菜单
Use before opening PRs, after major refactoring, or pre-deployment for Spring Boot verification. Do NOT use for writing tests (use springboot-tdd), security implementation (use springboot-security), or general patterns (use springboot-patterns).
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Use when GenOS 작업에서 얻은 재사용 가능한 지식(플랫폼 패턴·함정·고객사 결정)을 개인 Obsidian vault(Projects/GenonAI)에 기록할 가치가 생겼거나, GenOS 작업 맥락에서 사용자가 "지식 캡처", "vault에 정리/기록", "MOC", "읽는 순서", "field note", "/genos-knowledge-capture"를 요청할 때 사용. Do NOT use for: GenOS와 무관한 노트, 웹 리서치 기반 일반 개념 노트, 단순 진행상황·세션 상태.
Use when user says "wiki compile", "위키 컴파일", "raw 정리", "지식 컴파일", "소스 컴파일", or wants to compile raw sources into a structured wiki. Do NOT use for individual note creation (use obsidian-note) or vault maintenance (use vault-linter).
Use when user says "vault lint", "노트 점검", "vault 정리", "orphan notes", "링크 점검", or wants to check Obsidian vault health. Do NOT use for individual note creation (use obsidian-note) or tag management (use til-tagger).
Create Excalidraw diagram JSON files that make visual arguments. Use when the user wants to visualize workflows, architectures, or concepts. Use when user says "다이어그램", "diagram", "excalidraw", "시각화", "아키텍처 그려". Do NOT use for Mermaid diagrams or draw.io.
Use when user mentions "Obsidian", "옵시디언", "write as note", "save to notes", "노트로 저장", or /obsidian-note command. Do NOT use for TIL (use til), YouTube notes (use youtube-summarizer), GenOS 작업 지식 캡처 (use genos-knowledge-capture), or deep/team/multi-angle note research (use agentic-notes).
Use when the user asks to create an Obsidian note with an agent team, deep research, strict verification, multiple angles, or phrases like "팀으로 조사해서 노트", "깊게 조사해서 옵시디언 노트", "/agentic-notes", "--team", "--verify strict", or "--deep". Do NOT use for a simple one-shot Obsidian note; use obsidian-note instead.
| name | springboot-verification |
| description | Use before opening PRs, after major refactoring, or pre-deployment for Spring Boot verification. Do NOT use for writing tests (use springboot-tdd), security implementation (use springboot-security), or general patterns (use springboot-patterns). |
| paths | **/*.java, **/build.gradle*, **/pom.xml |
PR, 배포 전 검증 파이프라인. 빌드 → 정적분석 → 테스트+커버리지 → 보안스캔 → diff 리뷰.
# Maven
mvn -T 4 clean verify -DskipTests
# Gradle
./gradlew clean assemble -x test
빌드 실패 시 중단. 컴파일 에러, 리소스 누락 먼저 해결.
# 개별 실행
mvn spotbugs:check
mvn pmd:check
mvn checkstyle:check
# 한번에
mvn -T 4 spotbugs:check pmd:check checkstyle:check
./gradlew checkstyleMain pmdMain spotbugsMain
# System.out.println (logger 사용해야 함)
grep -rn "System\.out\.print" src/main/ --include="*.java"
# Raw exception messages in responses (정보 유출)
grep -rn "e\.getMessage()" src/main/ --include="*.java" | grep -i "response\|body\|return"
# TODO/FIXME left behind
grep -rn "TODO\|FIXME\|HACK\|XXX" src/main/ --include="*.java"
# Wildcard imports
grep -rn "import .*\.\*;" src/main/ --include="*.java"
# Maven
mvn -T 4 test
mvn jacoco:report
# Report: target/site/jacoco/index.html
# Gradle
./gradlew test jacocoTestReport
# Report: build/reports/jacoco/test/html/index.html
# Maven — fails if < 80%
mvn jacoco:check
# Check coverage summary
cat target/site/jacoco/jacoco.csv | head -5
실패한 테스트가 있으면:
# Maven (OWASP Dependency Check)
mvn org.owasp:dependency-check-maven:check
# Report: target/dependency-check-report.html
# Gradle
./gradlew dependencyCheckAnalyze
# Hardcoded passwords
grep -rn 'password\s*=\s*"' src/ --include="*.java" --include="*.yml" --include="*.properties"
# API keys and secrets
grep -rn 'sk-\|api_key\|secret\s*=' src/ --include="*.java" --include="*.yml"
# Git history secrets (if git-secrets configured)
git secrets --scan
# Wildcard CORS (production 금지)
grep -rn 'allowedOrigins.*"\*"' src/main/ --include="*.java"
# CSRF disabled without comment/justification
grep -rn 'csrf.*disable' src/main/ --include="*.java"
# Field injection (@Autowired on fields)
grep -rn '@Autowired' src/main/ --include="*.java" | grep -v "constructor\|param"
# Spotless (Maven)
mvn spotless:check # Verify only
mvn spotless:apply # Auto-fix
# Spotless (Gradle)
./gradlew spotlessCheck
./gradlew spotlessApply
git diff --stat
git diff
System.out, unguarded log.debug)VERIFICATION REPORT
===================
Build: [PASS/FAIL]
Static: [PASS/FAIL] (spotbugs/pmd/checkstyle findings: N)
Tests: [PASS/FAIL] (X/Y passed, Z% line coverage)
Security: [PASS/FAIL] (CVE critical: N, high: N)
Format: [PASS/SKIP]
Diff: [X files changed, +Y/-Z lines]
Overall: [READY / NOT READY]
Issues to Fix:
1. ...
2. ...
풀 파이프라인이 무거울 때, 빠른 피드백 루프:
# Maven — build + test only
mvn -T 4 test
# + spotbugs만
mvn -T 4 test spotbugs:check
# Gradle
./gradlew test spotbugsMain
대규모 변경이나 PR 전에는 반드시 전체 파이프라인 실행.
| Topic | Skill |
|---|---|
| Test 작성 방법 (MockMvc, Mockito) | springboot-tdd |
| Security 구현 | springboot-security |
| JPA 테스트 (DataJpaTest, Testcontainers) | jpa-patterns |
| Core Spring Boot 패턴 | springboot-patterns |
| 병합 전 다축 코드 리뷰 (correctness/security/perf) | code-review |