feat(skills): add /topissues slash command for RICE backlog

[ifireball]

Summary

• Add /topissues slash command (Cursor + Claude Code) backed by a stdlib Python script that builds a merged RICE priority table via gh GraphQL
• Introduce canonical commands/ tree with .cursor/commands and .claude/commands symlinks (mirrors existing skills layout)
• Wire unit tests into make script-test the same way as process-fix-result-test.py

Test plan

• python3 skills/topissues/scripts/topissues_test.py
• make script-test (full suite)
• Manual: python3 skills/topissues/scripts/topissues.py in a repo with RICE-scored issues
• Confirm /topissues appears in Cursor and Claude Code command help

Made with Cursor

[github-actions]

Site preview

Preview: https://1cd25e21-site.fullsend-ai.workers.dev

Commit: 7112d857f2e501b19286093d6318d4fc452e0701

[fullsend-ai-review]

Review

Findings

High

• [protected-path] .claude/commands — This PR adds a symlink under .claude/, which is a protected path requiring human approval. The PR has no linked issue (closingIssuesReferences is empty) and the description does not reference an authorizing issue. While the symlink mirrors the existing .claude/skills -> ../skills pattern and the rationale is clear from context, protected-path changes require a linked issue for traceability.
  Remediation: Link a GitHub issue authorizing the .claude/commands symlink addition, or have a maintainer explicitly approve the protected-path change.

Previous run

Review

Findings

High

• [protected-path] .claude/commands — This PR adds a symlink under .claude/, which is a protected path requiring human approval. The PR has no linked issue (closingIssuesReferences is empty) and the description does not reference an authorizing issue. While the symlink mirrors the existing .claude/skills -> ../skills pattern and the rationale is clear from context, protected-path changes require a linked issue for traceability.
  Remediation: Link a GitHub issue authorizing the .claude/commands symlink addition, or have a maintainer explicitly approve the protected-path change.

Prior review note: the low-severity [correctness] finding from the previous review (re resolve_project_number env-var parsing without try/except ValueError) is resolved — the code now correctly wraps int(env_val) in try/except ValueError (lines 407–410).

Previous run (2)

Review

Findings

High

• [protected-path] .claude/commands — This PR adds a symlink under .claude/, which is a protected path requiring human approval. The PR has no linked issue (closingIssuesReferences is empty) and the description does not reference an authorizing issue. While the symlink mirrors the existing .claude/skills -> ../skills pattern and the rationale is clear from context, protected-path changes require a linked issue for traceability.
  Remediation: Link a GitHub issue authorizing the .claude/commands symlink addition, or have a maintainer explicitly approve the protected-path change.

Low

• [correctness] skills/topissues/scripts/topissues.py:390 — resolve_project_number parses the FULLSEND_PROJECT_NUMBER environment variable with a bare int(env_val) call (no try/except ValueError). If the env var is set to a non-numeric string (e.g. "abc"), the script raises an unhandled ValueError with a raw traceback instead of the friendly error message at the end of the function. The try_run_gh fallback path just below correctly wraps int() in try/except ValueError, but the env-var path does not.
  Remediation: Wrap the int(env_val) call in a try/except ValueError block that falls through to the friendly error message, matching the pattern used for the org-variable fallback.

Prior review note: the medium-severity [correctness] finding from the previous review (re resolve_project_number using run_gh) is resolved — the code now correctly uses try_run_gh, which returns None on failure and allows the friendly error message to be reached.

Previous run (3)

Review

Findings

High

• [protected-path] .claude/commands — This PR adds a symlink under .claude/, which is a protected path requiring human approval. The PR has no linked issue (closingIssuesReferences is empty) and the description does not reference an authorizing issue. While the symlink mirrors the existing .claude/skills -> ../skills pattern and the rationale is clear from context, protected-path changes require a linked issue for traceability.
  Remediation: Link a GitHub issue authorizing the .claude/commands symlink addition, or have a maintainer explicitly approve the protected-path change.

