refactor: Inline JavaScript in test.yml coverage-summary job violates CLAUDE.md "no inline CI code"

[Jamie-BitFlight]

Story

As a maintainer of the codebase, I want to inline javascript in test.yml coverage-summary job violates claude.md "no inline ci code" so that the code is cleaner and more maintainable.

Description

Problem

CLAUDE.md contains an explicit rule: "Never write logic directly in .github/workflows/*.yml run: blocks beyond a single-line call." The coverage-summary job in .github/workflows/test.yml lines 138-169 contains a multi-line github-script block with embedded JavaScript for posting a sticky PR comment with coverage totals. This block predates P038 and was flagged during the P038 QG Phase 1 code review as a pre-existing CLAUDE.md violation.

The violation is structural, not functional — the JavaScript code works correctly. The concern is that inline CI JavaScript:

• Cannot be linted
• Has no syntax highlighting in most YAML tooling
• Cannot be unit-tested
• Is invisible to ruff, eslint, or any other checker
• Accumulates rot because no tooling touches it

Observations

• File: .github/workflows/test.yml
• Lines: approximately 138-169 (the coverage-summary job's inline github-script invocation)
• The P038 T15 commit (36b05d8) added a new CI step wiring scripts/assert_rules_completeness.py as a one-liner specifically to follow the rule — which made the pre-existing violation more visible by contrast.
• The fix pattern is established in the same repo:
  • Inline logic belongs in scripts/ as a Python or shell script
  • The workflow calls the script with a single-line run: invocation
  • See scripts/bench_io.py, scripts/fetch_doc_source.py, scripts/assert_rules_completeness.py for existing examples of the correct pattern

User context

None — surfaced by the P038 QG code review agent. The user has not explicitly flagged this; CLAUDE.md is the authority, and the rule is explicit.

Research questions

• What GitHub Actions capabilities does the existing inline github-script block use? (actions/github-script@v7, PR comment creation, coverage XML parsing, etc.) These translate to a standalone Python or Node script that uses the GitHub REST API.
• Is there a preferred language for scripts/ CI helpers? The existing scripts are PEP 723 Python; matching that would be consistent.
• Does the coverage-summary comment need to be a sticky comment (upserted in place) or is a new comment per run acceptable? If sticky, the script needs to search for the existing comment by marker and update it.

Suggested location

• New script: scripts/post_coverage_summary.py (PEP 723, stdlib + minimal deps)
• Modified file: .github/workflows/test.yml — replace the multi-line github-script block with a single-line run: python scripts/post_coverage_summary.py invocation
• Possibly: packages/skilllint/boundary/coverage_report.py if there is a reusable coverage XML parser worth extracting

Scope boundary

This is a single file to modify and a single script to create. No behavior change. The GitHub Actions output should be identical before and after.

Acceptance Criteria

• Work matches description
• Plan or implementation complete

Context

• Source: P038 QG Phase 1 code review (session 2026-04-13) — pre-existing violation flagged while auditing CLAUDE.md compliance of the new T15 CI step.
• Priority: P2
• Added: 2026-04-13
• Research questions: None