts
+++ b/src/apps/review/src/lib/utils/routes.ts
@@ -9,7 +9,6 @@ export function getReviewRoute(
     addRespondToAppeals?: boolean,
     currentPathname?: string,
 ): string {
-    console.log('getReviewRoute called with:', addRespondToAppeals)
     const encodedReviewId = encodeURIComponent(reviewId)
     const pathname = currentPathname
         ?? (typeof window !== 'undefined' ? window.location.pathname : '')