If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/Netflix/eureka shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across the board

• Last commit 6w ago
• 38+ active contributors
• Distributed ownership (top contributor 16% of recent commits)
• Apache-2.0 licensed
• CI configured
• Tests present

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live Netflix/eureka repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/Netflix/eureka.

What it runs against: a local clone of Netflix/eureka — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in Netflix/eureka | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 75 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of Netflix/eureka. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/Netflix/eureka.git
#   cd eureka
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of Netflix/eureka and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "Netflix/eureka(\\.git)?\\b" \\
  && ok "origin remote is Netflix/eureka" \\
  || miss "origin remote is not Netflix/eureka (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "eureka-client/src/main/java/com/netflix/appinfo/InstanceInfo.java" \\
  && ok "eureka-client/src/main/java/com/netflix/appinfo/InstanceInfo.java" \\
  || miss "missing critical file: eureka-client/src/main/java/com/netflix/appinfo/InstanceInfo.java"
test -f "eureka-client/src/main/java/com/netflix/appinfo/ApplicationInfoManager.java" \\
  && ok "eureka-client/src/main/java/com/netflix/appinfo/ApplicationInfoManager.java" \\
  || miss "missing critical file: eureka-client/src/main/java/com/netflix/appinfo/ApplicationInfoManager.java"
test -f "eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java" \\
  && ok "eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java" \\
  || miss "missing critical file: eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java"
test -f "eureka-client-jersey2/src/main/java/com/netflix/discovery/shared/transport/jersey2/EurekaJersey2ClientImpl.java" \\
  && ok "eureka-client-jersey2/src/main/java/com/netflix/discovery/shared/transport/jersey2/EurekaJersey2ClientImpl.java" \\
  || miss "missing critical file: eureka-client-jersey2/src/main/java/com/netflix/discovery/shared/transport/jersey2/EurekaJersey2ClientImpl.java"
test -f "eureka-client/src/main/java/com/netflix/appinfo/EurekaInstanceConfig.java" \\
  && ok "eureka-client/src/main/java/com/netflix/appinfo/EurekaInstanceConfig.java" \\
  || miss "missing critical file: eureka-client/src/main/java/com/netflix/appinfo/EurekaInstanceConfig.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 75 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~45d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/Netflix/eureka"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Eureka is Netflix's open-source service registry and discovery system that enables dynamic registration, discovery, and load balancing of mid-tier servers in AWS environments. It provides RESTful APIs for services to register themselves, query available instances, and handle automatic failover without hardcoded IP addresses or DNS records. Multi-module Gradle monorepo: core service registry logic lives in eureka-server (not shown in top 60 but referenced in tests), eureka-client-archaius2 provides Archaius 2 configuration integration (Ec2EurekaArchaius2InstanceConfig, EurekaArchaius2ClientConfig), and eureka-client-jersey2 wraps Jersey 1.x HTTP transport. Each module has src/main/java and src/test/java directories with corresponding Guice dependency injection modules under com/netflix/discovery/guice/.

Distributed systems engineers and platform teams at organizations running microservices on AWS who need automatic service discovery, client-side load balancing, and resilient failover handling without manual service configuration.

Highly mature and production-ready. Eureka powers Netflix's real infrastructure and has been actively maintained with CI/CD pipelines (GitHub Actions workflows for snapshot/publish builds), comprehensive test coverage across submodules (eureka-client-archaius2, eureka-client-jersey2), and Java 8+ support with backward compatibility to Java 1.7 source targets. Regular dependency updates visible (e.g., Jackson 2.10.5, AWS SDK 1.11.277) indicate ongoing maintenance.

Low-to-moderate risk for greenfield projects but moderate risk for Java 1.7 legacy codebases: the build requires Java 8 runtime but targets Java 1.7, creating compatibility friction. Dependency on older libraries like Archaius 0.7.6, Jersey 1.19.1, and Servlet 2.5 may conflict with modern Spring Boot stacks. The community-driven support model means critical issues depend on maintainer availability, though Netflix's continued use mitigates abandonment risk.

