By name: spring-boot-scanner description: Smart code scanner that detects Spring Boot patterns and routes to appropriate skills. Use when editing Java or Kotlin files in Spring Boot projects, working with pom.xml/build.gradle containing spring-boot-starter, or when context suggests Spring Boot development. Detects annotations (@RestController, @Entity, @EnableWebSecurity, @SpringBootTest) to determine relevant skills and provides contextual guidance. Uses progressive automation - auto-invokes for low-risk patterns (web-api, data, DDD), confirms before loading high-risk skills (security, testing, verify). spring-boot-version: "4.0"
Spring Boot Scanner
Smart pattern detection and skill routing for Spring Boot projects.
Core Behavior
Trigger Conditions:
- Editing
*.javaor*.ktfiles in a project withspring-boot-starterdependencies - Working with
pom.xmlorbuild.gradle*containing Spring Boot - User mentions "Spring Boot", "Spring Security", "Spring Data", etc.
Action: Scan code → Detect patterns → Route to appropriate skill
Detection Algorithm
Scans in 3 phases: (1) detect Spring Boot project via build files, (2) scan annotations against the map below, (3) route by risk level — LOW auto-invokes, HIGH confirms first. See WORKFLOW.md for the full step-by-step detection flow.
Annotation → Skill Map
| Annotation Pattern | Detected Skill | Risk Level |
|---|---|---|
@RestController, @GetMapping, @PostMapping, @RequestMapping |
spring-boot-web-api | LOW |
@Entity, @Repository, @Aggregate, @MappedSuperclass |
spring-boot-data-ddd | LOW |
@Service in **/domain/** or **/service/** |
domain-driven-design | LOW |
@ApplicationModule, @ApplicationModuleListener |
spring-boot-modulith | LOW |
@Timed, @Counted, HealthIndicator, MeterRegistry |
spring-boot-observability | LOW |
@EnableWebSecurity, @PreAuthorize, @Secured, SecurityFilterChain |
spring-boot-security | HIGH |
@SpringBootTest, @WebMvcTest, @DataJpaTest, @MockitoBean |
spring-boot-testing | HIGH |
@MockBean (deprecated) |
spring-boot-testing | HIGH + WARNING |
| Build file with version < 4.0 | spring-boot-verify | HIGH |
Use this script to detect patterns:
# Run from project root
python3 scripts/detect_patterns.py /path/to/file.java
Or use Grep directly:
# Web API detection
grep -l "@RestController\|@GetMapping\|@PostMapping" **/*.java
# Security detection
grep -l "@EnableWebSecurity\|@PreAuthorize\|SecurityFilterChain" **/*.java
# Testing detection
grep -l "@SpringBootTest\|@WebMvcTest\|@MockitoBean\|@MockBean" **/*.java
Escalation Triggers
Always confirm before proceeding when detecting:
| Pattern | Reason | Action |
|---|---|---|
@EnableGlobalMethodSecurity |
Deprecated in Security 6+ | Confirm + Migration guidance |
@MockBean |
Deprecated in Boot 3.4+ | Confirm + Show @MockitoBean |
spring-boot-starter-parent < 3.0 |
Major migration needed | Confirm + Suggest verify-upgrade |
.and() in security config |
Removed in Security 7 | Confirm + Lambda DSL guidance |
com.fasterxml.jackson |
Jackson 3 migration | Confirm + Namespace change |
Integration with Existing Components
Delegates to Skills:
spring-boot-web-api→ REST patternsspring-boot-data-ddd→ Repository/Entity patternsspring-boot-security→ Security configurationspring-boot-testing→ Test patternsspring-boot-modulith→ Module structurespring-boot-observability→ Metrics/Healthspring-boot-verify→ Dependencies/Configdomain-driven-design→ DDD architecture
Delegates to Agents (for comprehensive review):
spring-boot-reviewer→ Full codebase reviewspring-boot-upgrade-verifier→ Migration analysis
When to delegate to agents:
- User asks for "review" or "scan" of entire project
- Multiple HIGH RISK patterns across many files
- Explicit
/spring-reviewor/verify-upgradecommand
Known Limitations
- Annotation-based only: Detects standard Spring annotations, not custom/meta-annotations or XML configuration
- Java and Kotlin only: Scans
*.javaand*.ktfiles; no Groovy/Scala support - Spring Boot 3.x+ optimized: Escalation patterns focus on Boot 3.x → 4.x migration; older versions may have gaps
- No AST parsing: Uses regex matching, so patterns in comments/strings may cause false positives
Escape Hatch
If scanner guidance isn't helpful for the current context:
| Scenario | Action |
|---|---|
| Skip LOW RISK guidance | Ignore suggestions and continue working |
| Skip HIGH RISK confirmation | Select "Continue without guidance" option |
| Need comprehensive review | Use /spring-review command instead |
| Disable temporarily | Remove spring-boot-scanner from active skills |
The scanner is advisory—it suggests skills but never blocks the workflow.
Related Skills
| Need | Skill |
|---|---|
| DDD concepts | domain-driven-design |
| Data layer | spring-boot-data-ddd |
| REST APIs | spring-boot-web-api |
| Security config | spring-boot-security |
| Full codebase review | Use /spring-review command |
Detailed References
- Workflow: See WORKFLOW.md for step-by-step detection flow
- Examples: See EXAMPLES.md for trigger scenarios
- Troubleshooting: See TROUBLESHOOTING.md for common issues
- Detection Script: See scripts/detect_patterns.py for programmatic detection
Critical Reminders
- Always check project type first — Only activate for Spring Boot projects
- Respect risk levels — Never auto-invoke security/testing/verify without confirmation
- Batch notifications — Don't spam user with multiple skill suggestions
- Delegate to agents for scale — Use reviewer agent for multi-file analysis
- Preserve user flow — Guidance should assist, not interrupt