Claude Code Hands-On (3): Custom Slash Commands and Conversation Control

1
2
3
4

Run `npm audit` to find vulnerable installed packages.
Run `npm audit fix` to apply non-breaking fixes.
Run `npm test` to confirm nothing broke.
Report which CVEs were patched and which remain.

1

/audit

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

.claude/
├── commands/               # Project commands (committed to git)
│   ├── audit.md
│   ├── review.md
│   ├── test.md
│   ├── deploy.md
│   ├── explain.md
│   ├── document.md
│   ├── onboard.md
│   └── debug.md
├── settings.json           # Project settings (committed)
├── settings.local.json     # Personal settings (gitignored)
└── CLAUDE.md               # Project memory (committed, or at repo root)

1
2
3
4
5
6
7

~/.claude/
├── commands/               # Personal global commands
│   ├── standup.md
│   ├── changelog.md
│   └── quicktest.md
├── settings.json           # Global settings
└── auth.json               # Auth token

1
2
3
4
5
6
7

Explain $ARGUMENTS at three levels:

1. One sentence — what is it, in plain language.
2. One paragraph — how it works, key components, why it exists.
3. Code-level — point to where this is implemented in our repo, with line numbers.

If the term is ambiguous, list the meanings and ask which one I want.

1

/explain rate limiter

1
2
3
4

<!-- .claude/commands/find.md -->
Find all usages of $ARGUMENTS in the codebase.
Group by: direct usage, re-export, test usage.
Show the file path and line number for each.

1

/find UserService

1
2
3
4
5

<!-- .claude/commands/compare.md -->
Compare $ARGUMENTS.
Show the key differences in a table format.
Include: API surface, performance characteristics, bundle size impact.
Recommend which one to use for our project and explain why.

1

/compare axios vs fetch vs ky for HTTP requests

1
2
3
4
5
6
7
8
9

<!-- .claude/commands/coverage.md -->
Analyze test coverage for $ARGUMENTS.

1. Find the test file(s) that test this module.
2. List every exported function/class.
3. For each, indicate whether it has test coverage.
4. For untested functions, write a test stub.

Do not modify existing tests. Only create new ones.

1

/coverage src/services/payment.ts

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

<!-- .claude/commands/status.md -->
Show the project status.

If a specific area is given: $ARGUMENTS — focus on that area.
Otherwise, give a general overview:
1. Git status (uncommitted changes, branch, ahead/behind)
2. Last 5 commits (one line each)
3. Any failing tests
4. Any lint errors
5. TODO comments added in the last week

1
2

/status                    # General overview
/status authentication     # Focused on auth

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

Run `npm audit` (or the equivalent for this project's package manager)
to find vulnerable installed packages.

Report:
1. Total vulnerabilities by severity (critical, high, moderate, low)
2. For each critical/high: the package name, CVE, and whether a fix exists
3. Run the fix command for non-breaking updates
4. Run tests to confirm nothing broke
5. List any remaining vulnerabilities that require manual intervention

If the project doesn't use npm, adapt the approach to the actual package
manager (pip, cargo, etc.) — check CLAUDE.md for guidance.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

Run the project's test suite (see CLAUDE.md for the test command).

For each failure:
  - Quote the failing test name and the assertion that failed
  - Show the relevant code (both the test and the code under test)
  - Propose the smallest plausible fix
  - Mark whether you'd patch the test or the code
  - Rate confidence: high/medium/low

At the end:
  - Total: X passed, Y failed, Z skipped
  - If all pass, just say "All tests pass" — no need for the detailed format

Do not make changes — this is a report.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

Review the staged diff (`git diff --staged`).

If there's nothing staged, review unstaged changes (`git diff`).
If there are no changes at all, say so and stop.

Focus areas (in priority order):
1. Correctness — will this break anything?
2. Edge cases — what inputs/states aren't handled?
3. Naming — are variable/function names clear and consistent?
4. Adherence to CLAUDE.md conventions
5. Performance — any obvious N+1 queries, unnecessary loops, etc.
6. Security — any injection, auth bypass, data exposure risks?

Output format:
- Numbered findings
- Each has a severity: 🔴 must-fix / 🟡 should-fix / 🟢 nit / 👍 praise
- End with one paragraph: would you approve this PR as-is?

Think a lot before responding.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

Explain $ARGUMENTS at three levels:

1. **One sentence** — what is it, in plain language. No jargon.
2. **One paragraph** — how it works, key components, why it exists.
   Use analogies if helpful.
3. **Code-level** — point to where this is implemented in our repo,
   with file paths and line numbers. Walk through the key logic.

If the term is ambiguous in this codebase, list the possible meanings
and ask which one I want before explaining.

If it's not found in the codebase, explain it generally and note that
it doesn't appear to be implemented here.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

Write a one-page onboarding doc for a new engineer joining this repo.

Use CLAUDE.md as the source of truth. Supplement by reading key files.

Include:
1. **What it does** — one paragraph, plain language
2. **Setup** — step by step, from clone to running locally
3. **How to run tests** — the exact command and what to expect
4. **Architecture** — the 3-5 most important directories and what's in them
5. **Three things you're most likely to break** — common gotchas
6. **Where to look first** — when you need to debug, where do you start?
7. **Key contacts** — who owns what (if mentioned in CLAUDE.md)

Keep it to one page. No filler. A new engineer should be able to read
this in 10 minutes and be productive.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

Prepare for deployment to $ARGUMENTS (default: staging).

