spring-boot-reviewer_skill

This skill reviews Spring Boot projects for DI patterns, transaction management, REST API design, security config, and JPA best practices to improve
  • TypeScript

1

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill physics91/claude-vibe --skill spring-boot-reviewer

  • SKILL.md16.0 KB

Overview

This skill reviews Spring Boot projects for dependency injection patterns, transaction management, REST API design, security configuration, and JPA practices. It highlights critical issues like field injection, N+1 queries, missing @Transactional, insecure endpoints, and blocking calls in reactive stacks. The goal is actionable recommendations to improve testability, correctness, and security.

How this skill works

The reviewer scans build files, @SpringBootApplication classes, and common resource files to detect Spring Boot projects. It inspects code for DI usages (@Autowired/@Inject/@Value), @Transactional placement and propagation, controller responsibilities, JPA fetch strategies, validation, and security configuration. It flags severity levels (CRITICAL/HIGH/MEDIUM) and suggests concrete fixes such as constructor injection, @EntityGraph/fetch joins, proper transaction boundaries, method-level security, and externalized configuration.

When to use it

  • You need a targeted Spring Boot code audit (DI, transactions, JPA, security, API design).
  • Pull request or pre-merge review for Spring Boot services using spring-boot-starter-*.
  • Investigating performance issues like N+1 queries or blocking calls in reactive modules.
  • Validating security posture: authorization annotations, CSRF, actuator exposure, credentials.
  • Checking API design: DTO validation, versioning, and controller/service layering.

Best practices

  • Favor constructor (or Lombok @RequiredArgsConstructor) injection over field injection for testability.
  • Keep controllers thin: delegate business logic and transactions to services.
  • Annotate transaction boundaries at service layer; use readOnly for queries and correct propagation.
  • Prevent N+1 by using fetch joins, @EntityGraph, or batch fetching where appropriate.
  • Externalize all credentials and environment-specific URLs via configuration properties.
  • Validate incoming DTOs with @Valid and centralized exception handling.

Example use cases

  • Scan a microservice before production deploy to ensure no hardcoded secrets or exposed actuator endpoints.
  • Review a PR that introduces new repository queries to catch potential N+1 regressions.
  • Audit a controller-heavy module to extract business logic into services and add proper @Transactional annotations.
  • Check a WebFlux endpoint to ensure no blocking JDBC calls are present and recommend R2DBC or boundedElastic scheduler.
  • Validate API endpoints for proper authorization (@PreAuthorize) and add API versioning guidance.

FAQ

No. Use a Kotlin-focused reviewer; this skill targets Java Spring Boot code patterns.

Will it change code automatically?

No. It provides findings and concrete code examples and recommendations for developers to apply.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational