Logoskills for everything
Agent Skill
2/7/2026

spring-boot-scanner

Smart code scanner that detects Spring Boot patterns and routes to appropriate skills. Use when editing Java or Kotlin files in Spring Boot projects, working with pom.xml/build.gradle containing spring-boot-starter, or when context suggests Spring Boot development. Detects annotations (@RestController, @Entity, @EnableWebSecurity, @SpringBootTest) to determine relevant skills and provides contextual guidance. Uses progressive automation - auto-invokes for low-risk patterns (web-api, data, DDD), confirms before loading high-risk skills (security, testing, verify).

J
joaquimscosta
4GitHub Stars
1Views
npx skills add joaquimscosta/arkhe-claude-plugins

SKILL.md

Namespring-boot-scanner
DescriptionSmart code scanner that detects Spring Boot patterns and routes to appropriate skills. Use when editing Java or Kotlin files in Spring Boot projects, working with pom.xml/build.gradle containing spring-boot-starter, or when context suggests Spring Boot development. Detects annotations (@RestController, @Entity, @EnableWebSecurity, @SpringBootTest) to determine relevant skills and provides contextual guidance. Uses progressive automation - auto-invokes for low-risk patterns (web-api, data, DDD), confirms before loading high-risk skills (security, testing, verify).

name: spring-boot-scanner description: Smart code scanner that detects Spring Boot patterns and routes to appropriate skills. Use when editing Java or Kotlin files in Spring Boot projects, working with pom.xml/build.gradle containing spring-boot-starter, or when context suggests Spring Boot development. Detects annotations (@RestController, @Entity, @EnableWebSecurity, @SpringBootTest) to determine relevant skills and provides contextual guidance. Uses progressive automation - auto-invokes for low-risk patterns (web-api, data, DDD), confirms before loading high-risk skills (security, testing, verify).

Spring Boot Scanner

Smart pattern detection and skill routing for Spring Boot projects.

Core Behavior

Trigger Conditions:

  • Editing *.java or *.kt files in a project with spring-boot-starter dependencies
  • Working with pom.xml or build.gradle* containing Spring Boot
  • User mentions "Spring Boot", "Spring Security", "Spring Data", etc.

Action: Scan code → Detect patterns → Route to appropriate skill

Detection Algorithm

Phase 1: Project Detection

1. Check for Spring Boot indicators:
   - Glob: **/pom.xml → grep spring-boot-starter
   - Glob: **/build.gradle* → grep org.springframework.boot

2. If Spring Boot detected → Continue to Phase 2
   If not → Exit (not a Spring Boot project)

Phase 2: Annotation Scanning

Scan current file or changed files for these annotation patterns:

Annotation PatternDetected SkillRisk Level
@RestController, @GetMapping, @PostMapping, @RequestMappingspring-boot-web-apiLOW
@Entity, @Repository, @Aggregate, @MappedSuperclassspring-boot-data-dddLOW
@Service in **/domain/** or **/service/**domain-driven-designLOW
@ApplicationModule, @ApplicationModuleListenerspring-boot-modulithLOW
@Timed, @Counted, HealthIndicator, MeterRegistryspring-boot-observabilityLOW
@EnableWebSecurity, @PreAuthorize, @Secured, SecurityFilterChainspring-boot-securityHIGH
@SpringBootTest, @WebMvcTest, @DataJpaTest, @MockitoBeanspring-boot-testingHIGH
@MockBean (deprecated)spring-boot-testingHIGH + WARNING
Build file with version < 4.0spring-boot-verifyHIGH

Phase 3: Risk-Based Routing

LOW RISK (Auto-Invoke):

  • Provide skill guidance immediately
  • No confirmation required
  • Skills: web-api, data-ddd, domain-driven-design, modulith, observability

HIGH RISK (Suggest + Confirm):

  • Present recommendation to user
  • Wait for confirmation before loading full skill
  • Skills: security, testing, verify

Routing Workflow

ON detecting patterns:

1. LOW RISK patterns detected:
   → "I notice you're working with [pattern]. Here's guidance from spring-boot-[skill]:"
   → Load skill's Quick Reference section
   → Provide contextual tips

2. HIGH RISK patterns detected:
   → Use AskUserQuestion:
     "I detected [security/testing/migration] patterns. Would you like me to:
     - Load spring-boot-[skill] for detailed guidance
     - Run a verification scan
     - Continue without skill guidance"
   → Wait for user choice
   → Route accordingly

3. Multiple patterns detected:
   → Prioritize HIGH RISK (always ask)
   → Batch LOW RISK (summarize all)
   → Example: "Detected REST controller and security config. Loading web-api guidance. For security patterns, would you like detailed review?"

