feat: add report issue system for specs and implementations

[MarkusNeusinger]

Summary

• Add structured system for reporting issues with specs and implementations
• Rename issue templates from plot-*.yml to spec-*.yml for consistency
• Add frontend links for "suggest spec" (catalog) and "report issue" (spec pages)
• Responsive design: icon on mobile, text on desktop

Changes

• Issue Templates: New report-issue.yml, renamed spec-request.yml and spec-update.yml
• Workflow: report-validate.yml for AI-powered issue analysis
• Frontend: Breadcrumb links in CatalogPage and SpecPage
• Documentation: Updated contributing.md, README.md, added report-issue.md

Test plan

• Verify "suggest spec" link appears in catalog breadcrumb
• Verify "report issue" link appears in spec page breadcrumb
• Test responsive behavior (icon on mobile xs/sm, text on md+)
• Check GitHub issue templates are available

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR adds a comprehensive system for reporting issues with existing plot specifications and implementations, with AI-powered validation and structured analysis.

Key changes:

• New issue reporting workflow with AI validation
• Renamed issue templates from plot-* to spec-* for consistency
• Frontend integration with "suggest spec" and "report issue" links
• Responsive design that shows icons on mobile and text on desktop

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
.github/workflows/report-validate.yml	New workflow that validates user reports, checks spec/impl existence, and posts AI-structured analysis
.github/ISSUE_TEMPLATE/report-issue.yml	New issue template for reporting spec/impl problems with dropdowns for target, library, and category
.github/ISSUE_TEMPLATE/spec-request.yml	Updated label from plot-request to spec-request for consistency
.github/ISSUE_TEMPLATE/spec-update.yml	Updated label from plot-request to spec-update for consistency
prompts/workflow-prompts/report-analysis.md	AI prompt for analyzing and structuring user-submitted issue reports
docs/workflows/report-issue.md	Complete user guide for the report system with examples and workflow diagrams
docs/workflows/overview.md	Added report pipeline documentation and label reference tables
docs/contributing.md	Updated with three contribution paths: suggest spec, report spec issue, report impl issue
README.md	Simplified contribution section with table format and updated footer links
CLAUDE.md	Added report workflow documentation and label reference for AI agent
app/src/pages/SpecPage.tsx	Added "report issue" link in breadcrumb with URL pre-filling based on current page context
app/src/pages/CatalogPage.tsx	Added "suggest spec" link in breadcrumb pointing to spec-request template
app/src/types/index.ts	Updated filter labels from "example" to "spec" for consistent terminology

[Copilot]

The report-issue.yml template is missing a title field. Unlike spec-update.yml which provides a title template, this template relies on users to create their own titles which may lead to inconsistent issue titles. Consider adding a title field similar to spec-update.yml to ensure consistency, for example: title: "Report Issue: " or title: "[SPEC-ID] ". The workflow will update the title later with the proper format, but having a template helps guide users.

Suggested change

	description: Report an issue with an existing plot spec or implementation
	description: Report an issue with an existing plot spec or implementation
	title: "Report Issue: [SPEC-ID] "

[Copilot]

This prompt instructs the Claude Code workflow to run shell commands like ls plots/{spec_id}/ and ls plots/{spec_id}/implementations/{library}.py using spec_id and library values parsed directly from the user-submitted issue body. Because those fields are fully user-controlled, an attacker can choose a spec_id containing shell metacharacters so that, when substituted into these commands by the agent, it causes command injection on the GitHub Actions runner with the ability to run arbitrary CLI commands and potentially exfiltrate tokens or other sensitive data via issue comments. To reduce this risk, ensure spec_id (and any other interpolated fields) are strictly validated/normalized before they ever reach this prompt (e.g., enforce a safe [a-z0-9-]+ pattern and stop on mismatch) and avoid embedding them directly in shell command strings by having the agent treat them as opaque data, not interpolated into bash snippets.

[Copilot]

This prompt also instructs the Claude Code workflow to call gh issue edit {number} --title "[{spec_id}] {brief description of the issue}", again interpolating the user-supplied spec_id directly into a shell command that will be executed by the agent. If a malicious reporter provides a spec_id containing shell metacharacters or command substitution syntax, this title-edit command can be turned into an injected shell payload on the GitHub Actions runner, enabling arbitrary CLI execution and possible token or data exfiltration via subsequent gh calls. To mitigate this, validate and normalize spec_id to a strict safe pattern before use and avoid constructing shell commands by string interpolation of untrusted values, instead treating them as opaque data or passing them via safer mechanisms.

Suggested change

	Update the issue title to include the spec ID:
	```bash
	gh issue edit {number} --title "[{spec_id}] {brief description of the issue}"
	Update the issue title to include the spec ID. Before using `spec_id` in any shell command, ensure it
	strictly matches the allowed pattern (lowercase letters, digits, and hyphens only).
	```bash
	# Validate spec_id matches a safe pattern before using it in any shell commands
	if ! printf '%s\n' "{spec_id}" | grep -Eq '^[a-z0-9-]+$'; then
	echo "Invalid spec_id; expected lowercase letters, numbers, and hyphens only."
	exit 1
	fi
	SAFE_SPEC_ID="{spec_id}"
	SAFE_TITLE="[$SAFE_SPEC_ID] {brief description of the issue}"
	gh issue edit "{number}" --title "$SAFE_TITLE"