If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/brianway/java-learning shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

AVOID — Stale and unlicensed — last commit 4y ago

• 3 active contributors
• Tests present
• ⚠ Stale — last commit 4y ago
• ⚠ Small team — 3 contributors active in recent commits
• ⚠ Single-maintainer risk — top contributor 95% of recent commits
• ⚠ No license — legally unclear to depend on
• ⚠ No CI workflows detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live brianway/java-learning repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/brianway/java-learning.

What it runs against: a local clone of brianway/java-learning — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in brianway/java-learning | Confirms the artifact applies here, not a fork | | 2 | Default branch master exists | Catches branch renames | | 3 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 4 | Last commit ≤ 1611 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of brianway/java-learning. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/brianway/java-learning.git
#   cd java-learning
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of brianway/java-learning and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "brianway/java-learning(\\.git)?\\b" \\
  && ok "origin remote is brianway/java-learning" \\
  || miss "origin remote is not brianway/java-learning (artifact may be from a fork)"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "README.md" \\
  && ok "README.md" \\
  || miss "missing critical file: README.md"
test -f "java-base/pom.xml" \\
  && ok "java-base/pom.xml" \\
  || miss "missing critical file: java-base/pom.xml"
test -f "blogs/javase/java基础巩固笔记(1)-反射.md" \\
  && ok "blogs/javase/java基础巩固笔记(1)-反射.md" \\
  || miss "missing critical file: blogs/javase/java基础巩固笔记(1)-反射.md"
test -f "java-base/src/main/java/com/brianway/learning/java/base/generics/Holder.java" \\
  && ok "java-base/src/main/java/com/brianway/learning/java/base/generics/Holder.java" \\
  || miss "missing critical file: java-base/src/main/java/com/brianway/learning/java/base/generics/Holder.java"
test -f "java-base/src/main/java/com/brianway/learning/java/base/typeinfo/SimpleDynamicProxy.java" \\
  && ok "java-base/src/main/java/com/brianway/learning/java/base/typeinfo/SimpleDynamicProxy.java" \\
  || miss "missing critical file: java-base/src/main/java/com/brianway/learning/java/base/typeinfo/SimpleDynamicProxy.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 1611 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~1581d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/brianway/java-learning"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

A comprehensive Java learning resource combining educational blog posts and executable source code examples covering Java SE (reflection, generics, class loaders, proxies, multithreading, annotations) and Java Web (Tomcat, HTTP, Servlet, JSP, cookies/sessions). It's structured as a Maven multi-module project with separate artifacts for java-base, java-multithread, java-container, java-io, java-jvm, and java8, designed to teach core Java concepts through theory-and-practice integration. Maven multi-module monorepo: root pom.xml aggregates modules like java-base, java-multithread, java-container, java-io, java-jvm, java8. Each module has standard Maven structure (src/main/java, src/test). Parallel /blogs directory contains markdown documentation organized by topic (javase/, javaweb/) with supporting images. Code examples are organized by concept (generics/, proxy/, threading/) within src/main/java/com/brianway/learning/java/base/.

Java developers learning beyond basic syntax who want to understand reflection, proxies, class loading, concurrency, and web frameworks through worked examples. Secondary audience: developers preparing for Java interviews who need consolidated explanations of intermediate-to-advanced SE and Web topics with runnable code.

Moderately mature educational project: README indicates active maintenance with multiple completed modules (java-base, java-multithread, java8) and a working Maven structure since 2016. However, no visible GitHub stats (stars/issues) provided, and the TODO section lists incomplete modules (java-container, java-io still marked as pending), suggesting steady but not rapid development pace. Suitable for learning, not a production framework.

Low technical risk: pure Java/Maven with minimal dependencies (only Maven itself required based on pom.xml snippet). Single maintainer (brianway) creates maintenance risk if abandoned. No visible CI pipeline, test suite location, or recent commit metadata in provided data, making it harder to assess activity level. The repo's educational purpose (not a library/framework) limits production impact.

Based on TODO section: core Java SE modules (java-base completed 2016.4.12, java-multithread completed 2016.4.17, java8 completed 2017.3.29) are stable. Pending work includes completing java-container, java-io modules and ongoing code refactoring. No specific PR/issue data provided, but README explicitly states 'not regularly adjusted and supplemented' implies periodic updates rather than active weekly development.

Check README for instructions.

Daily commands: This is a library/educational resource, not a runnable application. Individual example classes contain main() methods: mvn compile exec:java -Dexec.mainClass="com.brianway.learning.java.base.generics.ArrayMaker" or import modules into IDE (IntelliJ/Eclipse) and run class directly.

• README.md — Entry point documenting the entire learning project structure, modules, and blog resources that guide all contributors
• java-base/pom.xml — Maven configuration for the core Java SE module that establishes build, dependency, and project structure patterns for all modules
• blogs/javase/java基础巩固笔记(1)-反射.md — Foundational blog post on reflection that explains core Java concepts referenced across multiple source modules
• java-base/src/main/java/com/brianway/learning/java/base/generics/Holder.java — Canonical example demonstrating generics patterns used throughout the codebase for type-safe implementations
• java-base/src/main/java/com/brianway/learning/java/base/typeinfo/SimpleDynamicProxy.java — Core implementation of dynamic proxies illustrating reflection and metaprogramming patterns central to advanced Java concepts
• java-io/src/main/java/com/brianway/learning/java/io/BufferedInputFile.java — Demonstrates fundamental I/O patterns and file handling that serve as reference implementations across modules
• java-io/src/main/java/com/brianway/learning/java/nio/tutorial/ChannelDemo.java — Example of NIO channel operations showing modern Java I/O patterns distinct from traditional streaming approaches

Add a New Java SE Example

1. Create a new Java class in the appropriate category under java-base/src/main/java/com/brianway/learning/java/base/ (e.g., generics/, typeinfo/, datatype/) (java-base/src/main/java/com/brianway/learning/java/base/[category]/YourExample.java)
2. Write a focused example demonstrating one specific concept with clear variable names and inline comments (java-base/src/main/java/com/brianway/learning/java/base/[category]/YourExample.java)
3. Add a corresponding blog post in blogs/javase/ explaining the concept, mechanics, and pitfalls with images if needed (blogs/javase/java基础巩固笔记([n])-[topic].md)
4. Update blogs/README.md and main README.md with links to the new blog post and example (README.md)

Add a New I/O or NIO Example

1. Create Java class in either java-io/src/main/java/com/brianway/learning/java/io/ (traditional I/O) or java-io/src/main/java/com/brianway/learning/java/nio/ (NIO) (java-io/src/main/java/com/brianway/learning/java/io[/nio]/YourIOExample.java)
2. Include resource files in java-io/src/main/resources/ if your example reads/writes files (java-io/src/main/resources/example-file.txt)
3. Write the example demonstrating practical I/O patterns with proper resource management (try-with-resources) (java-io/src/main/java/com/brianway/learning/java/io[/nio]/YourIOExample.java)
4. Document in blogs/javaweb with HTTP/Servlet context or link from java-io module documentation (blogs/javaweb/javaweb入门笔记([n])-[topic].md)

Create a New Learning Module

1. Create new Maven module directory with mvn archetype:generate or manually create [module-name]/pom.xml ([module-name]/pom.xml)
2. Configure pom.xml with parent reference to root java-learning project and set artifactId appropriately ([module-name]/pom.xml)
3. Create standard directory structure java-[module]/src/main/java/com/brianway/learning/java/[module]/ ([module-name]/src/main/java/com/brianway/learning/java/[module]/)
4. Add blog documentation in blogs/[module]/ directory following existing naming conventions (blogs/[module]/[module]入门笔记([n])-[topic].md)
5. Update main README.md to include new module in the directory listing and module table (README.md)

• Maven — Enables modular project structure with separate artifacts for Java SE, I/O, containers, and JVM topics; facilitates dependency management and build reproducibility
• Java Reflection API — Central to demonstrating metaprogramming, type introspection, dynamic proxies, and class loading—core learning objectives of the repository
• Java Generics — Teaches type safety, erasure semantics, and advanced type constraints; foundational for modern Java development
• NIO (Channels, Buffers, Selectors) — Demonstrates modern non-blocking I/O patterns as alternative to traditional streams; essential for high-performance networking and file I/O
• Markdown & Diagrams — Provides accessible theory and visual explanations alongside working code, making complex concepts learnable

• Separate blogs/ and source code modules rather than inline documentation

  • Why: Allows learners to read theory independently before diving into implementation; maintains clarity by separating explanation from code
  • Consequence: Requires keeping blog posts and code examples in sync; increases repository maintenance burden but improves accessibility

• Focus on foundational SE topics (reflection, generics, proxies) over modern frameworks

  • Why: Builds deep understanding of language features and JVM internals before introducing high-level abstractions
  • Consequence: Not a production framework reference; learners must bridge gap to real-world frameworks like Spring independently

• Include both traditional I/O and NIO in separate examples

  • Why: Illustrates evolution of Java I/O capabilities and allows learners to compare blocking vs. non-blocking patterns
  • Consequence: Adds complexity; requires understanding of both APIs, though traditional I/O is largely legacy

• Does not provide production application frameworks or full-stack examples
• Does not include web application deployment or containerization (Docker/Kubernetes)
• Does not cover modern Java ecosystem tools (Spring Boot, Maven plugins, CI/CD)
• Does not provide security, cryptography, or advanced JVM tuning guidance

1. Maven module dependencies not explicit: java-base pom.xml snippet shows only parent reference; actual dependencies (JUnit for testing, if present) not visible—inspect root pom.xml for dependencyManagement. 2) Class loader examples require JVM understanding: Classes in java-base/classloader/ assume familiarity with bootstrap/system/application loader hierarchy and may need blogs/javase/java基础巩固笔记(3)-类加载器.md read-first. 3) Servlet/JSP examples assume Tomcat runtime: Java Web examples need running Tomcat instance (see javaweb入门笔记(1)-Tomcat.md) to execute, not runnable via mvn exec. 4) Generics type erasure causes GenericArray examples to fail at runtime in ways not obvious from source—debugging requires understanding compiled bytecode (see ErasedTypeEquivalence.java comments).

• Type Erasure — Generics in Java are erased at compile time; understanding this is critical to explaining why GenericArray<T> cannot create arrays directly (see GenericArray.java, ErasedTypeEquivalence.java) and why reflection cannot recover T at runtime
• Dynamic Proxy Pattern (java.lang.reflect.Proxy) — Central to AOP frameworks and decoupling; java基础巩固笔记(4)-代理.md and the AOP framework example demonstrate how Proxy.newProxyInstance() creates runtime method interception—foundational for understanding Spring AOP
• Class Loader Hierarchy — Three-tier loading (Bootstrap/System/Application) explained in java基础巩固笔记(3)-类加载器.md affects classpath resolution, library conflicts, and hot-reload capabilities; essential for debugging 'class not found' issues
• Thread-Safe Shared Data (Monitor Pattern) — java基础巩固笔记(5)-多线程之共享数据.md covers synchronized blocks and volatile semantics; understanding happens-before relations is critical to writing correct concurrent code without data races
• Annotation Processing & Reflection — java基础巩固笔记(6)-注解.md pairs with java.lang.reflect APIs; understanding @Retention, @Target, and runtime reflection of annotations is how frameworks (Spring, Hibernate) implement declarative configuration
• Servlet Lifecycle & Request Dispatch — javaweb入门笔记(3)-Servlet.md explains init→service→destroy cycle and URL mapping (@WebServlet patterns); prerequisite for understanding filter chains, dispatcher pattern, and JSP compilation to servlets
• Session vs. Cookie Storage — javaweb入门笔记(5)-cookie和session.md clarifies stateless HTTP authentication; cookies are client-side token storage while sessions are server-side state—critical distinction for security (CSRF, HTTPOnly flags) and scalability (distributed sessions)

• thorben-jensen/algorithms — Another educational algorithm/data-structures repository with similar blog+code structure; useful for understanding Java collection implementations referenced in java-container module
• doocs/advanced-java — Comprehensive Chinese Java learning resource covering similar advanced topics (reflection, proxies, threading, JVM); complementary to brianway/java-learning with different explanation angles
• apache/tomcat — Official Tomcat source; required reference for understanding servlet container internals discussed in blogs/javaweb/javaweb入门笔记(1)-Tomcat.md
• openjdk/jdk — OpenJDK source for inspecting java.lang.reflect, java.util.concurrent, classloader implementations that this repository's examples depend on
• dunwu/javacore — Similar Java fundamentals guide with focus on concurrency and JVM; offers alternative explanations for java-multithread and java-jvm modules

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for java-base generics module

The java-base/src/main/java/com/brianway/learning/java/base/generics/ directory contains 16 example classes demonstrating generic concepts (bounded types, wildcards, type erasure, etc.), but there are no corresponding unit tests in src/test/. This is critical for a learning repository because tests serve as executable documentation and verify that examples actually work correctly.

• [ ] Create java-base/src/test/java/com/brianway/learning/java/base/generics/ directory
• [ ] Add JUnit tests for each generics example: GenericMethods, GenericArray, GenericArray2, GenericArrayWithTypeToken, Wildcards, SuperTypeWildcards, BasicBounds, InheritBounds, CovariantArrays, etc.
• [ ] Include tests that demonstrate the type erasure limitations mentioned in blogs/javase/java基础巩固笔记(2)-泛型.md
• [ ] Run tests and verify all generics examples execute correctly

Add comprehensive test suite for reflection and proxy implementations

The blogs reference java基础巩固笔记(1)-反射.md and java基础巩固笔记(4)-代理.md with advanced topics like dynamic proxies and AOP framework, but the corresponding source code under java-base lacks test coverage. The 实现AOP功能的封装与配置的小框架.md suggests there's a custom AOP framework that needs validation tests.

