spring-boot-scanner
Spring Boot Scanner
Smart pattern detection and skill routing for Spring Boot projects.
Core Behavior
Trigger Conditions:
- Editing
*.javaor*.ktfiles in a project withspring-boot-starterdependencies - Working with
pom.xmlorbuild.gradle*containing Spring Boot - User mentions "Spring Boot", "Spring Security", "Spring Data", etc.
Action: Scan code → Detect patterns → Route to appropriate skill
Detection Algorithm
Scans in 3 phases: (1) detect Spring Boot project via build files, (2) scan annotations against the map below, (3) route by risk level — LOW auto-invokes, HIGH confirms first. See WORKFLOW.md for the full step-by-step detection flow.
Annotation → Skill Map
| Annotation Pattern | Detected Skill | Risk Level |
|---|---|---|
@RestController, @GetMapping, @PostMapping, @RequestMapping |
spring-boot-web-api | LOW |
@Entity, @Repository, @Aggregate, @MappedSuperclass |
spring-boot-data-ddd | LOW |
@Service in **/domain/** or **/service/** |
domain-driven-design | LOW |
@ApplicationModule, @ApplicationModuleListener |
spring-boot-modulith | LOW |
@Timed, @Counted, HealthIndicator, MeterRegistry |
spring-boot-observability | LOW |
@EnableWebSecurity, @PreAuthorize, @Secured, SecurityFilterChain |
spring-boot-security | HIGH |
@SpringBootTest, @WebMvcTest, @DataJpaTest, @MockitoBean |
spring-boot-testing | HIGH |
@MockBean (deprecated) |
spring-boot-testing | HIGH + WARNING |
| Build file with version < 4.0 | spring-boot-verify | HIGH |
Use this script to detect patterns:
# Run from project root
python3 scripts/detect_patterns.py /path/to/file.java
Or use Grep directly:
# Web API detection
grep -l "@RestController\|@GetMapping\|@PostMapping" **/*.java
# Security detection
grep -l "@EnableWebSecurity\|@PreAuthorize\|SecurityFilterChain" **/*.java
# Testing detection
grep -l "@SpringBootTest\|@WebMvcTest\|@MockitoBean\|@MockBean" **/*.java
Escalation Triggers
Always confirm before proceeding when detecting:
| Pattern | Reason | Action |
|---|---|---|
@EnableGlobalMethodSecurity |
Deprecated in Security 6+ | Confirm + Migration guidance |
@MockBean |
Deprecated in Boot 3.4+ | Confirm + Show @MockitoBean |
spring-boot-starter-parent < 3.0 |
Major migration needed | Confirm + Suggest verify-upgrade |
.and() in security config |
Removed in Security 7 | Confirm + Lambda DSL guidance |
com.fasterxml.jackson |
Jackson 3 migration | Confirm + Namespace change |
Integration with Existing Components
Delegates to Skills:
spring-boot-web-api→ REST patternsspring-boot-data-ddd→ Repository/Entity patternsspring-boot-security→ Security configurationspring-boot-testing→ Test patternsspring-boot-modulith→ Module structurespring-boot-observability→ Metrics/Healthspring-boot-verify→ Dependencies/Configdomain-driven-design→ DDD architecture
Delegates to Agents (for comprehensive review):
spring-boot-reviewer→ Full codebase reviewspring-boot-upgrade-verifier→ Migration analysis
When to delegate to agents:
- User asks for "review" or "scan" of entire project
- Multiple HIGH RISK patterns across many files
- Explicit
/spring-reviewor/verify-upgradecommand
Known Limitations
- Annotation-based only: Detects standard Spring annotations, not custom/meta-annotations or XML configuration
- Java and Kotlin only: Scans
*.javaand*.ktfiles; no Groovy/Scala support - Spring Boot 3.x+ optimized: Escalation patterns focus on Boot 3.x → 4.x migration; older versions may have gaps
- No AST parsing: Uses regex matching, so patterns in comments/strings may cause false positives
Escape Hatch
If scanner guidance isn't helpful for the current context:
| Scenario | Action |
|---|---|
| Skip LOW RISK guidance | Ignore suggestions and continue working |
| Skip HIGH RISK confirmation | Select "Continue without guidance" option |
| Need comprehensive review | Use /spring-review command instead |
| Disable temporarily | Remove spring-boot-scanner from active skills |
The scanner is advisory—it suggests skills but never blocks the workflow.
Related Skills
| Need | Skill |
|---|---|
| DDD concepts | domain-driven-design |
| Data layer | spring-boot-data-ddd |
| REST APIs | spring-boot-web-api |
| Security config | spring-boot-security |
| Full codebase review | Use /spring-review command |
Detailed References
- Workflow: See WORKFLOW.md for step-by-step detection flow
- Examples: See EXAMPLES.md for trigger scenarios
- Troubleshooting: See TROUBLESHOOTING.md for common issues
- Detection Script: See scripts/detect_patterns.py for programmatic detection
Critical Reminders
- Always check project type first — Only activate for Spring Boot projects
- Respect risk levels — Never auto-invoke security/testing/verify without confirmation
- Batch notifications — Don't spam user with multiple skill suggestions
- Delegate to agents for scale — Use reviewer agent for multi-file analysis
- Preserve user flow — Guidance should assist, not interrupt
More from joaquimscosta/arkhe-claude-plugins
skill-validator
Validate skills against Anthropic best practices for frontmatter, structure, content, file organization, hooks, MCP, and security (62 rules in 8 categories). Use when creating new skills, updating existing skills, before publishing skills, reviewing skill quality, or when user mentions "validate skill", "check skill", "skill best practices", "skill review", or "lint skill".
30domain-driven-design
Expert guidance for Domain-Driven Design architecture and implementation. Use when designing complex business systems, defining bounded contexts, structuring domain models, choosing between modular monolith vs microservices, implementing aggregates/entities/value objects, or when users mention "DDD", "domain-driven design", "bounded context", "aggregate", "domain model", "ubiquitous language", "event storming", "context mapping", "domain events", "anemic domain model", strategic design, tactical patterns, or domain modeling. Helps make architectural decisions, identify subdomains, design aggregates, and avoid common DDD pitfalls.
26code-explanation
Explains complex code through clear narratives, visual diagrams, and step-by-step breakdowns. Use when user asks to explain code, understand algorithms, analyze design patterns, wants code walkthroughs, or mentions "explain this code", "how does this work", "code breakdown", or "understand this function".
22generating-changelog
Analyzes git commit history and generates professional changelogs with semantic versioning, conventional commit support, and multiple output formats (Keep a Changelog, Conventional, GitHub). Use when editing CHANGELOG.md, CHANGELOG.txt, or HISTORY.md files, preparing release notes, creating releases, bumping versions, updating changelog, documenting changes, writing release notes, tracking changes, version bump, tag release, or when user mentions "changelog", "release notes", "version history", "release", "semantic versioning", or "conventional commits".
21workflow-orchestration
>
19generating-stitch-screens
>
19