elias/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-13 23:03:34 +08:00
Code Issues Packages Projects Releases Wiki Activity
everything-claude-code/.kiro/skills/springboot-patterns/SKILL.md
Vu Thanh Tai 4ad5756899
feat: expand Kiro adapter to full language coverage (#2101) 
* feat: expand Kiro adapter to full language coverage

- Add 17 new agents (typescript, rust, kotlin, java, cpp, django, swift,
  fsharp, pytorch, mle, performance-optimizer) in both .md and .json formats
- Add 25 new skills (rust, kotlin, java/spring, django, fastapi, nestjs,
  react, nextjs, cpp, swift, mle/pytorch, deep-research, strategic-compact,
  autonomous-loops, content-hash-cache-pattern)
- Add 6 new language-specific steering files (rust, kotlin, java, cpp, php, ruby)
- Add 3 new hooks (rust-check-on-edit, python-lint-on-edit, security-check-on-create)
- Update README with expanded component inventory and documentation
- Fix install.sh line endings for macOS compatibility

Total Kiro components: 33 agents, 43 skills, 22 steering files, 13 hooks

* fix: resolve P1/P2 violations in Kiro agents, skills, and steering

- java-patterns.md: remove reference to non-existent quarkus-patterns skill
- kotlin-patterns.md: fix insecure BuildConfig recommendation for secrets
- swift-actor-persistence: fix Swift version claim (5.9+) and Dictionary crash
- java-reviewer.md: add recursive framework detection + robust diff chain
- kotlin-reviewer.md: replace unreliable diff detection with fallback chain
- rust-reviewer.md: add diff fallback + make CI gating mandatory
- jpa-patterns: add DISTINCT to fetch-join query to prevent duplicates
- django-reviewer.md: add migration safety check, narrow save() rule,
  fix pytest-django behavior description

* fix: resolve remaining violations in Kiro agents, skills, and docs

Agents:
- java-build-resolver.md: remove quarkus-patterns ref, fix 'Initialise' spelling
- java-reviewer.json: remove quarkus-patterns ref from prompt
- mle-reviewer.md, cpp-build-resolver.md, java-build-resolver.md,
  performance-optimizer.md: fix allowedTools 'read' -> 'fs_read'

Hooks:
- rust-check-on-edit: fix description to match askAgent behavior

Skills:
- content-hash-cache-pattern: hyphenate 'Content-Hash-Based'
- cpp-testing: hyphenate 'real-time'
- django-security: use placeholder secrets, fix CSRF_COOKIE_HTTPONLY=False
- nestjs-patterns: add Logger to HttpExceptionFilter for non-Http errors
- react-patterns: add React 19 compatibility note for useActionState
- rust-patterns: remove edition-specific 'Rust 2024+' reference
- springboot-patterns: cap exponential backoff, recommend Resilience4j
- springboot-security: fix invalid @Query SQL injection example
- swift-protocol-di-testing: add thread-safety doc comment to mock

Docs:
- README.md: fix Project Structure counts (33/43/22/13)

* fix: sync README tree with counts, restore local diff in kotlin-reviewer, correct django FK index guidance

- README.md: Project Structure tree now lists all 33 agents, 43 skills,
  22 steering files, and 13 hooks (was showing old subset)
- kotlin-reviewer.md: restore git diff --staged / git diff for local
  pre-commit review before falling back to HEAD~1
- django-reviewer.md: clarify that ForeignKey fields are indexed by
  default; only flag missing db_index on non-FK filter columns
2026-06-07 13:26:37 +08:00

9.9 KiB
Raw Blame History

name, description, origin
name description origin
springboot-patterns Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work. ECC

Spring Boot Development Patterns

Spring Boot architecture and API patterns for scalable, production-grade services.

When to Activate

  • Building REST APIs with Spring MVC or WebFlux
  • Structuring controller → service → repository layers
  • Configuring Spring Data JPA, caching, or async processing
  • Adding validation, exception handling, or pagination
  • Setting up profiles for dev/staging/production environments
  • Implementing event-driven patterns with Spring Events or Kafka

REST API Structure

@RestController
@RequestMapping("/api/markets")
@Validated
class MarketController {
  private final MarketService marketService;

  MarketController(MarketService marketService) {
    this.marketService = marketService;
  }

  @GetMapping
  ResponseEntity<Page<MarketResponse>> list(
      @RequestParam(defaultValue = "0") int page,
      @RequestParam(defaultValue = "20") int size) {
    Page<Market> markets = marketService.list(PageRequest.of(page, size));
    return ResponseEntity.ok(markets.map(MarketResponse::from));
  }

  @PostMapping
  ResponseEntity<MarketResponse> create(@Valid @RequestBody CreateMarketRequest request) {
    Market market = marketService.create(request);
    return ResponseEntity.status(HttpStatus.CREATED).body(MarketResponse.from(market));
  }
}

Repository Pattern (Spring Data JPA)

public interface MarketRepository extends JpaRepository<MarketEntity, Long> {
  @Query("select m from MarketEntity m where m.status = :status order by m.volume desc")
  List<MarketEntity> findActive(@Param("status") MarketStatus status, Pageable pageable);
}

Service Layer with Transactions

@Service
public class MarketService {
  private final MarketRepository repo;

  public MarketService(MarketRepository repo) {
    this.repo = repo;
  }

  @Transactional
  public Market create(CreateMarketRequest request) {
    MarketEntity entity = MarketEntity.from(request);
    MarketEntity saved = repo.save(entity);
    return Market.from(saved);
  }
}

DTOs and Validation

public record CreateMarketRequest(
    @NotBlank @Size(max = 200) String name,
    @NotBlank @Size(max = 2000) String description,
    @NotNull @FutureOrPresent Instant endDate,
    @NotEmpty List<@NotBlank String> categories) {}

public record MarketResponse(Long id, String name, MarketStatus status) {
  static MarketResponse from(Market market) {
    return new MarketResponse(market.id(), market.name(), market.status());
  }
}

Exception Handling

@ControllerAdvice
class GlobalExceptionHandler {
  @ExceptionHandler(MethodArgumentNotValidException.class)
  ResponseEntity<ApiError> handleValidation(MethodArgumentNotValidException ex) {
    String message = ex.getBindingResult().getFieldErrors().stream()
        .map(e -> e.getField() + ": " + e.getDefaultMessage())
        .collect(Collectors.joining(", "));
    return ResponseEntity.badRequest().body(ApiError.validation(message));
  }

  @ExceptionHandler(AccessDeniedException.class)
  ResponseEntity<ApiError> handleAccessDenied() {
    return ResponseEntity.status(HttpStatus.FORBIDDEN).body(ApiError.of("Forbidden"));
  }

  @ExceptionHandler(Exception.class)
  ResponseEntity<ApiError> handleGeneric(Exception ex) {
    // Log unexpected errors with stack traces
    return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
        .body(ApiError.of("Internal server error"));
  }
}

Caching

Requires @EnableCaching on a configuration class.

@Service
public class MarketCacheService {
  private final MarketRepository repo;

  public MarketCacheService(MarketRepository repo) {
    this.repo = repo;
  }

  @Cacheable(value = "market", key = "#id")
  public Market getById(Long id) {
    return repo.findById(id)
        .map(Market::from)
        .orElseThrow(() -> new EntityNotFoundException("Market not found"));
  }

  @CacheEvict(value = "market", key = "#id")
  public void evict(Long id) {}
}

Async Processing

Requires @EnableAsync on a configuration class.

@Service
public class NotificationService {
  @Async
  public CompletableFuture<Void> sendAsync(Notification notification) {
    // send email/SMS
    return CompletableFuture.completedFuture(null);
  }
}

Logging (SLF4J)

@Service
public class ReportService {
  private static final Logger log = LoggerFactory.getLogger(ReportService.class);

  public Report generate(Long marketId) {
    log.info("generate_report marketId={}", marketId);
    try {
      // logic
    } catch (Exception ex) {
      log.error("generate_report_failed marketId={}", marketId, ex);
      throw ex;
    }
    return new Report();
  }
}

Middleware / Filters

@Component
public class RequestLoggingFilter extends OncePerRequestFilter {
  private static final Logger log = LoggerFactory.getLogger(RequestLoggingFilter.class);

  @Override
  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
      FilterChain filterChain) throws ServletException, IOException {
    long start = System.currentTimeMillis();
    try {
      filterChain.doFilter(request, response);
    } finally {
      long duration = System.currentTimeMillis() - start;
      log.info("req method={} uri={} status={} durationMs={}",
          request.getMethod(), request.getRequestURI(), response.getStatus(), duration);
    }
  }
}

