Java Style Guide
Apply this checklist when writing or reviewing Java code.
Trigger Reference
- •Use
references/trigger-matrix.mdas the canonical trigger and co-activation matrix. - •Resolve skill activation from changed files with
python3 scripts/resolve_style_guides.py <changed-path>...when automation is available. - •Validate trigger matrix consistency with
python3 scripts/validate_trigger_matrix_sync.py.
Architecture and layering
Quality Gate Reference
- •Use
references/quality-gate-command-matrix.mdfor CI check-only vs local autofix command mapping.
- •Keep clean dependency direction: domain -> application -> infrastructure.
- •Keep controllers/resources thin and delegate business logic to services.
- •Isolate integration concerns (DB, HTTP, queues) behind clear adapters.
- •Keep modules cohesive and avoid utility classes that become dumping grounds.
Naming and structure
- •Use standard Java naming (
UpperCamelCaseclasses,lowerCamelCasefields/methods). - •Keep methods focused and short; extract intent-revealing helper methods.
- •Use
static finalconstants for fixed values; include units in names (CACHE_TTL_SECONDS). - •Prefer composition over deep inheritance unless polymorphism is essential.
Types and data modeling
- •Use explicit types and generics; avoid raw types.
- •Prefer immutable DTO/value objects where possible.
- •Model boundary payloads with dedicated classes, not generic maps.
- •Validate object invariants at construction time.
Exceptions and failure handling
- •Throw domain-specific exceptions with actionable context.
- •Catch exceptions at service/API boundaries and map to stable error responses.
- •Avoid broad
catch (Exception)except for mandatory boundary handling. - •Preserve root cause (
throw new XException("...", cause)). - •Do not hide failures behind fallback logic without explicit business requirement.
Configuration and environment
- •Bind configuration into typed classes (
@ConfigurationProperties, equivalent). - •Validate required configuration during startup and fail fast when missing.
- •Do not provide silent default values for required environment variables.
- •Store secrets outside code and avoid logging them.
Security and compliance
- •Validate and sanitize all untrusted input.
- •Use parameterized queries/ORM APIs; never construct SQL by concatenation.
- •Enforce authorization at entry points and sensitive operations.
- •Avoid exposing internal stack traces or sensitive fields to clients.
Performance and scalability
- •Measure with profiling before optimization.
- •Avoid N+1 queries and repeated remote calls in loops.
- •Use pagination/streaming for large result sets.
- •Set explicit timeouts/retries for outbound network calls.
Testing and verification
- •Add unit tests for domain logic and integration tests for adapters.
- •Cover edge cases: invalid inputs, null handling, timeout, concurrency.
- •Add regression tests for bug fixes.
- •Document manual verification when automation is unavailable.
Observability and operations
- •Use structured logging with trace/request IDs.
- •Emit metrics for latency, failures, and dependency health.
- •Keep error codes stable and actionable for operations.
- •Ensure readiness/liveness checks reflect dependency state.
CI required quality gates (check-only)
- •Run project check-only formatter/lint (
spotlessCheck,checkstyle, or equivalent). - •Run static analysis (
errorprone,spotbugs, or configured equivalent). - •Run automated tests (
./gradlew testormvn test). - •Reject changes that degrade type safety or mask failures.
Optional autofix commands (local)
- •Run formatter autofix (
spotlessApply, or project equivalent) and then re-run checks.