feat(skills): /issue — file GitHub issues from arbitrary input

[OriginalGary]

Summary

Adds /issue, an operator-only slash command that takes anything from a one-sentence note to a pasted meeting transcript and turns it into well-formed GitHub issues that scout/triage would themselves accept. Auto-detects single-vs-batch — the operator never declares a mode.

Same operator-command pattern as /run / /merge / /unblock. Refuses to run under bot identity (the bot triages, the operator files).

What it does

Mode A — input is ≤3 sentences AND a repo can be resolved → draft + sanitize + dedup-probe + confirm + file. One issue, one prompt.

Mode B — input is >3 sentences OR contains multi-item markers (bullets, and also, paragraph breaks with topic shifts) → decompose into candidates, classify each as NEW / DUPLICATE_OF / ALREADY_RESOLVED / OUT_OF_SCOPE, render approval table, file only the rows the operator approves. Never silently drops a candidate — OUT_OF_SCOPE rows show with a one-line reason.

Mode C — ambiguous short input → exactly one clarifying question, no second.

Sensitivity sanitization (every body, both modes)

Per ~/.claude/rules/context-repo.md:

• public tier (most repos): strict strip — external individuals/orgs replaced with role descriptors (the funder, a partner org rep); internal URLs, credentials, secrets removed; verbatim transcript/email content forbidden; STAGE 13 confidentiality-leak self-check before emit.
• staff-ok tier (context repo): mild strip — internal staff names may stay, external still stripped.
• private tier: no strip required, but never copy verbatim from a confidential origin.

Hard rules (per pipeline-nevers.md + context-repo.md)

• Never applies auto:approved, auto:auto-fixable, auto:requires-human, or any override:* label — those are gates triage and humans own; filing only sets stage:triaged plus type/severity/component
• Never files a body containing raw transcript or email content (one-sentence quote max, paraphrase the rest)
• Never silently drops a Mode B candidate
• Never infers repo from content keywords alone — explicit token / alias whole-word match only. ""there's an auth bug"" does NOT become ai-security. Misfiling is worse than asking
• --no-confirm is forbidden in Mode B (batch filing always requires explicit approval)
• gh errors stop the run (no inline retry, no half-filed batches; if the first gh issue create in a batch fails, abort the rest and surface partial state explicitly)
• Operator's edit on a Mode A draft is the final word — do not re-sanitize after their edit
• Refuses under bot identity — startup gate is mandatory. No --force, no env-var override.

Why bot-identity refusal

Issues filed by /issue must carry the operator's identity. Mixing operator-driven issue creation with bot identity creates a confusing audit trail (per ~/.claude/rules/git-identity.md the bot is for commits/automation, not operator-driven issue creation). The bot triages; the operator files. Keep that line clean.

Args

• --repo <name> — explicit target repo. Overrides any inferred repo. In Mode B, applied as a default to all extracted candidates.
• --dry-run — compute the full plan (mode detection, repo inference, classification, draft) but never call gh issue create. Outputs everything that would be filed.
• --no-confirm — Mode A only: skip the confirm prompt and file immediately. Forbidden in Mode B.

Repo aliases

Bootstrap map covering 24 nicknames (slingshot → slingshot-uk-phase1, platform, bot/gary, no-animal-violence, context, desloppify, graze, where-they-stand/wts, ai-security, c4c-bootcamp, mobius, avs, protein-research, ace, cryptpad-pm, n8n, privatemode-proxy, api-gateway, compassionate-code, documentation, structured-coding-with-ai, .github). Whole-word case-insensitive match. Operator extends over time.

Model

opus — mode detection, sensitivity reasoning, and candidate extraction all benefit from frontier judgment; not mechanical enough for Sonnet. disable-model-invocation: true — operator-only.

