Code review sweep (run 25255576018)

[otelbot]

Automated code review sweep walked the following modules in order
and stopped after accumulating at least 10 modified files:

• spring-scheduling-3.1:bootstrap
• spring-scheduling-3.1:javaagent
• spring-security-config-6.0:javaagent
• spring-security-config-6.0:library
• spring-web-3.1:library
• spring-web-3.1:testing
• spring-web-6.0:javaagent
• spring-webflux-5.0:javaagent
• spring-webflux-5.0:testing
• spring-webflux-5.0:testing-webflux7
• spring-webflux-5.3:library

---

Module: spring-scheduling-3.1:bootstrap

Module path: instrumentation/spring/spring-scheduling-3.1/bootstrap

Summary

No safe repository-guideline fixes were applied under instrumentation/spring/spring-scheduling-3.1/bootstrap; the reviewed files already conform to the applicable bootstrap, style, and metadata rules.

Applied Changes

No safe automated changes were applied.

Module: spring-scheduling-3.1:javaagent

Module path: instrumentation/spring/spring-scheduling-3.1/javaagent

Summary

Applied and committed one safe repository-guideline fix for spring-scheduling-3.1 javaagent.

Applied Changes

Style

File: SpringSchedulingTest.java:51
Change: Changed the `AutoCleanupExtension cleanup` field to `private static final` and formatted the `@RegisterExtension` declaration on its own line.
Reason: The style guide requires minimal necessary visibility; the field is only used within `SpringSchedulingTest`, matching the existing private `testing` extension field.

Module: spring-security-config-6.0:javaagent

Module path: instrumentation/spring/spring-security-config-6.0/javaagent

Summary

No safe repository-guideline fixes were applied under instrumentation/spring/spring-security-config-6.0/javaagent; the reviewed files were left unchanged.

Applied Changes

No safe automated changes were applied.

Module: spring-security-config-6.0:library

Module path: instrumentation/spring/spring-security-config-6.0/library

Summary

Applied safe review fixes for spring-security-config-6.0 library and committed them in af300afd.

Applied Changes

Correctness

File: EnduserAttributesCapturer.java:85
Change: Treat `GrantedAuthority.getAuthority()` as nullable and skip `null` authority strings before matching role or scope prefixes.
Reason: General correctness and nullability rules require handling concrete nullable flows safely; Spring Security authorities can be unrepresentable as a `String`, and dereferencing `null` would throw before telemetry capture completes.

Testing

File: EnduserAttributesCapturerTest.java:205
Change: Added `allEnabledAndNullAuthority()` regression coverage for a `GrantedAuthority` returning `null`.
Reason: Review workflow requires deterministic fixes to be verifiable; the test exercises the nullable authority path and confirms valid `enduser.*` attributes are still captured.

Module: spring-web-3.1:library

Module path: instrumentation/spring/spring-web/spring-web-3.1/library

Summary

No safe repository-guideline fixes were found for files under instrumentation/spring/spring-web/spring-web-3.1/library; no changes were applied.

Applied Changes

No safe automated changes were applied.

Module: spring-web-3.1:testing

Module path: instrumentation/spring/spring-web/spring-web-3.1/testing

Summary

No safe repository-guideline fixes were applied. Reviewed instrumentation/spring/spring-web/spring-web-3.1/testing/build.gradle.kts, SpringRestTemplateTest.java, and the module metadata.yaml; no deterministic in-scope issues were found.

Applied Changes

No safe automated changes were applied.

Module: spring-web-6.0:javaagent

Module path: instrumentation/spring/spring-web/spring-web-6.0/javaagent

Summary

No safe repository-guideline fixes were applied under instrumentation/spring/spring-web/spring-web-6.0/javaagent; the scoped files already align with the loaded style, javaagent, testing, Gradle, and metadata.yaml review rules.

Applied Changes

No safe automated changes were applied.

Module: spring-webflux-5.0:javaagent

Module path: instrumentation/spring/spring-webflux/spring-webflux-5.0/javaagent

Summary

Applied and committed 4 safe review fixes for spring-webflux-5.0 javaagent in 361aa1fa.

Applied Changes

Build

File: build.gradle.kts:77
Change: Updated `metadataConfig` values to include `=true` for `otel.instrumentation.common.experimental.controller-telemetry.enabled` in default and stable semconv test metadata.
Reason: Gradle conventions require `metadataConfig` to describe active non-default config as `key=value` and match configured `jvmArgs`.