Pagination and Sorting

PageRequest page = PageRequest.of(pageNumber, pageSize, Sort.by("createdAt").descending());
Page<Market> results = marketService.list(page);

Error-Resilient External Calls

Production recommendation: Use Resilience4j or Spring Retry for production retry logic with circuit breakers, metrics, and configurable policies.

public <T> T withRetry(Supplier<T> supplier, int maxRetries) {
  final long maxBackoffMillis = 10_000L;
  int attempts = 0;
  while (true) {
    try {
      return supplier.get();
    } catch (Exception ex) {
      attempts++;
      if (attempts >= maxRetries) {
        throw ex;
      }
      try {
        long backoff = Math.min((long) Math.pow(2, attempts) * 100L, maxBackoffMillis);
        Thread.sleep(backoff);
      } catch (InterruptedException ie) {
        Thread.currentThread().interrupt();
        throw ex;
      }
    }
  }
}

Rate Limiting (Filter + Bucket4j)

Security Note: The X-Forwarded-For header is untrusted by default because clients can spoof it. Only use forwarded headers when:

  1. Your app is behind a trusted reverse proxy (nginx, AWS ALB, etc.)
  2. You have registered ForwardedHeaderFilter as a bean
  3. You have configured server.forward-headers-strategy=NATIVE or FRAMEWORK in application properties
  4. Your proxy is configured to overwrite (not append to) the X-Forwarded-For header

When ForwardedHeaderFilter is properly configured, request.getRemoteAddr() will automatically return the correct client IP from the forwarded headers. Without this configuration, use request.getRemoteAddr() directly—it returns the immediate connection IP, which is the only trustworthy value.

@Component
public class RateLimitFilter extends OncePerRequestFilter {
  private final Map<String, Bucket> buckets = new ConcurrentHashMap<>();

  /*
   * SECURITY: This filter uses request.getRemoteAddr() to identify clients for rate limiting.
   *
   * If your application is behind a reverse proxy (nginx, AWS ALB, etc.), you MUST configure
   * Spring to handle forwarded headers properly for accurate client IP detection:
   *
   * 1. Set server.forward-headers-strategy=NATIVE (for cloud platforms) or FRAMEWORK in
   *    application.properties/yaml
   * 2. If using FRAMEWORK strategy, register ForwardedHeaderFilter:
   *
   *    @Bean
   *    ForwardedHeaderFilter forwardedHeaderFilter() {
   *        return new ForwardedHeaderFilter();
   *    }
   *
   * 3. Ensure your proxy overwrites (not appends) the X-Forwarded-For header to prevent spoofing
   * 4. Configure server.tomcat.remoteip.trusted-proxies or equivalent for your container
   *
   * Without this configuration, request.getRemoteAddr() returns the proxy IP, not the client IP.
   * Do NOT read X-Forwarded-For directly—it is trivially spoofable without trusted proxy handling.
   */
  @Override
  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
      FilterChain filterChain) throws ServletException, IOException {
    // Use getRemoteAddr() which returns the correct client IP when ForwardedHeaderFilter
    // is configured, or the direct connection IP otherwise. Never trust X-Forwarded-For
    // headers directly without proper proxy configuration.
    String clientIp = request.getRemoteAddr();

    Bucket bucket = buckets.computeIfAbsent(clientIp,
        k -> Bucket.builder()
            .addLimit(Bandwidth.classic(100, Refill.greedy(100, Duration.ofMinutes(1))))
            .build());

    if (bucket.tryConsume(1)) {
      filterChain.doFilter(request, response);
    } else {
      response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
    }
  }
}

Background Jobs

Use Springs @Scheduled or integrate with queues (e.g., Kafka, SQS, RabbitMQ). Keep handlers idempotent and observable.

Observability

  • Structured logging (JSON) via Logback encoder
  • Metrics: Micrometer + Prometheus/OTel
  • Tracing: Micrometer Tracing with OpenTelemetry or Brave backend

Production Defaults

  • Prefer constructor injection, avoid field injection
  • Enable spring.mvc.problemdetails.enabled=true for RFC 7807 errors (Spring Boot 3+)
  • Configure HikariCP pool sizes for workload, set timeouts
  • Use @Transactional(readOnly = true) for queries
  • Enforce null-safety via @NonNull and Optional where appropriate

Remember: Keep controllers thin, services focused, repositories simple, and errors handled centrally. Optimize for maintainability and testability.