// Comprehensive code review for Java - clean code principles, API contracts, null safety, exception handling, and performance. Use when user says "review code", "refactor", "check API", or before merging changes.
Java logging best practices with SLF4J, structured logging (JSON), and MDC for request tracing. Includes AI-friendly log formats for Claude Code debugging. Use when user asks about logging, debugging application flow, or analyzing logs.
JPA/Hibernate patterns and common pitfalls (N+1, lazy loading, transactions, queries). Use when user has JPA performance issues, LazyInitializationException, or asks about entity relationships and fetching strategies.
Common design patterns with Java examples (Factory, Builder, Strategy, Observer, Decorator, etc.). Use when user asks "implement pattern", "use factory", "strategy pattern", or when designing extensible components.
Spring Boot 3.x development - REST APIs, JPA, Security, Testing, and Cloud-native patterns. Use for building enterprise Java applications with Spring Boot.
| name | code-quality |
| description | Comprehensive code review for Java - clean code principles, API contracts, null safety, exception handling, and performance. Use when user says "review code", "refactor", "check API", or before merging changes. |
Systematic code review combining clean code principles, API design, and Java best practices.
Violation:
// ❌ Duplicated validation logic
public void createUser(UserRequest req) {
if (req.getEmail() == null || !req.getEmail().contains("@")) {
throw new ValidationException("Invalid email");
}
}
public void updateUser(UserRequest req) {
if (req.getEmail() == null || !req.getEmail().contains("@")) {
throw new ValidationException("Invalid email");
}
}
Fix:
// ✅ Single source of truth
public class EmailValidator {
public void validate(String email) {
if (email == null || !email.contains("@")) {
throw new ValidationException("Invalid email");
}
}
}
Violation:
// ❌ Over-engineered
public interface UserFactory {
User createUser();
}
public class ConcreteUserFactory implements UserFactory {
public User createUser() { return new User(); }
}
Fix:
// ✅ Simple
public User createUser() { return new User(); }
Violation:
// ❌ Premature abstraction
public class ConfigurableUserServiceFactoryProvider { }
Fix:
// ✅ Implement when actually needed
public class UserService { }
| Verb | Use For | Idempotent | Safe |
|---|---|---|---|
| GET | Retrieve resource | Yes | Yes |
| POST | Create new resource | No | No |
| PUT | Replace entire resource | Yes | No |
| PATCH | Partial update | No* | No |
| DELETE | Remove resource | Yes | No |
Common Mistakes:
// ❌ POST for retrieval
@PostMapping("/users/search")
public List<User> search(@RequestBody SearchCriteria criteria) { }
// ✅ GET with query params
@GetMapping("/users")
public List<User> search(@RequestParam String name) { }
// ❌ GET for state change
@GetMapping("/users/{id}/activate")
public void activate(@PathVariable Long id) { }
// ✅ POST/PATCH for state change
@PostMapping("/users/{id}/activate")
public ResponseEntity<Void> activate(@PathVariable Long id) { }
// ✅ URL path versioning (recommended)
@RestController
@RequestMapping("/api/v1/users")
public class UserControllerV1 { }
// ❌ No versioning
@RequestMapping("/users") // Breaking changes affect all clients
| Code | Use Case | Example |
|---|---|---|
| 200 OK | Successful GET/PUT/PATCH | Found resource |
| 201 Created | Successful POST | New resource created |
| 204 No Content | Successful DELETE | Resource deleted |
| 400 Bad Request | Validation failure | Invalid input |
| 404 Not Found | Resource doesn't exist | User not found |
| 409 Conflict | State conflict | Duplicate email |
| 500 Server Error | Unexpected error | Database down |
// ❌ Exposing JPA entity
@GetMapping("/{id}")
public User getUser(@PathVariable Long id) {
return userRepository.findById(id).get(); // Exposes internals, N+1 risk