Checklist:
1. Run tests — all must pass
2. Run lint — no errors (warnings OK)
3. Check for uncommitted changes — warn if any
4. Check the current branch — warn if not main/master
5. Show the commits that will be deployed (compare to last deploy tag)
6. Check for any TODO or FIXME comments in changed files
7. Verify environment variables are set (check .env.example vs .env)

Output a go/no-go summary at the end.

Do NOT actually deploy. This is a pre-deploy check only.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

Debug the issue described below:

$ARGUMENTS

Follow this process:
1. **Reproduce** — identify the exact steps or conditions that trigger the issue
2. **Locate** — find the relevant code. Start with error messages, stack traces,
   or the module name mentioned in the description
3. **Hypothesize** — list 2-3 possible causes, ranked by likelihood
4. **Verify** — for the most likely cause, trace the code path and confirm
5. **Fix** — propose the minimal fix. Show the diff.
6. **Test** — suggest how to verify the fix works

Do not apply the fix. Present it for review.
Think a lot before responding.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

Document $ARGUMENTS.

If it's a file path: document that file's exports (functions, classes, types).
If it's a module name: document the module's public API.
If it's a concept: explain how it's implemented in this codebase.

For each function/method:
- Brief description (one line)
- Parameters with types and descriptions
- Return value
- Example usage
- Edge cases or gotchas

Output as JSDoc/docstring comments that can be pasted directly into the code.
Match the existing documentation style in the project.

1
2
3
4
5
6
7

Help me prepare for standup.

1. What did I do yesterday? Check `git log --author="$(git config user.name)" --since="yesterday" --oneline`
2. What am I doing today? Check for any TODO comments I added recently and any open branches.
3. Any blockers? Check for failing tests or lint errors.

Format as three bullet points: yesterday, today, blockers.

1
2
3
4
5
6
7
8
9

Generate a changelog entry for the changes since the last tag.

1. Find the last git tag
2. List all commits since that tag
3. Group by: Features, Fixes, Breaking Changes, Other
4. Write in keepachangelog.com format
5. Suggest the next version number based on the changes (semver)

Output the changelog entry — don't modify any files.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

<!-- .claude/commands/morning.md -->
Run the following checks in order:

1. Check git status for any uncommitted changes from yesterday
2. Pull the latest changes from main
3. Run the test suite (same as /test)
4. Show any new TODO or FIXME comments added to main since yesterday
5. Summarize: what's changed, what's broken, what needs attention

This is my morning orientation — give me the full picture in one response.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

<!-- .claude/commands/deps.md -->
Analyze the dependency graph for $ARGUMENTS.

Output as a structured report:

## Direct Dependencies
| Package | Version | Used in | Purpose |
|---------|---------|---------|---------|

## Transitive Dependencies (notable)
List any transitive dependency that is:
- Known to have security issues
- Very large (>1MB)
- Duplicated at different versions

## Recommendations
- Any packages that could be removed?
- Any that should be updated?
- Any that have better alternatives?

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

<!-- .claude/commands/pre-pr.md -->
I'm about to open a PR. Run through this checklist:

1. [ ] All tests pass
2. [ ] No lint errors
3. [ ] No TypeScript errors (`npx tsc --noEmit`)
4. [ ] No console.log statements in production code
5. [ ] All new functions have docstrings/JSDoc
6. [ ] No hardcoded secrets or API keys
7. [ ] CLAUDE.md is up to date if architecture changed
8. [ ] Changes are committed with clear messages

For each item, check and report pass/fail.
If everything passes, draft a PR title and description based on the commits.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

<!-- .claude/commands/migration-check.md -->
Review the pending database migration(s).

Check for:
1. Reversibility — is there a down migration? Does it work?
2. Data loss — does any step drop columns or tables with data?
3. Locking — will any step lock a table for too long? (ALTER TABLE on large tables)
4. Index impact — are new indexes created concurrently?
5. Default values — do new NOT NULL columns have defaults for existing rows?
6. Foreign keys — are new FK constraints validated?

Think a lot. Database migrations are permanent.

1
2
3
4
5

<!-- .claude/commands/explain.md -->
<!-- Usage: /explain <term or concept> -->

Explain $ARGUMENTS at three levels:
...

1
2
3
4
5
6

Simple → Complex:

1. CLAUDE.md conventions    (passive — Claude follows them automatically)
2. Slash commands           (one-shot — type /name, get a result)
3. Shell scripts + Claude   (call scripts from Claude, or Claude from scripts)
4. Claude Code SDK          (programmatic — full control, state, testing)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

.claude/commands/
├── audit.md          # Security audit
├── debug.md          # Structured debugging
├── deploy.md         # Pre-deploy checklist
├── deps.md           # Dependency analysis
├── document.md       # Generate docstrings
├── explain.md        # Three-level explanation
├── migration-check.md # Database migration review
├── onboard.md        # New engineer orientation
├── pre-pr.md         # PR preparation checklist
├── review.md         # Code review
└── test.md           # Test run and analysis