If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/spring-cloud/spring-cloud-netflix shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across the board

• Last commit 2d ago
• 7 active contributors
• Distributed ownership (top contributor 34% of recent commits)
• Apache-2.0 licensed
• CI configured
• Tests present

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live spring-cloud/spring-cloud-netflix repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/spring-cloud/spring-cloud-netflix.

What it runs against: a local clone of spring-cloud/spring-cloud-netflix — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in spring-cloud/spring-cloud-netflix | Confirms the artifact applies here, not a fork | | 2 | License is still Apache-2.0 | Catches relicense before you depend on it | | 3 | Default branch main exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 32 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of spring-cloud/spring-cloud-netflix. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/spring-cloud/spring-cloud-netflix.git
#   cd spring-cloud-netflix
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of spring-cloud/spring-cloud-netflix and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "spring-cloud/spring-cloud-netflix(\\.git)?\\b" \\
  && ok "origin remote is spring-cloud/spring-cloud-netflix" \\
  || miss "origin remote is not spring-cloud/spring-cloud-netflix (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Apache-2\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Apache-2\\.0\"" package.json 2>/dev/null) \\
  && ok "license is Apache-2.0" \\
  || miss "license drift — was Apache-2.0 at generation time"

# 3. Default branch
git rev-parse --verify main >/dev/null 2>&1 \\
  && ok "default branch main exists" \\
  || miss "default branch main no longer exists"

# 4. Critical files exist
test -f "spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientAutoConfiguration.java" \\
  && ok "spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientAutoConfiguration.java" \\
  || miss "missing critical file: spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientAutoConfiguration.java"
test -f "spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/CloudEurekaClient.java" \\
  && ok "spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/CloudEurekaClient.java" \\
  || miss "missing critical file: spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/CloudEurekaClient.java"
test -f "spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaDiscoveryClient.java" \\
  && ok "spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaDiscoveryClient.java" \\
  || miss "missing critical file: spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaDiscoveryClient.java"
test -f "spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaInstanceConfigBean.java" \\
  && ok "spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaInstanceConfigBean.java" \\
  || miss "missing critical file: spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaInstanceConfigBean.java"
test -f "pom.xml" \\
  && ok "pom.xml" \\
  || miss "missing critical file: pom.xml"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 32 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~2d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/spring-cloud/spring-cloud-netflix"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

spring-cloud-netflix provides Spring Cloud integration with Netflix OSS components, primarily Eureka for service discovery and Hystrix for resilience. It allows Spring applications to register/discover microservices, create embedded Eureka servers, and implement circuit breakers via declarative Java configuration. Maven multi-module structure with docs/ containing Antora-based documentation in docs/modules/ROOT/pages/ (index.adoc, spring-cloud-netflix.adoc). Core Java modules house Eureka and Hystrix integrations. Configuration properties auto-generated into docs/modules/ROOT/partials/_configprops.adoc. CI defined in .github/workflows/ (ci.yaml, maven.yml, deploy-docs.yml).

Spring Boot developers building microservice architectures who need service discovery and fault tolerance without manual Netflix OSS configuration. DevOps teams deploying Spring Cloud applications requiring Eureka-based service registration.

Actively maintained production framework (build badge present in README, CI/CD via GitHub Actions in .github/workflows/). Multi-module Maven project with comprehensive documentation in docs/modules/ROOT/, indicating stable API. However, Netflix Hystrix itself is no longer actively developed and Spring Cloud now recommends Resilience4j as alternative.

Dependency on deprecated Netflix Hystrix library (successor projects recommend Resilience4j). No visible commit recency data in provided files, but project structure suggests active maintenance. Risk: Eureka service discovery can become a single point of failure if not configured with high availability. Requires Docker for full test suite (noted in README).

Active documentation generation via Antora (3.2.0-alpha.11) with Spring.io extensions. GitHub workflows set up for Maven builds and documentation deployment. Dependabot configured (.github/dependabot.yml) for dependency management. No specific recent commit data visible, but project infrastructure indicates ongoing maintenance.

./mvnw install

Daily commands: Build: ./mvnw install; Documentation build: ./mvnw -P docs (requires Antora installed). No embedded server startup command visible in README—integration is declarative via Spring Boot auto-configuration.

• spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientAutoConfiguration.java — Primary auto-configuration entry point that bootstraps Eureka client integration into Spring Cloud applications.
• spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/CloudEurekaClient.java — Core Netflix Eureka client wrapper that bridges Netflix OSS Eureka with Spring Cloud abstractions.
• spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaDiscoveryClient.java — Implementation of Spring Cloud's DiscoveryClient interface using Netflix Eureka as the backend.
• spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaInstanceConfigBean.java — Configuration bean that defines how this service instance registers itself with Eureka server.
• pom.xml — Maven parent POM defining the multi-module build structure and dependency management for all Netflix OSS integrations.
• spring-cloud-netflix-dependencies/pom.xml — Dependency management module that pins versions of Netflix OSS libraries (Eureka, Hystrix, Ribbon) across the project.

Add a new Eureka configuration property

1. Add the property field to either EurekaClientConfigBean.java or EurekaInstanceConfigBean.java with @ConfigurationProperties annotations (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientConfigBean.java)
2. Provide getter/setter or Lombok @Data annotation to generate accessors (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientConfigBean.java)
3. Document the property in the AsciiDoc configuration reference (docs/modules/ROOT/pages/configprops.adoc)

Customize Eureka registration behavior for specific use case

1. Extend CloudEurekaInstanceConfig or create a @Configuration class that provides custom EurekaInstanceConfig bean (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/CloudEurekaInstanceConfig.java)
2. Override the metadata, instance ID, or status page URL in your custom bean implementation (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/CloudEurekaInstanceConfig.java)
3. Ensure your @Configuration class is loaded before EurekaClientAutoConfiguration (use @AutoConfigureBefore if needed) (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientAutoConfiguration.java)

Integrate custom health check logic with Eureka

1. Create a custom HealthIndicator or modify EurekaHealthCheckHandler to report application-specific health (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaHealthCheckHandler.java)
2. Override the getStatus() method to map Spring health status to Eureka InstanceStatus values (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaHealthCheckHandler.java)
3. Enable health-check-url in EurekaClientConfigBean and set eureka.instance.health-check-url-path to your endpoint (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientConfigBean.java)

Set up TLS/mTLS communication with Eureka servers

1. Configure keystore and truststore properties in EurekaClientConfigBean (eureka.client.tls.* properties) (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/EurekaClientConfigBean.java)
2. Use CloudEurekaTransportConfig to wire the TLS configuration into the underlying HTTP client (spring-cloud-netflix-eureka-client/src/main/java/org/springframework/cloud/netflix/eureka/CloudEurekaTransportConfig.java)
3. Reference the TLS test suite for validation examples and certificate setup patterns (spring-cloud-netflix-eureka-client-tls-tests/src/test/java/org/springframework/cloud/netflix/eureka/BaseCertTests.java)

• Netflix Eureka — Industry-standard service discovery and registration system; provides scalable, resilient service registry with client-side caching and health checking.
• Spring Cloud abstraction (DiscoveryClient SPI) — Decouples application code from specific service discovery implementation; allows swapping Eureka for Consul, Nacos, or Kubernetes without code changes.
• Spring Boot — undefined

Maven build may require increased heap: set MAVEN_OPTS=-Xmx512m -XX:MaxPermSize=128m (documented in README). Full test suite requires Docker running locally. JDK 17 is mandatory (.java-version enforces this via Maven wrapper). Hystrix is deprecated—new code should use Resilience4j, but framework still maintains legacy support. Documentation builds are separate: use -P docs profile to generate Antora docs, or they won't be built with default ./mvnw install.

• Service Discovery (Eureka) — Core feature of this repo; enables dynamic microservice registration and client-side discovery without hardcoded URLs
• Circuit Breaker Pattern (Hystrix) — Fault tolerance mechanism provided by netflix module; prevents cascade failures in distributed systems
• Client-Side Load Balancing — Netflix Eureka enables clients to discover and balance traffic across service instances without external load balancer
• Declarative Configuration via Annotations — Spring Cloud Netflix uses @EnableEurekaClient, @EnableHystrix to activate features via convention over configuration
• Antora Documentation Generation — Project uses Antora 3.2.0 for multi-version docs; understanding Antora playbook structure is essential for doc contributions
• Bulkhead Pattern — Hystrix isolates thread pools per service to prevent resource exhaustion; critical resilience mechanism in this framework
• Health Checks and Metadata (Eureka) — Eureka heartbeat mechanism and instance metadata registration enable dynamic topology awareness for service mesh

• spring-cloud/spring-cloud-eureka — Eureka server and client implementation; core dependency of spring-cloud-netflix
• resilience4j/resilience4j — Modern replacement for Netflix Hystrix circuit breaker; recommended alternative for new Spring Cloud projects
• spring-cloud/spring-cloud-commons — Shared Spring Cloud abstractions (DiscoveryClient, ServiceRegistry) that netflix module implements
• spring-cloud/spring-cloud-config — Companion service for centralized configuration in Spring Cloud microservices (often paired with Netflix Eureka)
• netflix/hystrix — Original Netflix Hystrix library; upstream source for spring-cloud-netflix Hystrix integration (deprecated but core to framework)

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add TLS/mTLS integration tests for Eureka client beyond existing test module

The repo has a dedicated spring-cloud-netflix-eureka-client-tls-tests module (visible in file structure) but it appears incomplete. Given that TLS is critical for production Eureka deployments and the module exists but has minimal visible structure, expanding this with comprehensive acceptance tests would provide high value. This fills a specific gap where security-sensitive functionality lacks documented test coverage.

• [ ] Review existing tests in spring-cloud-netflix-eureka-client-tls-tests/src to identify gaps
• [ ] Add test cases for: certificate validation, mTLS handshakes, expired certificates, and certificate chain validation
• [ ] Reference scripts/runAcceptanceTests.sh and integrate new tests into CI pipeline
• [ ] Document test setup in docs/modules/ROOT/pages/ with TLS configuration examples

Create CI workflow to validate Antora documentation build on pull requests

The repo uses Antora (3.2.0-alpha.11) with custom Spring extensions for documentation, and has a deploy-docs.yml workflow, but lacks a PR validation workflow for documentation changes. The README explicitly states it's generated from src/main/asciidoc/, indicating documentation changes are frequent. A pre-merge validation prevents broken documentation from reaching main.

• [ ] Create .github/workflows/docs-validation.yml that runs on PR with path filters for docs/ and src/main/asciidoc/
• [ ] Add antora build step using docs/package.json dependencies
• [ ] Configure to fail on Antora build errors (missing includes, broken cross-references, etc.)
• [ ] Output validation report as GitHub check on PR (similar to ci.yaml workflow)

Add Spring Cloud Netflix specific configuration properties validation tests

The repo generates docs/modules/ROOT/partials/_configprops.adoc (configuration properties documentation) but there's no visible test to ensure configuration metadata matches actual @ConfigurationProperties classes. This prevents stale documentation and catches typos in property names before release.

• [ ] Create test class (e.g., spring-cloud-netflix-core/src/test/java/...ConfigurationPropertiesMetadataTests.java)
• [ ] Use Spring Boot's ConfigurationMetadataRepository to parse META-INF/spring-configuration-metadata.json
• [ ] Validate all @ConfigurationProperties classes in main source have corresponding metadata entries
• [ ] Add test execution to ci.yaml workflow to run on each PR

• Add Spring Boot 3.x compatibility tests and document breaking changes in docs/modules/ROOT/pages/appendix.adoc (Hystrix and Eureka initialization changed in Boot 3)
• Expand Eureka configuration examples in docs/modules/ROOT/pages/spring-cloud-netflix.adoc with multi-instance failover setup (currently only mentions 'embedded server' generically)
• Create migration guide from deprecated Hystrix to Resilience4j circuit breaker in docs/modules/ROOT/pages/ (referenced in intro but no dedicated guide)

The spring-cloud-netflix repository demonstrates a generally solid security posture with a few areas of concern. The primary issue is the use of alpha/beta versions for documentation dependencies, which could introduce unpatched vulnerabilities. The presence of maven-wrapper.jar and potential settings files in version control requires verification that credentials are not exposed. The repository follows good practices with GitHub security workflows, DCO enforcement, and dependabot configuration. Recommendations focus on upgrading documentation dependencies to stable releases, ensuring proper credential management, and maintaining a documented JDK/dependency update policy.

• Medium · Outdated Antora Documentation Dependencies — docs/package.json - antora, @antora/atlas-extension, @asciidoctor/tabs. The antora package is pinned to version 3.2.0-alpha.11, which is an alpha release. Alpha versions may contain unpatched security vulnerabilities and are not recommended for production use. Additionally, other documentation dependencies use alpha/beta versions which may have known security issues. Fix: Update to stable releases of all dependencies. Use npm audit to identify and patch known vulnerabilities. Consider using only stable (non-alpha/beta) versions for documentation tools.
• Low · Maven Wrapper JAR Distribution — .mvn/wrapper/maven-wrapper.jar. The repository contains a maven-wrapper.jar file (.mvn/wrapper/maven-wrapper.jar). While Maven Wrapper is a legitimate tool, JAR files in version control can pose supply chain risks if not properly verified, and may increase the size of clones. Fix: Verify the integrity of the JAR file using SHA checksums. Consider documenting how to validate the Maven Wrapper version. Ensure only trusted JAR files are committed to the repository.
• Low · Potential Credential File Pattern — .settings.xml. The file '.settings.xml' is present in the repository root, which may contain Maven settings including repository credentials. This pattern could lead to accidental credential exposure if not properly gitignored. Fix: Ensure .settings.xml is included in .gitignore. Verify it does not contain plain-text credentials. Use Maven's credential encryption mechanisms or environment variables for authentication instead.
• Low · JDK Version Pin Without Updates Policy — .java-version, README.adoc (JDK version reference). The .java-version file pins JDK version but there is no visible documented policy for updating security patches or end-of-life versions. JDK 17 (as referenced in README) is an LTS release, but version pin files should be regularly reviewed. Fix: Establish a policy for regularly reviewing and updating JDK versions. Document the rationale for the chosen JDK version. Monitor JDK security advisories and update promptly when vulnerabilities are disclosed.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.