If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/baomidou/mybatis-plus shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across all four use cases

• Last commit 1d ago
• 10 active contributors
• Apache-2.0 licensed
• CI configured
• Tests present
• ⚠ Single-maintainer risk — top contributor 81% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live baomidou/mybatis-plus repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/baomidou/mybatis-plus.

What it runs against: a local clone of baomidou/mybatis-plus — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in baomidou/mybatis-plus | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch 3.0 exists | Catches branch renames | | 4 | Last commit ≤ 31 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of baomidou/mybatis-plus. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/baomidou/mybatis-plus.git
#   cd mybatis-plus
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of baomidou/mybatis-plus and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "baomidou/mybatis-plus(\\.git)?\\b" \\
  && ok "origin remote is baomidou/mybatis-plus" \\
  || miss "origin remote is not baomidou/mybatis-plus (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify 3.0 >/dev/null 2>&1 \\
  && ok "default branch 3.0 exists" \\
  || miss "default branch 3.0 no longer exists"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 31 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/baomidou/mybatis-plus"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

MyBatis-Plus is a powerful enhanced toolkit that wraps MyBatis (the Java ORM framework) to dramatically reduce boilerplate code for database operations. It provides auto-generated CRUD interfaces, a fluent Lambda-based query builder (wrapper), automatic pagination, multiple primary key generation strategies, and code generation capabilities—letting developers write minimal SQL while maintaining full MyBatis compatibility. Multi-module monorepo structure: mybatis-plus-annotation/ contains the core annotations (@TableName, @TableId, @TableField, etc.) that define the mapping layer; core framework modules extend this with code generation, pagination, query builders, and interceptors. Gradle build system (build.gradle, gradle/) manages 21+ Java version compilation and publishes to Maven Central. FreeMarker templates (12KB) drive code generation.

Java backend developers building Spring Boot applications who use MyBatis for data persistence but want to eliminate repetitive CRUD code, conditional query building, and manual mapper XML. Teams looking for rapid database-layer development without sacrificing fine-grained SQL control.

Highly mature and production-ready. This is a flagship open-source project (3.4M+ lines of Java code, active on GitHub/Gitee with significant star count) with well-established CI/CD pipelines (.github/workflows/gradle.yml, publish.yml), comprehensive gradle-based build system, and support for multiple Spring Boot versions (2.7.x, 3.x, 4.x). Active maintenance evidenced by version pinning (Spring Boot 3.5.9, 4.0.1, MyBatis 3.5.19) and enterprise adoption.

Low risk for stable projects. The framework is dependency-heavy by design (MyBatis, Spring, multiple dialect support) but well-vetted. Primary risks: (1) Breaking changes across major versions (check CHANGELOG.md before upgrading), (2) tight coupling to Spring Boot versions (supported versions explicitly managed in gradle.properties), (3) enterprise-grade competitors (Hibernate, JPA) exist with different trade-offs. Single maintainer risk is mitigated by large community (Gitee mirrors available).

The project is actively maintained with support for modern Java/Spring ecosystem: Java 21 compilation target (gradle.properties), Spring Boot 4.0.1 support added, MyBatis 3.5.19 pinned. Recent efforts focus on multi-version Spring Boot compatibility (multiple -boot-starter variants) and code generation improvements. Dependabot configured for dependency updates.

Clone the repository: git clone https://github.com/baomidou/mybatis-plus.git && cd mybatis-plus. Build with Gradle: ./gradlew build (or gradlew.bat build on Windows). The build system uses Java 21 (set JAVA_HOME accordingly). No external services required; unit tests run in-process.

Daily commands: No traditional dev server. This is a library, not an application. To test locally: ./gradlew test runs unit tests across all modules. To use in a project: build and publish to local Maven repo with ./gradlew publishToMavenLocal, then reference in your Spring Boot app's pom.xml or build.gradle.

• mybatis-plus-annotation/src/main/java/com/baomidou/mybatisplus/annotation/TableName.java: Core annotation that maps Java entities to database tables; every MP entity needs this—defines the foundation of the mapping layer
• mybatis-plus-annotation/src/main/java/com/baomidou/mybatisplus/annotation/TableId.java: Declares primary key fields and links to IdType strategy (auto-increment, UUID, sequence, etc.); essential for CRUD operations
• mybatis-plus-annotation/src/main/java/com/baomidou/mybatisplus/annotation/FieldStrategy.java: Controls how fields are included in INSERT/UPDATE/SELECT—critical for handling NULL values and soft deletes via TableLogic
• mybatis-plus-annotation/src/main/java/com/baomidou/mybatisplus/annotation/IdType.java: Enum driving primary key generation: AUTO, INPUT, ASSIGN_ID (snowflake), UUID, SEQUENCE, etc.—determines ID allocation strategy
• mybatis-plus-annotation/src/main/java/com/baomidou/mybatisplus/annotation/TableLogic.java: Enables logical/soft delete by marking a field as the delete flag; queries automatically filter deleted records—common enterprise pattern
• build.gradle: Master build configuration; defines all module dependencies, Java 21 target, and publishes to Maven Central—modify for version bumps or new modules
• .github/workflows/gradle.yml: CI pipeline running tests on push; failure here blocks merges—check for flaky tests or env issues

Start here based on change type: (1) Core annotations or enum values: mybatis-plus-annotation/src/main/java/com/baomidou/mybatisplus/annotation/ (e.g., IdType.java, FieldFill.java); (2) Code generation templates: look for .ftl (FreeMarker) files in core modules; (3) Dialect-specific SQL: search for DbType enum branches (DbType.java); (4) Query builder logic: likely in mybatis-plus-core module (not shown but standard structure). Update CHANGELOG.md with changes. Follow MPCodeStyle.xml for formatting.

(1) Java 21 required: JAVA_HOME must point to JDK 21+; older JDK versions will fail gradle build. (2) Multi-version Spring Boot support requires careful testing—each mybatis-plus-spring-boot-*-starter targets a specific Spring Boot version; mismatched versions cause classpath conflicts. (3) FreeMarker code generation expects specific input (template variables, dialect info); incorrect CodeGenerator config produces malformed SQL. (4) Soft deletes via @TableLogic are automatic but require explicit configuration; if not set, delete operations are physical not logical. (5) Interceptor plugin ordering matters—multiple interceptors can conflict if not chained correctly in plugins property.

• Query Wrapper (Fluent API / Conditional Query Builder) — Core MP pattern—replaces manual WHERE clause construction with type-safe Lambda-based chaining; prevents SQL injection and dramatically reduces mapper XML verbosity
• Primary Key Strategy (IdType) — MP abstracts multi-dialect ID generation (auto-increment, UUID, Snowflake, sequence); understanding IdType enum is critical for distributed systems and cross-database portability
• Field Strategy (INSERT_UPDATE / IGNORED / NOT_NULL) — Controls selective column inclusion in DML statements—essential for handling NULL values, default columns, and avoiding unnecessary UPDATE statements in high-frequency writes
• Logical Delete (Soft Delete via @TableLogic) — Implements soft-delete pattern where DELETE becomes UPDATE + flag; automatic query filtering requires special handling in code—misunderstanding causes data visibility bugs
• Interceptor Plugin Chain (MyBatis PluginInterceptor) — MP hooks into MyBatis' plugin chain for pagination, SQL rewriting, and audit logging; interceptor order and method signature matter for correct execution
• Database Dialect Abstraction (DbType enum) — MP generates database-specific SQL for pagination (LIMIT vs OFFSET, ROWNUM, etc.) and sequences; DbType determines correct dialect at runtime without manual query changes
• Active Record Pattern — Alternative to BaseMapper injection—entities inherit database operations directly (user.insert(), user.update()); popular in rapid prototyping but less testable than dependency injection

• baomidou/mybatis-plus-samples — Official example projects demonstrating MP usage patterns (Spring Boot integration, code generation, query wrapper examples) across multiple Spring Boot versions
• baomidou/generator — Standalone code generator repo for MyBatis-Plus; generates entity, mapper, and service classes from database schema—often used alongside core MP library
• baomidou/awesome-mybatis-plus — Curated showcase of real-world projects using MyBatis-Plus; demonstrates ecosystem adoption and provides reference implementations
• mybatis/mybatis-3 — The underlying MyBatis framework that MP extends; essential to understand core SqlSession, mapper interfaces, and PluginInterceptor chain
• spring-projects/spring-boot — Spring Boot auto-configuration framework that MP integrates with via mybatis-plus-boot-starter modules; configuration discovery and bean registration happens here

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive unit tests for MybatisMapperAnnotationBuilder and related core classes

The mybatis-plus-core module contains critical infrastructure classes like MybatisMapperAnnotationBuilder, MybatisMapperRegistry, and MybatisMethodResolver that lack visible test coverage in the provided file structure. These classes are central to the plugin's functionality of intercepting and enhancing MyBatis mappers. Adding thorough unit tests would improve code reliability, catch regressions early, and serve as documentation for how the annotation processing pipeline works.

• [ ] Create mybatis-plus-core/src/test/java/com/baomidou/mybatisplus/core/MybatisMapperAnnotationBuilderTest.java with tests for annotation parsing and SQL generation
• [ ] Add tests for MybatisMethodResolver in mybatis-plus-core/src/test covering method resolution edge cases
• [ ] Create integration tests for MybatisMapperRegistry to verify mapper registration and bean lifecycle
• [ ] Add parameterized tests for MybatisConfiguration with different database types (DbType enum values)

Add GitHub Actions workflow for multi-version dependency matrix testing

The gradle.properties shows support for multiple Spring and Spring Boot versions (2.7.18, 3.5.9, 4.0.1) and MyBatis versions (3.5.19), but only a basic gradle.yml workflow exists. Adding a matrix-based CI workflow would ensure compatibility across these versions is maintained and catch breaking changes early. This is critical for a widely-used library that supports multiple dependency trees.

• [ ] Extend .github/workflows/gradle.yml to include a matrix strategy testing against Spring Boot 2.7.x, 3.x, and 4.x
• [ ] Add matrix testing for MyBatis 3.5.x versions
• [ ] Configure the workflow to run tests with Java 21 (as specified in configuration.javaVersion)
• [ ] Add conditional steps to validate compatibility with different IdType and DbType combinations

Create missing documentation for annotation features in specific guide files

While README.md and README-zh.md exist, there's no dedicated documentation for the extensive annotation system (TableName, TableField, TableId, TableLogic, Version, OrderBy, KeySequence, etc.) in mybatis-plus-annotation/src/main/java. Creating a comprehensive annotation reference guide would help users leverage these powerful features correctly and reduce support questions.

• [ ] Create docs/ANNOTATIONS.md documenting each annotation class with examples (TableName, TableField, TableId, TableLogic, Version, OrderBy)
• [ ] Add examples showing FieldFill strategies and their use cases
• [ ] Document IdType options and when to use ASSIGN_ID vs ASSIGN_UUID vs AUTO vs custom strategies
• [ ] Include examples of InterceptorIgnore annotation for advanced use cases and performance tuning

• Add missing unit tests for the EnumValue annotation handler—currently only .java stubs exist in mybatis-plus-annotation/ but no test coverage for enum type serialization under various database dialects (MySQL vs PostgreSQL vs Oracle)
• Expand the OrderBy annotation documentation and add example test cases showing multi-field sorting with ASC/DESC combinations; currently the annotation exists but the integration test coverage is minimal
• Write FreeMarker code generation tests for edge cases: entity names with reserved SQL keywords, fields with non-ASCII characters, and generated mapper XML validation against multiple MyBatis versions (3.5.x range)

• High · Outdated Spring Framework Dependencies — build.gradle - springVersion = '5.3.39', springBootVersion = '2.7.18'. The project uses Spring 5.3.39 and Spring Boot 2.7.18, which are approaching end-of-life. Spring Framework 5.x reached end of support on December 31, 2024, and Spring Boot 2.7.x will reach EOL on December 31, 2024. These versions may contain unpatched security vulnerabilities. Fix: Upgrade to Spring Framework 6.x and Spring Boot 3.x (3.5.9 is available) or the latest 4.0.1 version to receive ongoing security patches.
• Medium · Outdated Kotlin Dependencies — build.gradle - kotlin-reflect and kotlin-stdlib-jdk8: 2.1.0. Kotlin version 2.1.0 should be verified against the current stable release. Older Kotlin versions may have known vulnerabilities or missing security fixes. Fix: Verify that Kotlin 2.1.0 is the latest stable version and update if newer versions are available. Check Kotlin security advisories.
• Medium · Outdated AspectJ Weaver — build.gradle - aspectjweaver: 1.9.22.1. AspectJ weaver version 1.9.22.1 is relatively recent but should be monitored for security updates, as it's a commonly used reflection/bytecode manipulation library that could be a vector for security issues. Fix: Regularly monitor AspectJ releases for security patches and update promptly when security advisories are released.
• Medium · Potential SQL Injection Risk in Query Building — mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/conditions/. The codebase contains query building utilities (AbstractWrapper, AbstractLambdaWrapper, ISqlSegment) that construct SQL dynamically. Without proper parameterization validation, these could be vulnerable to SQL injection if user input is not properly sanitized. Fix: Ensure all SQL construction methods use parameterized queries exclusively. Validate that user-provided values are never concatenated directly into SQL strings. Add security-focused code review for condition building methods.
• Medium · Use of Reflection and Bytecode Manipulation — build.gradle - cglib: 3.3.0, aspectjweaver: 1.9.22.1; mybatis-plus-core components. The project heavily relies on reflection, bytecode manipulation (cglib 3.3.0), and AspectJ weaving. These mechanisms can be exploited if an attacker can influence class loading or method interception logic. Fix: Implement strict security manager policies if running in sensitive environments. Validate all dynamically loaded classes. Consider using module systems (Java 9+) to restrict reflective access. Regular security audits of interceptor chains.
• Low · Missing Gradle Wrapper Integrity Verification — gradle/wrapper/gradle-wrapper.jar. The Gradle wrapper JAR file is present in the repository. While this is common practice, it should be verified against official checksums to prevent Man-in-the-Middle attacks or tampering. Fix: Document the checksum of gradle-wrapper.jar in the repository. Consider using gradle-wrapper-validation action in CI/CD pipeline to verify integrity on each build.
• Low · Incomplete Dependency Definition in build.gradle — build.gradle - truncated content after 'slf4j-api'. The build.gradle file appears to be truncated (slf4j-api dependency definition is cut off), which could indicate incomplete configuration or build script issues that might mask security misconfigurations. Fix: Ensure the build.gradle file is complete and properly formatted. Review the full dependency list to verify all security-relevant dependencies are pinned to specific versions.
• Low · No Evidence of Dependency Vulnerability Scanning — .github/workflows/gradle.yml, .github/workflows/publish.yml. No OWASP Dependency-Check or similar vulnerability scanning tools are visible in the CI/CD pipeline configuration (github/workflows). Fix: Integrate dependency vulnerability scanning tools (OWASP Dependency-Check

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.