}
// ✅ Use DTO
@GetMapping("/{id}")
public UserResponse getUser(@PathVariable Long id) {
return userService.findById(id); // Returns DTO
}
Check for:
// ❌ NPE risk
String name = user.getName().toUpperCase();
// ✅ Safe with Optional
String name = Optional.ofNullable(user.getName())
.map(String::toUpperCase)
.orElse("");
// ✅ Safe with early return
if (user.getName() == null) return "";
return user.getName().toUpperCase();
Flags:
Optional.get() without isPresent()null instead of Optional or empty collection@Nullable/@NonNull on public APIsCheck for:
// ❌ Swallowing exceptions
try {
process();
} catch (Exception e) { } // Silent failure
// ❌ Losing stack trace
catch (IOException e) {
throw new RuntimeException(e.getMessage()); // Lost context
}
// ✅ Proper handling
catch (IOException e) {
log.error("Failed to process file: {}", filename, e);
throw new ProcessingException("File processing failed", e);
}
Flags:
Exception or Throwable (too broad)Check for:
// ❌ Resource leak
FileInputStream fis = new FileInputStream(file);
String content = read(fis);
fis.close(); // Won't execute if read() throws
// ✅ Try-with-resources
try (FileInputStream fis = new FileInputStream(file)) {
return read(fis);
} // Auto-closed
Check for:
// ❌ Missing transaction
public void createUser(UserRequest request) {
User user = new User();
userRepository.save(user);
roleRepository.save(new Role(user)); // Two separate transactions
}
// ✅ Proper transaction
@Transactional
public void createUser(UserRequest request) {
User user = new User();
userRepository.save(user);
roleRepository.save(new Role(user)); // Single atomic transaction
}
Good:
// ✅ Clear intent
public List<User> findActiveUsersByRole(String role) { }
public boolean isEmailValid(String email) { }
public void activateUser(Long userId) { }
Bad:
// ❌ Unclear
public List<User> get(String s) { }
public boolean check(String str) { }
public void doStuff(Long id) { }
Check for:
// ❌ N+1 query problem
List<User> users = userRepository.findAll();
for (User user : users) {
List<Order> orders = orderRepository.findByUserId(user.getId()); // N queries
}
// ✅ Join fetch
@Query("SELECT u FROM User u LEFT JOIN FETCH u.orders")
List<User> findAllWithOrders();
// ❌ Loading all data
List<User> allUsers = userRepository.findAll(); // Could be millions
// ✅ Pagination
Page<User> users = userRepository.findAll(PageRequest.of(0, 20));
## Code Review: [Component/Feature Name]
### Critical Issues
- **Null safety violation** (UserService.java:42) - `user.getName().toUpperCase()` can NPE. Use Optional or null check.
- **Resource leak** (FileHandler.java:15) - FileInputStream not closed. Use try-with-resources.
### Important Improvements
- **API design** - POST used for idempotent update (UserController.java:28). Use PUT instead.
- **Transaction missing** - Multi-step operation needs @Transactional (OrderService.java:56).
- **N+1 query** - Loop fetches orders individually (line 89). Use JOIN FETCH.
### Code Smells
- **Long method** - extractUserData() is 80 lines. Consider extracting sub-methods.
- **Magic number** - Use named constant instead of `86400` (line 123).
- **Inconsistent naming** - Mix of camelCase and snake_case in variables.
### Good Practices Observed
- ✅ Constructor injection used throughout
- ✅ DTOs properly separate from entities
- ✅ Comprehensive validation on all endpoints
- ✅ Good test coverage (87%)
| Category | Red Flags |
|---|---|
| Null Safety | Chained calls, Optional.get(), returning null |
| Exceptions | Empty catch, broad catch, lost stack trace |
| Resources | Manual close(), missing try-with-resources |
| API Design | Wrong HTTP verb, no versioning, entity exposure |
| Transactions | Multi-step writes without @Transactional |
| Performance | N+1 queries, loading all data, missing indexes |
| Clean Code | Code duplication, magic numbers, unclear names |