What is the output of the route scanning tool?

A JSON-compatible array of route objects with method, path, file, line, middleware, and type.

How is middleware captured?

Middleware is identified from the route definition and attached middleware; the manifest includes a 'middleware' array describing these components.

How does it handle router.route() or nested routers?

The tool marks standard routes as 'standard' and routes defined via router.route() as 'chained'; it scans the provided directory to resolve these definitions within the scope.

route-scanning

Scanned

npx machina-cli add skill huangjia2019/claude-code-engineering/route-scanning --openclaw

Files (1)

SKILL.md

980 B

Route Scanning Skill

Discover all API route definitions in Express.js source files.

Process

Step 1: Run Route Scanner

Execute the scanning script:

python3 scripts/scan-routes.py <source_directory>

The script outputs a structured route list with method, path, file, and line number.

Step 2: Enrich Route Data

For each discovered route, also identify:

Middleware applied (auth, validation, etc.)
Whether it's a standard route or chained route (router.route())

Output Format

Return a JSON-compatible route manifest:

[
  {
    "method": "GET",
    "path": "/api/products",
    "file": "src/routes/products.js",
    "line": 8,
    "middleware": ["requireAuth"],
    "type": "standard"
  }
]

This manifest will be consumed by the next pipeline stage (doc-writing).

Source

git clone https://github.com/huangjia2019/claude-code-engineering/blob/main/04-Skills/projects/08-skill-pipeline/.claude/skills/route-scanning/SKILL.md

View on GitHub

Overview

Route Scanning scans Express.js source files to discover all API route definitions. It returns the method, path, file, and line number for each route, and can enrich with middleware and route type to aid documentation and security reviews.

How This Skill Works

Run the provided script: python3 scripts/scan-routes.py <source_directory>. The scan outputs a JSON-compatible manifest listing routes with method, path, file, and line number, and can enrich each entry with middleware and a type (standard or chained) for downstream doc-writing.

When to Use It

Auditing an Express.js project to enumerate all public and protected endpoints.
Before documenting an API surface or generating client docs.
During code refactors to ensure route coverage stays intact.
During security reviews to map middleware per route.
When onboarding new team members and providing a route inventory.

Quick Start

Step 1: python3 scripts/scan-routes.py <source_directory>
Step 2: Review the generated manifest.json for method, path, file, line, and middleware
Step 3: Feed the manifest into the doc-writing stage or CI pipeline

Best Practices

Run the scan on the full source tree to capture all routes, including nested routers.
Always capture middleware arrays and router.route() usage for accuracy.
Validate outputs against the repository's documented API surface.
In CI, run after merges to detect route changes.
Store the produced manifest in a doc-writing pipeline for consistency.

Example Use Cases

Inventory of REST endpoints for an e-commerce app (GET /products, POST /cart).
Admin panel routes protected by auth middleware.
Public API routes without authentication.
Nested routes defined with router.use() and router.route().
Webhook endpoints with specific line-number references.

Frequently Asked Questions

Add this skill to your agents