kaddo scan
kaddo scanDetects language, framework, package manager, code dirs, migration dirs, contract files, infra and test dirs. Suggests domains for human confirmation — never assumes.
Generated artifacts
kaddo scan persists a reusable baseline of the project’s technical state:
.kaddo/scan.json— structured, machine-readable. Used by the CLI and future context-pack commands. Always regenerated on each scan.knowledge/inventory.md— human-readable inventory you can paste into an LLM chat. Overwrite is confirmed if the file already exists.
This baseline is the first input for the Knowledge Driven Development flow: the CLI prepares deterministic signals, and your LLM agents turn them into understanding.
Scan does not interpret your system. It detects signals and asks confirmation questions — it never claims to know your business capabilities or architecture.
State-aware next step
If .kaddo/config.yml exists, kaddo scan reads the project state recorded by
kaddo init and prints a next step tailored to it:
- new → define initial knowledge, create your first work item, grow the roadmap gradually.
- pre-ai → use this baseline to create a context pack and understand the system with LLM agents.
- legacy → use this baseline to identify risks, unknowns and safe modernization candidates.
This is a pre-AI monorepo.Next: Use this baseline to create a context pack and understand the existing system with LLM agents.Scan Signals (v3.48.0)
Starting with v3.48.0, kaddo scan detects actionable signals across 14 categories:
| Category | Examples |
|---|---|
auth | NextAuth, Supabase Auth, Clerk, Passport |
payments | Stripe, Mercado Pago, PayPal, Wompi |
webhooks | Webhook route directories |
storage | AWS S3, Cloudinary, Uploadthing |
background_jobs | BullMQ, Supabase Edge Functions, cron dirs |
email | Resend, SendGrid, Nodemailer |
database | Prisma, Drizzle, Supabase, Mongoose |
migrations | Migration directories detected by scan |
api_routes | Next.js API routes, Express routers |
tests | Vitest, Jest, test directories (warns if missing) |
security | Helmet, CORS, RLS policies |
infrastructure | Docker, Amplify, Vercel, GitHub Actions |
external_integrations | Sentry, Redis, Algolia, Firebase |
environment | Environment variable names from .env.example |
Each signal includes a confidence level (high / medium / low) and evidence (dependency names, file paths). Some signals include a recommended_review suggestion.
Signals appear in:
- Console output after each scan
knowledge/inventory.mdunder “Detected Signals”.kaddo/scan.jsonin thesignalsfield- Context pack and explain output
- MCP via
kaddo://scan-signals
Security: environment detection reads variable names only — values are never stored, logged, or exposed.
Example knowledge/inventory.md:
# Project Inventory
## Detected Stack
- Language: typescript- Framework: next- Package manager: pnpm
## Possible Domains
- auth- payments
## Open Questions
- Confirm whether the 'payments' domain reflects a real bounded context.