← Back to list
analysis-codebase
by deepeshBodh
SPEC-first multi-agent framework for Claude Code.
⭐ 7🍴 0📅 Jan 24, 2026
Run in ManusSKILL.md
name: analysis-codebase description: This skill should be used when the user asks to "analyze codebase", "scan project", "detect tech stack", or mentions "codebase analysis", "existing code", "collision risk", "brownfield", or "project context". Provides systematic extraction of tech stack, conventions, entities, and patterns from existing codebases.
Analyzing Codebase
Purpose
Systematically analyze existing codebases to extract structural information. Supports three modes:
- Context Mode: Gather project characteristics to inform constitution authoring
- Brownfield Mode: Extract entities, endpoints, and collision risks for planning
- Setup-Brownfield Mode: Comprehensive analysis for
/humaninloop:setupproducing codebase-analysis.md
Mode Selection
| Mode | When to Use | Output |
|---|---|---|
| Context | Setting up constitution, understanding project DNA | Markdown report for humans |
| Brownfield | Planning new features against existing code | JSON inventory with collision risks |
| Setup-Brownfield | /humaninloop:setup on existing codebase | codebase-analysis.md with inventory + assessment |
Project Type Detection
Identify project type from package manager files:
| File | Project Type |
|---|---|
package.json | Node.js/JavaScript/TypeScript |
pyproject.toml / requirements.txt | Python |
go.mod | Go |
Cargo.toml | Rust |
pom.xml / build.gradle | Java |
Gemfile | Ruby |
pubspec.yaml | Flutter/Dart |
Framework Detection
Web Frameworks
| Framework | Indicators |
|---|---|
| Express | express(), router.get(), app.use() |
| FastAPI | @app.get(), FastAPI(), APIRouter |
| Django | urls.py, views.py, models.py pattern |
| Flask | @app.route(), @bp.route() |
| Rails | routes.rb, app/models/, app/controllers/ |
| Spring | @RestController, @GetMapping, @Entity |
| Gin/Echo | r.GET(), e.GET() |
ORM/Database Frameworks
| Framework | Indicators |
|---|---|
| Prisma | schema.prisma, @prisma/client |
| TypeORM | @Entity(), @Column(), DataSource |
| SQLAlchemy | Base, db.Model, Column() |
| Django ORM | models.Model, models.CharField |
| GORM | gorm.Model, db.AutoMigrate |
| Mongoose | mongoose.Schema, new Schema({ |
| ActiveRecord | ApplicationRecord, has_many |
Architecture Pattern Recognition
| Pattern | Indicators |
|---|---|
| Layered | src/models/, src/services/, src/controllers/ |
| Feature-based | src/auth/, src/users/, src/tasks/ |
| Microservices | Multiple package files, docker compose |
| Serverless | serverless.yml, lambda/, functions/ |
| MVC | models/, views/, controllers/ |
| Clean/Hexagonal | domain/, application/, infrastructure/ |
Mode: Context Gathering
For constitution authoring - gather broad project characteristics.
What to Extract:
- Tech stack with versions
- Linting/formatting conventions
- CI/CD quality gates
- Team signals (test coverage, required approvals, CODEOWNERS)
- Existing governance docs (CODEOWNERS, ADRs, CONTRIBUTING.md)
Output: Project Context Report (markdown)
See CONTEXT-GATHERING.md for detailed guidance.
Mode: Brownfield Analysis
For planning - extract structural details for collision detection.
What to Extract:
- Entities with fields and relationships
- Endpoints with handlers
- Collision risks against proposed spec
Output: Codebase Inventory (JSON)
See BROWNFIELD-ANALYSIS.md for detailed guidance.
Mode: Setup Brownfield
For /humaninloop:setup - comprehensive analysis combining Context + Brownfield with Essential Floor assessment.