Files changed

• claude-code/.claude/skills/issue/SKILL.md — new skill (294 lines)
• .claude/rules/tooling-reference.md — adds the ""Operator commands"" section with all four operator commands (/run, /merge, /unblock, /issue). Note: this section is also added by the open /run, /merge, /unblock PRs (feat(skills): /run — on-demand operator drive of the 14-stage pipeline #32, feat(skills): /merge — ranked merge queue with honest confidence scoring #33, feat(skills): /unblock — operator decisions queue, sensitivity-leak-safe #34); whichever merges first will require the others to rebase. This PR's version covers the full set.

Test plan

The skill cannot be live-fired from the bot session that built it (the startup gate refuses, by design). Algorithm traces validated against the prompt's five test inputs:

• (a) Mode A live — 'README links to a 404 on line 12' --repo .github → drafts 3-section body, confirms, files. Title ≤80 chars; only stage:triaged + type:docs + severity:trivial.
• (b) Mode A dry-run — same input + --dry-run → renders draft, appends (dry-run; nothing filed), no gh issue create call.
• (c) Mode B mixed — 4-bullet input across slingshot / platform / gary + 1 strategy-discussion item → table renders 3 NEW + 1 OUT_OF_SCOPE (explicit, not silently dropped). --no-confirm would error out.
• (d) Mode C — 'something's broken' → one combined repo+intent question, no second question.
• (e) Sensitivity strip — 'Dave from FoundationX said the dashboard is slow' --repo platform → external individual + org name stripped, body uses ""a funder"" / ""the funder"".

Closes nothing — there's no upstream issue for this work; /issue was specced directly.

Summary by CodeRabbit

• Documentation
  • Added operator command reference describing /run, /merge, /unblock, and /issue for structured workflow control.
  • Documented /issue skill for converting inputs into GitHub issues with mode-based drafting, approval workflows, repo inference, sanitization by sensitivity tier, and dry-run/confirmation safeguards.
  • Clarified operator gating, privacy protections, and label/merge instruction behaviors.

[coderabbitai]

Warning

Rate limit exceeded

@OpenGaryBot has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 40 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 4 minutes and 40 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 00827e4a-9330-4a8d-abef-002178921819

📥 Commits

Reviewing files that changed from the base of the PR and between b3c53f6 and a4cc6e1.

📒 Files selected for processing (2)

• .claude/rules/tooling-reference.md
• claude-code/.claude/skills/issue/SKILL.md

📝 Walkthrough

Walkthrough

Adds operator-facing tooling docs: defines /run, /merge, /unblock in the tooling reference and a detailed operator-only /issue skill spec describing startup gating, deterministic mode selection, repo inference, deduping, sensitivity sanitization, and gated GitHub issue filing.

Changes

Cohort / File(s)	Summary
Operator Command Registry .claude/rules/tooling-reference.md	Documents four operator slash commands: /run (on-demand stage dispatch, stage-specific subagents, UTC-timestamped reports), /merge (read-only ranked merge instructions with HIGH/MED/LOW confidence), /unblock (operator-gated surfacing of actionable items limited to credentials/decisions/sensitivity with privacy rules), and /issue (referenced contract for issue filing).
Issue Skill Specification claude-code/.claude/skills/issue/SKILL.md	New operator-only /issue skill: startup gate refusing bot identities, flag parsing (--repo, --dry-run, --no-confirm), deterministic Mode A/B/C selection, repo-inference cascade, per-item dedup classification, sensitivity-driven sanitization, operator approval workflow, and controlled gh issue create filing with label constraints and dry-run support.

Sequence Diagram(s)

sequenceDiagram
    participant Operator as Operator
    participant IssueSkill as /issue Skill
    participant RepoContext as Repo Context
    participant Deduper as Deduplicator
    participant Sanitizer as Sensitivity Sanitizer
    participant GH as gh CLI
    Operator->>IssueSkill: invoke `/issue` (input + flags)
    IssueSkill->>IssueSkill: startup gate (gh auth status) / refuse if bot identity
    IssueSkill->>IssueSkill: parse mode (A/B/C) & repo inference
    Note right of IssueSkill: Mode A → single draft\nMode B → decompose candidates
    IssueSkill->>Deduper: run dedup classification per candidate
    IssueSkill->>Sanitizer: sanitize bodies by repo tier
    IssueSkill->>Operator: show approval table / previews
    Operator->>IssueSkill: approve selection (or --no-confirm)
    IssueSkill->>GH: `gh issue create` for approved items (unless dry-run)
    GH-->>IssueSkill: return create result
    IssueSkill->>Operator: report success/failure and partial state

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat(skills): /run — on-demand operator drive of the 14-stage pipeline #32 — Implements the /run orchestrator and report generation referenced by the tooling-reference doc; directly related to the reported /run contract.

