Dev

[nitish-egov]

Summary by CodeRabbit

• New Features
  • Added analytics Auth Proxy service with Docker/K8s assets and runtime configs.
  • Beneficiary ID dispatch API supports pagination (limit/offset).
  • Async ID pool generation via Kafka with chunking and configurable padding.
• Improvements
  • Configurable beneficiary ID length; enhanced duplicate/masked ID validation in Individual service.
  • Household: stricter head-of-household validation and clearer errors.
  • Multi-arch Docker builds and manifest publishing; Java 17 Maven base for services.
• Performance
  • Database index added to speed up ID pool queries.
• Documentation
  • Updated CHANGELOGs across modules.
• Chores
  • Version bumps for multiple modules and dependencies.

[coderabbitai]

Actionable comments posted: 18

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 50b170c and 883c626.

⛔ Files ignored due to path filters (1)

• analytics/auth-proxy/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (9)

• analytics/auth-proxy/.dockerignore (1 hunks)
• analytics/auth-proxy/.gitignore (1 hunks)
• analytics/auth-proxy/Dockerfile (1 hunks)
• analytics/auth-proxy/EnvironmentVariables.js (1 hunks)
• analytics/auth-proxy/logger.js (1 hunks)
• analytics/auth-proxy/ops/auth-proxy-deployment.yaml (1 hunks)
• analytics/auth-proxy/ops/auth-proxy-service.yaml (1 hunks)
• analytics/auth-proxy/package.json (1 hunks)
• analytics/auth-proxy/server.js (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (3)

analytics/auth-proxy/logger.js (1)

analytics/auth-proxy/server.js (1)

• logger (2-2)

analytics/auth-proxy/server.js (2)

analytics/auth-proxy/EnvironmentVariables.js (1)

• envVariables (1-21)

analytics/auth-proxy/logger.js (2)

• require (1-1)
• logger (3-8)

analytics/auth-proxy/EnvironmentVariables.js (1)

analytics/auth-proxy/server.js (1)

• envVariables (1-1)

🪛 Checkov (3.2.334)

analytics/auth-proxy/Dockerfile

[LOW] 1-22: Ensure that HEALTHCHECK instructions have been added to container images

(CKV_DOCKER_2)

---

[LOW] 1-22: Ensure that a user for the container has been created

(CKV_DOCKER_3)

analytics/auth-proxy/ops/auth-proxy-deployment.yaml

[MEDIUM] 1-19: Containers should not run with allowPrivilegeEscalation

(CKV_K8S_20)

---

[LOW] 1-19: CPU limits should be set

(CKV_K8S_11)

---

[LOW] 1-19: CPU requests should be set

(CKV_K8S_10)

---

[LOW] 1-19: Apply security context to your containers

(CKV_K8S_30)

---

[LOW] 1-19: The default namespace should not be used

(CKV_K8S_21)

---

[LOW] 1-19: Minimize the admission of containers with the NET_RAW capability

(CKV_K8S_28)

---

[LOW] 1-19: Image should use digest

(CKV_K8S_43)

---

[LOW] 1-19: Image Tag should be fixed - not latest or blank

(CKV_K8S_14)

---

[LOW] 1-19: Liveness Probe Should be Configured

(CKV_K8S_8)

---

[LOW] 1-19: Memory limits should be set

(CKV_K8S_13)

---

[LOW] 1-19: Memory requests should be set

(CKV_K8S_12)

---

[LOW] 1-19: Minimize the admission of containers with capabilities assigned

(CKV_K8S_37)

---

[LOW] 1-19: Apply security context to your pods and containers

(CKV_K8S_29)

---

[LOW] 1-19: Use read-only filesystem for containers where possible

(CKV_K8S_22)

---

[LOW] 1-19: Readiness Probe Should be Configured

(CKV_K8S_9)

---

[MEDIUM] 1-19: Minimize the admission of root containers

(CKV_K8S_23)

---

[LOW] 1-19: Containers should run as a high UID to avoid host conflict

(CKV_K8S_40)

---

[LOW] 1-19: Ensure that the seccomp profile is set to docker/default or runtime/default

(CKV_K8S_31)

---

[LOW] 1-19: Ensure that Service Account Tokens are only mounted where necessary

(CKV_K8S_38)

analytics/auth-proxy/ops/auth-proxy-service.yaml

[LOW] 1-12: The default namespace should not be used

(CKV_K8S_21)

🪛 YAMLlint (1.37.1)

analytics/auth-proxy/ops/auth-proxy-deployment.yaml

[error] 16-16: wrong indentation: expected 8 but found 6

(indentation)

---

[error] 19-19: wrong indentation: expected 10 but found 8

(indentation)

🔇 Additional comments (3)

analytics/auth-proxy/.dockerignore (1)

1-2: Verify .dockerignore for analytics/auth-proxy build context

The .dockerignore in analytics/auth-proxy/ will only apply when you run docker build with that folder as the build context. Our CI workflows (e.g. in .github/workflows/build.yaml using docker buildx build … . from the repo root) won’t pick it up, so files like node-modules/ and yarn.lock under analytics/auth-proxy will still be sent in the context.

Please confirm and adjust your setup by choosing one of the following:

• Add a root-level .dockerignore (at /) including:
  • analytics/auth-proxy/node-modules/*
  • analytics/auth-proxy/yarn.lock
• Or modify your build command to target the subdirectory, e.g.:
  • docker build analytics/auth-proxy/ --file analytics/auth-proxy/Dockerfile …

analytics/auth-proxy/Dockerfile (1)

18-21: Port mismatch risk: Dockerfile uses 8080/3000 vs Kubernetes manifest (3000)

The K8s Deployment (ops/auth-proxy-deployment.yaml) exposes container port 3000. The Dockerfile previously set SERVER_PORT=8080. Please standardize on one port across Dockerfile, EnvironmentVariables.js defaults, and manifests to avoid readiness failures.

If 3000 is the canonical port, keep ENV SERVER_PORT=3000 and EXPOSE 3000 (as in the diff above) and update any manifests accordingly.

analytics/auth-proxy/server.js (1)

17-35: Security: Avoid logging sensitive authentication tokens

Line 19 logs the full URL with the access token as a query parameter, which could expose sensitive credentials in logs.

Apply this diff to remove sensitive data from logs:

-    logger.info("Making User API call to - " + url);
+    logger.info("Making User API call to EGOV user service");

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 11

♻️ Duplicate comments (10)

core-services/beneficiary-idgen/src/main/resources/application.properties (1)

50-50: Validate padding length at startup.

The hard-coded padding length should be validated against sequence configuration to prevent potential ID truncation issues.

Generate a startup validation to ensure the padding length doesn't exceed sequence limits:

#!/bin/bash
# Description: Check for padding length validation in startup code
# Expected: Find validation logic that checks padding length against sequence configuration

ast-grep --pattern $'class $_ {
  $$$
  @PostConstruct
  public void $_() {
    $$$
    padding
    $$$
  }
  $$$
}'

core-services/beneficiary-idgen/src/main/java/org/egov/id/service/RedissonIDService.java (2)

182-182: Race condition in compareAndSet operation.

Similar to the total counter, this compareAndSet operation has a race condition where the previousValue might be stale when the compareAndSet is called.