Quick Reference: Annotation → Skill Map

Use this script to detect patterns:

# Run from project root
python3 scripts/detect_patterns.py /path/to/file.java

Or use Grep directly:

# Web API detection
grep -l "@RestController\|@GetMapping\|@PostMapping" **/*.java

# Security detection
grep -l "@EnableWebSecurity\|@PreAuthorize\|SecurityFilterChain" **/*.java

# Testing detection
grep -l "@SpringBootTest\|@WebMvcTest\|@MockitoBean\|@MockBean" **/*.java

Escalation Triggers

Always confirm before proceeding when detecting:

PatternReasonAction
@EnableGlobalMethodSecurityDeprecated in Security 6+Confirm + Migration guidance
@MockBeanDeprecated in Boot 3.4+Confirm + Show @MockitoBean
spring-boot-starter-parent < 3.0Major migration neededConfirm + Suggest verify-upgrade
.and() in security configRemoved in Security 7Confirm + Lambda DSL guidance
com.fasterxml.jacksonJackson 3 migrationConfirm + Namespace change

Integration with Existing Components

Delegates to Skills:

  • spring-boot-web-api → REST patterns
  • spring-boot-data-ddd → Repository/Entity patterns
  • spring-boot-security → Security configuration
  • spring-boot-testing → Test patterns
  • spring-boot-modulith → Module structure
  • spring-boot-observability → Metrics/Health
  • spring-boot-verify → Dependencies/Config
  • domain-driven-design → DDD architecture

Delegates to Agents (for comprehensive review):

  • spring-boot-reviewer → Full codebase review
  • spring-boot-upgrade-verifier → Migration analysis

When to delegate to agents:

  • User asks for "review" or "scan" of entire project
  • Multiple HIGH RISK patterns across many files
  • Explicit /spring-review or /verify-upgrade command

Known Limitations

  • Annotation-based only: Detects standard Spring annotations, not custom/meta-annotations or XML configuration
  • Java and Kotlin only: Scans *.java and *.kt files; no Groovy/Scala support
  • Spring Boot 3.x+ optimized: Escalation patterns focus on Boot 3.x → 4.x migration; older versions may have gaps
  • No AST parsing: Uses regex matching, so patterns in comments/strings may cause false positives

Model Tier Performance

The scanner is designed for reliability across all model tiers:

AspectBehavior
Haiku/Sonnet/OpusAll fully supported
DeterminismPython script ensures consistent results regardless of model
Single file scan<100ms typical
Project scan1-2s for typical projects (recursive)

The Python detection script handles heavy lifting, making results model-independent.

Escape Hatch

If scanner guidance isn't helpful for the current context:

ScenarioAction
Skip LOW RISK guidanceIgnore suggestions and continue working
Skip HIGH RISK confirmationSelect "Continue without guidance" option
Need comprehensive reviewUse /spring-review command instead
Disable temporarilyRemove spring-boot-scanner from active skills

The scanner is advisory—it suggests skills but never blocks your workflow.

Detailed References

Critical Reminders

  1. Always check project type first — Only activate for Spring Boot projects
  2. Respect risk levels — Never auto-invoke security/testing/verify without confirmation
  3. Batch notifications — Don't spam user with multiple skill suggestions
  4. Delegate to agents for scale — Use reviewer agent for multi-file analysis
  5. Preserve user flow — Guidance should assist, not interrupt
Skills Info
Original Name:spring-boot-scannerAuthor:joaquimscosta
Download
View on GitHub