microsoft/building-java-knowledge-graph
plugins/github-copilot-modernization/skills/building-java-knowledge-graph/SKILL.md
Analyzes JVM projects (Java/Kotlin/Scala/Groovy) and generates knowledge graphs with tree-sitter parsing. Requires Python 3 on the host and a JVM project with Maven/Gradle/Ant/Ivy build files. Skips gracefully if either prerequisite is missing. Triggers when asked to "build knowledge graph", "analyze project structure", "parse Java codebase", or "generate dependency graph".
$ install --global
skillsauthnpx skillsauth add microsoft/github-copilot-modernization building-java-knowledge-graphInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 14, 2026, 6:22 AM130.1s5 files scanned
SKILL.md
- name:
- building-java-knowledge-graph
- description:
- Analyzes JVM projects (Java/Kotlin/Scala/Groovy) and generates knowledge graphs with tree-sitter parsing. Requires Python 3 on the host and a JVM project with Maven/Gradle/Ant/Ivy build files. Skips gracefully if either prerequisite is missing. Triggers when asked to "build knowledge graph", "analyze project structure", "parse Java codebase", or "generate dependency graph".
Prerequisites
Step 1 — Verify JVM project:
find "$PROJECT_ROOT" -maxdepth 5 -type f \( -name "*.java" -o -name "*.kt" -o -name "*.scala" -o -name "*.groovy" \) | head -1
If no JVM files found: skip this skill. Set
knowledge_graph_dirtonullinsetup_artifacts. Non-fatal — downstream agents fall back to direct source analysis.
Step 2 — Verify Python:
python3 --version 2>/dev/null || python --version 2>/dev/null
If unavailable: skip this skill with same fallback as above.
Quick Start
# First-time setup (~1 minute)
pip3 install --user 'tree-sitter<0.21'
python3 scripts/install_grammars.py
# Optional: SVG generation
brew install graphviz # macOS
# Analyze project
python3 scripts/build_knowledge_graph.py /path/to/project output-dir
⚠️ DESTRUCTIVE OUTPUT: The script wipes ALL files in output-dir before writing. NEVER point it at a shared directory like {{BASE_PATH}}/ or {{BASE_PATH}}/artifacts/. Use a dedicated subdirectory:
# ✅ SAFE — dedicated subdirectory
python3 scripts/build_knowledge_graph.py /path/to/project {{BASE_PATH}}/artifacts/kg_output
# ❌ DANGER — will delete constitution.md, board.md, other artifacts!
python3 scripts/build_knowledge_graph.py /path/to/project {{BASE_PATH}}
After the script finishes, copy knowledge-graph.json to {{BASE_PATH}}/ for other agents to consume.
What It Detects
- Build systems: Maven (pom.xml), Gradle (build.gradle*), Ant (build.xml), Ivy (ivy.xml)
- Languages: Java, Kotlin, Scala, Groovy via tree-sitter AST
- Structure: Modules, packages, classes, interfaces, enums, annotations
- Relationships: Inheritance, implementations, module dependencies
- Patterns: Architecture layers (controller/service/repository/model/config/util)
- Config:
application*.properties,application*.yaml/yml - Gradle subprojects:
settings.gradleparsing
Output
All outputs are written under the provided artifact path (pass as 2nd argument to the script).
knowledge-graph.json ← complete graph (nodes + edges)
module-dependencies.{dot,svg} ← module dependency diagram
module-{name}.{dot,svg} ← per-module class diagrams
project-{name}.{dot,svg} ← complete project diagram
Resources
references/schema.md— node/edge types, ID patterns, fields, visualization colorsreferences/querying.md— jq and Python query examplesscripts/build_knowledge_graph.py— main analyzerscripts/install_grammars.py— grammar installer
Related Skills
microsoft/clarifying-scenarios
development
VerifiedTrustedCommunity
Evaluates whether a user's modernization/rewrite request provides enough scenario context to proceed (e.g., target component library, screenshots, design system for frontend; API contract policy, data migration strategy for backend). Produces a deterministic clarity score, asks the user for missing required fields via a structured form, and writes a canonical `clarification.md` artifact consumed by all downstream agents. Triggers: "clarification gate", "scenario clarification", "elicit missing context", "evaluate prompt completeness", "ask user for screenshots / target library / design system". NOT for: feature specification (use feature-inventory), planning (use creating-implementation-plan), implementation (use implementing-code), or resolving spec-time `[NEEDS CLARIFICATION]` markers (those remain owned by feature-inventory).
12SKILL.mdUpdated Jun 4, 2026
microsoft/appmod-hooks
tools
VerifiedTrustedCommunity
Lifecycle hooks for the modernize-rearchitecture coordinator. Defines hook points, registered actions, and execution rules.
12SKILL.mdUpdated Jun 4, 2026
microsoft/team-charters
development
VerifiedTrustedCommunity
Provides role charters (mission, ownership, core principles, quality bar) for a multi-agent coding team. Each charter defines the role's mission, ownership scope, core principle (boundary constraints), and quality bar. Most roles also include communication rules. Consumed by the coordinator during task decomposition to assign work to the correct role. Triggers: "look up role charter", "what does the architect own", "check role boundaries", "find team roles", "which role handles X", "list agent charters", "role responsibilities". NOT for: task decomposition (use breaking-down-tasks), implementation (use implementing-code), architecture analysis (use analyzing-architecture).
12SKILL.mdUpdated May 14, 2026
microsoft/project-recon
tools
VerifiedTrustedCommunity
Zero-dependency shell recon for any code repository — detect languages, count LOC, and report project scale. Pure POSIX find/wc or PowerShell, no Python or third-party tools required. Triggers: "how big is this project", "what languages", "project sizing", "repo recon", "LOC count", "scope check".
12SKILL.mdUpdated May 14, 2026