@booklib/skills 1.4.0 → 1.5.1

package/skills/spring-boot-in-action/evals/evals.json

@@ -0,0 +1,39 @@
+{
+  "evals": [
+    {
+      "id": "eval-01-autoconfig-injection-hardcoding",
+      "prompt": "Review this Spring Boot code:\n\n```java\n@Configuration\npublic class AppConfig {\n    @Bean\n    public DataSource dataSource() {\n        DriverManagerDataSource ds = new DriverManagerDataSource();\n        ds.setUrl(\"jdbc:postgresql://prod-db.internal/orders\");\n        ds.setUsername(\"orders_user\");\n        ds.setPassword(\"S3cr3tP@ss\");\n        return ds;\n    }\n\n    @Bean\n    public ObjectMapper objectMapper() {\n        return new ObjectMapper();\n    }\n}\n\n@RestController\npublic class OrderController {\n    @Autowired\n    private OrderRepository orderRepository;\n\n    @Autowired\n    private OrderService orderService;\n\n    @GetMapping(\"/orders/{id}\")\n    public Order getOrder(@PathVariable Long id) {\n        return orderRepository.findById(id).orElse(null);\n    }\n\n    @PostMapping(\"/orders\")\n    public Order createOrder(@RequestBody Order order) {\n        return orderService.place(order);\n    }\n}\n```",
+      "expectations": [
+        "Flag Ch 2/3: Manual DataSource @Bean fights Spring Boot auto-configuration — delete AppConfig.dataSource() and move connection details to application.properties using spring.datasource.url/username/password",
+        "Flag Ch 3: Credentials hardcoded in source code — must be externalized to environment variables: spring.datasource.password=${DB_PASS}",
+        "Flag Ch 2: ObjectMapper @Bean is unnecessary — Spring Boot auto-configures Jackson; only define a custom ObjectMapper when you need to change behavior",
+        "Flag Ch 2: @Autowired field injection on OrderRepository and OrderService — replace with constructor injection for testability",
+        "Flag Ch 2: getOrder returns null (200 with null body) when not found — use Optional.map(ResponseEntity::ok).orElse(ResponseEntity.notFound().build()) or throw ResponseStatusException(NOT_FOUND)",
+        "Flag Ch 2: createOrder returns 200 — POST that creates a resource should return 201 Created with a Location header; use ResponseEntity.created(uri).body(saved)"
+      ]
+    },
+    {
+      "id": "eval-02-testing-antipatterns",
+      "prompt": "Review this Spring Boot test code:\n\n```java\n@SpringBootTest\npublic class ProductControllerTest {\n    @Autowired\n    private ProductController controller;\n\n    @Autowired\n    private ProductRepository repo;\n\n    @Test\n    public void testGetProduct() {\n        Product p = new Product(null, \"Widget\", 9.99);\n        repo.save(p);\n        Product result = controller.getProduct(p.getId());\n        assertNotNull(result);\n        assertEquals(\"Widget\", result.getName());\n    }\n\n    @Test\n    public void testCreateProduct() {\n        Product p = new Product(null, \"Gadget\", 19.99);\n        Product result = controller.createProduct(p);\n        assertNotNull(result.getId());\n    }\n\n    @Test\n    public void testAdminEndpoint() {\n        // No auth setup — just calls controller directly\n        String result = controller.adminDashboard();\n        assertNotNull(result);\n    }\n}\n```",
+      "expectations": [
+        "Flag Ch 4: @SpringBootTest loads the full application context for what are simple controller tests — use @WebMvcTest(ProductController.class) with MockMvc for fast, isolated controller tests",
+        "Flag Ch 4: Directly calling controller.getProduct() bypasses HTTP layer — no status code, content-type, or header assertions are possible; use MockMvc.perform(get(...)).andExpect(status().isOk())",
