> spring-boot-best-practices
Apply core coding standards, dependency injection, and configuration for Spring Boot 3. Use when applying Spring Boot 3 coding standards or configuring dependency injection. (triggers: application.properties, **/*Service.java, autowired, requiredargsconstructor, configuration-properties, slf4j)
curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/spring-boot-best-practices?format=md"Spring Boot Best Practices
Priority: P0
Implementation Guidelines
Dependency Injection (DI)
- Constructor Injection: ALWAYS use Constructor Injection for immutability. Use
@RequiredArgsConstructor(Lombok) to reduce boilerplate. Mark all dependencies asfinal. - Avoid @Autowired: NEVER use field injection. It prevents unit testing without Spring context and hides dependencies.
Configuration & Data
- Type-Safe Config: Use
@ConfigurationPropertieswith Records (Java 17+) instead of@Value. Use Spring profile-specific files (e.g.,application-dev.yml,application-prod.yml) and set active profile viaSPRING_PROFILES_ACTIVE. Never hardcode secret values in properties files. - Validation: Combine with
@Validatedand Jakarta Bean Validation (@NotNull,@NotEmpty) to fail fast at startup. Useapplication.yamlfor structured configuration. - DTOs: Use
recordsas immutable DTOs to reduce boilerplate and ensure thread safety. Handle empty values withOptionalto avoidNullPointerException.
Observability & Quality
- Error Handling: Implement
@ControllerAdviceandProblemDetails(RFC 7807) for standardized error responses. - Logging: Use
SLF4Jwith@Slf4j. Implement Structured Logging by logging arguments (log.info("id: {}", id)). - Tooling: Mandate
SpotlessorCheckstylefor code formatting. Usesdkmanto manage JDK 21+ versions.
Anti-Patterns
- No @Autowired on fields: Use constructor injection via @RequiredArgsConstructor.
- No Setters on dependencies: Declare all injected fields as final.
- No context.getBean(): Inject dependencies via constructor DI.
- No log-and-swallow: Rethrow or handle exceptions explicitly.
References
> related_skills --same-repo
> common-store-changelog
Generate user-facing release notes for the Apple App Store and Google Play Store by collecting git history, triaging user-impacting changes, and drafting store-compliant changelogs. Enforces character limits (App Store ≤4000, Google Play ≤500), tone, and bullet format. Use when generating release notes, app store changelog, play store release, what's new, or version release notes for any mobile app. (triggers: generate changelog, app store notes, play store release, what's new, release notes, ve
> golang-tooling
Go developer toolchain — gopls LSP diagnostics, linting, formatting, and vet. Use when setting up Go tooling, running linters, or integrating gopls with Claude Code. (triggers: gopls, golangci-lint, golangci.yml, go vet, goimports, staticcheck, go tooling, go lint)
> common-ui-design
Design distinctive, production-grade frontend UI with bold aesthetic choices. Use when building web components, pages, interfaces, dashboards, or applications in any framework (React, Next.js, Angular, Vue, HTML/CSS). (triggers: build a page, create a component, design a dashboard, landing page, UI for, build a layout, make it look good, improve the design, build UI, create interface, design screen)
> common-owasp
OWASP Top 10 audit checklist for Web Applications (2021) and APIs (2023). Load during any security review, PR review, or codebase audit touching web, mobile backend, or API code. (triggers: security review, OWASP, broken access control, IDOR, BOLA, injection, broken auth, API review, authorization, access control)