spring-boot-verify
Spring Boot 4.x Project Verification
Analyzes Spring Boot projects for dependency compatibility, configuration correctness, and migration readiness.
Verification Workflow
- Detect Build System → Find pom.xml or build.gradle, extract Spring Boot version
- Analyze Dependencies → Check versions, find deprecated libraries, validate compatibility
- Validate Configuration → Check application.yml/properties, security config, actuator settings
- Generate Report → Structured markdown with severity levels and remediation code
- Lookup Docs → Use Exa MCP to fetch latest Spring Boot 4.x documentation when needed
Dependency Quick Reference
| Check | Severity | Action |
|---|---|---|
| Spring Boot version < 4.0 | CRITICAL | Upgrade to 4.0.x |
Jackson 2.x (com.fasterxml) |
CRITICAL | Migrate to Jackson 3 (tools.jackson) |
javax.* imports |
CRITICAL | Migrate to jakarta.* namespace |
@MockBean in tests |
ERROR | Replace with @MockitoBean |
| Undertow server | ERROR | Switch to Tomcat or Jetty |
| Java version < 17 | ERROR | Minimum Java 17 required |
| Gradle version < 8.14 | ERROR | Upgrade Gradle (required for Kotlin 2.2/Boot 4) |
spring-boot-starter-web |
WARNING | Use spring-boot-starter-webmvc |
| Missing Virtual Threads | INFO | Enable with spring.threads.virtual.enabled=true |
Configuration Quick Reference
| Check | Severity | Action |
|---|---|---|
Security and() chaining |
CRITICAL | Convert to Lambda DSL closures |
antMatchers() usage |
ERROR | Replace with requestMatchers() |
authorizeRequests() |
ERROR | Replace with authorizeHttpRequests() |
| All actuator endpoints exposed | WARNING | Limit to health, info, metrics |
| 100% trace sampling | WARNING | Use 10% in production |
Jakarta Namespace Migration
Critical for Spring Boot 3+: All javax.* packages must migrate to jakarta.*:
| Old Package | New Package |
|---|---|
javax.persistence.* |
jakarta.persistence.* |
javax.servlet.* |
jakarta.servlet.* |
javax.validation.* |
jakarta.validation.* |
javax.inject.* |
jakarta.inject.* |
javax.annotation.* |
jakarta.annotation.* |
Use Grep to find: import\s+javax\.
Spring Boot 4 New Features
| Feature | Configuration | Benefit |
|---|---|---|
| Virtual Threads | spring.threads.virtual.enabled=true |
High concurrency without WebFlux |
| JSpecify Null-Safety | Add @NullMarked to package-info |
Framework-wide null contracts |
| AOT Compilation | Enabled by default | Faster startup times |
JSpecify Annotations
Spring Framework 7 uses JSpecify for null-safety:
@NullMarked // Package or class level - all parameters/returns non-null by default
package com.example.myapp;
import org.jspecify.annotations.Nullable;
public class UserService {
// @Nullable for parameters/returns that can be null
public @Nullable User findById(Long id) { ... }
}
Tools to Use
- Glob → Find
**/pom.xml,**/build.gradle*,**/application.{yml,properties} - Grep → Search for deprecated patterns (
@MockBean,com.fasterxml,.and(),import javax.) - Read → Inspect build files and configuration
- Exa MCP → Fetch latest Spring Boot 4.x docs:
mcp__exa__web_search_exa
Output Format
Generate verification reports with this structure:
## Spring Boot 4.x Verification Report
### Summary
- **Project**: {name}
- **Boot Version**: {detected version}
- **Issues Found**: {n} Critical, {n} Errors, {n} Warnings
### Critical Issues / Errors / Warnings
[Issue details with code remediation]
Detailed References
- Workflow: See WORKFLOW.md for step-by-step verification process
- Migration Guide: See MIGRATION_GUIDE.md for step-by-step migration from Boot 3.x to 4.0 (also referenced from WORKFLOW.md)
- Examples: See EXAMPLES.md for sample verification outputs
- Troubleshooting: See TROUBLESHOOTING.md for detection issues
- Dependencies: See references/DEPENDENCIES.md for complete version matrix
- Configuration: See references/CONFIGURATION.md for validation rules
Critical Reminders
- Check Spring Boot version first — Many issues are version-specific
- Jakarta namespace migration —
javax.*tojakarta.*(required for Boot 3+) - Jackson 3 namespace change —
com.fasterxml.jacksontotools.jackson - Security 7 Lambda DSL —
and()method removed, closures required - Testing annotations changed —
@MockBeanto@MockitoBean - Virtual Threads — Enable with
spring.threads.virtual.enabled=truefor Java 21+ - Gradle 8.14+ — Required for Kotlin 2.2 and Spring Boot 4 support
- Use official docs — https://docs.spring.io/spring-boot/documentation.html
Related Skills
spring-boot-security— Deep security configuration verificationspring-boot-testing— Testing patterns and coverage analysisspring-boot-observability— Actuator, metrics, and tracing setupspring-boot-modulith— Module structure verificationdomain-driven-design— DDD architecture patterns
More from joaquimscosta/arkhe-claude-plugins
skill-validator
Validate skills against Anthropic best practices for frontmatter, structure, content, file organization, hooks, MCP, and security (62 rules in 8 categories). Use when creating new skills, updating existing skills, before publishing skills, reviewing skill quality, or when user mentions "validate skill", "check skill", "skill best practices", "skill review", or "lint skill".
30domain-driven-design
Expert guidance for Domain-Driven Design architecture and implementation. Use when designing complex business systems, defining bounded contexts, structuring domain models, choosing between modular monolith vs microservices, implementing aggregates/entities/value objects, or when users mention "DDD", "domain-driven design", "bounded context", "aggregate", "domain model", "ubiquitous language", "event storming", "context mapping", "domain events", "anemic domain model", strategic design, tactical patterns, or domain modeling. Helps make architectural decisions, identify subdomains, design aggregates, and avoid common DDD pitfalls.
26code-explanation
Explains complex code through clear narratives, visual diagrams, and step-by-step breakdowns. Use when user asks to explain code, understand algorithms, analyze design patterns, wants code walkthroughs, or mentions "explain this code", "how does this work", "code breakdown", or "understand this function".
22generating-changelog
Analyzes git commit history and generates professional changelogs with semantic versioning, conventional commit support, and multiple output formats (Keep a Changelog, Conventional, GitHub). Use when editing CHANGELOG.md, CHANGELOG.txt, or HISTORY.md files, preparing release notes, creating releases, bumping versions, updating changelog, documenting changes, writing release notes, tracking changes, version bump, tag release, or when user mentions "changelog", "release notes", "version history", "release", "semantic versioning", or "conventional commits".
21workflow-orchestration
>
19generating-stitch-screens
>
19