codebase-scanning
npx skills add https://github.com/slgoodrich/agents --skill codebase-scanning
Agent 安装分布
Skill 文档
Codebase Scanning
Detection patterns and scanning rules for discovering strategic product context from existing codebases. Covers web and mobile platforms.
When to Use This Skill
Auto-loaded by agents:
context-scanner– For all codebase scanning operations
Feature Discovery
Scan routes, pages, and components to identify user-facing functionality.
Methods:
- Parse route files (Express routes, Next.js pages/, API routes)
- Analyze page/component names
- Identify API endpoints from route definitions
- Map features to evidence (file paths)
Return format per feature:
- name: Feature name (lowercase, descriptive)
- confidence: high/medium/low
- evidence: File paths, routes, or patterns
Common features detected: Authentication, project/task management, team collaboration, analytics/reporting, settings/configuration.
Tech Stack Detection
Parse package manifests and project files to identify technologies.
Supported Manifests
Web Platforms:
| Platform | Manifest |
|---|---|
| Node.js | package.json |
| Python | requirements.txt, pyproject.toml, Pipfile |
| Go | go.mod |
| Ruby | Gemfile |
| PHP | composer.json |
| Rust | Cargo.toml |
| Java | pom.xml, build.gradle |
Mobile Platforms:
| Platform | Manifests |
|---|---|
| iOS | Podfile, Package.swift, *.xcodeproj/project.pbxproj |
| Android | build.gradle, build.gradle.kts, AndroidManifest.xml |
| Flutter | pubspec.yaml, pubspec.lock |
| React Native | package.json, ios/Podfile, android/build.gradle |
What to Detect
Web: Frontend frameworks (React, Vue, Angular, Svelte, Next.js), backend frameworks (Express, FastAPI, Rails, Django, Laravel, Gin), databases (PostgreSQL, MySQL, MongoDB, Redis via client packages), languages/versions, build tools (Vite, Webpack, esbuild).
iOS: Swift version, Objective-C, UIKit vs SwiftUI, iOS deployment target, Xcode version.
Android: Kotlin version, Java, Jetpack Compose vs XML layouts, minSdk, targetSdk, Gradle version.
Flutter: Flutter SDK version, Dart version, platform targets (iOS, Android, Web, Desktop).
React Native: RN version, TypeScript usage, Expo detection, native module detection.
Integration Discovery
Identify 3rd party services from package dependencies.
Common integrations by category:
| Category | Services |
|---|---|
| Payments | Stripe, PayPal, Square, Braintree, In-App Purchases |
| SendGrid, Mailgun, AWS SES | |
| SMS | Twilio, Plivo |
| Auth | Auth0, Firebase Auth, Okta, Sign in with Apple, Google Sign-In |
| Cloud | AWS SDK, GCP SDK, Azure SDK |
| Analytics | Segment, Mixpanel, Amplitude, Firebase Analytics, Facebook SDK |
| Monitoring | Sentry, Datadog, New Relic, Crashlytics, Bugsnag |
| Push | Firebase Cloud Messaging, OneSignal, APNs |
| Maps/Location | Google Maps SDK, Mapbox, Apple Maps, Core Location |
| State Mgmt | Redux, MobX, Provider, Riverpod, GetX |
Mobile backend/database: Firebase (Firestore, Realtime DB, Storage), Supabase, Realm, Core Data (iOS), Room (Android), Hive (Flutter).
Mobile networking: Alamofire (iOS), Retrofit (Android), Dio (Flutter), Axios (React Native).
Mobile media: Kingfisher (iOS), Coil (Android), cached_network_image (Flutter), react-native-fast-image.
Confidence note: Package installed does not mean actively used. Assign medium confidence to integrations.