Javaagent

File: DispatcherHandlerInstrumentation.java:47
Change: Removed `onThrowable = Throwable.class` and the unused `@Advice.Thrown` parameter from return-only `HandleAdvice.methodExit`.
Reason: Javaagent advice patterns say exit advice that only processes `@Advice.Return` should omit `onThrowable` while retaining `suppress = Throwable.class`.

Style

File: HandlerCodeAttributesGetter.java:11
Change: Changed `HandlerCodeAttributesGetter` from `public` to package-private.
Reason: The style guide requires minimal necessary visibility; this helper is only used within the package and is not directly referenced from advice.

File: WebfluxSpanNameExtractor.java:13
Change: Changed `WebfluxSpanNameExtractor` from `public` to package-private.
Reason: The style guide requires minimal necessary visibility; this helper is only used within the package and is not directly referenced from advice.

Unresolved Items

File: build.gradle.kts
Reason: Did not keep `assertInverse.set(true)` on `ipc_0.7.0+_with_spring-webflux:5.0.0` because `:muzzle` showed older `reactor-netty` IPC versions unexpectedly pass; tightening the muzzle boundary requires manual landmark or range work before inverse assertion can be enabled.

File: build.gradle.kts
Reason: The experimental controller telemetry flag is configured in `withType<Test>().configureEach` without a dedicated `testExperimental` task; review instructions say not to auto-fix this because isolating it requires broader test expectation gating.

Module: spring-webflux-5.0:testing

Module path: instrumentation/spring/spring-webflux/spring-webflux-5.0/testing

Summary

Applied and committed one safe repository-guideline fix for spring-webflux-5.0/testing.

Applied Changes

General

File: SpringWebFluxTestApplication.java:80
Change: Restored the thread interrupt status with `Thread.currentThread().interrupt()` before rethrowing from the `InterruptedException` catch block.
Reason: Repository review guidance requires engineering correctness and reliability fixes; preserving interrupt status avoids swallowing cancellation/interruption signals.

Module: spring-webflux-5.0:testing-webflux7

Module path: instrumentation/spring/spring-webflux/spring-webflux-5.0/testing-webflux7

Summary

Applied one safe repository-guideline fix in testing-webflux7 and committed it. One broader experimental test-task wiring concern remains manual.

Applied Changes

Build

File: build.gradle.kts:25
Change: Replaced `tasks.withType<Test>().configureEach` with `tasks.test` for the module's default test JVM args.
Reason: `gradle-conventions.md` says modules with only a single explicit `Test` task should use `tasks.test`; implicit `latestDepTest` does not justify `withType<Test>().configureEach`.

Unresolved Items

File: build.gradle.kts
Reason: The module still enables `-Dotel.instrumentation.common.experimental.controller-telemetry.enabled=true` on the default `test` task; `testing-experimental-flags.md` treats unconditional experimental flags as requiring dedicated `testExperimental` wiring, but that broader task/assertion split is not safe to auto-fix without confirming intended coverage.

Module: spring-webflux-5.3:library

Module path: instrumentation/spring/spring-webflux/spring-webflux-5.3/library

Summary

Applied safe repository-guideline fixes in spring-webflux-5.3 library and committed them as 6fc9b42d.

Applied Changes

Style

File: WebfluxServerHttpAttributesGetter.java:69
Change: Renamed unused reflection fallback catch parameters from `e` to `ignored`.
Reason: `knowledge/general-rules.md` catch variable naming says intentionally unused catch parameters should be named `ignored`.

File: HeaderUtil.java:46
Change: Renamed unused optional-probe catch parameters from `t` to `ignored`.
Reason: `knowledge/general-rules.md` catch variable naming reserves `t` for used `Throwable` values and prefers `ignored` for intentionally unused catch parameters.

File: StatusCodes.java:63
Change: Renamed unused reflection lookup catch parameters from `e` to `ignored`.
Reason: `knowledge/general-rules.md` catch variable naming says intentionally unused catch parameters should be named `ignored`; logged catch variables remain `e` because they are used.

File: TestWebfluxSpringBootApp.java:80
Change: Renamed Spring test handler methods from snake_case to lower camel case, keeping route annotations unchanged.
Reason: `docs/contributing/style-guide.md` applies Google Java Style, which requires Java method names to use lower camel case.

---

Download code review diagnostics