🚥 Pre-merge checks | ✅ 8

✅ Passed checks (8 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately summarizes the main change: adding a new /issue skill that converts arbitrary input into GitHub issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
No Speciesist Idioms	✅ Passed	Comprehensive analysis confirms no speciesist idioms present. PR introduces technical specifications using exclusively neutral, operational vocabulary focused on pipeline orchestration and approval gates.
No Hardcoded Secrets Or Credentials	✅ Passed	Modified files contain no hardcoded credentials, tokens, or API keys—only specification documentation with placeholder variables and command templates.
No Tier 3 Data Committed	✅ Passed	PR adds documentation-only changes describing Tier 3 data sanitization procedures without committing any sensitive information. Comprehensive searches detected zero actual sensitive data across modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch operator-cmd/issue

• 🛠️ fix NAV violations: Commit on current branch
• 🛠️ fix NAV violations: Create PR

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/rules/tooling-reference.md:
- Line 98: Remove the embedded calibration detail from the `/merge [--risky]
[--repo <name>]` reference line—specifically drop the phrase describing MED/HIGH
calibration (e.g., "the calibration is built so MED is the median outcome, not
HIGH")—and leave only the concise tool description; move or ensure the full
calibration specifics live only in the `/merge` skill spec (SKILL.md) so this
reference doc stays DRY and minimal.
- Line 97: Update the /run command documentation to specify the exact UTC
timestamp filename format used for reports so downstream tools can parse
filenames reliably; explicitly state the pattern for the placeholder in
"~/.claude/orchestrator-log/run-<UTC-timestamp>.md" (for example an ISO-like,
filename-safe pattern such as YYYY-MM-DDTHHMMSSZ or YYYY-MM-DD_HHMMSSZ) and note
it is UTC, and mention any separators or timezone marker expected so consumers
of the /run report can implement matching parsing logic for the /run report
files.

In `@claude-code/.claude/skills/issue/SKILL.md`:
- Around line 203-239: The sentence under "STEP 4 — Sensitivity sanitization"
that reads "Private Open-Paws repos (if any) → `private` → no strip required,
but never copy verbatim from a confidential origin." is ambiguous; change it to
an explicit clarification so readers know private-tier repos do not require
public redaction but verbatim pasting of confidential transcripts/emails is
still forbidden. Edit that bullet (referencing the exact phrase) to something
like: "Private Open-Paws repos (if any) → `private` → no public-strip required,
but do NOT paste raw/confidential transcripts or emails verbatim — paraphrase or
summarize instead." Ensure the new wording aligns with "Verbatim is forbidden"
and the strict-strip/mild-strip rules in STEP 4.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 897cb9fd-2058-4a99-9880-2d9de1f0e5ae

📥 Commits

Reviewing files that changed from the base of the PR and between 0157ede and 2b5db1d.

📒 Files selected for processing (2)

• .claude/rules/tooling-reference.md
• claude-code/.claude/skills/issue/SKILL.md

[OriginalGary]

STAGE 7 implementation complete — addressed all 3 CodeRabbit findings. Pushed b3c53f6.

[OriginalGary]

@coderabbitai full review please — all 3 actionable findings addressed in b3c53f6.

[coderabbitai]

@OpenGaryBot: Kicking off a full review campaign of the PR — will re-examine SKILL.md and tooling-reference.md against all findings including the three addressed in b3c53f6.

---

🧠 Learnings used

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: cline/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:28:47.289Z
Learning: Follow five-layer code review pipeline: automated → AI → Ousterhout → AI failures → advocacy from `code-review.md`

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: windsurf/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:29:52.224Z
Learning: Apply five-layer review pipeline from `code-review.md` during PR review: automated → AI → Ousterhout → AI failures → advocacy

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: gemini-cli/GEMINI.md:0-0
Timestamp: 2026-04-25T08:35:00.610Z
Learning: Code review layer 1: Automated (formatting, linting, static analysis, type checking, security scanning, tests). Fix before requesting review

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: augment-code/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:28:33.102Z
Learning: Follow five-layer code review pipeline: automated → AI → Ousterhout → AI failures → advocacy

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: gemini-cli/GEMINI.md:0-0
Timestamp: 2026-04-25T08:35:00.610Z
Learning: Distinguish blocking review findings (security, data leaks, silent failures, broken tests) from suggestions. Two human approvals for AI-generated PRs

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: gemini-cli/GEMINI.md:0-0
Timestamp: 2026-04-25T08:35:00.610Z
Learning: Code review layer 2: AI-assisted first pass. AI catches inconsistent error handling, missing null checks, unused imports, performance anti-patterns

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: gemini-cli/GEMINI.md:0-0
Timestamp: 2026-04-25T08:35:00.610Z
Learning: Code review layer 4: Human review for AI-specific failures. Check DRY, multi-responsibility functions, suppressed errors, hallucinated APIs, over-patterning, silent failure pattern

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: agents-md/AGENTS.md:0-0
Timestamp: 2026-04-25T08:32:53.551Z
Learning: Distinguish blocking review issues (security, data leaks, silent failures, broken tests) from suggestions; require two human approvals for primarily AI-generated PRs

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: cursor/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:29:02.415Z
Learning: Follow the five-layer code review pipeline (automated → AI → Ousterhout → AI failures → advocacy) as defined in `code-review.mdc`

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: agents-md/AGENTS.md:0-0
Timestamp: 2026-04-25T08:32:53.551Z
Learning: For Layer 1 automated checks: fix formatting, linting, static analysis, type checking, security scanning, test suite failures before requesting review

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: cursor/.cursor/rules/git-workflow.mdc:0-0
Timestamp: 2026-04-25T08:35:25.977Z
Learning: Submit a pull request with title format `fix: <description> (closes #<issue>)`, including summary, issue reference, test plan checklist, desloppify scores (before/after), and security/privacy notes; keep changes under 200 lines per PR ideally under 100

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: agents-md/AGENTS.md:0-0
Timestamp: 2026-04-25T08:32:53.551Z
Learning: Submit PR with title format `gh pr create --title "fix: description (closes #<issue>)"` including summary, closes reference, test plan, and desloppify before/after scores

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: cursor/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:29:02.415Z
Learning: Follow GitHub workflow using issue-first approach: create worktree-per-task, execute plan→review→implement loops, apply desloppify gate, and monitor PRs as defined in `git-workflow.mdc`

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: roo-code/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:29:39.820Z
Learning: Follow issue-first GitHub workflow from `git-workflow.md`: worktree-per-task, plan→review→implement loops, desloppify gate, PR monitoring

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: github-copilot/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:29:24.883Z
Learning: Git workflow should follow issue-first GitHub workflow: worktree-per-task, plan→review→implement loops, desloppify gate, and PR monitoring

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: cline/.clinerules/README.md:0-0
Timestamp: 2026-04-25T08:36:18.547Z
Learning: Follow issue-first GitHub workflow: create issues before implementation, use worktree-per-task, execute plan→review→implement loops, apply desloppify gate, monitor PRs until merged

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: cline/.clinerules/git-workflow.md:0-0
Timestamp: 2026-04-25T08:36:35.898Z
Learning: Submit pull requests with descriptive title using format `fix: <description> (closes #<issue>)`, including summary, issue reference, test plan with checkboxes, desloppify score comparison, and security/privacy notes

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: cursor/.cursor/rules/README.md:0-0
Timestamp: 2026-04-25T08:35:11.190Z
Learning: MDC rule file for git workflow: Follow issue-first GitHub workflow with worktree-per-task, plan→review→implement loops, desloppify gate, and PR monitoring until merged