The repository maintains three active CI workflows (nebula-snapshot.yml, nebula-publish.yml, nebula-ci.yml) indicating ongoing builds and releases. Recent maintenance focuses on configuration modernization (Archaius 2 migration in eureka-client-archaius2), security updates (Jackson databind 2.10.5.1, AWS SDK patches), and Java compatibility improvements. No breaking changes visible in top-level files, suggesting conservative evolution.

git clone https://github.com/Netflix/eureka.git
cd eureka
./gradlew build
./gradlew :eureka-server:bootRun  # to start the server (if eureka-server submodule exists)
./gradlew test                     # run all tests

Daily commands: The repo does not contain a simple 'npm start' equivalent. To develop locally: ./gradlew build compiles all modules; ./gradlew :eureka-server:bootRun starts the registry server (if eureka-server module exists in full checkout); ./gradlew test runs unit tests. See eureka-client-archaius2/README.md and eureka-client-jersey2/README.md for module-specific setup.

• eureka-client/src/main/java/com/netflix/appinfo/InstanceInfo.java — Core data model representing a service instance registered in Eureka; every contributor must understand instance metadata structure.
• eureka-client/src/main/java/com/netflix/appinfo/ApplicationInfoManager.java — Manages the lifecycle and state transitions of instance registration; critical for understanding how services register and deregister.
• eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java — Configuration abstraction layer for Eureka client behavior; essential for understanding how runtime config is resolved across environments.
• eureka-client-jersey2/src/main/java/com/netflix/discovery/shared/transport/jersey2/EurekaJersey2ClientImpl.java — HTTP transport implementation for Eureka client-server communication; load-bearing for all service discovery network operations.
• eureka-client/src/main/java/com/netflix/appinfo/EurekaInstanceConfig.java — Interface defining instance configuration contract; foundational abstraction for pluggable configuration providers.
• eureka-client-archaius2/src/main/java/com/netflix/appinfo/providers/EurekaInstanceConfigFactory.java — Factory for creating instance configurations with dependency injection; shows how modular config creation is wired.
• build.gradle — Multi-module Gradle build configuration; reveals dependencies, versioning strategy, and module organization critical for local setup.

Add a Custom InstanceConfig Implementation

1. Create new class extending AbstractInstanceConfig in eureka-client/src/main/java/com/netflix/appinfo/ (eureka-client/src/main/java/com/netflix/appinfo/AbstractInstanceConfig.java)
2. Override config getter methods (appName, hostname, ipAddress, port, etc.) to resolve from your custom source (eureka-client/src/main/java/com/netflix/appinfo/PropertiesInstanceConfig.java)
3. Register via Guice factory in eureka-client-archaius2/src/main/java/com/netflix/appinfo/providers/ (eureka-client-archaius2/src/main/java/com/netflix/appinfo/providers/EurekaInstanceConfigFactory.java)
4. Add factory to CompositeInstanceConfigFactory or create dedicated module in eureka-client-archaius2/src/main/java/com/netflix/discovery/guice/ (eureka-client-archaius2/src/main/java/com/netflix/appinfo/providers/CompositeInstanceConfigFactory.java)

Add Custom Health Check Logic

1. Implement the HealthCheckHandler interface in your application code (eureka-client/src/main/java/com/netflix/appinfo/HealthCheckHandler.java)
2. Return InstanceStatus.UP, DOWN, OUT_OF_SERVICE based on your internal state (eureka-client/src/main/java/com/netflix/appinfo/InstanceInfo.java)
3. Wire via ApplicationInfoManager.setHealthCheckHandler() or inject through Guice module (eureka-client/src/main/java/com/netflix/appinfo/ApplicationInfoManager.java)

Override HTTP Transport Behavior

1. Extend AbstractJersey2EurekaHttpClient in eureka-client-jersey2/src/main/java/com/netflix/discovery/shared/transport/jersey2/ (eureka-client-jersey2/src/main/java/com/netflix/discovery/shared/transport/jersey2/AbstractJersey2EurekaHttpClient.java)
2. Override request methods (register, heartbeat, cancel, getApplications) to add custom logic or retry strategies (eureka-client-jersey2/src/main/java/com/netflix/discovery/shared/transport/jersey2/Jersey2ApplicationClient.java)
3. Create factory extending Jersey2ApplicationClientFactory and register in module (eureka-client-jersey2/src/main/java/com/netflix/discovery/shared/transport/jersey2/Jersey2ApplicationClientFactory.java)

Add Custom Client Configuration Property

1. Add getter method to EurekaArchaius2ClientConfig following naming convention eureka.client.* (eureka-client-archaius2/src/main/java/com/netflix/discovery/EurekaArchaius2ClientConfig.java)
2. Use @ConfigurationProperties or direct Archaius2.getConfig() calls to read from system properties or config server (eureka-client-archaius2/src/main/java/com/netflix/discovery/internal/util/InternalPrefixedConfig.java)
3. Document default values and environment variable overrides in module README (eureka-client-archaius2/README.md)

Java 8 runtime required to build (servo dependency), but source compatibility is set to Java 1.7, which can confuse IDE inspections. Archaius 2 configuration is property-based with string keys (see InternalPrefixedConfig) requiring exact property name matching; typos fail silently or use defaults. AWS SDK integration (Ec2EurekaArchaius2InstanceConfig) only works on actual EC2 instances or with metadata service mocking; test environments need mocked AmazonInfo. Guice module initialization order matters: InternalEurekaClientModule must load before EurekaClientModule or DI graph will fail. No embedded server starter visible in top 60 files; you must either run eureka-server submodule separately or depend on an external Eureka server instance.

• Service Registry Pattern — Eureka's core function is implementing the service registry pattern to decouple service discovery from hardcoded deployment information; understanding this pattern is fundamental to why the project exists.
• Client-Side Service Discovery — Unlike server-side load balancers, Eureka pushes discovery to clients via local caching; this design choice affects how you think about configuration, failover, and cache coherence in this codebase.
• Property-Based Configuration (Archaius) — Eureka client uses Archaius for dynamic, property-driven configuration (no XML files); understanding property namespaces and the InternalPrefixedConfig wrapper is essential for customizing Eureka behavior.
• Dependency Injection via Guice — All Eureka client components are wired via Guice modules (EurekaClientModule, InternalEurekaClientModule); understanding module binding and provider patterns is required to extend or test the client.
• Heartbeat-Based Health Checking — Eureka clients maintain health through periodic heartbeats to the server; understanding heartbeat intervals, renewal timeouts, and lease renewal logic is critical for configuring reliable failover.
• AWS Metadata Service Integration — Ec2EurekaArchaius2InstanceConfig auto-discovers AWS instance metadata (AZ, instance ID, public IP) without manual configuration; this is Eureka's killer feature for AWS-native deployments.
• REST-Based Service Registry API — Eureka communicates via RESTful JSON APIs (implemented via Jersey in eureka-client-jersey2); understanding HTTP status codes, payload formats, and endpoint semantics is necessary for debugging client-server interactions.

• Netflix/zuul — Zuul is Netflix's edge proxy/API gateway that often sits upstream of Eureka-registered services; it uses Eureka for dynamic backend discovery.
• Netflix/hystrix — Hystrix provides fault tolerance and circuit breaking for calls to Eureka-discovered services; commonly used together in Netflix's stack for resilience.
• Netflix/archaius — Archaius is Netflix's dynamic configuration library that Eureka client directly integrates with (both 1.x and 2.x versions); essential for property-driven Eureka configuration.
• spring-cloud/spring-cloud-netflix — Spring Cloud's Eureka client implementation wraps Netflix Eureka for Spring Boot applications; provides auto-configuration and declarative service discovery annotations.
• Netflix/servo — Servo is Netflix's metrics collection library that Eureka uses for internal observability (heartbeats, registration rates, cache hit/miss metrics).