Apply this diff to fix the race condition:

-        dailyCounter.compareAndSet(previousValue, delta);
+        dailyCounter.set(delta);

Alternatively, implement proper atomic retry logic:

-        long previousValue = dailyCounter.get();
-        long difference = delta;
-        if (increment) {
-            dailyCounter.addAndGet(delta);
-            log.debug("Incremented daily count by {} for  user: {} and device: {}", delta, userId, deviceId);
-        } else {
-            difference -= previousValue;
-            dailyCounter.compareAndSet(previousValue, delta);
-            log.debug("Updated daily count to {} for user: {} and device: {}", delta, userId, deviceId);
-        }
+        long previousValue;
+        long difference = delta;
+        if (increment) {
+            dailyCounter.addAndGet(delta);
+            log.debug("Incremented daily count by {} for  user: {} and device: {}", delta, userId, deviceId);
+        } else {
+            do {
+                previousValue = dailyCounter.get();
+                difference = delta - previousValue;
+            } while (!dailyCounter.compareAndSet(previousValue, delta));
+            log.debug("Updated daily count to {} for user: {} and device: {}", delta, userId, deviceId);
+        }

---

155-155: Race condition in compareAndSet operation.

The compareAndSet operation uses a stale value that might have changed between the get() call and the compareAndSet() call, potentially causing silent failures in concurrent scenarios.

Apply this diff to fix the race condition:

-        totalCounter.compareAndSet(totalCounter.get(), delta);
+        totalCounter.set(delta);

Alternatively, implement proper atomic retry logic:

-        totalCounter.compareAndSet(totalCounter.get(), delta);
+        long currentValue;
+        do {
+            currentValue = totalCounter.get();
+        } while (!totalCounter.compareAndSet(currentValue, delta));

core-services/beneficiary-idgen/src/main/java/org/egov/id/consumer/IdGenerationConsumer.java (1)

74-82: Add validation for incoming message structure.

The method lacks validation for the incoming message before attempting conversion, which could cause runtime exceptions from malformed messages.

Apply this diff to add proper validation:

 @KafkaListener(topics = "${kafka.topics.consumer.bulk.create.topic}")
 public void consumeIDPoolCreationAsyncRequest(Map<String, Object> message) {
     try {
+        if (message == null || message.isEmpty()) {
+            log.error("Received null or empty message for ID pool generation");
+            return;
+        }
         IDPoolGenerationKafkaRequest request = objectMapper.convertValue(message, IDPoolGenerationKafkaRequest.class);
+        if (request.getTenantId() == null || request.getChunkSize() == null) {
+            log.error("Invalid ID pool generation request: missing required fields");
+            return;
+        }
         idGenerationService.handleAsyncIdPoolRequest(request);
     } catch (Exception e) {
         log.error("Failed to process async ID pool generation", e);
     }
 }

health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java (1)

99-103: Fix spacing in error message.

There's a minor spacing issue in the error message string that should be corrected.

-                                "This beneficiary id '" + beneficiaryId + "'is duplicated for multiple individuals");
+                                "This beneficiary id '" + beneficiaryId + "' is duplicated for multiple individuals");

core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdGenerationService.java (2)

73-82: Validate configuration values on initialization.

The configuration values should be validated to ensure they are positive numbers to prevent runtime errors.

Add validation in a @PostConstruct method:

@PostConstruct
public void validateConfiguration() {
    if (MAX_RECORDS_PER_PERSIST_BATCH == null || MAX_RECORDS_PER_PERSIST_BATCH <= 0) {
        throw new IllegalStateException("MAX_RECORDS_PER_PERSIST_BATCH must be a positive integer");
    }
    if (ID_POOL_GENERATION_MAX_SIZE == null || ID_POOL_GENERATION_MAX_SIZE <= 0) {
        throw new IllegalStateException("ID_POOL_GENERATION_MAX_SIZE must be a positive integer");
    }
    if (paddingLength == null || paddingLength <= 0) {
        throw new IllegalStateException("paddingLength must be a positive integer");
    }
}

---

680-680: Add null check for paddingLength.

The paddingLength could be null if the configuration is missing, which would cause a NullPointerException.

-            String seqNumber = String.format("%0" + paddingLength + "d", Long.parseLong(seqId));
+            String seqNumber = String.format("%0" + (paddingLength != null ? paddingLength : 12) + "d", Long.parseLong(seqId));

core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdDispatchService.java (3)

46-47: Use constructor injection for RedissonIDService.

Field injection should be replaced with constructor injection for better testability and consistency with other dependencies.

This was already identified in a previous review comment. The field injection of RedissonIDService should be moved to constructor parameters as suggested previously.

---

92-92: Add validation for pagination parameters.

The method signature has been updated to accept limit and offset parameters, but there's no validation to ensure these values are valid (non-negative).

This validation concern was raised in a previous review and should be addressed by adding checks for negative values at the beginning of the method.

---

96-96: Use a more specific error code.

The generic error code "VALIDATION EXCEPTION" should be replaced with a more descriptive code for better error categorization.

This was already flagged in a previous review comment suggesting to use "MISSING_USER_UUID" instead of the generic "VALIDATION EXCEPTION".

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 883c626 and f2b91a6.

📒 Files selected for processing (20)

• core-services/beneficiary-idgen/src/main/java/org/egov/id/config/PropertiesManager.java (1 hunks)
• core-services/beneficiary-idgen/src/main/java/org/egov/id/consumer/IdGenerationConsumer.java (4 hunks)
• core-services/beneficiary-idgen/src/main/java/org/egov/id/repository/IdRepository.java (5 hunks)
• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdDispatchService.java (7 hunks)
• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdGenerationService.java (7 hunks)
• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/RedissonIDService.java (1 hunks)
• core-services/beneficiary-idgen/src/main/resources/application.properties (2 hunks)
• core-services/beneficiary-idgen/src/main/resources/db/migration/main/V20250730091758__id_pool_indexes.sql (1 hunks)
• health-services/household/CHANGELOG.md (1 hunks)
• health-services/household/pom.xml (1 hunks)
• health-services/household/src/main/java/org/egov/household/Constants.java (1 hunks)
• health-services/household/src/main/java/org/egov/household/household/member/validators/HmHouseholdHeadValidator.java (4 hunks)
• health-services/individual/CHANGELOG.md (1 hunks)
• health-services/individual/pom.xml (1 hunks)
• health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java (1 hunks)
• health-services/individual/src/main/java/org/egov/individual/service/IndividualService.java (3 hunks)
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java (5 hunks)
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java (5 hunks)
• health-services/individual/src/main/resources/application.properties (1 hunks)
• health-services/libraries/health-services-models/src/main/java/org/egov/common/models/idgen/IDPoolGenerationKafkaRequest.java (1 hunks)

🧰 Additional context used

🧠 Learnings (18)

📚 Learning: 2025-05-29T07:14:10.521Z

Learnt from: Sreejit-K
PR: egovernments/health-campaign-services#1577
File: core-services/beneficiary-idgen/src/main/resources/application.properties:32-41
Timestamp: 2025-05-29T07:14:10.521Z
Learning: The ID pool configuration properties in core-services/beneficiary-idgen/src/main/resources/application.properties, including the commented-out `id.pool.seq.code=id.pool.number` line and the `limit.per.user` property naming, are structured according to a specification and should not be modified for cleanup purposes.