Mobile Platform Detection
Check in this order:
- Flutter: pubspec.yaml exists AND lib/main.dart exists
- React Native: package.json exists AND (ios/ + android/ directories OR “react-native” in dependencies)
- iOS Native: (Podfile OR Package.swift OR *.xcodeproj) AND NO android/ directory
- Android Native: (build.gradle OR build.gradle.kts) AND NO ios/ directory
- Hybrid/Monorepo: Multiple platform indicators present
Edge cases:
- Expo: Detect from app.json or “expo” in package.json dependencies
- Flutter with custom native code: Both pubspec.yaml and platform directories with custom code
- Monorepo: Multiple apps/ subdirectories with different platforms – scan each separately
Mobile Feature Discovery
iOS Native: Search for *ViewController.swift (UIKit), *View.swift (SwiftUI). Count distinct ViewControllers/Views = feature count. Exclude Tests/, Pods/.
Android Native: Search for classes extending Activity, Fragment, @Composable functions. Parse navigation.xml. Count Activities + Fragment groups + Composable screens. Look in app/src/main/.
Flutter: Search lib/screens/, lib/pages/, route definitions. Parse MaterialApp.routes or GoRouter. Count screen files + routes.
React Native: Search src/screens/, src/pages/, Stack.Screen definitions. Parse React Navigation navigators. Count screen components.
Mobile Integration Mapping
Map platform-specific dependencies to universal names:
| Universal Name | iOS (CocoaPods/SPM) | Android (Gradle) | Flutter (pub) | React Native (npm) |
|---|---|---|---|---|
| Firebase Auth | Firebase/Auth | firebase-auth | firebase_auth | @react-native-firebase/auth |
| Stripe | Stripe | stripe-android | stripe_flutter | @stripe/stripe-react-native |
| Image Loading | Kingfisher | coil | cached_network_image | react-native-fast-image |
| Networking | Alamofire | retrofit | dio | axios |
Integration categories: Authentication, Payments, Analytics, Database, Networking, Media, Location, Push Notifications, Crash Reporting, State Management.
Scale Estimation
Metrics to collect:
- Total source files (excluding node_modules, dist, build, .git)
- Lines of code (approximated from file sizes, not precise line counts)
Complexity tiers:
| Tier | Files | LOC | Characteristics |
|---|---|---|---|
| Simple | <50 | ~10k | Single service |
| Medium | 50-500 | 10k-100k | Few services |
| Complex | >500 | 100k+ | Many services/repos |
Maturity signals:
| Stage | LOC | Indicators |
|---|---|---|
| Prototype | ~5k | Rapid changes |
| MVP | 5k-25k | Core features present |
| Established | 25k-100k | Feature-complete |
| Mature | 100k+ | Extensive feature set |
Edge Cases & Limitations
Large Codebases (>100k LOC, >1000 files)
- Limit scanning to primary directories: src/, pages/, routes/, api/, lib/
- Skip: node_modules/, dist/, build/, .git/, vendor/, test/ (unless small)
- Sample large directories (first 100 files, warn about remaining)
- Maximum 60 seconds total scan time
- Graceful degradation: return partial results with limitation note
Monorepos
Detection: Check for lerna.json, nx.json, turbo.json, pnpm-workspace.yaml. Identify workspace structure (packages/, apps/).
Handling: Scan each workspace individually. Detect mobile + web combinations. Report tech stack per app with shared packages noted.
Hybrid Mobile Apps
Types:
- React Native with custom native modules (RN + Swift + Kotlin)
- Flutter with platform channels (Flutter + native iOS/Android code)
- Capacitor/Ionic (web app in native container)
Detection:
- React Native: ios/ and android/ with custom .swift or .kt files beyond standard RN setup
- Flutter: ios/Runner/ or android/app/ with custom native code
- Capacitor: capacitor.config.json present
Permission Issues
- Attempt to read file/directory
- If permission denied: log warning, continue with accessible files
- Report in scan_limitations
Ambiguous Patterns
- If uncertain, assign lower confidence
- Provide evidence, let user decide
- Better to under-report than hallucinate
Deprecated Code
- Report what exists (facts)
- Flag as medium/low confidence if evidence is weak
- User validation catches deprecated features
Multi-Language Projects
- Scan all tech stacks present
- Report separately in tech_stack
- Note in confidence_notes
Empty Projects
- No src/, pages/, routes/, api/ directories and no manifests
- Return empty findings
- Note: “Project appears empty or very early stage”
- pm-setup falls back to manual questions