Concept
Phases 0-5 are the application-readiness checkpoint: language basics, Spring skeleton, SQL invariants, Hibernate behavior, cross-database testing, hardened API contracts, and security proof.
Task
- Run the hardening and security proof tests.
- Confirm the articles link back to tests, ADRs, and the Swagger artifact.
- Tag phase-5-done.
- Leave observability, CI/CD, and interview mapping for M7.
Run
./gradlew test --tests "*ApiBoundaryArchTest"./gradlew test --tests "*ProblemDetailContractTest"./gradlew test --tests "*SecurityAuthorizationTest"git tag phase-5-doneExpected Result
- The checkpoint clearly says application readiness, not production deployment.
Common Traps
- Calling the system production-ready before observability and deployment exist.
- Skipping the ADRs because tests pass.
- Pulling accounts or hosted grading out of LATER.md.
Hint Ladder
Hint 1
Application-ready means the code shape is ready for the next operational layer.
Hint 2
Security proof is not the same as deployment proof.
Hint 3
The next milestone starts with observability, not another platform feature.
Solution
See docs/milestone-audit.md for the M6 evidence map.
Boot 3 to 4 Delta
Boot 4 and Framework 7 keep Spring Security's filter-chain model recognizable. The course note should compare configuration idioms without changing the credential-transport reasoning.