Applied to files:

• health-services/individual/src/main/resources/application.properties
• health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java
• core-services/beneficiary-idgen/src/main/java/org/egov/id/repository/IdRepository.java
• core-services/beneficiary-idgen/src/main/resources/application.properties
• core-services/beneficiary-idgen/src/main/java/org/egov/id/config/PropertiesManager.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java
• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdGenerationService.java

📚 Learning: 2025-05-29T06:49:11.877Z

Learnt from: Sreejit-K
PR: egovernments/health-campaign-services#1577
File: core-services/beneficiary-idgen/src/main/resources/application.properties:15-18
Timestamp: 2025-05-29T06:49:11.877Z
Learning: In the beneficiary-idgen service application.properties files, property formatting with spaces around the equals sign (e.g., "key = value") is according to the product specification and should not be changed to "key=value" format.

Applied to files:

• health-services/individual/src/main/resources/application.properties
• core-services/beneficiary-idgen/src/main/resources/application.properties

📚 Learning: 2025-06-13T06:36:26.255Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/config/RedissonProperties.java:9-17
Timestamp: 2025-06-13T06:36:26.255Z
Learning: In the beneficiary-idgen service the team prefers not to add validation annotations (e.g., NotNull, Min) on `ConfigurationProperties` classes; instead they rely on using wrapper types like `Integer` to avoid primitive default values.

Applied to files:

• health-services/individual/src/main/resources/application.properties
• health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java
• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdGenerationService.java

📚 Learning: 2025-02-11T09:43:42.872Z

Learnt from: shubhang-eGov
PR: egovernments/health-campaign-services#1387
File: health-services/referralmanagement/pom.xml:54-54
Timestamp: 2025-02-11T09:43:42.872Z
Learning: Version updates for health-services-models in referral management service require QA verification to ensure no breaking changes between versions.

Applied to files:

• health-services/individual/pom.xml

📚 Learning: 2025-05-29T06:57:18.266Z

Learnt from: Sreejit-K
PR: egovernments/health-campaign-services#1577
File: health-services/libraries/health-services-models/src/main/java/org/egov/common/models/idgen/IDPoolGenerationResponse.java:29-31
Timestamp: 2025-05-29T06:57:18.266Z
Learning: In the IDPoolGenerationResponse class in health-services/libraries/health-services-models, the responseInfo field is intentionally annotated with JsonProperty("RequestInfo") as per the API specification, even though it contains response information. This naming convention is by design and should not be changed.

Applied to files:

• health-services/libraries/health-services-models/src/main/java/org/egov/common/models/idgen/IDPoolGenerationKafkaRequest.java

📚 Learning: 2025-06-17T08:19:51.123Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/repository/RedisRepository.java:38-40
Timestamp: 2025-06-17T08:19:51.123Z
Learning: In the beneficiary-idgen service, null validation for user and device IDs is handled at the model level rather than in individual repository methods like RedisRepository.getKey(). The team prefers centralized validation at service boundaries over defensive programming in internal methods.

Applied to files:

• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/RedissonIDService.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java
• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdDispatchService.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java

📚 Learning: 2025-06-17T09:16:29.026Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java:76-83
Timestamp: 2025-06-17T09:16:29.026Z
Learning: For beneficiary ID validation in Individual service updates: status validation (checking for EXPIRED/REVOKED states) is intentionally not required for update operations as of the current implementation.

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/service/IndividualService.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java

📚 Learning: 2025-06-17T10:06:27.377Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1607
File: health-services/libraries/health-services-common/src/main/java/org/egov/common/utils/ValidatorUtils.java:46-48
Timestamp: 2025-06-17T10:06:27.377Z
Learning: In ValidatorUtils.java, the error message format for getErrorForInvalidEntity method should use "%s not valid %s" format, as this was previously requested in a CodeRabbit review to change from "%s is not valid %s".

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java

📚 Learning: 2025-08-07T06:13:19.244Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1701
File: core-services/beneficiary-idgen/src/main/resources/application.properties:31-36
Timestamp: 2025-08-07T06:13:19.244Z
Learning: In the beneficiary-idgen service application.properties, the batch size limit comment for id.pool.generation.max.records.per.persist.batch (mentioning "Upper limit: 3350" for "default Kafka config") is not actually constrained by Kafka message size settings, despite the comment's wording. The batch size limit is determined by other factors unrelated to Kafka configuration.

Applied to files:

• core-services/beneficiary-idgen/src/main/resources/application.properties
• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdGenerationService.java

📚 Learning: 2025-08-12T08:29:40.299Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1710
File: core-services/beneficiary-idgen/src/main/resources/application.properties:28-30
Timestamp: 2025-08-12T08:29:40.299Z
Learning: In the eGovernments health-campaign-services beneficiary-idgen service, the id.timezone and app.timezone properties in application.properties should be kept as separate configurable properties rather than deriving one from the other, as they may need different values in different environments or deployment scenarios.

Applied to files:

• core-services/beneficiary-idgen/src/main/resources/application.properties
• core-services/beneficiary-idgen/src/main/java/org/egov/id/config/PropertiesManager.java

📚 Learning: 2025-08-07T06:12:03.606Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1701
File: core-services/beneficiary-idgen/src/main/resources/application.properties:41-47
Timestamp: 2025-08-07T06:12:03.606Z
Learning: In the eGovernments health-campaign-services project, dispatch limit properties (like limit.id.user.device.total, limit.id.user.device.per.day) in application.properties files are hardcoded as default/development values but are always overridden in production deployments via DevOps Helm charts, following the same pattern as database credentials and other configuration values.

Applied to files:

• core-services/beneficiary-idgen/src/main/resources/application.properties

📚 Learning: 2025-08-07T04:49:32.905Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1701
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/config/PropertiesManager.java:105-107
Timestamp: 2025-08-07T04:49:32.905Z
Learning: In the eGovernments health-campaign-services project, Kafka topic properties like "kafka.topics.consumer.bulk.create.topic" are configured with default values directly in application.properties files, so adding programmatic defaults in property getter methods is not necessary.

Applied to files:

• core-services/beneficiary-idgen/src/main/resources/application.properties

📚 Learning: 2025-08-12T06:33:19.939Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1709
File: health-services/household/src/main/java/org/egov/household/household/member/validators/HmHouseholdHeadValidator.java:59-63
Timestamp: 2025-08-12T06:33:19.939Z
Learning: In the household validation pipeline, null ID validation is handled by validators that run before HmHouseholdHeadValidator (which has Order(9)). Members with null IDs will have validation errors and be filtered out by the notHavingErrors() filter before reaching the grouping operation.

Applied to files:

• health-services/household/src/main/java/org/egov/household/household/member/validators/HmHouseholdHeadValidator.java

📚 Learning: 2025-08-12T08:28:42.280Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1710
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/config/PropertiesManager.java:24-31
Timestamp: 2025-08-12T08:28:42.280Z
Learning: In the eGovernments health-campaign-services project, timezone properties like "id.timezone" and "app.timezone" are configured with default values directly in application.properties files, following the same pattern as other configuration properties, so adding programmatic fallback defaults in property getter methods is not necessary.

Applied to files:

• core-services/beneficiary-idgen/src/main/java/org/egov/id/config/PropertiesManager.java

📚 Learning: 2024-09-26T11:17:36.420Z

Learnt from: Saloni-eGov
PR: egovernments/health-campaign-services#906
File: health-services/plan-service/src/main/java/digit/config/ServiceConstants.java:189-193
Timestamp: 2024-09-26T11:17:36.420Z
Learning: When reviewing error messages in `ServiceConstants.java`, avoid suggesting changes to make them more descriptive unless specifically requested.

Applied to files:

• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdDispatchService.java

📚 Learning: 2025-04-30T09:53:47.926Z

Learnt from: tanishi-egov
PR: egovernments/health-campaign-services#1526
File: health-services/plan-service/src/main/java/digit/repository/querybuilder/PlanQueryBuilder.java:210-213
Timestamp: 2025-04-30T09:53:47.926Z
Learning: The application's architecture ensures that pagination limit values are validated to be greater than zero before reaching the database query builder in the health-campaign-services project.

Applied to files:

• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdDispatchService.java

📚 Learning: 2025-08-06T09:32:58.145Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1705
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdDispatchService.java:119-133
Timestamp: 2025-08-06T09:32:58.145Z
Learning: In the IdDispatchResponse model (core-services/beneficiary-idgen), the getTotalCount() field represents the size of the current response page (number of IDs returned in the current request), not the total count of all dispatched IDs in the database. This is the intended design of the model.

Applied to files:

• core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdDispatchService.java

📚 Learning: 2025-06-17T09:25:04.040Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java:145-155
Timestamp: 2025-06-17T09:25:04.040Z
Learning: The BeneficiaryIdGenService.searchIdRecord() method in health-services always returns a valid IdDispatchResponse object, never null. It returns empty lists when there are no matches rather than returning null, so null checks on the return value are not necessary.

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java

🧬 Code Graph Analysis (4)

core-services/beneficiary-idgen/src/main/java/org/egov/id/repository/IdRepository.java (1)

core-services/service-request/src/main/java/org/egov/servicerequest/config/Configuration.java (1)

• org (20-72)

core-services/beneficiary-idgen/src/main/java/org/egov/id/consumer/IdGenerationConsumer.java (1)

core-services/service-request/src/main/java/org/egov/servicerequest/config/Configuration.java (1)

• org (20-72)

health-services/household/src/main/java/org/egov/household/household/member/validators/HmHouseholdHeadValidator.java (1)

health-services/household/src/main/java/org/egov/household/utils/CommonUtils.java (1)

• CommonUtils (7-24)

health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java (1)

health-services/project/src/main/java/org/egov/project/validator/beneficiary/ValidatorUtils.java (1)

• ValidatorUtils (14-39)

🪛 LanguageTool

health-services/household/CHANGELOG.md

[grammar] ~5-~5: Use correct spacing
Context: ...be documented in this file. ## 1.2.1 - 2025-08-11 - Resolved household head validation on di...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

---

[grammar] ~7-~7: There might be a mistake here.
Context: ... household head validation on different cases ## 1.2.0 - 2025-04-15 - Enabled multi-sche...

(QB_NEW_EN_OTHER)

health-services/individual/CHANGELOG.md

[grammar] ~3-~3: Use correct spacing
Context: ...be documented in this file. ## 1.2.1 - 2025-08-11 - Added configurability for beneficiary ID...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

---

[grammar] ~5-~5: There might be a mistake here.
Context: ...dded configurability for beneficiary ID size - Fixed validation for duplicate beneficia...

(QB_NEW_EN_OTHER)

---

[grammar] ~6-~6: There might be a mistake here.
Context: ...ed validation for duplicate beneficiary IDs - Added beneficiary idgen update for indiv...

(QB_NEW_EN_OTHER)

---

[grammar] ~7-~7: There might be a problem here.
Context: ...n for duplicate beneficiary IDs - Added beneficiary idgen update for individual update ## 1.2.0 ...

(QB_NEW_EN_MERGED_MATCH)

---

[grammar] ~7-~7: Make sure to use plural and singular nouns correctly
Context: ...beneficiary idgen update for individual update ## 1.2.0 - 2025-03-15 - Enabled multi-sche...

(QB_NEW_EN_OTHER_ERROR_IDS_10)

🔇 Additional comments (50)

health-services/household/pom.xml (1)

8-8: LGTM! Version increment follows semantic versioning.

The patch version bump from 1.2.0 to 1.2.1 is appropriate for bug fixes and aligns with the household head validation improvements described in the changelog.

health-services/household/src/main/java/org/egov/household/Constants.java (1)

46-57: LGTM! Well-structured constant definitions for enhanced validation.

The new constants properly follow the existing naming pattern with paired error codes and messages. They support the comprehensive household head validation scenarios:

• Multi-head detection
• Missing head validation
• Head unassignment prevention

The constants align well with the validation logic implemented in HmHouseholdHeadValidator.java.

health-services/household/src/main/java/org/egov/household/household/member/validators/HmHouseholdHeadValidator.java (8)

8-8: LGTM! Import optimizations align with refactored dependencies.

The imports have been properly updated to reflect the simplified constructor and new validation approach:

• Added CommonUtils and Objects for the new validation logic
• Added Optional for safer null handling
• Added static imports for field constants used in ID extraction

Also applies to: 20-21, 27-27, 34-34

---

44-46: LGTM! Constructor simplification improves maintainability.

Reducing dependencies from three to one (only HouseholdMemberRepository) makes the validator more focused and easier to test. The removed services (HouseholdService and HouseholdMemberEnrichmentService) were likely not essential for head validation logic.

---

55-66: Excellent refactor to per-household validation approach.

The change from per-member to per-household validation is a significant improvement that enables comprehensive household-level checks. The grouping by household ID allows validation of constraints that can only be evaluated at the household level (e.g., ensuring exactly one head per household).

Based on retrieved learnings, null ID validation is properly handled by earlier validators (this runs at Order(9)), so the grouping operation is safe.

---

72-90: LGTM! Multi-head detection with comprehensive error handling.

The validation correctly identifies when a household has more than one head in the request and applies the error to all members in that household. This prevents data inconsistency at the household level.

---

91-109: LGTM! Robust validation for households without heads.

The logic properly checks both request and existing data to ensure every household has exactly one head. The validation correctly handles the case where neither the request nor existing data contains a head for the household.

---

111-129: LGTM! Prevents accidental head unassignment.

The validation correctly prevents unassigning a household head without providing a replacement. The logic uses reflection to match IDs between existing and request data, ensuring the existing head is present in the request when attempting to unassign.

---

131-156: LGTM! Comprehensive head reassignment validation.

The validation handles the complex scenario of head reassignment by:

1. Detecting when a new head is being assigned while an existing head exists
2. Ensuring the existing head is included in the request (likely with isHeadOfHousehold = false)
3. Preventing orphaned head assignments

The boolean logic correctly identifies reassignment scenarios and validates proper workflow.

---

157-163: LGTM! Proper exception handling for tenant validation.

The InvalidTenantIdException handling correctly applies tenant-related errors to all affected household members, maintaining consistency with the framework's error handling patterns.

health-services/individual/pom.xml (1)

8-8: Bumped to 1.2.1: SNAPSHOT dependencies detected & compatibility check required

The quick check reveals three SNAPSHOT dependencies in health-services/individual/pom.xml:

• Line 56: <version>1.1.0-SNAPSHOT</version>
• Line 61: <artifactId>health-services-models</artifactId> / <version>1.0.27-SNAPSHOT</version>
• Line 77: <version>2.9.0-SNAPSHOT</version>

Please ensure:

• These SNAPSHOT versions are intentional for this release and will be published or replaced with GA artifacts before final deployment.
• There are no breaking changes in health-services-models (and any other shared libs used by validators/IDGEN flows) relative to prior releases.
• All downstream modules that consume this artifact are updated to reference version 1.2.1.

health-services/individual/src/main/resources/application.properties (1)

68-68: New required property: ensure it’s provided across all environments

The individual.beneficiary.id.length key is now mandatory at startup (no default value in code). In this repo it only appears in:

• health-services/individual/src/main/resources/application.properties:68
• health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java:93 (@value injection with no fallback)

No profile-specific configs or Helm/CI-CD manifests define it here. Please confirm you’ve added this property to:

• Every application-{profile}.properties or YAML
• Your Helm charts’ values.yaml (or equivalent)
• CI/CD secret stores

to prevent startup failures.

health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java (1)

93-95: Property wiring looks good; wrapper type aligns with team preference

Using Integer for beneficiaryIdLength is consistent with avoiding primitive defaults. No concerns.

health-services/individual/src/main/java/org/egov/individual/service/IndividualService.java (3)

48-48: LGTM!

The import of ObjectUtils is correctly added and utilized in the beneficiary ID filtering logic.

---

298-301: LGTM!

The beneficiary ID update logic correctly mirrors the create path implementation and includes appropriate conditional checks to avoid unnecessary service calls when the list is empty.

---

257-263: Verify consistency with create path beneficiary ID extraction.

The beneficiary ID extraction logic in the update path differs from the create path. The create path uses identifier.getIdentifierId()) directly, while the update path uses Identifier::getIdentifierId. Both approaches should be consistent for maintainability.

Apply this diff to maintain consistency:

-                List<String> beneficiaryIdsToUpdate = individualsToEncrypt.stream()
-                        .flatMap(individual -> Optional.ofNullable(individual.getIdentifiers()).
-                                orElse(Collections.emptyList()).stream())
-                        .filter(identifier -> UNIQUE_BENEFICIARY_ID.equals(identifier.getIdentifierType()))
-                        .map(Identifier::getIdentifierId)
-                        .filter(identifierId -> !ObjectUtils.isEmpty(identifierId) && !identifierId.startsWith("*"))
-                        .toList();
+                List<String> beneficiaryIdsToUpdate = individualsToEncrypt.stream()
+                        .flatMap(individual -> Optional.ofNullable(individual.getIdentifiers())
+                                .orElse(Collections.emptyList())
+                                .stream()
+                                .filter(identifier -> UNIQUE_BENEFICIARY_ID.equals(identifier.getIdentifierType()))
+                                .findFirst()
+                                .stream())
+                        .map(identifier -> String.valueOf(identifier.getIdentifierId()))
+                        .filter(identifierId -> !ObjectUtils.isEmpty(identifierId) && !identifierId.startsWith("*"))
+                        .toList();

Likely an incorrect or invalid review comment.

health-services/libraries/health-services-models/src/main/java/org/egov/common/models/idgen/IDPoolGenerationKafkaRequest.java (1)

1-21: LGTM!

The class is well-designed with appropriate validation annotations and follows standard patterns for Kafka request models. The structure supports chunked ID pool generation effectively.

core-services/beneficiary-idgen/src/main/resources/application.properties (4)

29-29: LGTM!

The addition of app.timezone provides necessary flexibility for application-level time zone configuration separate from ID generation time zone handling.

---

32-37: LGTM!

The new batch sizing configuration properties provide good control over ID pool generation performance. The chunking approach with id.pool.generation.max.size=50000 and persistence batching with max.records.per.persist.batch=1000 should handle large-scale ID generation efficiently.

---

41-48: LGTM!

The new dispatch limit properties provide comprehensive control over ID distribution per user/device with both daily and total limits, including configurable expiration policies.

---

82-82: LGTM!

The addition of kafka.topics.consumer.bulk.create.topic properly supports the new asynchronous ID pool creation workflow.

core-services/beneficiary-idgen/src/main/java/org/egov/id/service/RedissonIDService.java (1)

1-32: LGTM!

The class structure and constructor are well-designed for managing Redis-based ID dispatch counting and limits.

core-services/beneficiary-idgen/src/main/java/org/egov/id/consumer/IdGenerationConsumer.java (2)

5-5: LGTM!

The imports for IDPoolGenerationKafkaRequest and IdGenerationService are correctly added to support the new async ID pool creation functionality.

Also applies to: 9-9

---

31-31: LGTM!

The constructor properly injects and stores the IdGenerationService dependency required for processing async ID pool requests.

Also applies to: 42-45

health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java (3)

64-64: LGTM! Good addition of cross-bulk duplicate detection.

The early duplicate detection via validateDuplicateIDs is a good improvement to catch duplicates across the bulk request before individual validation.

---

84-89: LGTM! Proper handling of masked IDs.

The conditional logic appropriately validates masked IDs using the new isValidMaskedId method and continues processing without further validation for masked IDs, which is the correct behavior.

---

86-86: Include the actual beneficiary ID in error messages for consistency.

Other error messages now include the actual beneficiary ID. For consistency and better traceability, consider updating this error message format as well.

-                            updateError(errorDetailsMap, individual, INVALID_BENEFICIARY_ID, "The masked beneficiary id '" + beneficiaryId + "' is invalid.");
+                            updateError(errorDetailsMap, individual, INVALID_BENEFICIARY_ID, "The masked beneficiary id '" + beneficiaryId + "' is invalid");

Note: Also removed the trailing period to match the format of other error messages in the file.

⛔ Skipped due to learnings

Learnt from: holashchand
PR: egovernments/health-campaign-services#1607
File: health-services/libraries/health-services-common/src/main/java/org/egov/common/utils/ValidatorUtils.java:46-48
Timestamp: 2025-06-17T10:06:27.377Z
Learning: In ValidatorUtils.java, the error message format for getErrorForInvalidEntity method should use "%s not valid %s" format, as this was previously requested in a CodeRabbit review to change from "%s is not valid %s".

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java:76-83
Timestamp: 2025-06-17T09:16:29.026Z
Learning: For beneficiary ID validation in Individual service updates: status validation (checking for EXPIRED/REVOKED states) is intentionally not required for update operations as of the current implementation.

health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java (2)

59-59: LGTM! Good addition of early duplicate detection.

The duplicate validation at the beginning of the validate method is a good practice to catch duplicates across the bulk request before performing more expensive operations.

---

172-187: LGTM! Well-structured duplicate validation logic.

The duplicate detection implementation is clean and efficient:

• Properly filters out masked IDs
• Uses a Set for O(1) duplicate detection
• Logs errors appropriately

core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdGenerationService.java (4)

130-171: LGTM! Well-implemented chunked ID pool generation.

The implementation properly handles:

• Input validation
• Chunking of large batch requests
• Asynchronous processing via Kafka
• Clear response messages for users

The chunking logic ensures system stability by limiting each request to ID_POOL_GENERATION_MAX_SIZE.

---

240-264: LGTM! Robust async handler implementation.

The async handler is well-structured with:

• Proper validation of chunk size
• Clear separation of concerns
• Appropriate error handling and logging

---

295-295: LGTM! Good use of pre-allocated buffer for performance.

Using a pre-allocated buffer with MAX_RECORDS_PER_PERSIST_BATCH capacity is a good optimization to avoid repeated list resizing.

---

566-566: LGTM! Proper timezone handling for date formatting.

Using the user timezone for date formatting ensures consistency with user expectations and resolves potential timezone-related issues.

core-services/beneficiary-idgen/src/main/java/org/egov/id/config/PropertiesManager.java (2)

24-30: LGTM! Clear separation of user and app timezones.

The separation of user and app timezones with distinct getter methods provides flexibility for different timezone requirements across the application.

---

38-102: LGTM! Well-documented configuration methods with sensible defaults.

The new configuration getters are excellent:

• Clear JavaDoc documentation explaining purpose
• Sensible default values
• Consistent naming convention
• Proper type conversions

core-services/beneficiary-idgen/src/main/java/org/egov/id/repository/IdRepository.java (3)

59-83: Excellent implementation of atomic ID allocation!

The new implementation using UPDATE ... RETURNING with FOR UPDATE SKIP LOCKED is a significant improvement:

• Thread-safe: Prevents race conditions through atomic operations
• Deadlock-free: SKIP LOCKED avoids contention
• Efficient: Single round-trip to the database
• Audit-compliant: Properly tracks who allocated the IDs and when

This is a much better approach than the previous SELECT-based implementation.

---

85-133: LGTM! Well-structured query builder with proper timezone handling.

The new query builder method is well-designed:

• Clear separation of concerns with the Tuple return type
• Proper parameterization to prevent SQL injection
• Flexible filtering options
• Good optimization with count query variant

The timezone handling correctly uses both user and app timezones for date boundary calculations.

---

139-156: LGTM! Clean implementation of query execution methods.

The methods properly utilize the query builder and return appropriate results with proper pagination support.

core-services/beneficiary-idgen/src/main/java/org/egov/id/service/IdDispatchService.java (12)

107-107: Log level changed from info to debug appropriately.

The log level change from info to debug for the dispatch request details is appropriate as this is internal operational information that doesn't need to be visible at the default log level.

---

109-112: LGTM: Clear logic for determining total limit.

The code correctly determines the total limit based on whether per-day dispatch limits are enabled, providing clear separation between total and per-day limits.

---

122-133: Good implementation of paginated ID fetching.

The implementation correctly:

1. Fetches paginated results using the new fetchAllUserDeviceIds method
2. Handles Redis count synchronization when there's a mismatch
3. Calculates fetch limits appropriately with Math.max(0, ...) to prevent negative values
4. Sets all required response fields

---

130-130: Fetch limit calculation prevents negative values.

The use of Math.max(0, ...) in the fetch limit calculation correctly addresses the concern from a previous review about preventing negative values when pagination parameters exceed the total count.

---

137-138: Clear logic for remaining count calculation.

The code correctly calculates the remaining count and fetch count, using the minimum of remaining count and requested count to prevent over-allocation.

---

142-145: Improve error message specificity.

The error handling has been improved to include the requested fetchCount and tenantId in both the log and exception message, providing better debugging information.

---

169-169: Method signature supports pagination effectively.

The updated method signature fetchAllUserDeviceIds(IdDispatchRequest request, Integer limit, Integer offset, boolean restrictToday) properly supports pagination and the restrict-to-today feature.

---

176-176: Appropriate log level for internal tracing.

The change to log.trace is appropriate for detailed internal state tracking that's typically only needed during debugging.

---

179-187: Database-backed ID retrieval with proper pagination.

The transition from Redis-based caching to database-backed ID retrieval with proper pagination support is well-implemented. The method now returns both the results and total count as a Tuple.

---

276-276: Appropriate log level for internal operations.

The change from debug to trace level for enrichment logging is appropriate as this represents very detailed internal operation tracking.

---

118-118: No action needed on getUserDeviceDispatchedIDRemaining invocation

The method in RedissonIDService is declared as:

public long getUserDeviceDispatchedIDRemaining(
    String tenantId,
    String userId,
    String deviceId,
    boolean validateCount,
    boolean allowToday
) throws CustomException { … }

Your calls at lines 118 and 137 pass exactly two boolean arguments—first for validateCount, second for allowToday—so they match the method signature. No changes are required here.

---

140-140: fetchUnassigned is already an atomic, thread-safe operation
The fetchUnassigned implementation in IdRepository.java uses a single UPDATE … WHERE id IN (SELECT … FOR UPDATE SKIP LOCKED) RETURNING p.* statement. This ensures that:

• Rows are locked and skipped if already claimed by another transaction.
• Status and audit fields are updated in the same statement that returns the newly dispatched IDs.

No further changes are needed.

[coderabbitai]

Actionable comments posted: 20

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java (1)

68-70: Guard against null BeneficiaryIdGenService before remote lookup

beneficiaryIdGenService is nullable; calling into IDGEN without a guard risks NPE if integration is disabled.

-        // Retrieve existing ID records for the individuals
-        Map<String, IdRecord> idRecordMap = IdPoolValidatorForCreate
-                .getIdRecords(beneficiaryIdGenService, individuals, null, request.getRequestInfo());
+        // Retrieve existing ID records for the individuals
+        if (beneficiaryIdGenService == null) {
+            log.warn("BeneficiaryIdGenService unavailable; skipping beneficiary ID validation for update");
+            return errorDetailsMap;
+        }
+        Map<String, IdRecord> idRecordMap = IdPoolValidatorForCreate
+                .getIdRecords(beneficiaryIdGenService, individuals, null, request.getRequestInfo());

♻️ Duplicate comments (5)

analytics/auth-proxy/package.json (3)

1-5: Mark package as private and declare supported Node runtime (align with Docker base).

Prevents accidental publish and communicates runtime expectations. Given Node 18 is EOL, prefer Node 20+ unless your Dockerfile pins something else—align both.

 {
   "name": "auth-proxy",
   "version": "1.0.0",
+  "private": true,
   "description": "",
   "main": "server.js",
+  "engines": {
+    "node": ">=20"
+  },

---

6-10: Make debug script cross-platform (remove Bash-specific parameter expansion).

The current start:debug relies on Bash expansion and won’t work on Windows shells or some CI environments.

   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
     "start": "node server.js",
-    "start:debug": "node ${DEBUG_ENABLED:+--inspect=0.0.0.0:9229} server.js"
+    "start:debug": "node --inspect=0.0.0.0:9229 server.js"
   },

---

13-22: Remove deprecated/duplicate HTTP clients and upgrade Express; consider dropping deasync.

• request and request-promise are deprecated; use axios (already present).
• express 4.17.1 is outdated; pick up 4.19.x fixes.
• Keep either http-proxy or express-http-proxy, not both (unless both are genuinely used).
• deasync blocks the event loop and requires native builds; avoid in servers unless absolutely necessary.

   "dependencies": {
-    "axios": "^1.6.8",
-    "deasync": "^0.1.29",
-    "express": "^4.17.1",
-    "express-http-proxy": "^1.6.2",
-    "http-proxy": "^1.18.1",
-    "request": "^2.88.2",
-    "request-promise": "^4.2.6",
-    "winston": "^3.13.0"
+    "axios": "^1.6.8",
+    "express": "^4.19.0",
+    "express-http-proxy": "^1.6.3",
+    "winston": "^3.13.0"
   }

If you truly need low-level proxy control, keep http-proxy and remove express-http-proxy instead—mirror that choice here and in server.js.

core-services/beneficiary-idgen/CHANGELOG.md (1)

6-11: Polish wording, capitalization, and terminology for consistency.

Unify “ID” capitalization, prefer “DB queries,” and keep bullet capitalization consistent.

Apply this diff:

-- Changed dispatch user id flow with DB query
-- Updated Redis usage with Redisson
-- Fixed max limit reached issue for user device per day
-- upgraded health-services-models to 1.0.28
-- upgraded health-services-common to 1.1.0
-- Enhanced beneficiary id generation flow to work in async manner
+- Changed dispatch-user-ID flow to DB queries
+- Replaced direct Redis usage with the Redisson client
+- Fixed “max limit reached” issue per user device per day
+- Upgraded health-services-models to 1.0.28
+- Upgraded health-services-common to 1.1.0
+- Enhanced beneficiary ID generation flow to work in asynchronous manner

health-services/project-factory/Dockerfile (1)

11-11: WORK_DIR without default is acceptable here; consider explicit early failure for better DX

Per repo convention, leaving WORK_DIR unset by default enforces CI discipline. To surface a clearer error than a failing COPY, add a quick guard:

# Early validation (optional)
RUN test -f "${WORK_DIR}/package.json" || (echo "Missing WORK_DIR or package.json at ${WORK_DIR}" >&2; exit 1)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f2b91a6 and d4c6c76.

📒 Files selected for processing (12)

• .github/workflows/build.yaml (3 hunks)
• analytics/auth-proxy/package.json (1 hunks)
• build/build-config.yml (12 hunks)
• build/maven/Dockerfile (1 hunks)
• core-services/beneficiary-idgen/CHANGELOG.md (1 hunks)
• health-services/household/CHANGELOG.md (1 hunks)
• health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java (1 hunks)
• health-services/individual/src/main/java/org/egov/individual/service/IndividualService.java (4 hunks)
• health-services/individual/src/main/java/org/egov/individual/util/BeneficiaryIdGenUtil.java (2 hunks)
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java (5 hunks)
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java (5 hunks)
• health-services/project-factory/Dockerfile (2 hunks)

🧰 Additional context used

🧠 Learnings (15)

📓 Common learnings

Learnt from: Priyanka-eGov
PR: egovernments/health-campaign-services#902
File: health-services/plan-service/src/main/java/digit/service/validator/PlanConfigurationValidator.java:553-553
Timestamp: 2024-10-08T20:11:07.772Z
Learning: The plan-service project is using Java 17.

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: health-services/individual/src/main/java/org/egov/individual/service/IndividualService.java:158-166
Timestamp: 2025-06-17T08:53:38.146Z
Learning: The individual service in the health-campaign-services project is using Java 17.

📚 Learning: 2025-06-13T06:36:26.255Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/config/RedissonProperties.java:9-17
Timestamp: 2025-06-13T06:36:26.255Z
Learning: In the beneficiary-idgen service the team prefers not to add validation annotations (e.g., NotNull, Min) on `ConfigurationProperties` classes; instead they rely on using wrapper types like `Integer` to avoid primitive default values.

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java
• health-services/individual/src/main/java/org/egov/individual/util/BeneficiaryIdGenUtil.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java

📚 Learning: 2025-05-29T07:14:10.521Z

Learnt from: Sreejit-K
PR: egovernments/health-campaign-services#1577
File: core-services/beneficiary-idgen/src/main/resources/application.properties:32-41
Timestamp: 2025-05-29T07:14:10.521Z
Learning: The ID pool configuration properties in core-services/beneficiary-idgen/src/main/resources/application.properties, including the commented-out `id.pool.seq.code=id.pool.number` line and the `limit.per.user` property naming, are structured according to a specification and should not be modified for cleanup purposes.

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java

📚 Learning: 2025-08-12T13:13:00.796Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1685
File: build/maven-java17/Dockerfile:21-23
Timestamp: 2025-08-12T13:13:00.796Z
Learning: The build/maven-java17/Dockerfile has been tested and confirmed to work for builds, including the dos2unix command in the amazoncorretto:17-alpine runtime image.

Applied to files:

• build/maven/Dockerfile
• build/build-config.yml

📚 Learning: 2025-06-17T08:19:51.123Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/repository/RedisRepository.java:38-40
Timestamp: 2025-06-17T08:19:51.123Z
Learning: In the beneficiary-idgen service, null validation for user and device IDs is handled at the model level rather than in individual repository methods like RedisRepository.getKey(). The team prefers centralized validation at service boundaries over defensive programming in internal methods.

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/util/BeneficiaryIdGenUtil.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java

📚 Learning: 2025-06-17T09:19:30.128Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/validators/IdPoolValidatorForUpdate.java:60-70
Timestamp: 2025-06-17T09:19:30.128Z
Learning: The idRepo.findByIDsAndStatus method in the beneficiary-idgen service does not return null - it returns an empty list when no records are found, following typical Spring JDBC repository patterns.

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/util/BeneficiaryIdGenUtil.java

📚 Learning: 2025-06-17T09:25:04.040Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java:145-155
Timestamp: 2025-06-17T09:25:04.040Z
Learning: The BeneficiaryIdGenService.searchIdRecord() method in health-services always returns a valid IdDispatchResponse object, never null. It returns empty lists when there are no matches rather than returning null, so null checks on the return value are not necessary.

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/util/BeneficiaryIdGenUtil.java

📚 Learning: 2025-08-12T13:12:27.755Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1685
File: build/maven-java17/Dockerfile:2-9
Timestamp: 2025-08-12T13:12:27.755Z
Learning: In the build/maven-java17/Dockerfile, the ARG WORK_DIR is intentionally left without a default value. This is a deliberate design choice to ensure builds fail if WORK_DIR is not explicitly provided, preventing accidental builds with wrong source paths and ensuring the build process is explicit and intentional.

Applied to files:

• health-services/project-factory/Dockerfile
• build/build-config.yml

📚 Learning: 2025-08-14T07:05:44.663Z

Learnt from: Sreejit-K
PR: egovernments/health-campaign-services#1640
File: .github/workflows/build.yaml:140-140
Timestamp: 2025-08-14T07:05:44.663Z
Learning: In the health-campaign-services repository, the team prefers to keep DB_DOCKERFILE assignment pointing to the work directory-based path (work-dir/Dockerfile) rather than reading from a dedicated dockerfile field in the build configuration.

Applied to files:

• health-services/project-factory/Dockerfile
• build/build-config.yml

📚 Learning: 2025-06-13T09:07:10.882Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: health-services/libraries/health-services-models/CHANGELOG.md:9-10
Timestamp: 2025-06-13T09:07:10.882Z
Learning: Changelog markdown files in this repository intentionally omit blank lines around headings and lists; markdownlint spacing nitpicks (MD022, MD032) should be ignored in future reviews.

Applied to files:

• core-services/beneficiary-idgen/CHANGELOG.md
• health-services/household/CHANGELOG.md

📚 Learning: 2025-06-17T10:24:19.054Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1607
File: core-services/beneficiary-idgen/src/main/java/org/egov/id/service/MdmsService.java:115-117
Timestamp: 2025-06-17T10:24:19.054Z
Learning: User holashchand prefers CodeRabbit to suggest only product-necessary changes (critical bugs, security issues, functional correctness, breaking changes) rather than minor optimizations like LinkedList vs ArrayList, as these cause delivery delays. Focus on impactful suggestions that affect product functionality rather than micro-optimizations.

Applied to files:

• core-services/beneficiary-idgen/CHANGELOG.md
• .github/workflows/build.yaml

📚 Learning: 2025-06-17T09:16:29.026Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java:76-83
Timestamp: 2025-06-17T09:16:29.026Z
Learning: For beneficiary ID validation in Individual service updates: status validation (checking for EXPIRED/REVOKED states) is intentionally not required for update operations as of the current implementation.