What to Extract:
- Everything from Context mode (tech stack, conventions, architecture)
- Everything from Brownfield mode (entities, relationships)
- Essential Floor assessment (Security, Testing, Error Handling, Observability)
- Inconsistencies and strengths assessment
Output: .humaninloop/memory/codebase-analysis.md following codebase-analysis-template.md
Essential Floor Analysis
Assess each of the four essential floor categories:
Security Assessment
| Check | How to Detect | Status Values |
|---|---|---|
| Auth at boundaries | Middleware patterns (authenticate, authorize, requireAuth) | present/partial/absent |
| Secrets from env | .env.example exists, no hardcoded credentials in code | present/partial/absent |
| Input validation | Schema validation libraries, input checking patterns | present/partial/absent |
Indicators to search:
# Auth middleware
grep -r "authenticate\|authorize\|requireAuth\|isAuthenticated" src/ 2>/dev/null
# Environment variables
ls .env.example .env.sample 2>/dev/null
grep -r "process.env\|os.environ\|os.Getenv" src/ 2>/dev/null
# Validation
grep -r "zod\|yup\|joi\|pydantic\|validator" package.json pyproject.toml 2>/dev/null
Testing Assessment
| Check | How to Detect | Status Values |
|---|---|---|
| Test framework configured | Config files (jest.config.*, pytest.ini, vitest.config.*) | present/partial/absent |
| Test files present | Files matching *.test.*, *_test.*, test_*.* | present/partial/absent |
| CI runs tests | Test commands in workflow files | present/partial/absent |
Indicators to search:
# Test config
ls jest.config.* vitest.config.* pytest.ini pyproject.toml 2>/dev/null
# Test files
find . -name "*.test.*" -o -name "*_test.*" -o -name "test_*.*" 2>/dev/null | head -5
# CI test commands
grep -r "npm test\|yarn test\|pytest\|go test" .github/workflows/ 2>/dev/null
Error Handling Assessment
| Check | How to Detect | Status Values |
|---|---|---|
| Explicit error types | Custom error classes/types defined | present/partial/absent |
| Context preservation | Error messages include context, stack traces logged | present/partial/absent |
| Appropriate status codes | API responses use correct HTTP status codes | present/partial/absent |
Indicators to search:
# Custom errors
grep -r "class.*Error\|extends Error\|Exception" src/ 2>/dev/null | head -5
# Error logging
grep -r "error.*context\|error.*stack\|logger.error" src/ 2>/dev/null | head -3
# Status codes
grep -r "status(4\|status(5\|HttpStatus\|status_code" src/ 2>/dev/null | head -3
Observability Assessment
| Check | How to Detect | Status Values |
|---|---|---|
| Structured logging | Logger config (winston, pino, structlog, logrus) | present/partial/absent |
| Correlation IDs | Request ID middleware, trace ID patterns | present/partial/absent |
| No PII in logs | Log sanitization, no email/password in log statements | present/partial/absent |
Indicators to search:
# Logger config
grep -r "winston\|pino\|structlog\|logrus\|zap" package.json pyproject.toml go.mod 2>/dev/null
# Correlation IDs
grep -r "requestId\|correlationId\|traceId\|x-request-id" src/ 2>/dev/null | head -3
# PII check (negative - should NOT find these in logs)
grep -r "logger.*email\|logger.*password\|log.*password" src/ 2>/dev/null
Setup-Brownfield Quality Checklist
Before finalizing setup-brownfield analysis:
- Project identity complete (name, language, framework, entry points)
- Directory structure documented with purposes
- Architecture pattern identified with evidence
- Naming conventions documented (files, variables, functions, classes)
- All four Essential Floor categories assessed
- Domain entities extracted with relationships
- External dependencies documented
- Strengths to preserve identified (minimum 2-3)
- Inconsistencies documented with severity
- Recommendations provided for constitution focus
Detection Script
Run the automated detection script for fast, deterministic stack identification:
bash scripts/detect-stack.sh /path/to/project
Output:
{
"project_type": "nodejs",
"package_manager": "npm",
"frameworks": ["express"],
"orms": ["prisma"],
"architecture": ["feature-based"],
"ci_cd": ["github-actions"],
"files_found": {...}
}
The script detects:
- Project type: nodejs, python, go, rust, java, ruby, flutter, elixir
- Package manager: npm, yarn, pnpm, pip, poetry, cargo, etc.
- Frameworks: express, fastapi, django, nextjs, gin, rails, spring-boot, etc.
- ORMs: prisma, typeorm, sqlalchemy, mongoose, gorm, activerecord, etc.
- Architecture: clean-architecture, mvc, layered, feature-based, serverless, microservices
- CI/CD: github-actions, gitlab-ci, jenkins, circleci, etc.
Usage pattern:
- Run script first for deterministic baseline
- Use script output to guide deeper LLM analysis
- Script findings are ground truth; LLM adds nuance
Manual Detection Commands
For cases where script detection is insufficient:
# Tech stack detection
cat package.json | jq '{name, engines, dependencies}'
cat pyproject.toml
cat .tool-versions .nvmrc .python-version 2>/dev/null
# Architecture detection
ls -d src/domain src/application src/features 2>/dev/null
# CI/CD detection
ls .github/workflows/*.yml .gitlab-ci.yml 2>/dev/null
# Governance detection
ls CODEOWNERS .github/CODEOWNERS docs/CODEOWNERS 2>/dev/null
cat CODEOWNERS 2>/dev/null | head -20
# Test structure
ls -d test/ tests/ spec/ __tests__/ 2>/dev/null
Quality Checklist
Before finalizing analysis:
Both Modes:
- Project type and framework correctly identified
- Architecture pattern documented
- File paths cited for all findings
Context Mode:
- Existing linting/formatting config extracted
- CI quality gates analyzed
- Existing governance docs checked (CODEOWNERS, ADRs, CONTRIBUTING.md)
- Approvers identified (from CODEOWNERS or team structure)
- Recommendations provided
Brownfield Mode:
- All entity directories scanned
- All route directories scanned
- Collision risks classified by severity
Setup-Brownfield Mode:
- All Context Mode checks completed
- All four Essential Floor categories assessed
- Strengths and inconsistencies documented
- Output written to
.humaninloop/memory/codebase-analysis.md
Anti-Patterns
| Anti-Pattern | Problem | Fix |
|---|---|---|
| Assuming framework | Guessing without evidence | Verify with code patterns |
| Missing directories | Only checking standard paths | Projects vary, explore |
| Over-extracting | Analyzing every file | Focus on config and patterns |
| Ignoring governance | Missing existing decisions | Check README, CLAUDE.md, ADRs |
| Inventing findings | Documenting assumptions | Only report what's found |
Score
Total Score
65/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
✓LICENSE
ライセンスが設定されている
+10
○説明文
100文字以上の説明がある
0/10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