• [ ] Identify the AOP framework implementation files referenced in blogs/javase/java基础巩固笔记(4)-实现AOP功能的封装与配置的小框架.md
• [ ] Create java-base/src/test/java/com/brianway/learning/java/base/reflection/ and proxy/ test directories
• [ ] Add tests for reflection use cases: Class.forName(), Method.invoke(), Field access patterns shown in examples
• [ ] Add tests for dynamic proxy implementations: JDK Proxy and CGLIB proxy patterns with verification of interceptor behavior

Create README.md files for java-base subdirectories with cross-references to blog posts

While blogs/javase contains detailed markdown documentation, the source code directories (datatype, constructor, generics, innerclass, typeinfo) lack README files explaining what each subdirectory covers and linking to corresponding blog posts. This breaks the discoverability between source code and blog explanations, reducing the learning value for contributors exploring the codebase.

• [ ] Create java-base/src/main/java/com/brianway/learning/java/base/datatype/README.md explaining Boxing, IntegerChanger, NumberEquation examples with link to relevant blog section
• [ ] Create java-base/src/main/java/com/brianway/learning/java/base/generics/README.md with overview of generic concepts, type erasure limitations, and link to blogs/javase/java基础巩固笔记(2)-泛型.md
• [ ] Create similar README files for constructor/, innerclass/, and typeinfo/ directories with runnable example instructions
• [ ] Update java-base/README.md (if missing) to reference these subdirectory guides

• Add unit tests to java-base/src/main/java/com/brianway/learning/java/base/generics/ classes (ArrayMaker, GenericArray, BasicBounds) with JUnit 4 test cases in src/test/java/ mirroring structure—none currently visible despite multiple example classes
• Create a java-io module following existing pattern (java-base, java-multithread) with example classes for FileInputStream, Serialization, NIO, and corresponding blog post at blogs/javase/java基础巩固笔记(X)-IO.md—this module is listed as pending in TODO
• Expand blogs/javaweb documentation with runnable Servlet/JSP examples: add source code artifacts to a new java-web module with maven-shade-plugin to package as WAR deployable to Tomcat, currently only markdown docs exist without executable code

This is an educational Java learning repository with generally low inherent security risk, as it primarily contains documentation and learning examples rather than production code. However, there are several areas for improvement: (1) No explicit dependency version management or vulnerability scanning configuration in Maven, (2) Missing security best practices documentation for web components (Servlet/JSP), (3) Lack of input validation examples in learning materials, and (4) No security warnings in advanced topics like reflection. For an educational resource, the repository should be enhanced to teach security best practices explicitly, especially for web-related modules and dangerous features like reflection. No hardcoded credentials, database connections, or sensitive infrastructure secrets were identified.

• Medium · Outdated Maven POM Configuration — java-base/pom.xml. The pom.xml file uses Maven 4.0.0 schema without explicit dependency version management or security plugin configuration. No explicit dependency versions are specified for transitive dependencies, which could lead to vulnerable transitive dependencies being pulled in. Fix: Add a <dependencyManagement> section with explicit versions for all dependencies. Enable the Maven Enforcer Plugin to detect vulnerable dependencies and outdated components.
• Low · No Security Headers or OWASP Configuration — java-io and web-related modules. The project lacks explicit security configuration for web components (Servlet/JSP modules mentioned in blogs). No visible security filters, CORS policies, or OWASP Top 10 protections in the codebase structure. Fix: Add security headers configuration, implement request/response filters for XSS and CSRF protection, validate and sanitize all user inputs, especially in Servlet/JSP components.
• Low · Missing HTTPS/TLS Configuration Documentation — blogs/javaweb/javaweb入门笔记(1)-Tomcat.md. The javaweb module includes Tomcat configuration examples but no visible documentation or configuration for HTTPS/TLS setup in the learning materials. Fix: Document proper HTTPS/TLS configuration for Tomcat. Include guidance on certificate management and secure communication protocols.
• Low · No Input Validation Framework — java-io/src/main/java/com/brianway/learning/java/io/ and request/response examples. While this is a learning repository, the source code examples for request/response handling do not show explicit input validation patterns that should be taught to learners. Fix: Add code examples demonstrating proper input validation, sanitization, and parameterized queries to prevent injection attacks in the learning materials.
• Low · Reflection Usage Without Security Context — blogs/javase/java基础巩固笔记(1)-反射.md and java-base/src/main/java/com/brianway/learning/java/base/typeinfo/. The repository extensively covers Java reflection in learning materials. Reflection is powerful but can bypass security checks if misused. No visible security warnings in the documentation. Fix: Add security warnings and best practices documentation when teaching reflection, emphasizing the risks of using reflection with untrusted input or in security-sensitive contexts.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.