chore: Update Cursor issue analysis as a GitHub workflow (v0.2.0)

[dan437]

Description

It updates the previous GitHub workflow file with these things:

• Cursor CLI
• Creating a GitHub comment with a Cursor response

When there is a new issue that's either (sev1 or sev2), it's assigned to the team-confirmations and it's not from an external contributor, it will trigger a Cursor issue analysis.

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Enhances the issue-analysis workflow to run Cursor CLI on eligible issues (excluding external contributors), securely fetch/analyze content, and post a formatted analysis comment.

• CI Workflow (.github/workflows/cursor-issue-analysis.yml):
  • Trigger/Filter: Runs on issues (opened/labeled) only when labeled team-confirmations and (Sev1-high or Sev2-normal) and not external-contributor.
  • Analysis Flow:
    • Skips if an existing comment contains ## Cursor Analysis.
    • Installs Cursor CLI; sets read-only Cursor permissions (.cursor/permissions.json denies Shell(*) and Write(*)).
    • Fetches issue details via gh, base64-encodes for safe passing, builds a secured prompt with a warning, runs cursor-agent, and base64-encodes the result.
    • Posts a formatted comment headed ## Cursor Analysis with a caution note and footer.
• Prompt (.github/cursorPrompts/issue-analysis.md):
  • Removes the @cursor directive; retains concise analysis instructions.

^{Written by Cursor Bugbot for commit 8413745. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 98%

click to see 🤖 AI reasoning details

The changes are limited to two GitHub-related configuration files that have no relationship to the application code or E2E test infrastructure:

1. .github/cursorPrompts/issue-analysis.md - A minor text change removing "@cursor" prefix from an AI prompt template used for issue analysis. This is purely a documentation/prompt configuration change.

2. .github/workflows/cursor-issue-analysis.yml - A GitHub Actions workflow enhancement for automated issue analysis using Cursor AI. Changes include:

   • Added version comment
   • Improved filtering logic to exclude external-contributor labeled issues
   • Changed from sparse-checkout to full checkout
   • Added Cursor CLI installation and configuration steps
   • Enhanced security with base64 encoding for data passing
   • Better comment formatting with markdown

These files:

• Are completely isolated from the mobile application code
• Do not affect any E2E test execution, infrastructure, or test files
• Are GitHub automation tooling for issue triage/analysis
• Have no relationships to any CI workflows that run E2E tests

No E2E tests need to be run as these changes cannot affect any user-facing functionality or application behavior.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud