Analyze existing codebases for tech stack, conventions, entities, and patterns. Use when scanning projects for context, brownfield analysis, or when you see "tech stack", "codebase analysis", "existing code", "collision risk", "brownfield", or "project context".
Analyzes codebases to extract tech stack, architecture patterns, entities, and governance for brownfield planning.
/plugin marketplace add deepeshBodh/human-in-loop/plugin install deepeshbodh-humaninloop-plugins-humaninloop@deepeshBodh/human-in-loopThis skill inherits all available tools. When active, it can use any tool Claude has access to.
BROWNFIELD-ANALYSIS.mdCONTEXT-GATHERING.mdscripts/detect-stack.shSystematically analyze existing codebases to extract structural information. Supports three modes:
/humaninloop:setup producing codebase-analysis.md| Mode | When to Use | Output |
|---|---|---|
| Context | Setting up constitution, understanding project DNA | Markdown report for humans |
| Brownfield | Planning new features against existing code | JSON inventory with collision risks |
| Setup-Brownfield | /humaninloop:setup on existing codebase | codebase-analysis.md with inventory + assessment |
Identify project type from package manager files:
| File | Project Type |
|---|---|
package.json | Node.js/JavaScript/TypeScript |
pyproject.toml / requirements.txt | Python |
go.mod | Go |
Cargo.toml | Rust |
pom.xml / build.gradle | Java |
Gemfile | Ruby |
pubspec.yaml | Flutter/Dart |
| Framework | Indicators |
|---|---|
| Express | express(), router.get(), app.use() |
| FastAPI | @app.get(), FastAPI(), APIRouter |
| Django | urls.py, views.py, models.py pattern |
| Flask | @app.route(), @bp.route() |
| Rails | routes.rb, app/models/, app/controllers/ |
| Spring | @RestController, @GetMapping, @Entity |
| Gin/Echo | r.GET(), e.GET() |
| Framework | Indicators |
|---|---|
| Prisma | schema.prisma, @prisma/client |
| TypeORM | @Entity(), @Column(), DataSource |
| SQLAlchemy | Base, db.Model, Column() |
| Django ORM | models.Model, models.CharField |
| GORM | gorm.Model, db.AutoMigrate |
| Mongoose | mongoose.Schema, new Schema({ |
| ActiveRecord | ApplicationRecord, has_many |
| Pattern | Indicators |
|---|---|
| Layered | src/models/, src/services/, src/controllers/ |
| Feature-based | src/auth/, src/users/, src/tasks/ |
| Microservices | Multiple package files, docker compose |
| Serverless | serverless.yml, lambda/, functions/ |
| MVC | models/, views/, controllers/ |
| Clean/Hexagonal | domain/, application/, infrastructure/ |
For constitution authoring - gather broad project characteristics.
What to Extract:
Output: Project Context Report (markdown)
See CONTEXT-GATHERING.md for detailed guidance.
For planning - extract structural details for collision detection.
What to Extract:
Output: Codebase Inventory (JSON)
See BROWNFIELD-ANALYSIS.md for detailed guidance.
For /humaninloop:setup - comprehensive analysis combining Context + Brownfield with Essential Floor assessment.
What to Extract:
Output: .humaninloop/memory/codebase-analysis.md following codebase-analysis-template.md
Assess each of the four essential floor categories:
| Check | How to Detect | Status Values |
|---|---|---|
| Auth at boundaries | Middleware patterns (authenticate, authorize, requireAuth) | present/partial/absent |
| Secrets from env | .env.example exists, no hardcoded credentials in code | present/partial/absent |
| Input validation | Schema validation libraries, input checking patterns | present/partial/absent |
Indicators to search:
# Auth middleware
grep -r "authenticate\|authorize\|requireAuth\|isAuthenticated" src/ 2>/dev/null
# Environment variables
ls .env.example .env.sample 2>/dev/null
grep -r "process.env\|os.environ\|os.Getenv" src/ 2>/dev/null
# Validation
grep -r "zod\|yup\|joi\|pydantic\|validator" package.json pyproject.toml 2>/dev/null
| Check | How to Detect | Status Values |
|---|---|---|
| Test framework configured | Config files (jest.config.*, pytest.ini, vitest.config.*) | present/partial/absent |
| Test files present | Files matching *.test.*, *_test.*, test_*.* | present/partial/absent |
| CI runs tests | Test commands in workflow files | present/partial/absent |
Indicators to search:
# Test config
ls jest.config.* vitest.config.* pytest.ini pyproject.toml 2>/dev/null
# Test files
find . -name "*.test.*" -o -name "*_test.*" -o -name "test_*.*" 2>/dev/null | head -5
# CI test commands
grep -r "npm test\|yarn test\|pytest\|go test" .github/workflows/ 2>/dev/null
| Check | How to Detect | Status Values |
|---|---|---|
| Explicit error types | Custom error classes/types defined | present/partial/absent |
| Context preservation | Error messages include context, stack traces logged | present/partial/absent |
| Appropriate status codes | API responses use correct HTTP status codes | present/partial/absent |
Indicators to search:
# Custom errors
grep -r "class.*Error\|extends Error\|Exception" src/ 2>/dev/null | head -5
# Error logging
grep -r "error.*context\|error.*stack\|logger.error" src/ 2>/dev/null | head -3
# Status codes
grep -r "status(4\|status(5\|HttpStatus\|status_code" src/ 2>/dev/null | head -3
| Check | How to Detect | Status Values |
|---|---|---|
| Structured logging | Logger config (winston, pino, structlog, logrus) | present/partial/absent |
| Correlation IDs | Request ID middleware, trace ID patterns | present/partial/absent |
| No PII in logs | Log sanitization, no email/password in log statements | present/partial/absent |
Indicators to search:
# Logger config
grep -r "winston\|pino\|structlog\|logrus\|zap" package.json pyproject.toml go.mod 2>/dev/null
# Correlation IDs
grep -r "requestId\|correlationId\|traceId\|x-request-id" src/ 2>/dev/null | head -3
# PII check (negative - should NOT find these in logs)
grep -r "logger.*email\|logger.*password\|log.*password" src/ 2>/dev/null
Before finalizing setup-brownfield analysis:
Run the automated detection script for fast, deterministic stack identification:
bash scripts/detect-stack.sh /path/to/project
Output:
{
"project_type": "nodejs",
"package_manager": "npm",
"frameworks": ["express"],
"orms": ["prisma"],
"architecture": ["feature-based"],
"ci_cd": ["github-actions"],
"files_found": {...}
}
The script detects:
Usage pattern:
For cases where script detection is insufficient:
# Tech stack detection
cat package.json | jq '{name, engines, dependencies}'
cat pyproject.toml
cat .tool-versions .nvmrc .python-version 2>/dev/null
# Architecture detection
ls -d src/domain src/application src/features 2>/dev/null
# CI/CD detection
ls .github/workflows/*.yml .gitlab-ci.yml 2>/dev/null
# Governance detection
ls CODEOWNERS .github/CODEOWNERS docs/CODEOWNERS 2>/dev/null
cat CODEOWNERS 2>/dev/null | head -20
# Test structure
ls -d test/ tests/ spec/ __tests__/ 2>/dev/null
Before finalizing analysis:
Both Modes:
Context Mode:
Brownfield Mode:
Setup-Brownfield Mode:
.humaninloop/memory/codebase-analysis.md| Anti-Pattern | Problem | Fix |
|---|---|---|
| Assuming framework | Guessing without evidence | Verify with code patterns |
| Missing directories | Only checking standard paths | Projects vary, explore |
| Over-extracting | Analyzing every file | Focus on config and patterns |
| Ignoring governance | Missing existing decisions | Check README, CLAUDE.md, ADRs |
| Inventing findings | Documenting assumptions | Only report what's found |
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.