@jahia/agentic 0.1.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/README.md +28 -0
- package/dist/claude/.claude/rules/jahia.md +3 -1
- package/dist/claude/.claude/skills/jahia/SKILL.md +18 -10
- package/dist/claude/.claude/skills/jahia-content/SKILL.md +102 -84
- package/dist/claude/.claude/skills/jahia-content-create-content/SKILL.md +255 -280
- package/dist/claude/.claude/skills/jahia-content-explore-structure/SKILL.md +187 -96
- package/dist/claude/.claude/skills/jahia-content-media-upload/SKILL.md +197 -0
- package/dist/claude/.claude/skills/jahia-content-move-content/SKILL.md +160 -165
- package/dist/claude/.claude/skills/jahia-content-organize/SKILL.md +209 -0
- package/dist/claude/.claude/skills/jahia-content-publish/SKILL.md +181 -0
- package/dist/claude/.claude/skills/jahia-content-query-content/SKILL.md +122 -92
- package/dist/claude/.claude/skills/jahia-content-translate-content/SKILL.md +154 -225
- package/dist/claude/.claude/skills/jahia-dev-build-component/SKILL.md +7 -22
- package/dist/claude/.claude/skills/jahia-dev-create-view/SKILL.md +58 -0
- package/dist/claude/.claude/skills/jahia-dev-cypress/SKILL.md +150 -330
- package/dist/claude/.claude/skills/jahia-dev-java/SKILL.md +7 -2
- package/dist/claude/.claude/skills/jahia-dev-query-content/SKILL.md +93 -296
- package/dist/claude/.claude/skills/jahia-java-concurrency/SKILL.md +308 -0
- package/dist/claude/.claude/skills/jahia-java-jcr/SKILL.md +153 -0
- package/dist/claude/.claude/skills/jahia-java-osgi/SKILL.md +134 -0
- package/dist/claude/.claude/skills/jahia-java-persistence/SKILL.md +177 -0
- package/dist/claude/.claude/skills/jahia-java-security/SKILL.md +84 -0
- package/dist/claude/.claude/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/claude/.claude/skills/jahia-review-java/SKILL.md +131 -0
- package/dist/claude/.claude/skills/jahia-review-java/references/code-review-output.md +121 -0
- package/dist/claude/CLAUDE.md +4 -8
- package/dist/codex/.agents/skills/jahia/SKILL.md +18 -10
- package/dist/codex/.agents/skills/jahia-content/SKILL.md +102 -84
- package/dist/codex/.agents/skills/jahia-content-create-content/SKILL.md +255 -280
- package/dist/codex/.agents/skills/jahia-content-explore-structure/SKILL.md +187 -96
- package/dist/codex/.agents/skills/jahia-content-media-upload/SKILL.md +197 -0
- package/dist/codex/.agents/skills/jahia-content-move-content/SKILL.md +160 -165
- package/dist/codex/.agents/skills/jahia-content-organize/SKILL.md +209 -0
- package/dist/codex/.agents/skills/jahia-content-publish/SKILL.md +181 -0
- package/dist/codex/.agents/skills/jahia-content-query-content/SKILL.md +122 -92
- package/dist/codex/.agents/skills/jahia-content-translate-content/SKILL.md +154 -225
- package/dist/codex/.agents/skills/jahia-dev-build-component/SKILL.md +7 -22
- package/dist/codex/.agents/skills/jahia-dev-create-view/SKILL.md +58 -0
- package/dist/codex/.agents/skills/jahia-dev-cypress/SKILL.md +150 -330
- package/dist/codex/.agents/skills/jahia-dev-java/SKILL.md +7 -2
- package/dist/codex/.agents/skills/jahia-dev-query-content/SKILL.md +93 -296
- package/dist/codex/.agents/skills/jahia-java-concurrency/SKILL.md +308 -0
- package/dist/codex/.agents/skills/jahia-java-jcr/SKILL.md +153 -0
- package/dist/codex/.agents/skills/jahia-java-osgi/SKILL.md +134 -0
- package/dist/codex/.agents/skills/jahia-java-persistence/SKILL.md +177 -0
- package/dist/codex/.agents/skills/jahia-java-security/SKILL.md +84 -0
- package/dist/codex/.agents/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/codex/.agents/skills/jahia-review-java/SKILL.md +131 -0
- package/dist/codex/.agents/skills/jahia-review-java/references/code-review-output.md +121 -0
- package/dist/codex/AGENTS.md +5 -5
- package/dist/copilot/.agents/skills/jahia/SKILL.md +18 -10
- package/dist/copilot/.agents/skills/jahia-content/SKILL.md +102 -84
- package/dist/copilot/.agents/skills/jahia-content-create-content/SKILL.md +255 -280
- package/dist/copilot/.agents/skills/jahia-content-explore-structure/SKILL.md +187 -96
- package/dist/copilot/.agents/skills/jahia-content-media-upload/SKILL.md +197 -0
- package/dist/copilot/.agents/skills/jahia-content-move-content/SKILL.md +160 -165
- package/dist/copilot/.agents/skills/jahia-content-organize/SKILL.md +209 -0
- package/dist/copilot/.agents/skills/jahia-content-publish/SKILL.md +181 -0
- package/dist/copilot/.agents/skills/jahia-content-query-content/SKILL.md +122 -92
- package/dist/copilot/.agents/skills/jahia-content-translate-content/SKILL.md +154 -225
- package/dist/copilot/.agents/skills/jahia-dev-build-component/SKILL.md +7 -22
- package/dist/copilot/.agents/skills/jahia-dev-create-view/SKILL.md +58 -0
- package/dist/copilot/.agents/skills/jahia-dev-cypress/SKILL.md +150 -330
- package/dist/copilot/.agents/skills/jahia-dev-java/SKILL.md +7 -2
- package/dist/copilot/.agents/skills/jahia-dev-query-content/SKILL.md +93 -296
- package/dist/copilot/.agents/skills/jahia-java-concurrency/SKILL.md +308 -0
- package/dist/copilot/.agents/skills/jahia-java-jcr/SKILL.md +153 -0
- package/dist/copilot/.agents/skills/jahia-java-osgi/SKILL.md +134 -0
- package/dist/copilot/.agents/skills/jahia-java-persistence/SKILL.md +177 -0
- package/dist/copilot/.agents/skills/jahia-java-security/SKILL.md +84 -0
- package/dist/copilot/.agents/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/copilot/.agents/skills/jahia-review-java/SKILL.md +131 -0
- package/dist/copilot/.agents/skills/jahia-review-java/references/code-review-output.md +121 -0
- package/dist/copilot/AGENTS.md +5 -5
- package/dist/cursor/.agents/skills/jahia/SKILL.md +18 -10
- package/dist/cursor/.agents/skills/jahia-content/SKILL.md +102 -84
- package/dist/cursor/.agents/skills/jahia-content-create-content/SKILL.md +255 -280
- package/dist/cursor/.agents/skills/jahia-content-explore-structure/SKILL.md +187 -96
- package/dist/cursor/.agents/skills/jahia-content-media-upload/SKILL.md +197 -0
- package/dist/cursor/.agents/skills/jahia-content-move-content/SKILL.md +160 -165
- package/dist/cursor/.agents/skills/jahia-content-organize/SKILL.md +209 -0
- package/dist/cursor/.agents/skills/jahia-content-publish/SKILL.md +181 -0
- package/dist/cursor/.agents/skills/jahia-content-query-content/SKILL.md +122 -92
- package/dist/cursor/.agents/skills/jahia-content-translate-content/SKILL.md +154 -225
- package/dist/cursor/.agents/skills/jahia-dev-build-component/SKILL.md +7 -22
- package/dist/cursor/.agents/skills/jahia-dev-create-view/SKILL.md +58 -0
- package/dist/cursor/.agents/skills/jahia-dev-cypress/SKILL.md +150 -330
- package/dist/cursor/.agents/skills/jahia-dev-java/SKILL.md +7 -2
- package/dist/cursor/.agents/skills/jahia-dev-query-content/SKILL.md +93 -296
- package/dist/cursor/.agents/skills/jahia-java-concurrency/SKILL.md +308 -0