Medium

• [correctness] skills/topissues/scripts/topissues.py:388 — resolve_project_number attempts to fall through gracefully when gh variable get fails (lines 388–395), but run_gh calls sys.exit(3) on CalledProcessError instead of raising. SystemExit is not caught by except (subprocess.CalledProcessError, ValueError), so the friendly error message at lines 396–401 ("project number required; set FULLSEND_PROJECT_NUMBER…") is unreachable when the gh command fails. Users who lack the org variable get a raw gh CLI error (exit 3) instead of the intended guidance listing all three ways to provide the project number.
  Remediation: Use subprocess.run directly (without run_gh) for this call so CalledProcessError can be caught, or add a check=False variant of run_gh that returns the result instead of exiting.

Previous run (4)

Review

Findings

High

• [protected-path] .claude/commands — This PR adds a symlink under .claude/, which is a protected path requiring human approval. The PR has no linked issue (closingIssuesReferences is empty) and the description does not reference an authorizing issue. While the symlink mirrors the existing .claude/skills -> ../skills pattern and the rationale is clear from context, protected-path changes require a linked issue for traceability.
  Remediation: Link a GitHub issue authorizing the .claude/commands symlink addition, or have a maintainer explicitly approve the protected-path change.

Info

• [correctness] skills/topissues/scripts/topissues.py:31 — The ISSUES_QUERY fetches comments(first: 100) as a nested connection without pagination. Issues with more than 100 comments may have their RICE score comment missed if it falls outside the first 100. This is a practical limitation unlikely to matter for most repositories.
  Remediation: Consider paginating comments or fetching them in reverse chronological order (most recent RICE score is likely near the end).

Previous run (5)

Review

Findings

High

• [protected-path] .claude/commands — This PR adds a symlink under .claude/, which is a protected path requiring human approval. The PR has no linked issue to authorize the change. While the symlink mirrors the existing .claude/skills -> ../skills pattern and the PR description explains the rationale, protected-path changes require a linked issue for traceability. Human review is required before merging.
  Remediation: Link a GitHub issue authorizing the .claude/commands symlink addition, or have a maintainer explicitly approve the protected-path change.

Low

• [correctness] skills/topissues/scripts/topissues.py:76 — The RICE_SCORE_RE regex uses [\\d.]+ which can match invalid float strings like 1.2.3 or .... If such a string appears in a comment, float(match.group(1)) will raise an unhandled ValueError. While RICE scores are agent-generated and unlikely to be malformed, defensive parsing would be more robust.
  Remediation: Wrap the float() call in a try/except ValueError, or tighten the regex to \\d+(?:\\.\\d+)?.

Info

• [correctness] skills/topissues/scripts/topissues.py:31 — The GraphQL query fetches comments(first: 100) without pagination. Issues with more than 100 comments may have their RICE score comments truncated, causing the script to miss or undercount scores. This is a practical limitation unlikely to matter for most repositories.
  Remediation: Consider paginating comments or fetching them in reverse chronological order (most recent RICE score is likely near the end).

[fullsend-ai-review]

See the review comment for full details.

[ifireball]

Maintainer sign-off (@ifireball)

Protected-path (/.claude/commands): Approved on behalf of maintainers. This mirrors the existing .claude/skills → ../skills symlink pattern; the canonical commands/ tree is required for portable /topissues in Cursor and Claude Code.

Review agent findings:

• RICE regex (low): Fixed in decf4df5 — see thread reply.
• Comment pagination (info): Accepted v1 limitation — see thread reply.

(GitHub blocks self-approval on own PRs; this comment is explicit maintainer authorization for the protected-path change.)

[fullsend-ai-review]

See the review comment for full details.

[ifireball]

Pushed 7f786811: /topissues now reads RICE Score from the org GitHub Project board only (no issue comments). Adds --project N and resolves project number from FULLSEND_PROJECT_NUMBER env or org variable.

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

See the review comment for full details.

[fullsend-ai-review]

See the review comment for full details.

[ifireball]

@ralphbean since you marked your review comments as low quality, should I regard that as a signal to ignore them and go ahead and merge the PR ?

[fullsend-ai-review]

See the review comment for full details.