Skip to content

feat(skills): add Java Spring Boot skills #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
affaan-m merged 3 commits into from
Jan 30, 2026
Merged

feat(skills): add Java Spring Boot skills #114

affaan-m merged 3 commits into from
Jan 30, 2026
+959 −0

Conversation

@examin
Copy link
Contributor

@examin examin commented Jan 29, 2026
edited by coderabbitai bot
Loading

Type of Change

  • feat: New feature

Summary

Adds 6 new skills for Java Spring Boot development:

  • springboot-patterns: REST API, service layer, caching, async, filters
  • java-coding-standards: naming, immutability, Optional, streams
  • springboot-tdd: JUnit 5, Mockito, MockMvc, Testcontainers
  • springboot-security: Spring Security, validation, CSRF, secrets
  • springboot-verification: Maven/Gradle build verification loop
  • jpa-patterns: entity design, N+1 prevention, transactions

Why

Spring Boot is mentioned in CONTRIBUTING.md as a wanted framework contribution. These skills mirror existing TypeScript/Node.js skills for Java developers.

Checklist

  • Follows conventional commits format
  • Follows existing skill format patterns
  • Tests pass locally (N/A - markdown only)
  • Validation scripts pass (N/A - markdown only)

Note: This PR adds documentation (skill files) only. No JavaScript/code changes, so test suite is not affected.

Summary by CodeRabbit

  • Documentation
    • Added comprehensive skill guides for Java Spring Boot: coding standards and naming, JPA/Hibernate patterns and query optimization, architecture and REST API design, security best practices, TDD workflows with examples, and verification procedures for gates, checks, and release readiness.

✏️ Tip: You can customize this high-level summary in your review settings.

feat(skills): add Java Spring Boot skills
96d06b0 
Add 6 new skills for Java Spring Boot development:

- springboot-patterns: REST API, service layer, caching, async, filters
- java-coding-standards: naming, immutability, Optional, streams, exceptions
- springboot-tdd: JUnit 5, Mockito, MockMvc, Testcontainers, JaCoCo
- springboot-security: Spring Security, validation, CSRF, secrets, headers
- springboot-verification: build, static analysis, tests, security scans
- jpa-patterns: entity design, N+1 prevention, transactions, pagination

These skills mirror the existing TypeScript/Node.js skills but adapted
for the Java Spring Boot ecosystem with Spring Boot 3.x and Jakarta EE.
@ecc-tools
Copy link

ecc-tools bot commented Jan 29, 2026

Analyzing 200 commits...

@ecc-tools
Copy link

ecc-tools bot commented Jan 29, 2026

Analysis Incomplete

Unable to generate skill: Not Found - https://docs.github.com/rest/commits/commits#list-commits

Common Reasons
Condition Recommendation
< 20 commits Repository may be too new for pattern detection
Unusual structure Non-standard project layout
Documentation-only Limited code patterns available

To retry: /skill-creator analyze

ECC Tools

@coderabbitai
Copy link

coderabbitai bot commented Jan 29, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Adds six new Markdown skill documents providing guidelines for Java coding standards, JPA/Hibernate patterns, Spring Boot architecture, Spring Security, TDD practices, and a Spring Boot verification workflow.

Changes

Cohort / File(s) Summary
Spring Boot Architecture & Security
skills/springboot-patterns/SKILL.md, skills/springboot-security/SKILL.md		 New guides covering REST API structure, controller/service/repository patterns, DTOs/validation, centralized error handling, caching, async processing, logging/observability, authentication/authorization, CSRF, secrets management, security headers, rate limiting, and security checklist.
Data Persistence (JPA/Hibernate)
skills/jpa-patterns/SKILL.md		 New guide on entity design, relationships, fetch strategies to prevent N+1, query and transaction patterns, auditing, indexing, pagination, connection pooling, caching notes, migrations, and testing examples.
Coding Standards & Testing Workflow
skills/java-coding-standards/SKILL.md, skills/springboot-tdd/SKILL.md		 Java 17+ coding standards (naming, immutability, Optional, streams, exceptions, logging, null handling) and a Spring Boot TDD workflow with example unit/integration tests (JUnit5, Mockito, MockMvc, Testcontainers) and coverage guidance.
Verification / CI Practices
skills/springboot-verification/SKILL.md		 New procedural guide describing a six-phase verification loop (build, static analysis, tests+coverage, security scan, lint/format, diff review), example Maven/Gradle commands, continuous mode, and pre-release checklist.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A nibble of rules, six leaves to share,
Spring blossoms guarded with careful care.
Code neat and tested, queries that sing,
Keys kept secret, and guards on the wing.
Hop forward, dear devs—let wisdom spring! 🌿

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title 'feat(skills): add Java Spring Boot skills' clearly and concisely summarizes the main change: adding six new Java Spring Boot documentation skill files across patterns, coding standards, TDD, security, verification, and JPA.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@examin
Copy link
Contributor Author

examin commented Jan 29, 2026

@affaan-m Ready for review - adding Java Spring Boot skills to complement the existing TypeScript/Node.js patterns.

