Retire github-issue tool, merge functionality into github-issue-to-markdown

[simonw]

• Convert github-issue.html to a redirect page pointing to github-issue-to-markdown
• Add GitHub Personal Access Token support to github-issue-to-markdown for
  private repos and higher rate limits (stored in localStorage)
• Add better error messages for 401, 403, 404 responses
• Add loading indicator during fetch
• Improve mobile responsiveness with viewport meta tag and media queries
• Add state and timestamp to markdown output
• Keep pagination support for issues with many comments
• Use modern clipboard API instead of deprecated execCommand

---

There are two tools for converting GitHub issues to markdown - github-issue and github-issue-to-markdown

Retire github-issue by turning it into a redirect page similar to gemini-bbox-tool

Integrate the missing functionality from GitHub-issue into github-issue-to-markdown

Make github-issue-to-markdown work better on mobile

[claude]

Claude finished @simonw's task —— View job

---

PR Review: Retire github-issue tool, merge functionality into github-issue-to-markdown

Review Checklist:

• Read and analyze all changed files
• Review code quality and best practices
• Check for potential bugs or issues
• Evaluate performance considerations
• Assess security concerns
• Review test coverage
• Provide constructive feedback

---

🔍 Code Quality and Best Practices

Positive Changes:

• ✅ Modern clipboard API: Switched from deprecated execCommand to modern navigator.clipboard.writeText() in github-issue-to-markdown.html:360
• ✅ Responsive design: Added proper viewport meta tag and mobile-responsive CSS media queries
• ✅ Clean separation: Converting github-issue.html to a simple redirect page is a clean architectural decision
• ✅ ES6 modules: Using <script type="module"> for modern JavaScript

Suggestions:

• ⚠️ Error handling: The clipboard operation at github-issue-to-markdown.html:360 doesn't handle potential failures. Consider adding a .catch() to fall back to document.execCommand() for older browsers
• ⚠️ Token validation: No client-side validation of GitHub token format (should start with ghp_, gho_, etc.)

🐛 Potential Bugs and Issues

Critical:

• 🚨 URL parsing vulnerability: parseGitHubUrl() at lines 205-216 uses array destructuring without proper bounds checking. If the URL has unexpected segments, this could cause runtime errors
• 🚨 Memory leak potential: Event listeners are not cleaned up, though this is less critical for a simple page

Minor:

• ⚠️ Race condition: Multiple rapid clicks on "Convert" button could trigger concurrent requests before the first one completes (button is disabled after click starts, but there's a small window)

Recommendations:

// Safer URL parsing
function parseGitHubUrl(url) {
  try {
    const urlObj = new URL(url)
    const pathParts = urlObj.pathname.split('/').filter(Boolean)
    if (pathParts.length < 4 || pathParts[2] !== 'issues') {
      throw new Error('Invalid URL format')
    }
    const [owner, repo, , number] = pathParts
    return { owner, repo, number }
  } catch (e) {
    throw new Error('Invalid GitHub URL. Expected format: https://github.com/owner/repo/issues/123')
  }
}

⚡ Performance Considerations

Good practices:

• ✅ Pagination handling: The getAllPages() function correctly handles GitHub's pagination for issues with many comments
• ✅ Lazy loading: Scripts are loaded as modules, enabling better caching

Minor optimizations:

• 💡 Token caching: Consider debouncing the localStorage save operation in the token input handler (lines 196-203) to reduce write operations

🔒 Security Concerns

Strengths:

• ✅ Local storage only: GitHub tokens are stored in localStorage, not transmitted to your servers
• ✅ Input type="password": Token input is properly masked
• ✅ HTTPS API calls: All GitHub API calls use HTTPS

Moderate concerns:

• ⚠️ XSS potential: Issue titles and comment bodies are inserted into markdown without sanitization. While they're displayed in a readonly textarea, consider the context where this markdown will be used
• ⚠️ Token exposure: No automatic token expiration or rotation hints for users

Recommendations:

• Add a note about token security and rotation in the UI
• Consider basic sanitization for issue content if the markdown will be rendered elsewhere

🧪 Test Coverage

Missing tests:

• ❌ No unit tests for URL parsing logic
• ❌ No tests for error handling scenarios
• ❌ No tests for pagination functionality
• ❌ No integration tests for GitHub API interactions

Critical test scenarios to add:

1. URL parsing with various malformed inputs
2. API error responses (401, 403, 404, rate limiting)
3. Pagination with large comment sets
4. Token validation and storage

📝 Additional Feedback

Documentation:

• ✅ Updated docs files appropriately reflect the changes
• 💡 Consider adding examples of supported URL formats to the documentation

User Experience:

• ✅ Loading indicator improves UX during API calls
• ✅ Error messages are user-friendly and actionable
• 💡 Consider adding a "Clear" button to reset the form

Code organization:

• ✅ Functions are well-named and single-purpose
• ✅ CSS is organized and follows consistent patterns
• 💡 Consider extracting API-related functions into a separate module for better testability

🎯 Overall Assessment

This is a solid refactoring that successfully consolidates functionality while improving the user experience. The code is generally well-structured and follows modern web practices. The main concerns are around input validation and test coverage, but these don't block the core functionality.

Recommendation: ✅ Approve with minor suggestions

The security and bug concerns are low-risk for this type of tool, but addressing them would improve robustness.

[simonw]

Looks good: