Add CLAUDE.md and Claude slash commands for common workflows

[nsprenkle]

Adds Claude Code project configuration and slash commands to streamline common development workflows.

Changes

• Added CLAUDE.md with project guidance for Claude Code: build commands, architecture overview, and PR requirements
• Added .claude/commands/test.md — /test command to run the Sphinx build, report errors, and auto-fix simple issues
• Added .claude/commands/pr-description.md — /pr-description command to generate a filled-in PR description from commit history
• Added .claude/commands/pr.md — /pr command to generate, review, and create a pull request including a security scan step

Date Needed (optional)

Reviewers

Possible roles follow. The PR submitter checks the boxes after each reviewer finishes and gives 👍.

• Subject matter expert: @jristau1984
• Subject matter expert: @jansenk

[Copilot]

Pull request overview

Adds Claude Code configuration and reusable slash commands to standardize common workflows (running docs builds, generating PR descriptions, and creating PRs) for this Sphinx documentation repository.

Changes:

• Added CLAUDE.md with repository context, build commands, architecture notes, and PR expectations.
• Added Claude slash commands for /test, /pr-description, and /pr under .claude/commands/.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File	Description
CLAUDE.md	Documents local build/test commands and high-level repo architecture for Claude Code usage.
.claude/commands/test.md	Defines a /test workflow to run ./run_tests.sh, summarize results, and guide fixes.
.claude/commands/pr-description.md	Defines a /pr-description workflow to generate PR text from commits/diff + template.
.claude/commands/pr.md	Defines a /pr workflow to draft and create PRs (includes a basic secrets scan step).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

Step 8 derives <nameWithOwner> from the current repo, but step 1–3 still assume origin/master and step 37 hard-codes --base master. If the base branch differs or the repo is a fork, this can create PRs against the wrong base. Consider deriving the base branch name from the target repo (and/or local default branch ref) and using it for both the diff range and the gh pr create --base argument.

[Copilot]

Writing the PR body to a fixed path (/tmp/pr-body.md) risks clobbering an existing file and can be unsafe on multi-user systems (symlink/hardlink attacks). Prefer creating a unique temp file (e.g., via mktemp) and cleaning it up reliably (e.g., with a shell trap) after gh pr create runs.

Suggested change

	8. Determine the target repo by running `gh repo view --json nameWithOwner -q .nameWithOwner` to derive it from the current git remote. Write the PR body to a temp file and create the PR using:
	```
	cat > /tmp/pr-body.md << 'EOF'
	<description>
	EOF
	gh pr create --repo <nameWithOwner> --base master --title "<title>" --body-file /tmp/pr-body.md
	rm /tmp/pr-body.md
	8. Determine the target repo by running `gh repo view --json nameWithOwner -q .nameWithOwner` to derive it from the current git remote. Write the PR body to a securely created temp file and create the PR using:

pr_body_file="$(mktemp)"
trap 'rm -f "$pr_body_file"' EXIT
cat > "$pr_body_file" << 'EOF'

EOF
gh pr create --repo --base master --title "<title>" --body-file "$pr_body_file"

[Copilot]

The command gh pr create --repo <nameWithOwner> --base master --title "<title>" --body-file /tmp/pr-body.md interpolates the generated PR title directly into a double-quoted shell argument, which can lead to command injection if <title> ever contains shell metacharacters such as $(), backticks, or unbalanced quotes derived from commit messages or other untrusted text. An attacker who controls commit messages or branch metadata could craft content that, when used to build <title>, causes arbitrary commands to execute when this snippet is run in a shell. To avoid this, ensure the title is passed to gh without going through the shell for interpolation (for example by using a safe argument-passing mechanism or robust escaping/quoting rather than embedding it directly in a double-quoted shell string).

Suggested change

	cat > /tmp/pr-body.md << 'EOF'
	<description>
	EOF
	gh pr create --repo <nameWithOwner> --base master --title "<title>" --body-file /tmp/pr-body.md
	python - << 'PY'
	import subprocess
	import textwrap
	name_with_owner = "<nameWithOwner>"
	title = "<title>"
	body = textwrap.dedent("""<description>
	""").lstrip()
	with open("/tmp/pr-body.md", "w", encoding="utf-8") as f:
	f.write(body)
	subprocess.run(
	[
	"gh",
	"pr",
	"create",
	"--repo",
	name_with_owner,
	"--base",
	"master",
	"--title",
	title,
	"--body-file",
	"/tmp/pr-body.md",
	],
	check=True,
	)
	PY

[michaelroytman]

Looks good to me.

[jansenk]

This is neat. Could you point me to what exactly the claude "commands" are / how they work?