coderabbitai[bot]
coderabbitai bot reviewed Jan 29, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Fix all issues with AI agents 
In `@skills/springboot-patterns/SKILL.md`:
- Around line 224-247: The filter currently trusts the X-Forwarded-For header in
RateLimitFilter.doFilterInternal which is spoofable; modify the implementation
and docs to treat X-Forwarded-For as untrusted unless the app is behind known
proxies and a ForwardedHeaderFilter (or equivalent trusted proxy/header
handling) is configured—either read the client IP from request.getRemoteAddr()
by default or only use X-Forwarded-For after verifying the request passed
through trusted proxies, and add a comment in the RateLimitFilter class
explaining the requirement to enable ForwardedHeaderFilter and configure trusted
proxy addresses.

In `@skills/springboot-tdd/SKILL.md`:
- Around line 115-134: The JaCoCo plugin version in the Maven snippet uses
0.8.11; update the <artifactId>org.jacoco:jacoco-maven-plugin</artifactId>
<version> element to 0.8.14 so the snippet reflects the current stable release
compatible with Java 17+ (i.e., replace the version value "0.8.11" with "0.8.14"
in the shown <plugin> block).
🧹 Nitpick comments (3)
skills/springboot-verification/SKILL.md (1)

57-62: Use non-mutating format checks in verification phase.
For a verification gate, prefer spotless:check / spotlessCheck to avoid modifying code during the run.

🔧 Suggested tweak 
- mvvn spotless:apply   # if using Spotless plugin
- ./gradlew spotlessApply
+ mvn spotless:check    # if using Spotless plugin
+ ./gradlew spotlessCheck
skills/springboot-security/SKILL.md (1)

73-83: Clarify intent for deprecated X-XSS-Protection header.
The .xssProtection(Customizer.withDefaults()) syntax is correct for Spring Security 6.x, but the X-XSS-Protection header itself is deprecated by OWASP and modern browsers. Consider being explicit about disabling it—either .xssProtection(xss -> xss.disable()) to omit the header entirely, or .xssProtection(xss -> xss.headerValue(XXssProtectionHeaderWriter.HeaderValue.DISABLED)) to explicitly send X-XSS-Protection: 0. Your CSP configuration is the proper XSS protection mechanism.

skills/springboot-patterns/SKILL.md (1)

200-221: Migrate to Resilience4j for production-grade external call resilience.

This example blocks the caller thread with Thread.sleep, which degrades request-handling performance in servlet/reactive contexts. Spring Boot 3.x officially recommends Resilience4j (or Spring Cloud CircuitBreaker with Resilience4j) for external calls because it provides non-blocking retry with jitter, circuit breaker, bulkhead isolation, and time limiting in a single pattern.

If keeping this simplified pattern, at minimum add jitter (Math.random()) and cap backoff to avoid cascading failures. However, for production code, reference the Resilience4j Spring Boot 3 integration (via resilience4j-spring-boot3 or spring-cloud-starter-circuitbreaker-resilience4j).

fix(skills): prevent X-Forwarded-For header spoofing in RateLimitFilter
2bd973b 
The RateLimitFilter was trusting the X-Forwarded-For header directly,
which is spoofable by clients. Changed to use request.getRemoteAddr()
which is secure by default and returns the correct client IP when
ForwardedHeaderFilter is properly configured.

Added documentation explaining:
- Why X-Forwarded-For is untrusted by default
- Requirements for safely using forwarded headers
- How to configure ForwardedHeaderFilter and trusted proxies
@ecc-tools
Copy link

ecc-tools bot commented Jan 29, 2026

Analyzing 200 commits...

@ecc-tools
Copy link

ecc-tools bot commented Jan 29, 2026

Analysis Incomplete

Unable to generate skill: Not Found - https://docs.github.com/rest/commits/commits#list-commits

Common Reasons
Condition Recommendation
< 20 commits Repository may be too new for pattern detection
Unusual structure Non-standard project layout
Documentation-only Limited code patterns available

To retry: /skill-creator analyze

ECC Tools

fix(skills): update JaCoCo plugin version to 0.8.14
22089aa 
Update jacoco-maven-plugin from 0.8.11 to 0.8.14, the current stable
release with full Java 17+ compatibility.
@ecc-tools
Copy link

ecc-tools bot commented Jan 29, 2026

Analyzing 200 commits...

@ecc-tools
Copy link

ecc-tools bot commented Jan 29, 2026

Analysis Incomplete

Unable to generate skill: Not Found - https://docs.github.com/rest/commits/commits#list-commits

Common Reasons
Condition Recommendation
< 20 commits Repository may be too new for pattern detection
Unusual structure Non-standard project layout
Documentation-only Limited code patterns available

To retry: /skill-creator analyze

ECC Tools

@affaan-m affaan-m merged commit ae2c063 into affaan-m:main Jan 30, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@examin @affaan-m