From spring-boot
Detects Spring Boot patterns in Java/Kotlin files and build files (pom.xml/build.gradle), routing to skills for web API, data/DDD, security, testing via annotation scans (@RestController, @Entity, @EnableWebSecurity) with low-risk auto-invoke and high-risk confirmation.
npx claudepluginhub joaquimscosta/arkhe-claude-plugins --plugin spring-bootThis skill uses the workspace's default tool permissions.
Smart pattern detection and skill routing for Spring Boot projects.
Reviews Java 25 and Spring Boot 4 codebases, PRs, files, and modules for migration risks, architecture violations, JSpecify null-safety, security flaws, performance regressions, and Spring Data pitfalls.
Provides Spring Boot patterns and best practices for architecture (services, controllers, DI), database (JPA, Flyway, transactions), security (JWT, OAuth2), validation, error handling, testing (JUnit, Mockito), and caching.
Verifies Spring Boot 4.x projects for dependency compatibility, configuration correctness, and migration readiness. Analyzes pom.xml, build.gradle, and application.yml files.
Share bugs, ideas, or general feedback.
Smart pattern detection and skill routing for Spring Boot projects.
Trigger Conditions:
*.java or *.kt files in a project with spring-boot-starter dependenciespom.xml or build.gradle* containing Spring BootAction: Scan code → Detect patterns → Route to appropriate skill
Scans in 3 phases: (1) detect Spring Boot project via build files, (2) scan annotations against the map below, (3) route by risk level — LOW auto-invokes, HIGH confirms first. See WORKFLOW.md for the full step-by-step detection flow.
| Annotation Pattern | Detected Skill | Risk Level |
|---|---|---|
@RestController, @GetMapping, @PostMapping, @RequestMapping | spring-boot-web-api | LOW |
@Entity, @Repository, @Aggregate, @MappedSuperclass | spring-boot-data-ddd | LOW |
@Service in **/domain/** or **/service/** | domain-driven-design | LOW |
@ApplicationModule, @ApplicationModuleListener | spring-boot-modulith | LOW |
@Timed, @Counted, HealthIndicator, MeterRegistry | spring-boot-observability | LOW |
@EnableWebSecurity, @PreAuthorize, @Secured, SecurityFilterChain | spring-boot-security | HIGH |
@SpringBootTest, @WebMvcTest, @DataJpaTest, @MockitoBean | spring-boot-testing | HIGH |
@MockBean (deprecated) | spring-boot-testing | HIGH + WARNING |
| Build file with version < 4.0 | spring-boot-verify | HIGH |
Use this script to detect patterns:
# Run from project root
python3 scripts/detect_patterns.py /path/to/file.java
Or use Grep directly:
# Web API detection
grep -l "@RestController\|@GetMapping\|@PostMapping" **/*.java
# Security detection
grep -l "@EnableWebSecurity\|@PreAuthorize\|SecurityFilterChain" **/*.java
# Testing detection
grep -l "@SpringBootTest\|@WebMvcTest\|@MockitoBean\|@MockBean" **/*.java
Always confirm before proceeding when detecting:
| Pattern | Reason | Action |
|---|---|---|
@EnableGlobalMethodSecurity | Deprecated in Security 6+ | Confirm + Migration guidance |
@MockBean | Deprecated in Boot 3.4+ | Confirm + Show @MockitoBean |
spring-boot-starter-parent < 3.0 | Major migration needed | Confirm + Suggest verify-upgrade |
.and() in security config | Removed in Security 7 | Confirm + Lambda DSL guidance |
com.fasterxml.jackson | Jackson 3 migration | Confirm + Namespace change |
Delegates to Skills:
spring-boot-web-api → REST patternsspring-boot-data-ddd → Repository/Entity patternsspring-boot-security → Security configurationspring-boot-testing → Test patternsspring-boot-modulith → Module structurespring-boot-observability → Metrics/Healthspring-boot-verify → Dependencies/Configdomain-driven-design → DDD architectureDelegates to Agents (for comprehensive review):
spring-boot-reviewer → Full codebase reviewspring-boot-upgrade-verifier → Migration analysisWhen to delegate to agents:
/spring-review or /verify-upgrade command*.java and *.kt files; no Groovy/Scala supportIf scanner guidance isn't helpful for the current context:
| Scenario | Action |
|---|---|
| Skip LOW RISK guidance | Ignore suggestions and continue working |
| Skip HIGH RISK confirmation | Select "Continue without guidance" option |
| Need comprehensive review | Use /spring-review command instead |
| Disable temporarily | Remove spring-boot-scanner from active skills |
The scanner is advisory—it suggests skills but never blocks the workflow.
| Need | Skill |
|---|---|
| DDD concepts | domain-driven-design |
| Data layer | spring-boot-data-ddd |
| REST APIs | spring-boot-web-api |
| Security config | spring-boot-security |
| Full codebase review | Use /spring-review command |