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive unit tests for Jersey2 HTTP transport layer

The eureka-client-jersey2 module has multiple transport client implementations (EurekaJersey2ClientImpl, Jersey2ApplicationClient, etc.) but there are no visible test files in the eureka-client-jersey2/src/test directory. These classes handle critical HTTP communication with Eureka servers. Adding tests would improve reliability and catch regressions in core discovery functionality.

• [ ] Create eureka-client-jersey2/src/test/java/com/netflix/discovery/shared/transport/jersey2/ directory
• [ ] Add AbstractJersey2EurekaHttpClientTest.java to test request/response handling, error cases, and retries
• [ ] Add EurekaJersey2ClientImplTest.java to test HTTP methods (GET, POST, PUT, DELETE) against mock Eureka servers
• [ ] Add Jersey2ApplicationClientTest.java to test application instance registration and queries
• [ ] Add Jersey2EurekaIdentityHeaderFilterTest.java to test custom header injection and authentication

Migrate legacy Archaius configuration to Archaius2 with comprehensive tests

The eureka-client-archaius2 module exists but the eureka-client module still uses Archaius 0.7.6. The README mentions supporting both old and new config systems. Add missing integration tests and migration documentation to help users transition, plus add test coverage for the Archaius2-based configuration providers (EurekaArchaius2ClientConfig, EurekaArchaius2TransportConfig).

• [ ] Create eureka-client-archaius2/src/test/java/com/netflix/discovery/ test file for EurekaArchaius2ClientConfigTest.java covering all config properties and defaults
• [ ] Create eureka-client-archaius2/src/test/java/com/netflix/discovery/shared/transport/EurekaArchaius2TransportConfigTest.java testing transport-specific properties
• [ ] Add integration test EurekaArchaius2ClientConfigIntegrationTest.java demonstrating dynamic property updates and backward compatibility
• [ ] Create MIGRATION.md in eureka-client-archaius2/ documenting upgrade path from Archaius 0.7.6 to Archaius2

Add integration tests for Eureka client module AWS discovery and EC2 metadata resolution

The eureka-client-archaius2/src/test has tests for EC2 instance config (Ec2EurekaArchaius2InstanceConfigTest) but the core eureka-client module lacks comprehensive EC2/AWS integration tests. These are critical for validating metadata resolution, AZ awareness, and failover behavior in AWS environments. Adding mock AWS metadata endpoint tests would improve confidence in production deployments.

• [ ] Create eureka-client/src/test/java/com/netflix/appinfo/ec2/ directory
• [ ] Add Ec2InstanceMetadataTest.java to test EC2 metadata endpoint mocking and response parsing for instance ID, AZ, VPC, ASG detection
• [ ] Add AmazonInfoProviderTest.java to test provider chaining and fallback behavior when metadata is unavailable
• [ ] Add test that validates proper zone/region parsing affects client routing and failover logic

• Add integration test for EurekaArchaius2TransportConfig with HTTP client timeout overrides: eureka-client-archaius2/src/main/java/com/netflix/discovery/shared/transport/EurekaArchaius2TransportConfig.java has no corresponding test file in the top 60; testing property-driven HTTP client configuration would catch regressions in timeout handling.
• Document Archaius 2 property naming convention with examples in eureka-client-archaius2/README.md: InternalPrefixedConfig.java implements property name prefixing logic, but README.md is mentioned (in build.gradle path) without visible content; documenting which properties map to which Archaius config would help contributors and users avoid silent configuration failures.
• Add unit test for CompositeInstanceConfigFactory provider selection fallback logic: eureka-client-archaius2/src/main/java/com/netflix/appinfo/providers/CompositeInstanceConfigFactory.java exists but has no visible test; testing the fallback chain when primary providers fail would improve reliability.
• Refactor eureka-client-jersey2 HTTP transport to use Jersey 2.x (or document Java 9+ module system compatibility issues with Jersey 1.19.1): Jersey 1.19.1 is EOL and can have module system conflicts on Java 11+; either upgrading to Jersey 2.x or documenting explicit JVM flags for Java 9+ compatibility would unblock modern Java users.

• High · Outdated Apache HTTP Client — build.gradle - apacheHttpClientVersion = '4.5.3'. The codebase uses Apache HTTP Client version 4.5.3 (apacheHttpClientVersion = '4.5.3'), which was released in 2015 and contains multiple known security vulnerabilities including CVE-2015-5262 (SSL vulnerability) and others. Fix: Upgrade to Apache HTTP Client 4.5.14 or later (preferably 5.x if compatible) to patch known vulnerabilities.
• High · Outdated Jackson Databind — build.gradle - jacksonDatabindVersion = '2.10.5.1'. Jackson Databind version 2.10.5.1 is outdated and vulnerable to deserialization attacks (CVE-2021-21295, CVE-2020-14625, and others). This version was released in 2020 and has known gadget chain vulnerabilities. Fix: Upgrade to Jackson Databind 2.15.2 or later to address known deserialization vulnerabilities and security patches.
• High · Outdated Jackson Core Library — build.gradle - jacksonVersion = '2.10.5'. Jackson version 2.10.5 has known security vulnerabilities. This version lacks security patches available in newer releases. Fix: Upgrade Jackson to version 2.15.2 or later, ensuring consistency between jackson and jackson-databind versions.
• Medium · Outdated AWS SDK — build.gradle - awsVersion = '1.11.277'. The AWS SDK version 1.11.277 is significantly outdated (released in 2017) and contains multiple known vulnerabilities and lack of security patches for modern attack vectors. Fix: Upgrade to AWS SDK v1 latest (1.12.x) or migrate to AWS SDK v2 for enhanced security and performance.
• Medium · Outdated Woodstox XML Parser — build.gradle - woodstoxVersion = '5.2.1'. Woodstox version 5.2.1 is outdated and may contain XML-related vulnerabilities including XXE (XML External Entity) attack potential if not properly configured. Fix: Upgrade to Woodstox 6.4.0 or later and ensure XXE protection is enabled for XML parsing.
• Medium · Outdated Commons Configuration — build.gradle - commonsConfigurationVersion = '1.10'. Commons Configuration version 1.10 is outdated (released in 2013) and may lack security patches for configuration-related vulnerabilities. Fix: Upgrade to Commons Configuration 2.8.0 or later for security improvements and bug fixes.
• Medium · Outdated Jetty Server — build.gradle - jetty_version = '7.2.0.v20101020'. Jetty version 7.2.0.v20101020 is extremely outdated (released in 2010) and contains numerous known security vulnerabilities including HTTP request smuggling, authentication bypass, and other critical issues. Fix: Upgrade to Jetty 9.4.x or 10.0.x (depending on Java version requirements) for critical security patches.
• Medium · Outdated Jersey Library — build.gradle - jerseyVersion = '1.19.1'. Jersey version 1.19.1 is outdated and may contain security vulnerabilities. Jersey 1.x reached end-of-life in 2019. Fix: Consider migrating to Jersey 2.x (2.39.1+) or Jakarta RESTful Web Services equivalents for ongoing security support.
• Low · Outdated Mockito Test Dependency — build.gradle - mockitoVersion = '3.4.0'. Mockito version 3.4.0 is outdated (released in 2020). While primarily a test dependency, outdated testing libraries can mask security issues. Fix: Upgrade to Mockito 5.1.1 or later for improved security and bug fixes in

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.