메뉴
Use when first encountering a codebase, onboarding to a project, or needing to understand system structure before auditing or modifying. Creates a mental model of the system before any changes.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | codebase-mapping |
| description | Use when first encountering a codebase, onboarding to a project, or needing to understand system structure before auditing or modifying. Creates a mental model of the system before any changes. |
Before you can improve a system, you must understand it. Codebase mapping creates a comprehensive mental model.
Core principle: Observation before action. Understanding before modification.
NO CHANGES TO A CODEBASE YOU HAVEN'T MAPPED. NO ASSUMPTIONS ABOUT STRUCTURE.
systematic-debugging)YOU CANNOT:
- Start modifying code before completing the mapping — understand first, change second
- Assume structure from directory names — read the actual files
- Skip the dependency analysis — hidden dependencies create hidden bugs
- Map only the parts you think are relevant — map the whole system, surprises hide in corners
- Trust the README as ground truth — READMEs age, code doesn't lie
- Skip the data model phase — the data model IS the architecture for most systems
- Stop at the directory tree — trace actual data flows through the code
- Declare mapping complete without tracing at least 2 critical flows end-to-end
| Rationalization | Reality |
|---|---|
| "I just need to fix this one file" | One file connects to other files. Map first. |
| "The README explains everything" | READMEs explain intent. Code reveals reality. |
| "It's a small project, I can figure it out" | Small projects still have hidden complexity. |
| "I've worked with this framework before" | Framework knowledge ≠ project knowledge. |
| "I'll learn as I go" | Learning by breaking things is not mapping. |
| "The tests explain the behavior" | Tests explain expected behavior. Code reveals actual behavior. |
1. Can I explain what this system does in 2 sentences? (if not, keep mapping)
2. Can I trace a request from entry point to database and back? (if not, trace it)
3. What are the 3 most important files in this codebase? (know the core)
4. Where does authentication happen? (one of the first things to understand)
5. Where does business logic live? (separate from infrastructure?)
6. What are the external dependencies? (APIs, services, databases)
7. What's the test coverage picture? (well-tested, partially tested, untested)
8. Are there any surprises? (unexpected patterns, odd file locations, magic)
1. READ the README (if it exists)
2. CHECK the directory structure (top-level only)
3. IDENTIFY the language/framework (package.json, requirements.txt, etc.)
4. READ the entry point (main, index, app)
5. NOTE what's obvious and what's surprising
Capture:
## First Impression
- **Language:** [X]
- **Framework:** [X]
- **Build System:** [X]
- **Test Framework:** [X]
- **Entry Point:** [file]
- **Surprises:** [anything unexpected]
1. MAP the directory tree (2-3 levels deep)
2. IDENTIFY the architectural pattern (MVC, layered, hexagonal, etc.)
3. CATEGORIZE directories: source / tests / config / docs / scripts / assets
4. COUNT significant files per directory
5. IDENTIFY the "core" — where does business logic live?
Capture:
## Structure Map
project/ ├── src/ [N files] — Source code │ ├── api/ [N files] — API endpoints │ ├── models/ [N files] — Data models │ ├── services/ [N files] — Business logic │ └── utils/ [N files] — Utilities ├── tests/ [N files] — Test suite ├── config/ [N files] — Configuration └── docs/ [N files] — Documentation
**Pattern:** [Layered / MVC / Hexagonal / etc.]
**Core:** Business logic in [directory]
1. READ package manifest (dependencies and versions)
2. IDENTIFY key frameworks and libraries
3. COUNT total dependencies (direct + transitive)
4. FLAG outdated or deprecated dependencies
5. UNDERSTAND the tech stack
Dependency categories to identify:
| Category | Examples | Why It Matters |
|---|---|---|
| Framework | Express, Django, Rails | Core constraints and patterns |
| Database | Prisma, SQLAlchemy, TypeORM | Data access patterns |
| Auth | Passport, JWT, OAuth libs | Security model |
| Testing | Jest, pytest, RSpec | Test capabilities |
| Build | Webpack, Vite, esbuild | Build pipeline |
| Monitoring | Sentry, Datadog | Observability |
1. FIND schema definitions (migrations, models, types)
2. MAP entities and their relationships
3. IDENTIFY the data flow (where does data come from, where does it go)
4. NOTE the database type and access pattern (ORM, raw SQL, etc.)
1. IDENTIFY all entry points (HTTP routes, CLI commands, event handlers, cron jobs)
2. TRACE 2-3 critical flows end-to-end:
- The "happy path" for the main feature
- The authentication flow
- An error path
3. MAP the call chain for each flow
Flow tracing template:
### Flow: [Name]
1. Entry: [file:function] — receives [what]
2. Middleware: [file:function] — validates/transforms [what]
3. Handler: [file:function] — processes [what]
4. Service: [file:function] — business logic for [what]
5. Repository: [file:function] — database [operation]
6. Response: [format] — returns [what]
1. CHECK test coverage (how many tests, what's tested)
2. CHECK last commit dates (active or abandoned?)
3. CHECK issue tracker (known problems?)
4. CHECK CI/CD (automated builds and deploys?)
5. CHECK documentation freshness
6. CHECK code quality tools (linter, formatter, type checker)
# System Map: [Project Name]
## Overview
[2-3 sentences: what this system does]
## Tech Stack
| Layer | Technology | Version |
|-------|-----------|---------|
| Language | Python | 3.11 |
| Framework | FastAPI | 0.104 |
| Database | PostgreSQL | 15 |
| Cache | Redis | 7.2 |
| Tests | pytest | 7.4 |
## Architecture
**Pattern:** [Identified pattern]
**Module count:** [N]
**Dependency count:** [N direct, N total]
## Structure
[Directory tree with annotations]
## Key Flows
[2-3 traced flows with file references]
## Data Model
[Entity-relationship overview]
## Health
| Indicator | Status |
|-----------|--------|
| Test coverage | ~N% |
| Last commit | [date] |
| CI/CD | Present / Missing |
| Documentation | Current / Outdated / Missing |
| Code quality tools | [Linter / Formatter / None] |
## Red Flags
[Any immediate concerns noted during mapping]
## Next Steps
[Recommended audit skills to apply]
password, secret, key, token)50 direct dependencies
architecture-audit, security-audit, performance-auditbrainstorming and writing-plansUse when porting any module from a Next.js (React) app to a Nuxt 4 (Vue 3) production app backed by NestJS. User provides module name and three repo paths. Covers submodule analysis, backend verification, feature inventory, sidebar registration, theme/dark-mode rules, and multi-pass execution.
Use as the master reference for all core principles, anti-hallucination protocol, severity framework, and skill activation rules. Every other skill inherits from this. Read this first in any new session.
Use when creating new skills for the skills library. Defines the structure, format, quality standards, and testing requirements for new skills.
Multi-agent council using real subagent spawning (Task() tool), deterministic CLI state management, and file-based handoffs. Orchestrator stays lean while specialists execute in fresh contexts.
Use when you have a spec or requirements for a multi-step task and need to create a detailed implementation plan before touching code.
Use when you have a detailed implementation plan and need to execute it task by task with deviation handling, checkpoints, and atomic commits.