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: windsurf/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:29:52.224Z
Learning: Follow issue-first GitHub workflow from `git-workflow.md`: use worktree-per-task, plan→review→implement loops, desloppify gate, and PR monitoring

---

Learnt from: CR
Repo: Open-Paws/structured-coding-with-ai PR: 0
File: cline/CLAUDE.md:0-0
Timestamp: 2026-04-25T08:28:47.289Z
Learning: Follow issue-first GitHub workflow: create worktree-per-task, implement plan→review→implement loops, enforce desloppify gate, monitor PRs from `git-workflow.md`

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@claude-code/.claude/skills/issue/SKILL.md`:
- Line 34: Several fenced code blocks in SKILL.md are missing language
specifiers; update each fenced block by adding an appropriate language
identifier (e.g., text or markdown) so screen readers and plain-text editors
handle them correctly. Specifically, find the block containing "/issue refuses
to run under bot identity (active: OpenGaryBot)." and add `text`; update the
blocks that begin with "**Observed:** <what's happening..." and "## /issue —
Mode A (direct file) → Open-Paws/<repo>" and "## /issue — Mode B → extracted N
candidates from input" and the lone "Filed:" and the quoted line starting with
"> from:" to use `markdown` as the fence language. Ensure each triple-backtick
fence is changed from ``` to ```text or ```markdown accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 204d431f-29af-49c4-9382-d4913b7af57d

📥 Commits

Reviewing files that changed from the base of the PR and between 2b5db1d and b3c53f6.

📒 Files selected for processing (2)

• .claude/rules/tooling-reference.md
• claude-code/.claude/skills/issue/SKILL.md

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Add language specifiers to fenced code blocks for accessibility.

Six fenced code blocks lack language specifiers, affecting screen readers and plain-text terminals. Coding guidelines require instruction files to work in editors with no syntax highlighting and screen readers.

♻️ Proposed fixes

Line 34: Add text or markdown identifier

-```
+```text
 /issue refuses to run under bot identity (active: OpenGaryBot).

Line 89: Add markdown identifier

-```
+```markdown
 **Observed:** <what's happening or what the operator noticed; one paragraph max>

Line 106: Add markdown identifier

-```
+```markdown
 ## /issue — Mode A (direct file) → Open-Paws/<repo>

Line 155: Add markdown identifier

-```
+```markdown
 ## /issue — Mode B → extracted N candidates from input

Line 178: Add markdown identifier

-```
+```markdown
 Filed:

Line 226: Add markdown identifier

-```
+```markdown
 > from: <one-sentence paraphrase or sanitized quote of the source>

As per coding guidelines: "Instruction files must work in editors with no syntax highlighting, screen readers, and plain-text terminals (Accessibility)".

Also applies to: 89-89, 106-106, 155-155, 178-178, 226-226

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 34-34: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@claude-code/.claude/skills/issue/SKILL.md` at line 34, Several fenced code
blocks in SKILL.md are missing language specifiers; update each fenced block by
adding an appropriate language identifier (e.g., text or markdown) so screen
readers and plain-text editors handle them correctly. Specifically, find the
block containing "/issue refuses to run under bot identity (active:
OpenGaryBot)." and add `text`; update the blocks that begin with "**Observed:**
<what's happening..." and "## /issue — Mode A (direct file) → Open-Paws/<repo>"
and "## /issue — Mode B → extracted N candidates from input" and the lone
"Filed:" and the quoted line starting with "> from:" to use `markdown` as the
fence language. Ensure each triple-backtick fence is changed from ``` to ```text
or ```markdown accordingly.

[OriginalGary]

Rebased onto main after sibling PR merges moved the base. No content changes — implementer fix from b3c53f6 preserved. Pushed 6b4739f.

Stale review: PR head a4cc6e1 supersedes reviewed 2b5db1d; UTC timestamp format and merge calibration cross-ref already addressed in 6b4739f, private-tier sanitization clarification too.