+        "Flag Ch 4: testAdminEndpoint calls controller directly with no authentication context — use @WithMockUser(roles='ADMIN') and MockMvc to assert 403 for unauthorized and 200 for authorized access",
+        "Flag Ch 4: Tests use a real ProductRepository writing to the database — in a @WebMvcTest test, use @MockBean ProductService to isolate the controller from persistence",
+        "Flag Ch 4: No negative test cases — missing test for product not found (expect 404), and no test verifying createProduct returns 201 with a Location header",
+        "Provide corrected test class using @WebMvcTest, MockMvc, @MockBean, @WithMockUser, and assertions on HTTP status codes and response JSON"
+      ]
+    },
+    {
+      "id": "eval-03-idiomatic-spring-boot",
+      "prompt": "Review this Spring Boot code:\n\n```java\n@SpringBootApplication\npublic class LibraryApp {\n    public static void main(String[] args) {\n        SpringApplication.run(LibraryApp.class, args);\n    }\n}\n\n@RestController\n@RequestMapping(\"/api/books\")\npublic class BookController {\n    private final BookService service;\n\n    public BookController(BookService service) {\n        this.service = service;\n    }\n\n    @GetMapping(\"/{id}\")\n    public ResponseEntity<Book> getBook(@PathVariable Long id) {\n        return ResponseEntity.ok(service.findById(id));\n    }\n\n    @PostMapping\n    public ResponseEntity<Book> createBook(@RequestBody Book book) {\n        Book saved = service.save(book);\n        URI location = URI.create(\"/api/books/\" + saved.getId());\n        return ResponseEntity.created(location).body(saved);\n    }\n}\n\n@Service\npublic class BookService {\n    private static final Logger log = LoggerFactory.getLogger(BookService.class);\n    private final BookRepository repo;\n\n    public BookService(BookRepository repo) { this.repo = repo; }\n\n    public Book findById(Long id) {\n        return repo.findById(id)\n                   .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND));\n    }\n\n    public Book save(Book book) { return repo.save(book); }\n}\n```\n\n```properties\nspring.datasource.url=${DB_URL:jdbc:h2:mem:library}\nspring.datasource.username=${DB_USER:sa}\nspring.datasource.password=${DB_PASS:}\nspring.jpa.hibernate.ddl-auto=validate\nmanagement.endpoints.web.exposure.include=health,info\n```",
+      "expectations": [
+        "Recognize this code is idiomatic Spring Boot — do NOT manufacture issues",
+        "Acknowledge correct patterns: @SpringBootApplication (Ch 1), constructor injection in both controller and service (Ch 2), ResponseEntity with correct 200/201 status codes and Location header (Ch 2), Optional.orElseThrow with ResponseStatusException for clean 404 (Ch 2), SLF4J logger (Ch 3), externalized config with env-var defaults (Ch 3), Actuator locked to health+info (Ch 7)",
+        "At most note: ResponseStatusException could include a descriptive message like 'Book ' + id + ' not found' for better client error messages",
+        "At most suggest: adding spring-boot-starter-actuator dependency if not already present to enable the management.endpoints config",
+        "Do NOT flag the absence of @Autowired — constructor injection is the preferred style and Spring auto-wires single constructors without any annotation"
+      ]
+    }
+  ]
+}

package/skills/spring-boot-in-action/examples/after.md

@@ -0,0 +1,185 @@
+# After: Spring Boot in Action
+
+The same library API rewritten with idiomatic Spring Boot — auto-configuration, constructor injection, externalized config, profiles, proper testing, and Actuator.
