bootstrap-repo
The bootstrap-repo slash command performs a comprehensive codebase analysis by deploying ten parallel subagents to explore different aspects of a repository, including file structure, dependencies, architecture, data layer, API endpoints, configuration, business logic, testing, deployment, and documentation. Use this command when onboarding to a new project or creating detailed architectural documentation that synthesizes findings across all project dimensions into a single CODEBASE.md file.
mkdir -p ~/.claude/commands && curl -fsSL https://raw.githubusercontent.com/CloudAI-X/claude-workflow-v2/HEAD/commands/bootstrap-repo.md -o ~/.claude/commands/bootstrap-repo.mdbootstrap-repo.md
# Bootstrap Repository Perform a comprehensive exploration of the current repository using 10 parallel subagents, then synthesize findings into a single CODEBASE.md document. ## Phase 1: Initial Scan Before spawning subagents, gather basic repo info: ```bash git remote -v git log --oneline -5 ``` Use Glob to identify the project root and top-level structure: - Check for `package.json`, `pyproject.toml`, `Cargo.toml`, `go.mod`, `Makefile`, `Dockerfile`, etc. - Identify the primary language and framework ## Phase 2: Spawn 10 Exploration Subagents (Parallel) **CRITICAL**: Launch ALL 10 Task calls in a SINGLE message for true parallelism. Each subagent uses `run_in_background: true`. ``` [Task 1] description: "File Structure Explorer" prompt: "Map the complete directory tree of this repository. Identify: - Top-level directory purposes (src/, lib/, tests/, docs/, etc.) - Entry points (main files, index files, app files) - Configuration files and their roles - Generated vs source directories - File count and language breakdown by directory Report a structured tree with annotations for each directory's purpose." run_in_background: true [Task 2] description: "Dependency Analyzer" prompt: "Analyze all dependency files in this repository: - Package manifests (package.json, pyproject.toml, Cargo.toml, go.mod, etc.) - Lock files and their state - Direct vs transitive dependency count - Key dependencies and what they provide (framework, ORM, HTTP client, etc.) - Dev dependencies and their purposes - Any outdated or pinned versions worth noting Report a categorized dependency inventory." run_in_background: true [Task 3] description: "Architecture Mapper" prompt: "Determine the high-level architecture of this project: - Architectural style (monolith, microservices, serverless, plugin system, CLI, library) - Layer structure (presentation, business logic, data access) - Module boundaries and how they communicate - Key abstractions and interfaces - Configuration management approach - Error handling patterns Create an ASCII architecture diagram showing component relationships." run_in_background: true [Task 4] description: "Data Layer Analyst" prompt: "Analyze the data layer of this repository: - Database type and ORM/query builder used - Schema definitions or migrations - Models/entities and their relationships - Data validation approach - Caching strategy (if any) - File-based storage or state management If no database exists, analyze how state and data are managed (files, config, in-memory)." run_in_background: true [Task 5] description: "API Surface Mapper" prompt: "Map all external-facing interfaces: - HTTP/REST/GraphQL endpoints with methods and paths - CLI commands and their arguments - Library exports and public API - Event handlers or message consumers - Webhook endpoints - Plugin interfaces or extension points For each interface, note its purpose and any authentication requirements." run_in_background: true [Task 6] description: "Testing Analyst" prompt: "Evaluate the testing setup: - Test framework(s) used - Test directory structure - Types of tests present (unit, integration, e2e, snapshot) - Test configuration files - Coverage configuration and thresholds - Test utilities, fixtures, and helpers - How to run the tests (commands) - Approximate test count and coverage level" run_in_background: true [Task 7] description: "Deployment Analyst" prompt: "Analyze deployment and CI/CD configuration: - CI/CD pipeline files (.github/workflows, .gitlab-ci.yml, Jenkinsfile, etc.) - Dockerfile and docker-compose configurations - Infrastructure-as-code (Terraform, Pulumi, CloudFormation) - Environment configuration (.env.example, config files) - Build scripts and output - Release/versioning strategy - Deployment targets (cloud provider, platform)" run_in_background: true [Task 8] description: "Security Reviewer" prompt: "Perform a security-oriented scan: - Authentication and authorization mechanisms - Secret management approach (.env, vault, etc.) - Input validation and sanitization patterns - CORS, CSP, and other security headers - Dependency vulnerability indicators - File permission patterns - Any security-related middleware or hooks Note: Do NOT report actual secret values, only patterns." run_in_background: true [Task 9] description: "Documentation Auditor" prompt: "Catalog existing documentation: - README files and their completeness - API documentation (Swagger, JSDoc, docstrings) - Architecture decision records (ADRs) - Contributing guides - Changelog and versioning docs - Inline code documentation quality - Configuration documentation Rate documentation completeness: None / Minimal / Moderate / Comprehensive" run_in_background: true [Task 10] description: "Domain Model Analyst" prompt: "Understand the business domain: - Core domain concepts and entities - Business rules encoded in the codebase - Domain-specific terminology (build a glossary) - Workflows and state machines - Validation rules and constraints - Key algorithms or business logic Report a domain glossary and concept map." run_in_background: true ``` ## Phase 3: Collect Results Each subagent returns its result automatically when it completes — there is no separate retrieval call. Launch the `Task` calls in a single message, then read each returned summary as it finishes. ## Phase 4: Synthesize into CODEBASE.md Combine all subagent findings into a single `CODEBASE.md` at the project root. Use this structure: ```markdown # [Project Name] - Codebase Documentation > Auto-generated by bootstrap-repo on YYYY-MM-DD ## Overview [2-3 sentence summary: what the project is, its primary purpose, and tech stack] ## Architecture [ASCII diagram of component relationships] ``` +-------------------+ | Component A | +--------+----------+ | v +--------+----------+ | Component B | +-------------------+ ``` ### Architectural Style [Monolith / Microservices / Serverless / Library / CLI / Plugin / etc.] ### Key Design Decisions -
Expert code review specialist. Use PROACTIVELY after writing or modifying code, before commits, when asked to review changes, PR review, code quality check, lint, or standards audit. Focuses on quality, security, performance, and maintainability.
Expert debugging specialist for errors, test failures, crashes, segmentation faults, memory leaks, timeouts, race conditions, deadlocks, and unexpected behavior. Use PROACTIVELY when encountering any error, exception, or failing test. Performs systematic root cause analysis.
Technical documentation specialist. Use for creating README files, API documentation, architecture docs, inline comments, user guides, changelogs, migration guides, release notes, FAQs, and troubleshooting docs. MUST BE USED when documentation is needed or when code changes require doc updates.
Master coordinator for complex multi-step tasks. Use PROACTIVELY when a task involves 2+ modules, requires delegation to specialists, needs architectural planning, or involves GitHub PR workflows. MUST BE USED for open-ended requests like "improve", "enhance", "build", "scale", "refactor", "add feature", "system design", "architecture", "complex task", or when implementing features from GitHub issues.
Code refactoring specialist for improving code quality, reducing technical debt, eliminating code smells, reducing complexity, and applying design patterns. Use PROACTIVELY when code needs restructuring, simplification, tech debt reduction, or when applying DRY/SOLID principles.
Security specialist for vulnerability detection, secure coding review, and security hardening. Use PROACTIVELY when handling authentication, authorization, encryption, secrets, credentials, OAuth, JWT, CORS, headers, user input, API keys, or sensitive data. Checks for OWASP Top 10 and common vulnerabilities.
Testing strategy specialist for designing test suites, writing tests, and ensuring comprehensive coverage. Use PROACTIVELY when adding new features, fixing bugs, improving test coverage, creating test plans, mocking strategies, handling flaky tests, or writing integration/E2E tests.
Add tests for recently changed files or specified code