- package/dist/cursor/.agents/skills/jahia-java-jcr/SKILL.md +153 -0
- package/dist/cursor/.agents/skills/jahia-java-osgi/SKILL.md +134 -0
- package/dist/cursor/.agents/skills/jahia-java-persistence/SKILL.md +177 -0
- package/dist/cursor/.agents/skills/jahia-java-security/SKILL.md +84 -0
- package/dist/cursor/.agents/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/cursor/.agents/skills/jahia-review-java/SKILL.md +131 -0
- package/dist/cursor/.agents/skills/jahia-review-java/references/code-review-output.md +121 -0
- package/dist/cursor/.cursor/rules/jahia.mdc +3 -1
- package/dist/gemini/.agents/skills/jahia/SKILL.md +18 -10
- package/dist/gemini/.agents/skills/jahia-content/SKILL.md +102 -84
- package/dist/gemini/.agents/skills/jahia-content-create-content/SKILL.md +255 -280
- package/dist/gemini/.agents/skills/jahia-content-explore-structure/SKILL.md +187 -96
- package/dist/gemini/.agents/skills/jahia-content-media-upload/SKILL.md +197 -0
- package/dist/gemini/.agents/skills/jahia-content-move-content/SKILL.md +160 -165
- package/dist/gemini/.agents/skills/jahia-content-organize/SKILL.md +209 -0
- package/dist/gemini/.agents/skills/jahia-content-publish/SKILL.md +181 -0
- package/dist/gemini/.agents/skills/jahia-content-query-content/SKILL.md +122 -92
- package/dist/gemini/.agents/skills/jahia-content-translate-content/SKILL.md +154 -225
- package/dist/gemini/.agents/skills/jahia-dev-build-component/SKILL.md +7 -22
- package/dist/gemini/.agents/skills/jahia-dev-create-view/SKILL.md +58 -0
- package/dist/gemini/.agents/skills/jahia-dev-cypress/SKILL.md +150 -330
- package/dist/gemini/.agents/skills/jahia-dev-java/SKILL.md +7 -2
- package/dist/gemini/.agents/skills/jahia-dev-query-content/SKILL.md +93 -296
- package/dist/gemini/.agents/skills/jahia-java-concurrency/SKILL.md +308 -0
- package/dist/gemini/.agents/skills/jahia-java-jcr/SKILL.md +153 -0
- package/dist/gemini/.agents/skills/jahia-java-osgi/SKILL.md +134 -0
- package/dist/gemini/.agents/skills/jahia-java-persistence/SKILL.md +177 -0
- package/dist/gemini/.agents/skills/jahia-java-security/SKILL.md +84 -0
- package/dist/gemini/.agents/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/gemini/.agents/skills/jahia-review-java/SKILL.md +131 -0
- package/dist/gemini/.agents/skills/jahia-review-java/references/code-review-output.md +121 -0
- package/dist/gemini/AGENTS.md +5 -5
- package/dist/gemini/GEMINI.md +2 -2
- package/dist/opencode/.agents/skills/jahia/SKILL.md +18 -10
- package/dist/opencode/.agents/skills/jahia-content/SKILL.md +102 -84
- package/dist/opencode/.agents/skills/jahia-content-create-content/SKILL.md +255 -280
- package/dist/opencode/.agents/skills/jahia-content-explore-structure/SKILL.md +187 -96
- package/dist/opencode/.agents/skills/jahia-content-media-upload/SKILL.md +197 -0
- package/dist/opencode/.agents/skills/jahia-content-move-content/SKILL.md +160 -165
- package/dist/opencode/.agents/skills/jahia-content-organize/SKILL.md +209 -0
- package/dist/opencode/.agents/skills/jahia-content-publish/SKILL.md +181 -0
- package/dist/opencode/.agents/skills/jahia-content-query-content/SKILL.md +122 -92
- package/dist/opencode/.agents/skills/jahia-content-translate-content/SKILL.md +154 -225
- package/dist/opencode/.agents/skills/jahia-dev-build-component/SKILL.md +7 -22
- package/dist/opencode/.agents/skills/jahia-dev-create-view/SKILL.md +58 -0
- package/dist/opencode/.agents/skills/jahia-dev-cypress/SKILL.md +150 -330
- package/dist/opencode/.agents/skills/jahia-dev-java/SKILL.md +7 -2
- package/dist/opencode/.agents/skills/jahia-dev-query-content/SKILL.md +93 -296
- package/dist/opencode/.agents/skills/jahia-java-concurrency/SKILL.md +308 -0
- package/dist/opencode/.agents/skills/jahia-java-jcr/SKILL.md +153 -0
- package/dist/opencode/.agents/skills/jahia-java-osgi/SKILL.md +134 -0
- package/dist/opencode/.agents/skills/jahia-java-persistence/SKILL.md +177 -0
- package/dist/opencode/.agents/skills/jahia-java-security/SKILL.md +84 -0
- package/dist/opencode/.agents/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/opencode/.agents/skills/jahia-review-java/SKILL.md +131 -0
- package/dist/opencode/.agents/skills/jahia-review-java/references/code-review-output.md +121 -0
- package/dist/opencode/AGENTS.md +5 -5
- package/dist/windsurf/.windsurf/rules/jahia.md +3 -1
- package/dist/windsurf/.windsurf/skills/jahia/SKILL.md +18 -10
- package/dist/windsurf/.windsurf/skills/jahia-content/SKILL.md +102 -84
- package/dist/windsurf/.windsurf/skills/jahia-content-create-content/SKILL.md +255 -280
- package/dist/windsurf/.windsurf/skills/jahia-content-explore-structure/SKILL.md +187 -96
- package/dist/windsurf/.windsurf/skills/jahia-content-media-upload/SKILL.md +197 -0
- package/dist/windsurf/.windsurf/skills/jahia-content-move-content/SKILL.md +160 -165
- package/dist/windsurf/.windsurf/skills/jahia-content-organize/SKILL.md +209 -0
- package/dist/windsurf/.windsurf/skills/jahia-content-publish/SKILL.md +181 -0
- package/dist/windsurf/.windsurf/skills/jahia-content-query-content/SKILL.md +122 -92
- package/dist/windsurf/.windsurf/skills/jahia-content-translate-content/SKILL.md +154 -225
- package/dist/windsurf/.windsurf/skills/jahia-dev-build-component/SKILL.md +7 -22
- package/dist/windsurf/.windsurf/skills/jahia-dev-create-view/SKILL.md +58 -0
- package/dist/windsurf/.windsurf/skills/jahia-dev-cypress/SKILL.md +150 -330
- package/dist/windsurf/.windsurf/skills/jahia-dev-java/SKILL.md +7 -2
- package/dist/windsurf/.windsurf/skills/jahia-dev-query-content/SKILL.md +93 -296
- package/dist/windsurf/.windsurf/skills/jahia-java-concurrency/SKILL.md +308 -0
- package/dist/windsurf/.windsurf/skills/jahia-java-jcr/SKILL.md +153 -0
- package/dist/windsurf/.windsurf/skills/jahia-java-osgi/SKILL.md +134 -0
- package/dist/windsurf/.windsurf/skills/jahia-java-persistence/SKILL.md +177 -0
- package/dist/windsurf/.windsurf/skills/jahia-java-security/SKILL.md +84 -0
- package/dist/windsurf/.windsurf/skills/jahia-jcr-sql2/SKILL.md +258 -0
- package/dist/windsurf/.windsurf/skills/jahia-review-java/SKILL.md +131 -0
- package/dist/windsurf/.windsurf/skills/jahia-review-java/references/code-review-output.md +121 -0
- package/dist/windsurf/AGENTS.md +5 -5
- package/package.json +7 -3
|
@@ -0,0 +1,177 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: jahia-java-persistence
|
|
3
|
+
description: Persistence and data model patterns for Jahia Java backend — correct usage of JPA/Hibernate with JCR, N+1 avoidance, timestamp consistency, entity model decisions, transactional asymmetry between SQL and JCR, and locking/concurrency in write paths. Load when implementing or reviewing any class that interacts with a relational database alongside JCR.
|
|
4
|
+
allowed-tools: Read
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Persistence Patterns for Jahia Java Backend
|
|
8
|
+
|
|
9
|
+
This skill covers how to design and implement the persistence layer correctly when combining SQL (JPA/Hibernate) with JCR in a Jahia Java module. Each section states the correct approach first, then the pitfall. Both developers and reviewers use this skill.
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## Sequence and counter columns
|
|
14
|
+
|
|
15
|
+
### Correct approach
|
|
16
|
+
|
|
17
|
+
Use the database's native mechanisms for generating ordered identifiers:
|
|
18
|
+
- `IDENTITY` / `AUTO_INCREMENT` on the primary key for insertion order.
|
|
19
|
+
- A `SEQUENCE` object (reserved inside a serialized transaction) if you need a stable ordering column separate from the PK.
|
|
20
|
+
|
|
21
|
+
### Pitfall
|
|
22
|
+
|
|
23
|
+
```java
|
|
24
|
+
// anti-pattern — read-then-act race
|
|
25
|
+
int max = repository.selectMaxNumber(contentId, locale); // SELECT MAX(...)
|
|
26
|
+
entity.setNumber(max + 1);
|
|
27
|
+
session.persist(entity);
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
Two concurrent inserts for the same `(contentId, locale)` read the same `MAX`, produce duplicate numbers, and either hit a unique constraint violation or silently corrupt ordering. Application-managed counters are never safe without explicit row-level locking. The counter column is also redundant if the primary key already provides insertion order.
|
|
31
|
+
|
|
32
|
+
**Finding level:** P1 for concurrent write paths; P2 if access is serialised by a documented higher-level lock, but that invariant must be documented.
|
|
33
|
+
|
|
34
|
+
---
|
|
35
|
+
|
|
36
|
+
## N+1 query patterns
|
|
37
|
+
|
|
38
|
+
### Correct approach
|
|
39
|
+
|
|
40
|
+
Load parent and child data in one round-trip:
|
|
41
|
+
- SQL: `JOIN` or a `WHERE id IN (...)` batch query.
|
|
42
|
+
- JPA: `JOIN FETCH` in JPQL or `@EntityGraph`.
|
|
43
|
+
|
|
44
|
+
### Pitfall
|
|
45
|
+
|
|
46
|
+
```java
|
|
47
|
+
// anti-pattern
|
|
48
|
+
List<Group> groups = repo.listGroups(contentId); // 1 query
|
|
49
|
+
for (Group g : groups) {
|
|
50
|
+
g.setVersions(repo.loadVersionsForGroup(g.getId())); // N queries
|
|
51
|
+
}
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
N+1 patterns are invisible in low-volume testing but degrade linearly under real content volumes. For unbounded lists (version history, publication logs) this becomes a UI performance cliff.
|
|
55
|
+
|
|
56
|
+
**Finding level:** P2 for capped lists; P1 for unbounded lists in hot paths.
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
|
|
60
|
+
## Timestamp consistency in batch operations
|
|
61
|
+
|
|
62
|
+
### Correct approach
|
|
63
|
+
|
|
64
|
+
Compute the timestamp **once** at the start of a logical operation and pass it to every entity created by that operation:
|
|
65
|
+
|
|
66
|
+
```java
|
|
67
|
+
Instant now = Instant.now(); // computed once
|
|
68
|
+
groupEntity.setCreatedAt(now);
|
|
69
|
+
for (var version : versions) {
|
|
70
|
+
versionEntity.setCreatedAt(now); // same value for all
|
|
71
|
+
}
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
This makes "all entities from this operation" a trivial equality predicate: `WHERE operationId = ? AND createdAt = ?`. It also makes the audit trail semantically correct — these are one logical event, not N sequential events.
|
|
75
|
+
|
|
76
|
+
### Pitfall
|
|
77
|
+
|
|
78
|
+
Multiple independent `Instant.now()` calls within the same logical operation produce timestamp drift. Even millisecond drift means "show me all versions from this publish event" requires a range query with fuzzy bounds instead of equality. It also implies false ordering between things that are the same event.
|
|
79
|
+
|
|
80
|
+
**Finding level:** P2 — correctness and query simplicity. Elevate to P1 if the drift creates misleading audit trails.
|
|
81
|
+
|
|
82
|
+
---
|
|
83
|
+
|
|
84
|
+
## Entity model: when a separate table earns its keep
|
|
85
|
+
|
|
86
|
+
### Correct approach
|
|
87
|
+
|
|
88
|
+
A separate table/entity is justified when it carries state that would be annoyingly denormalised across every member row: operation type, author, workflow status, retry counters, approval metadata, referential integrity constraints.
|
|
89
|
+
|
|
90
|
+
If the only purpose of the separate table is to group rows (no meaningful payload of its own), a plain `operationId` UUID column on the member table is sufficient:
|
|
91
|
+
- "All operations for a content": `SELECT DISTINCT operationId, createdAt FROM NodeVersion WHERE contentId = ? ORDER BY createdAt DESC`
|
|
92
|
+
- "All versions of one operation": `SELECT * FROM NodeVersion WHERE operationId = ?`
|
|
93
|
+
|
|
94
|
+
Rule of thumb: defer extraction to a separate entity until the denormalised columns exceed 3–4 fields, or you need referential integrity on the operation itself (cascading, per-operation locks). The refactor is straightforward later — `INSERT ... SELECT DISTINCT` into the new table, add the FK, drop the denormalised columns.
|
|
95
|
+
|
|
96
|
+
### Pitfall
|
|
97
|
+
|
|
98
|
+
```java
|
|
99
|
+
// separate table with no meaningful payload — not justified yet
|
|
100
|
+
@Entity class NodeVersionGroupEntity {
|
|
101
|
+
UUID id;
|
|
102
|
+
UUID nodeUuid; // duplicated from every member row
|
|
103
|
+
Instant createdAt; // drifts from member rows (see above)
|
|
104
|
+
// nothing else
|
|
105
|
+
}
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
A correlation-only entity adds a table, a JOIN on every group query, a separate Hibernate lifecycle, and the risk of timestamp drift — for zero domain benefit until the group gains real state.
|
|
109
|
+
|
|
110
|
+
**Finding level:** P2 — surface as a design decision for the team, not a demand for immediate refactoring. Ask: does the group entity carry any state today? What is the expected evolution?
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
## Transactional asymmetry — mixed SQL + JCR stores
|
|
115
|
+
|
|
116
|
+
### Correct approach
|
|
117
|
+
|
|
118
|
+
SQL (Hibernate) and JCR do not share a transaction. Treat every mixed write path as requiring explicit reasoning about failure modes.
|
|
119
|
+
|
|
120
|
+
Options in order of preference:
|
|
121
|
+
1. **JCR as system of record:** write to JCR first; only commit to SQL after a successful `session.save()`. If the SQL commit fails, log the orphaned JCR state and add it to a retry or cleanup queue.
|
|
122
|
+
2. **Outbox pattern:** write to SQL only (including a status/outbox column); a separate process reads and applies the JCR write idempotently.
|
|
123
|
+
3. **Accept the asymmetry:** document the inconsistency window explicitly, add a compensating cleanup path, and add monitoring to detect orphaned rows.
|
|
124
|
+
|
|
125
|
+
### Pitfall
|
|
126
|
+
|
|
127
|
+
```java
|
|
128
|
+
repository.insertVersion(entity); // SQL committed inside Hibernate session
|
|
129
|
+
jcrNode.setProperty("...", value); // if this fails, SQL is already committed
|
|
130
|
+
session.save();
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
A failure in the JCR write leaves the SQL committed and the JCR unchanged — silent data inconsistency. Symptoms: rows in the DB with no corresponding JCR node, or vice versa.
|
|
134
|
+
|
|
135
|
+
**Finding level:** P1 — silent data inconsistency. Elevate to P0 if the inconsistency is user-visible or hard to detect.
|
|
136
|
+
|
|
137
|
+
---
|
|
138
|
+
|
|
139
|
+
## Locking and write paths
|
|
140
|
+
|
|
141
|
+
### Correct approach
|
|
142
|
+
|
|
143
|
+
Document the thread-safety contract of every write path that involves locking, restoration, or multi-step state transitions:
|
|
144
|
+
- Is the path safe to call concurrently? If not, what external lock must the caller hold?
|
|
145
|
+
- Does the path clear existing locks? If yes, whose lock? Under what conditions is clearing safe?
|
|
146
|
+
|
|
147
|
+
Before clearing a JCR lock in a write path:
|
|
148
|
+
1. Verify the lock is not owned by an unrelated operation (active publication job, workflow, concurrent editor).
|
|
149
|
+
2. If the lock is external, fail with a clear error — do not continue.
|
|
150
|
+
|
|
151
|
+
### Pitfall
|
|
152
|
+
|
|
153
|
+
```java
|
|
154
|
+
// dangerous — clears all locks unconditionally, continues even if clearing fails
|
|
155
|
+
JCRContentUtils.clearAllLocks(node);
|
|
156
|
+
restoreContent(node, version);
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
This pattern is dangerous in any path that is not the sole writer. A publication job in progress may have locked the node for a reason; clearing the lock and continuing the restore corrupts the publication. See also `jahia-java-jcr` locking section.
|
|
160
|
+
|
|
161
|
+
**Finding level:** P0 if active in production code; P1 if guarded by a feature flag off by default — but must appear in known-limitations/next-steps regardless.
|
|
162
|
+
|
|
163
|
+
---
|
|
164
|
+
|
|
165
|
+
## Schema documentation
|
|
166
|
+
|
|
167
|
+
### Correct approach
|
|
168
|
+
|
|
169
|
+
For any module that introduces relational tables, include a schema summary in `docs/` or a README section covering:
|
|
170
|
+
- Table names and purpose.
|
|
171
|
+
- Key column types and constraints (primary keys, foreign keys, unique constraints, indexed columns).
|
|
172
|
+
- How SQL tables relate to JCR nodes (which JCR property or node UUID maps to which SQL column).
|
|
173
|
+
- Any migration strategy for schema changes.
|
|
174
|
+
|
|
175
|
+
### Pitfall
|
|
176
|
+
|
|
177
|
+
Undocumented tables discovered by reviewing Hibernate entity classes alone — reviewers and future maintainers cannot verify the full schema from code without running the application and inspecting the DB. This is a P2 documentation finding.
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: jahia-java-security
|
|
3
|
+
description: Jahia security model for Java backend development — the four protection mechanisms (Security Filter, CSRF Guard, ACLs, captcha), when each applies, and how to audit or implement each correctly. Load when implementing or reviewing any HTTP-reachable surface in a Jahia Java module.
|
|
4
|
+
allowed-tools: Read
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Jahia Security Model for Java Backend
|
|
8
|
+
|
|
9
|
+
This skill covers how to correctly protect HTTP-reachable surfaces in a Jahia Java module. Each mechanism is described with its correct use, its limits, and the common mistakes that create vulnerabilities. Both developers and reviewers use this skill.
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## The four protection mechanisms
|
|
14
|
+
|
|
15
|
+
Every reachable surface in a Jahia module is protected by zero, one, or several of these. Map each one explicitly for any surface you implement or review.
|
|
16
|
+
|
|
17
|
+
### 1. Jahia Security Filter (API scopes)
|
|
18
|
+
|
|
19
|
+
- **What:** OSGi-configurable filter that gates URL patterns by `Origin`/`Referer` and required permissions/scopes.
|
|
20
|
+
- **Config:** YAML under `META-INF/configurations/org.jahia.modules.api.permissions-*.yaml`.
|
|
21
|
+
- **Origin gating:** `auto_apply: - origin: hosted` ensures requests come from the same domain. Works for guests and authenticated users. Does not break CDN caching.
|
|
22
|
+
- **Permission gating:** `grants: - api: <name>; node: <selector>` enforces a Jahia permission.
|
|
23
|
+
- **When to use:** default protection for any module-exposed servlet or GraphQL endpoint reachable over HTTP. This is the first line of defense — apply it before considering CSRF Guard or inline checks.
|
|
24
|
+
|
|
25
|
+
### 2. CSRF Guard
|
|
26
|
+
|
|
27
|
+
- **What:** Jahia-wide servlet filter injecting a token into XHR/fetch and validating it server-side.
|
|
28
|
+
- **Critical limitation:** `jahia.csrf-guard.bypassForGuest = true` by default. CSRF Guard **does not protect guest submissions** out of the box. Enabling it for guests breaks CDN caching of public pages.
|
|
29
|
+
- **When to use:** authenticated-only operations where you can verify the URL pattern is in the guard's `resolvedUrlPatterns` config.
|
|
30
|
+
- **Common mistake:** assuming CSRF Guard protects a guest-reachable form. It does not — a guest submitting a public form bypasses CSRF Guard entirely.
|
|
31
|
+
|
|
32
|
+
### 3. Jahia permissions and ACLs
|
|
33
|
+
|
|
34
|
+
- **What:** JCR-based ACLs + named permissions declared in `permissions.xml` or `*.cnd`.
|
|
35
|
+
- **Enforcement:** `JCRSessionWrapper` (user session — permissions apply) vs `JCRSessionFactory.getCurrentSystemSession()` / `JCRTemplate.doExecuteWithSystemSession` (system session — permissions bypassed).
|
|
36
|
+
- **GraphQL:** `@GraphQLField` operations should declare `@RequirePermission` annotations. An admin operation without `@RequirePermission` is a finding.
|
|
37
|
+
- **When to use:** any operation that reads/writes JCR content with content-level access rules — jContent admin screens, content workflows, operations that respect site/node permissions.
|
|
38
|
+
- **Audit rule:** when code uses a system session, the security boundary is whatever check happened *before* the `doExecuteWithSystemSession` call. Find that check explicitly. If there is none, the operation is anonymous-privileged — P0 for writes, P1 for reads.
|
|
39
|
+
|
|
40
|
+
### 4. Captcha and one-time tokens
|
|
41
|
+
|
|
42
|
+
- **What:** non-replayable credentials tied to the rendering page.
|
|
43
|
+
- **When to use:** defense-in-depth against bots and as partial CSRF mitigation for guest forms.
|
|
44
|
+
- **Not a primary CSRF control.** Captcha protects a specific form when enabled, but it is not origin verification. Do not let a code path rely on captcha alone.
|
|
45
|
+
|
|
46
|
+
---
|
|
47
|
+
|
|
48
|
+
## Decision matrix
|
|
49
|
+
|
|
50
|
+
For each surface you implement or review, fill this in:
|
|
51
|
+
|
|
52
|
+
| Surface | Guests? | Auth users? | Side effects? | Required protection |
|
|
53
|
+
|---|---|---|---|---|
|
|
54
|
+
| Public form submit | Yes | Yes | Email, JCR write | Security Filter `origin: hosted` (primary) + captcha (defense-in-depth) |
|
|
55
|
+
| Admin GraphQL query | No | Yes (with permission) | Read JCR | Security Filter `origin: hosted` + `@RequirePermission(...)` |
|
|
56
|
+
| Admin GraphQL mutation | No | Yes (with permission) | Write JCR | Same + verify ACL when system session is used |
|
|
57
|
+
| OSGi servlet at `/modules/...` | Depends | Depends | Depends | At minimum: `origin: hosted` |
|
|
58
|
+
| Choicelist initializer | Indirect (editor UI) | Yes (editor) | Read config | Inherits editor auth — verify it does not leak cross-tenant data |
|
|
59
|
+
|
|
60
|
+
---
|
|
61
|
+
|
|
62
|
+
## Implementing a secure surface — checklist
|
|
63
|
+
|
|
64
|
+
When adding a new servlet, GraphQL operation, or filter:
|
|
65
|
+
|
|
66
|
+
1. **Declare the Security Filter scope** in `org.jahia.modules.api.permissions-*.yaml`.
|
|
67
|
+
2. **Classify the surface** in the decision matrix above.
|
|
68
|
+
3. **If writing JCR with a system session:** document the prior permission check in a Javadoc comment on the method.
|
|
69
|
+
4. **If the surface is public (guest-reachable):** do not rely on CSRF Guard alone. Use `origin: hosted` + captcha if the action has side effects.
|
|
70
|
+
5. **If the surface is admin-only:** add `@RequirePermission` to the GraphQL field or inline `JCRTemplate` ACL check.
|
|
71
|
+
6. **Document the intent.** A deliberate "this endpoint is public because X" must be in a Javadoc on the class or in `docs/security.md`. An undocumented gap is a finding even if intentional — the next maintainer cannot tell intent from accident.
|
|
72
|
+
|
|
73
|
+
---
|
|
74
|
+
|
|
75
|
+
## Findings to surface during review
|
|
76
|
+
|
|
77
|
+
1. **Unprotected endpoint.** Any servlet/GraphQL operation without a Security Filter scope **and** without `@RequirePermission` **and** without an inline auth check. P0 unless explicitly documented as intentionally public.
|
|
78
|
+
2. **CSRF Guard guest bypass misunderstood.** Code or docs claiming CSRF Guard protects guests. P0 — foundational misunderstanding.
|
|
79
|
+
3. **System session without prior permission check.** P0 for writes, P1 for reads.
|
|
80
|
+
4. **Captcha presented as primary CSRF defense.** P1 — it is defense-in-depth, not primary.
|
|
81
|
+
5. **Missing `@RequirePermission` on admin GraphQL.** P0 for mutations, P1 for sensitive-data queries.
|
|
82
|
+
6. **Permission referenced but not declared.** A permission name used in code or config that is not declared in any module resource. P1.
|
|
83
|
+
7. **Email recipients from user input.** Any `to:` address derived from a submitted field without an allowlist. P1 — open relay vector.
|
|
84
|
+
8. **Outbound HTTP without timeouts.** `HttpClient.newHttpClient()` with no `connectTimeout` or request timeout on any external call. P0 — trivial DoS.
|
|
@@ -0,0 +1,258 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: jahia-jcr-sql2
|
|
3
|
+
description: JCR-SQL2 reference for Jahia queries. Use when building, reviewing, or debugging SQL2 statements for content listings, full-text search, sorting, pagination, or Java back-end query code.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Skill: jahia-jcr-sql2
|
|
7
|
+
|
|
8
|
+
Use this skill when you need the JCR-SQL2 language itself: selectors, path constraints, filters, ordering, full-text syntax, joins, pagination rules, and performance guardrails.
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## When to use JCR-SQL2
|
|
13
|
+
|
|
14
|
+
JCR-SQL2 is the standard Jahia query language for:
|
|
15
|
+
|
|
16
|
+
- listing pages or content with filtering and sorting
|
|
17
|
+
- querying a folder subtree
|
|
18
|
+
- searching by property value, date, or reference
|
|
19
|
+
- full-text search across indexed content
|
|
20
|
+
- back-end Java code using `QueryManagerWrapper`
|
|
21
|
+
- template-set listings that use `useJCRQuery` or the Page Builder query component
|
|
22
|
+
|
|
23
|
+
---
|
|
24
|
+
|
|
25
|
+
## Basic syntax
|
|
26
|
+
|
|
27
|
+
### Select by node type
|
|
28
|
+
|
|
29
|
+
```sql
|
|
30
|
+
SELECT * FROM [jnt:page] AS page
|
|
31
|
+
SELECT * FROM [jnt:content] AS content
|
|
32
|
+
SELECT * FROM [jnt:file] AS file
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
The selector matches the named type and its subtypes.
|
|
36
|
+
|
|
37
|
+
### Common node types
|
|
38
|
+
|
|
39
|
+
| Type | Meaning |
|
|
40
|
+
|------|---------|
|
|
41
|
+
| `jnt:page` | pages |
|
|
42
|
+
| `jnt:content` | editorial content |
|
|
43
|
+
| `jnt:file` | files |
|
|
44
|
+
| `jnt:virtualsite` | sites |
|
|
45
|
+
| `jmix:searchable` | general searchable content |
|
|
46
|
+
| `nt:base` | all nodes — avoid unless paired with a strict path |
|
|
47
|
+
|
|
48
|
+
---
|
|
49
|
+
|
|
50
|
+
## Path constraints
|
|
51
|
+
|
|
52
|
+
### Recursive subtree
|
|
53
|
+
|
|
54
|
+
```sql
|
|
55
|
+
SELECT * FROM [jnt:page] AS page
|
|
56
|
+
WHERE ISDESCENDANTNODE(page, '/sites/luxe/home')
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
### Direct children only
|
|
60
|
+
|
|
61
|
+
```sql
|
|
62
|
+
SELECT * FROM [jnt:page] AS page
|
|
63
|
+
WHERE ISCHILDNODE(page, '/sites/luxe/home')
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
**Guardrail:** always constrain by path to avoid repository-wide scans.
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Property constraints
|
|
71
|
+
|
|
72
|
+
### Exact match
|
|
73
|
+
|
|
74
|
+
```sql
|
|
75
|
+
WHERE page.[j:templateName] = 'home'
|
|
76
|
+
WHERE node.[jcr:title] = 'My Title'
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
### Pattern match
|
|
80
|
+
|
|
81
|
+
```sql
|
|
82
|
+
WHERE node.[jcr:title] LIKE '%keyword%'
|
|
83
|
+
WHERE node.[j:nodename] LIKE '%.png'
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
### Null checks
|
|
87
|
+
|
|
88
|
+
```sql
|
|
89
|
+
WHERE page.[jcr:title] IS NOT NULL
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
### Boolean
|
|
93
|
+
|
|
94
|
+
```sql
|
|
95
|
+
WHERE node.[j:published] = CAST('true' AS BOOLEAN)
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
### Date comparison
|
|
99
|
+
|
|
100
|
+
```sql
|
|
101
|
+
WHERE page.[jcr:lastModified] > CAST('2026-01-01T00:00:00.000Z' AS DATE)
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
Use the millisecond form `yyyy-MM-dd'T'HH:mm:ss.SSSX` for SQL2 date casts.
|
|
105
|
+
|
|
106
|
+
### Multiple conditions
|
|
107
|
+
|
|
108
|
+
```sql
|
|
109
|
+
WHERE ISDESCENDANTNODE(page, '/sites/luxe')
|
|
110
|
+
AND page.[jcr:lastModified] > CAST('2026-01-01T00:00:00.000Z' AS DATE)
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
### OR conditions
|
|
114
|
+
|
|
115
|
+
```sql
|
|
116
|
+
WHERE node.[jcr:primaryType] = 'jnt:bigText'
|
|
117
|
+
OR node.[jcr:primaryType] = 'jnt:article'
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
---
|
|
121
|
+
|
|
122
|
+
## Ordering
|
|
123
|
+
|
|
124
|
+
```sql
|
|
125
|
+
ORDER BY page.[jcr:lastModified] DESC
|
|
126
|
+
ORDER BY page.[jcr:created] ASC
|
|
127
|
+
ORDER BY node.[jcr:title]
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
Multiple columns:
|
|
131
|
+
|
|
132
|
+
```sql
|
|
133
|
+
ORDER BY page.[j:templateName] ASC, page.[jcr:lastModified] DESC
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
---
|
|
137
|
+
|
|
138
|
+
## Full-text search
|
|
139
|
+
|
|
140
|
+
### Search indexed content
|
|
141
|
+
|
|
142
|
+
```sql
|
|
143
|
+
WHERE CONTAINS(node.*, 'digital')
|
|
144
|
+
```
|
|
145
|
+
|
|
146
|
+
### Search one property
|
|
147
|
+
|
|
148
|
+
```sql
|
|
149
|
+
WHERE CONTAINS(node.[jcr:title], 'welcome')
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
### Expression syntax
|
|
153
|
+
|
|
154
|
+
| Syntax | Meaning |
|
|
155
|
+
|--------|---------|
|
|
156
|
+
| `term` | must contain the term |
|
|
157
|
+
| `term1 term2` | implicit AND |
|
|
158
|
+
| `term1 OR term2` | either term |
|
|
159
|
+
| `"exact phrase"` | exact phrase |
|
|
160
|
+
| `-term` | exclude term |
|
|
161
|
+
|
|
162
|
+
### Relevance sort
|
|
163
|
+
|
|
164
|
+
```sql
|
|
165
|
+
SELECT * FROM [jnt:content] AS n
|
|
166
|
+
WHERE ISDESCENDANTNODE(n, '/sites/luxe')
|
|
167
|
+
AND CONTAINS(n.*, 'digital')
|
|
168
|
+
ORDER BY SCORE(n) DESC
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
Combine full-text with path constraints for performance.
|
|
172
|
+
|
|
173
|
+
---
|
|
174
|
+
|
|
175
|
+
## Joins
|
|
176
|
+
|
|
177
|
+
```sql
|
|
178
|
+
SELECT * FROM [jnt:imageReferenceLink] AS img
|
|
179
|
+
INNER JOIN [jnt:file] AS file
|
|
180
|
+
ON img.[j:node] = file.[jcr:uuid]
|
|
181
|
+
WHERE img.[j:node] = 'UUID'
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
Jahia supports inner joins, but keep them focused and path-constrained whenever possible.
|
|
185
|
+
|
|
186
|
+
---
|
|
187
|
+
|
|
188
|
+
## Using SQL2 in Jahia code
|
|
189
|
+
|
|
190
|
+
### Template-set listing with `useJCRQuery`
|
|
191
|
+
|
|
192
|
+
```tsx
|
|
193
|
+
const posts = useJCRQuery({
|
|
194
|
+
query: `SELECT * FROM [namespace:blogPost] AS post
|
|
195
|
+
WHERE ISDESCENDANTNODE(post, '/sites/${siteKey}/contents/blog')
|
|
196
|
+
ORDER BY post.[publicationDate] DESC`,
|
|
197
|
+
});
|
|
198
|
+
```
|
|
199
|
+
|
|
200
|
+
### Java back-end query execution
|
|
201
|
+
|
|
202
|
+
```java
|
|
203
|
+
QueryManagerWrapper qm = session.getWorkspace().getQueryManager();
|
|
204
|
+
QueryWrapper query = qm.createQuery(sql2Statement, Query.JCR_SQL2);
|
|
205
|
+
query.setLimit(limit);
|
|
206
|
+
query.setOffset(offset);
|
|
207
|
+
JCRNodeIteratorWrapper nodes = query.execute().getNodes();
|
|
208
|
+
```
|
|
209
|
+
|
|
210
|
+
**Guardrail:** never embed `LIMIT` or `OFFSET` inside the SQL2 string. Use `setLimit()` and `setOffset()`.
|
|
211
|
+
|
|
212
|
+
---
|
|
213
|
+
|
|
214
|
+
## Security and validation
|
|
215
|
+
|
|
216
|
+
### Escape user input
|
|
217
|
+
|
|
218
|
+
In Java back-end code, escape user-provided values with `JCRContentUtils.sqlEncode()` before interpolating them into a SQL2 string.
|
|
219
|
+
|
|
220
|
+
```java
|
|
221
|
+
String safeValue = JCRContentUtils.sqlEncode(userInput);
|
|
222
|
+
```
|
|
223
|
+
|
|
224
|
+
### Validate dynamic sort fields
|
|
225
|
+
|
|
226
|
+
If a user can choose the sort field, validate it against a whitelist before interpolating it into `ORDER BY`.
|
|
227
|
+
|
|
228
|
+
---
|
|
229
|
+
|
|
230
|
+
## Performance best practices
|
|
231
|
+
|
|
232
|
+
1. Always constrain by path.
|
|
233
|
+
2. Use the most specific node type possible.
|
|
234
|
+
3. Keep result sets small.
|
|
235
|
+
4. Prefer indexed equality filters over broad `LIKE '%...%'` patterns.
|
|
236
|
+
5. Use full-text sparingly on large trees.
|
|
237
|
+
6. Sort on common indexed fields such as `jcr:lastModified` or `jcr:created`.
|
|
238
|
+
7. Cap API result limits to a sane maximum.
|
|
239
|
+
|
|
240
|
+
---
|
|
241
|
+
|
|
242
|
+
## Quick checklist
|
|
243
|
+
|
|
244
|
+
- [ ] Query has a path constraint
|
|
245
|
+
- [ ] Node type is specific
|
|
246
|
+
- [ ] Sort field is intentional and safe
|
|
247
|
+
- [ ] Full-text is combined with a subtree path
|
|
248
|
+
- [ ] Dates use `yyyy-MM-dd'T'HH:mm:ss.SSSX`
|
|
249
|
+
- [ ] Java code uses `setLimit()` and `setOffset()` instead of inline SQL clauses
|
|
250
|
+
|
|
251
|
+
---
|
|
252
|
+
|
|
253
|
+
## Related skills
|
|
254
|
+
|
|
255
|
+
- `/jahia-dev-query-content` — apply SQL2 inside Page Builder queries and JS module views
|
|
256
|
+
- `/jahia-dev-define-content-type` — define the content types you will query
|
|
257
|
+
- `/jahia-java-jcr` — implement back-end JCR logic around the query
|
|
258
|
+
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: jahia-review-java
|
|
3
|
+
description: Reviews a Jahia Java/backend module (or PoC) across 6 passes — security, code health, build/packaging, documentation drift, tests, and consolidation. Produces a prioritised finding report with concrete next steps. Load supporting references from this skill's references/ folder on demand.
|
|
4
|
+
allowed-tools: Bash, Read
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Skill: jahia-review-java
|
|
8
|
+
|
|
9
|
+
You are a senior Java/Jahia reviewer. Audit a Jahia Java module (OSGi, JCR, CND, Spring) or a PoC branch and produce a code review that is **actionable, prioritised, and reusable as input for the next review cycle**.
|
|
10
|
+
|
|
11
|
+
## What "good" looks like
|
|
12
|
+
|
|
13
|
+
1. **Security-first.** Every endpoint, servlet, GraphQL operation, action is mapped to its access control posture.
|
|
14
|
+
2. **Concise with a path forward.** Each finding names the problem, names the fix, names the effort. No hedging.
|
|
15
|
+
3. **No noise.** Style, formatting — out. Findings must survive "why does this matter for production?"
|
|
16
|
+
4. **Honest about uncertainty.** When you cannot verify a claim, say so and flag for the author.
|
|
17
|
+
5. **Reusable next cycle.** Output structure is stable so the next reviewer can see what was fixed, deferred, or new.
|
|
18
|
+
|
|
19
|
+
## Operating modes
|
|
20
|
+
|
|
21
|
+
Detect from context. Ask once if genuinely ambiguous.
|
|
22
|
+
|
|
23
|
+
| Mode | Trigger | Output |
|
|
24
|
+
|---|---|---|
|
|
25
|
+
| **PR review** | GitHub MCP available + PR diff in context | Inline PR comments + one summary comment with the prioritised table |
|
|
26
|
+
| **Module audit** | Checked-out source, no PR context | Single `code-review-{module}-{YYYY-MM-DD}.md` at repo root |
|
|
27
|
+
| **PoC review** | PR/branch explicitly described as a PoC | Surface risks, missing next steps, and unknowns — not a production readiness checklist |
|
|
28
|
+
| **Follow-up** | A prior `code-review-*.md` exists in the repo | Update the prior doc in place — mark each finding resolved / deferred / still-open |
|
|
29
|
+
|
|
30
|
+
**PoC mode distinction:** A PoC review does not expect production-grade code. Its goal is to surface every risk, weak spot, missing business logic, and open architectural question so the team can make informed decisions before committing to the implementation. Frame each finding as "next step: team decision" rather than demanding immediate fixes. The PoC owner is not expected to have all the answers.
|
|
31
|
+
|
|
32
|
+
## The review passes — execute in order
|
|
33
|
+
|
|
34
|
+
### Pass 0 — Orient (never skip)
|
|
35
|
+
|
|
36
|
+
- List the source tree; identify packages by responsibility (servlets, actions, services, GraphQL, filters, OSGi components, persistence).
|
|
37
|
+
- Read `pom.xml`, `AGENTS.md` (if present), `README.md`, all files under `docs/` and `.harness/`.
|
|
38
|
+
- Read every CND file; note declared node types, mixins, namespace.
|
|
39
|
+
- Identify SPI surface: `Export-Package` in `pom.xml`, public interfaces, `@ProviderType` annotations.
|
|
40
|
+
- Note prior reviews. If one exists, switch to follow-up mode.
|
|
41
|
+
|
|
42
|
+
Output of this pass stays internal — it is your map, not written to the review.
|
|
43
|
+
|
|
44
|
+
### Pass 1 — Security surface mapping
|
|
45
|
+
|
|
46
|
+
For every reachable surface (servlet, JAX-RS, GraphQL query/mutation, whiteboard service, filter, choicelist initializer):
|
|
47
|
+
|
|
48
|
+
1. **Who can reach it?** Guest / authenticated / role-gated / permission-gated / internal-only.
|
|
49
|
+
2. **What does it do?** Read, write, side-effect (email, HTTP, file I/O), admin operation.
|
|
50
|
+
3. **How is access enforced?** Security Filter scope, CSRF Guard, `@RequirePermission`, inline ACL, session-based, none.
|
|
51
|
+
4. **Is the posture documented?** A deliberate "unprotected because X" is acceptable. An undocumented gap is a finding.
|
|
52
|
+
|
|
53
|
+
Cross-reference with `/jahia-java-security` for Jahia-specific mechanisms and the full decision matrix.
|
|
54
|
+
|
|
55
|
+
### Pass 2 — Code health
|
|
56
|
+
|
|
57
|
+
Walk the implementation. Look for:
|
|
58
|
+
|
|
59
|
+
- **Layering violations.** Business logic in servlets. JCR access bypassing services. Presentation in the service layer.
|
|
60
|
+
- **Oversized classes.** One class doing 5+ jobs. Each responsibility is a candidate for extraction.
|
|
61
|
+
- **Reinvention.** Hand-rolled encoding, escaping, date parsing where `java.time`, Commons Lang, or Guava would do it.
|
|
62
|
+
- **Overdesign.** Premature abstraction with one implementation. SPI hooks no consumer exists for. Factory+builder+strategy for a 30-line operation. Flag P3 unless it blocks understanding.
|
|
63
|
+
- **Concurrency.** Mutable fields in `@Component` services without `volatile`. Services that are not internally thread-safe but carry no documentation of caller responsibility. Read-then-act DB patterns (`SELECT MAX` + `INSERT` without serialisation). Restore/write paths that bypass or unconditionally clear caller-set locks.
|
|
64
|
+
- **Persistence anti-patterns.** N+1 queries. Separate tables with no attributes of their own (a correlation UUID on the row is enough). Application-managed counters instead of DB-native auto-increment. Multiple independent `Instant.now()` calls in the same logical operation (timestamp drift). Transactional asymmetry between SQL and JCR commits.
|
|
65
|
+
- **Error handling.** Swallowed exceptions. Fail-open on infrastructure errors. Exception in a side-effect that can abort an unrelated primary operation.
|
|
66
|
+
- **TODOs and leftovers.** `TODO`, `FIXME`, `XXX`, commented-out code. Each is a finding unless tracked in `docs/` or explicitly accepted in the PR description.
|
|
67
|
+
- **Dead payload fields.** Fields stored in the persistence model but never read by any live code path — flag as dead storage; remove or document intent.
|
|
68
|
+
- **Diff/delta engine gaps.** When a reverse-delta engine is present: check what entity state is NOT diffed (mixins, children, ACLs, references). Verify empty-diff short-circuits to avoid phantom versions. Verify old-value storage is actually consumed by the apply path.
|
|
69
|
+
- **Service locator anti-pattern.** `SpringContextSingleton.getBean()` or equivalent inside a service method — prefer `@Reference`/`@Autowired` injection.
|
|
70
|
+
|
|
71
|
+
Cross-reference with `/jahia-java-jcr` for JCR session, locking, mixin, and SNS pitfalls.
|
|
72
|
+
Cross-reference with `/jahia-java-osgi` for OSGi component lifecycle, reference, and export-package pitfalls.
|
|
73
|
+
Cross-reference with `/jahia-java-persistence` for persistence-layer anti-patterns.
|
|
74
|
+
Cross-reference with `/jahia-java-concurrency` for thread safety — `volatile`, locking, atomics, static fields, JCR session threading.
|
|
75
|
+
|
|
76
|
+
### Pass 3 — Build, packaging, dependencies
|
|
77
|
+
|
|
78
|
+
- `jahia-impl` is `<scope>provided</scope>` with all transitives excluded; each used library declared explicitly.
|
|
79
|
+
- `Export-Package` lists only SPI surface, not implementation packages.
|
|
80
|
+
- Embedded libraries are commented in the POM with a *why*.
|
|
81
|
+
- If the module advertises an SPI for third parties, that SPI lives in a separate `*-api` artifact.
|
|
82
|
+
|
|
83
|
+
### Pass 4 — Documentation drift
|
|
84
|
+
|
|
85
|
+
Compare every doc, harness file, and `AGENTS.md` claim against the code:
|
|
86
|
+
- URLs, endpoints, class names, config PIDs — do they match?
|
|
87
|
+
- "Not yet implemented" claims for code that is in fact implemented.
|
|
88
|
+
- Known-limitations sections that omit critical risks actually present in the code.
|
|
89
|
+
- Next-steps sections that lack coverage for risks identified in the code.
|
|
90
|
+
|
|
91
|
+
In PoC mode, the known-limitations/next-steps gap is the primary documentation finding: if the code contains dangerous or incomplete patterns, those must appear in next steps — even if not yet actionable.
|
|
92
|
+
|
|
93
|
+
### Pass 5 — Tests
|
|
94
|
+
|
|
95
|
+
1. Is there a `src/test/` directory? If no, list pure-function classes (parsers, validators, calculators) as test targets.
|
|
96
|
+
2. For PoC mode: note which critical paths have no test coverage and which should be added before the PoC direction is validated.
|
|
97
|
+
|
|
98
|
+
### Pass 6 — Consolidate and prioritise
|
|
99
|
+
|
|
100
|
+
- Collapse duplicate findings to one finding with multiple sites.
|
|
101
|
+
- Assign severity using the four-level scale below.
|
|
102
|
+
- Assign effort: XS (<1h), S (<half day), M (<2 days), L (more).
|
|
103
|
+
- Sort by severity within sections. Build the prioritised summary table.
|
|
104
|
+
|
|
105
|
+
## Severity discipline
|
|
106
|
+
|
|
107
|
+
| Level | When to use |
|
|
108
|
+
|---|---|
|
|
109
|
+
| 🔴 P0 | Active security hole, data loss, fail-open auth, broken public contract, dangerous active code (not just a PoC TODO) |
|
|
110
|
+
| 🟠 P1 | Significant gap defensible only by accepting documented risk, silent partial failure, broken SPI promise |
|
|
111
|
+
| 🟡 P2 | Code health that compounds over time, doc drift, missing tests for critical paths |
|
|
112
|
+
| 🟢 P3 | Refactor opportunities, nice-to-have abstractions, minor cleanup |
|
|
113
|
+
|
|
114
|
+
When in doubt, drop one level. Inflated severity loses the reader's trust.
|
|
115
|
+
|
|
116
|
+
## Output
|
|
117
|
+
|
|
118
|
+
Read `references/code-review-output.md` before writing. It defines section order, finding template, and summary table schema.
|
|
119
|
+
|
|
120
|
+
Two non-negotiable rules:
|
|
121
|
+
1. **Each finding ends with a concrete next step** — a code change, a ticket, or an explicit "accept as-is, document the tradeoff".
|
|
122
|
+
2. **Surface honest doubts.** When you cannot verify a claim, say so. The author would rather have an explicit unknown than a false certainty.
|
|
123
|
+
|
|
124
|
+
## What not to do
|
|
125
|
+
|
|
126
|
+
- Do not lecture. The reader is a senior engineer.
|
|
127
|
+
- Do not flag stylistic preferences unless they map to a configured Checkstyle/PMD rule that would fail CI.
|
|
128
|
+
- Do not invent line numbers. Use `ClassName#methodName` as anchors.
|
|
129
|
+
- Do not pad. If a section has no findings, write "No findings."
|
|
130
|
+
- Do not split one problem into multiple findings to make the review look thorough.
|
|
131
|
+
- In PoC mode: do not demand answers the PoC owner cannot yet have. Frame open questions as "next step: team decision" or "add a story".
|