+
+```java
+// @SpringBootApplication enables auto-config, component scan, config (Ch 1, 2)
+@SpringBootApplication
+public class LibraryApp {
+    public static void main(String[] args) {
+        SpringApplication.run(LibraryApp.class, args);
+    }
+}
+
+// No DatabaseConfig class needed — auto-configuration handles DataSource (Ch 2, 3)
+// Credentials externalized to application.properties via environment variables
+
+// Constructor injection — testable without Spring context (Ch 2)
+@RestController
+@RequestMapping("/api/books")
+public class BookController {
+    private final BookService service;
+
+    public BookController(BookService service) {
+        this.service = service;
+    }
+
+    // Returns 404 when not found, not null (Ch 2)
+    @GetMapping("/{id}")
+    public ResponseEntity<Book> getBook(@PathVariable Long id) {
+        return ResponseEntity.ok(service.findById(id));
+    }
+
+    // Returns 201 Created with Location header (Ch 2)
+    @PostMapping
+    public ResponseEntity<Book> createBook(@RequestBody Book book) {
+        Book saved = service.save(book);
+        URI location = URI.create("/api/books/" + saved.getId());
+        return ResponseEntity.created(location).body(saved);
+    }
+
+    @GetMapping
+    public List<Book> search(@RequestParam(required = false, defaultValue = "") String q) {
+        return service.search(q);
+    }
+}
+
+// Service with constructor injection and proper logging (Ch 2)
+@Service
+public class BookService {
+    private static final Logger log = LoggerFactory.getLogger(BookService.class);
+    private final BookRepository repo;
+
+    public BookService(BookRepository repo) {
+        this.repo = repo;
+    }
+
+    public Book findById(Long id) {
+        // Optional — 404 automatically surfaced (Ch 2)
+        return repo.findById(id)
+                   .orElseThrow(() -> new ResponseStatusException(
+                       HttpStatus.NOT_FOUND, "Book " + id + " not found"));
+    }
+
+    public Book save(Book book) {
+        return repo.save(book);
+    }
+
+    public List<Book> search(String query) {
+        log.debug("Searching for: {}", query);  // proper logger, not println (Ch 3)
+        return query.isBlank()
+                ? repo.findAll()
+                : repo.findByTitleContainingIgnoreCase(query);
+    }
+}
+
+// Repository — Spring Data does the rest (Ch 2)
+public interface BookRepository extends JpaRepository<Book, Long> {
+    List<Book> findByTitleContainingIgnoreCase(String title);
+}
+
+// Type-safe configuration object (Ch 3)
+@ConfigurationProperties(prefix = "app.library")
+@Component
+public class LibraryProperties {
+    private int maxSearchResults = 50;
+    private String defaultSortField = "title";
+    // getters + setters
+}
+
+// Custom health indicator for critical dependency (Ch 7)
+@Component
+public class StorageHealthIndicator implements HealthIndicator {
+    private final BookRepository repo;
+    public StorageHealthIndicator(BookRepository repo) { this.repo = repo; }
+
+    @Override
+    public Health health() {
+        try {
+            long count = repo.count();
+            return Health.up().withDetail("books", count).build();
+        } catch (Exception e) {
+            return Health.down().withDetail("error", e.getMessage()).build();
+        }
+    }
+}
+
+// Controller slice test — no full context, fast (Ch 4)
+@WebMvcTest(BookController.class)
+public class BookControllerTest {
+    @Autowired
+    private MockMvc mockMvc;
+
+    @MockBean
+    private BookService service;  // real service replaced with mock (Ch 4)
+
+    @Test
+    void getBook_returnsOk() throws Exception {
+        Book book = new Book(1L, "Spring Boot in Action", "9781617292545");
+        given(service.findById(1L)).willReturn(book);
+
+        mockMvc.perform(get("/api/books/1"))
+               .andExpect(status().isOk())
+               .andExpect(jsonPath("$.title").value("Spring Boot in Action"));
+    }
+
+    @Test
+    void getBook_returns404WhenNotFound() throws Exception {
+        given(service.findById(99L))
+            .willThrow(new ResponseStatusException(HttpStatus.NOT_FOUND));
+
+        mockMvc.perform(get("/api/books/99"))
+               .andExpect(status().isNotFound());
+    }
+
+    @Test
+    @WithMockUser(roles = "USER")
+    void createBook_returns201() throws Exception {
+        Book book = new Book(null, "New Book", "1234567890");
+        Book saved = new Book(1L, "New Book", "1234567890");
+        given(service.save(any())).willReturn(saved);
+
+        mockMvc.perform(post("/api/books")
+                   .contentType(MediaType.APPLICATION_JSON)
+                   .content("{\"title\":\"New Book\",\"isbn\":\"1234567890\"}"))
+               .andExpect(status().isCreated())
+               .andExpect(header().string("Location", "/api/books/1"));
+    }
+}
+```
+
+```properties
+# application.properties — base config, all env-specific values externalized (Ch 3)
+spring.datasource.url=${DB_URL:jdbc:h2:mem:library}
+spring.datasource.username=${DB_USER:sa}
+spring.datasource.password=${DB_PASS:}
+spring.jpa.hibernate.ddl-auto=validate
+
+# Actuator — health and info only exposed publicly (Ch 7)
+management.endpoints.web.exposure.include=health,info
+management.endpoint.health.show-details=when-authorized
+
+# application-dev.properties — dev overrides (Ch 3)
+# spring.datasource.url=jdbc:h2:mem:library
+# spring.jpa.hibernate.ddl-auto=create-drop
+# logging.level.com.example=DEBUG
+# management.endpoints.web.exposure.include=*
+
+# application-production.properties — production hardening (Ch 8)
+# spring.jpa.hibernate.ddl-auto=validate
+# logging.level.root=WARN
+# management.endpoints.web.exposure.include=health,info
+```
+
+**Key improvements:**
+- `@SpringBootApplication` enables auto-configuration — no manual `DataSource` bean (Ch 2)
+- Credentials externalized to env vars via `${DB_URL}` — never hardcoded (Ch 3)
+- Constructor injection throughout — testable without Spring context (Ch 2)
+- `ResponseEntity` with correct status codes: 200, 201, 404 (Ch 2)
+- `Optional` → `orElseThrow` → `ResponseStatusException` — clean 404 (Ch 2)
+- `@ConfigurationProperties` for grouped app config (Ch 3)
+- `@WebMvcTest` + `@MockBean` — fast, isolated controller tests (Ch 4)
+- `@WithMockUser` — security tested explicitly (Ch 4)
+- Custom `HealthIndicator` — DB health visible in Actuator (Ch 7)
+- Actuator locked down — only `health` and `info` public (Ch 7)
+- Profile-based properties — no env checks in code (Ch 3, 8)

package/skills/spring-boot-in-action/examples/before.md

@@ -0,0 +1,84 @@
+# Before: Spring Boot in Action
+
+A book library REST API with common Spring Boot anti-patterns — manual configuration fighting auto-config, field injection, hardcoded values, missing tests, and no Actuator.
+
+```java
+// Main class missing @SpringBootApplication — won't auto-configure anything
+@Configuration
+@ComponentScan
+public class LibraryApp {
+    public static void main(String[] args) {
+        SpringApplication.run(LibraryApp.class, args);
+    }
+}
+
+// Manual DataSource bean — fights auto-configuration (Ch 2, 3)
+@Configuration
+public class DatabaseConfig {
+    @Bean
+    public DataSource dataSource() {
+        DriverManagerDataSource ds = new DriverManagerDataSource();
+        ds.setDriverClassName("org.postgresql.Driver");
+        ds.setUrl("jdbc:postgresql://localhost/library");  // hardcoded (Ch 3)
+        ds.setUsername("admin");                           // hardcoded credential!
+        ds.setPassword("secret123");                       // hardcoded credential!
+        return ds;
+    }
+}
+
+// Field injection — untestable without Spring context (Ch 2)
+@RestController
+public class BookController {
+    @Autowired
+    private BookRepository bookRepository;
+
+    @Autowired
+    private BookService bookService;
+
+    // Returns null instead of 404 when book not found (Ch 2)
+    @GetMapping("/books/{id}")
+    public Book getBook(@PathVariable Long id) {
+        return bookRepository.findById(id).orElse(null);  // null slips to client
+    }
+
+    // No status code — always returns 200 even on create (Ch 2)
+    @PostMapping("/books")
+    @ResponseBody
+    public Book createBook(@RequestBody Book book) {
+        return bookRepository.save(book);
+    }
+}
+
+// Service with field injection and no error handling
+@Service
+public class BookService {
+    @Autowired
+    private BookRepository bookRepository;
+
+    public List<Book> search(String query) {
+        // Environment check in code instead of using profiles (Ch 3)
+        if (System.getProperty("env").equals("dev")) {
+            System.out.println("Searching for: " + query);  // println not logger
+        }
+        return bookRepository.findAll();  // returns everything, ignores query
+    }
+}
+
+// Test that boots full context just to test one controller method (Ch 4)
+@SpringBootTest
+public class BookControllerTest {
+    @Autowired
+    private BookController controller;
+
+    @Test
+    public void testGetBook() {
+        // Direct controller call — no HTTP semantics, no status code testing
+        Book result = controller.getBook(1L);
+        assertNotNull(result);
+    }
+}
+
+// application.properties — missing externalized config
+// (no datasource url, credentials baked into Java code above)
+// spring.jpa.hibernate.ddl-auto=create  // destroys data on restart!
+```