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/service/IndividualService.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java

📚 Learning: 2025-06-17T10:06:27.377Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1607
File: health-services/libraries/health-services-common/src/main/java/org/egov/common/utils/ValidatorUtils.java:46-48
Timestamp: 2025-06-17T10:06:27.377Z
Learning: In ValidatorUtils.java, the error message format for getErrorForInvalidEntity method should use "%s not valid %s" format, as this was previously requested in a CodeRabbit review to change from "%s is not valid %s".

Applied to files:

• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java
• health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForCreate.java

📚 Learning: 2025-06-17T08:53:38.146Z

Learnt from: holashchand
PR: egovernments/health-campaign-services#1599
File: health-services/individual/src/main/java/org/egov/individual/service/IndividualService.java:158-166
Timestamp: 2025-06-17T08:53:38.146Z
Learning: The individual service in the health-campaign-services project is using Java 17.

Applied to files:

• build/build-config.yml

📚 Learning: 2024-10-08T20:11:07.772Z

Learnt from: Priyanka-eGov
PR: egovernments/health-campaign-services#902
File: health-services/plan-service/src/main/java/digit/service/validator/PlanConfigurationValidator.java:553-553
Timestamp: 2024-10-08T20:11:07.772Z
Learning: The plan-service project is using Java 17.

Applied to files:

• build/build-config.yml

🪛 LanguageTool

core-services/beneficiary-idgen/CHANGELOG.md

[grammar] ~4-~4: Use correct spacing
Context: ...ted in this file. ## 1.1.0 - 2025-07-23 - Changed dispatch user id flow with DB qu...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

---

[grammar] ~6-~6: There might be a mistake here.
Context: ...0 - 2025-07-23 - Changed dispatch user id flow with DB query - Updated Redis usag...

(QB_NEW_EN_OTHER)

---

[grammar] ~6-~6: There might be a mistake here.
Context: ...nged dispatch user id flow with DB query - Updated Redis usage with Redisson - Fixe...

(QB_NEW_EN_OTHER)

---

[grammar] ~7-~7: There might be a mistake here.
Context: ...uery - Updated Redis usage with Redisson - Fixed max limit reached issue for user d...

(QB_NEW_EN_OTHER)

---

[grammar] ~10-~10: Use proper capitalization
Context: ...upgraded health-services-common to 1.1.0 - Enhanced beneficiary id generation flow ...

(QB_NEW_EN_OTHER_ERROR_IDS_6)

---

[grammar] ~11-~11: There might be a mistake here.
Context: ...-common to 1.1.0 - Enhanced beneficiary id generation flow to work in async manner...

(QB_NEW_EN_OTHER)

---

[grammar] ~11-~11: There might be a mistake here.
Context: ... beneficiary id generation flow to work in async manner ## 1.0.0 - 2025-04-29 - ...

(QB_NEW_EN)

---

[grammar] ~11-~11: There might be a mistake here.
Context: ... generation flow to work in async manner ## 1.0.0 - 2025-04-29 - Added APIs for gen...

(QB_NEW_EN_OTHER)

health-services/household/CHANGELOG.md

[grammar] ~5-~5: Use correct spacing
Context: ...ted in this file. ## 1.2.1 - 2025-08-11 - Enhanced household head validation to ha...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

---

[grammar] ~7-~7: Use correct spacing
Context: ...t scenarios, and improved error handling ## 1.2.0 - 2025-04-15 - Enabled multi-sche...

(QB_NEW_EN_OTHER_ERROR_IDS_5)

🪛 YAMLlint (1.37.1)

.github/workflows/build.yaml

[warning] 4-4: truthy value should be one of [false, true]

(truthy)

---

[error] 72-72: too many spaces after colon

(colons)

---

[error] 75-75: too many spaces after colon

(colons)

---

[error] 76-76: too many spaces after colon

(colons)

---

[error] 77-77: too many spaces after colon

(colons)

---

[error] 78-78: too many spaces after colon

(colons)

---

[error] 79-79: too many spaces after colon

(colons)

---

[error] 97-97: trailing spaces

(trailing-spaces)

---

[error] 100-100: trailing spaces

(trailing-spaces)

---

[error] 104-104: trailing spaces

(trailing-spaces)

---

[error] 107-107: trailing spaces

(trailing-spaces)

---

[error] 112-112: trailing spaces

(trailing-spaces)

---

[error] 120-120: trailing spaces

(trailing-spaces)

---

[error] 128-128: trailing spaces

(trailing-spaces)

---

[error] 132-132: trailing spaces

(trailing-spaces)

---

[error] 137-137: trailing spaces

(trailing-spaces)

---

[error] 141-141: trailing spaces

(trailing-spaces)

---

[error] 147-147: trailing spaces

(trailing-spaces)

---

[error] 156-156: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

---

[error] 175-175: trailing spaces

(trailing-spaces)

🪛 actionlint (1.7.7)

.github/workflows/build.yaml

250-250: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

256-256: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

264-264: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

342-342: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (12)

health-services/household/CHANGELOG.md (1)

7-7: Changelog entry is clear and specific—good improvement over the earlier vague text.

The scope (multi-head detection, assignment/unassignment checks, error handling) is now explicit and actionable for integrators.

core-services/beneficiary-idgen/CHANGELOG.md (1)

9-10: I’ve run a deeper inspection of the POM to find where these dependencies and their versions are declared. Let me know if you see conflicting version properties or inheritance that needs manual confirmation.

build/maven/Dockerfile (2)

8-8: Path update for start.sh looks fine; verify file presence

COPY build/maven/start.sh ./start.sh aligns with the repo move. Please confirm the file exists at that path to avoid build-time failures.

You can quickly verify during CI with:

# Optional, just before the COPY (during troubleshooting)
# RUN test -f build/maven/start.sh

---

11-11: Re-enabling tests is a good call; watch for JDK8-only modules

Running mvn package without -DskipTests is safer. Since this Dockerfile uses JDK 8 (both build and runtime), ensure only Java 8 services reference this path; Java 17 services should point to build/maven-java17/Dockerfile (as updated in build-config.yml).

build/build-config.yml (1)

341-345: Confirmed: Dockerfiles Exist and Build Context Is Correct

• Verified that health-services/project-factory/Dockerfile and health-services/project-factory/migration/Dockerfile both exist in the repository.
• The migration entry’s work-dir: "health-services/project-factory/migration" correctly sets the Docker build context for the database migrations.

No further changes required here—this section is ready to merge.

.github/workflows/build.yaml (4)

91-155: Env resolution and DB dockerfile derivation match team convention

DB_DOCKERFILE is intentionally derived as "$DB_WORK_DIR/Dockerfile" instead of reading a field from the config, which matches the team's stated preference. The guard that errors when no single pipeline is matched is also good.

---

282-295: DB image build correctly uses scoped context

Good use of the DB work-dir as the build context. This keeps contexts lean and cache-friendly.

---

171-179: Minor: Summary label typo (“Application” vs DB) fixed elsewhere; current block is correct

Current DB summary echoes DB_DOCKERFILE; earlier nitpicks were addressed. LGTM.

---

230-242: Invalid runner label for ARM build – jobs will not start

ubuntu-24.04-arm is not a valid GitHub-hosted runner label. Use ubuntu-24.04-arm64 (or ubuntu-22.04-arm64) for ARM, or a self-hosted label if applicable. As-is, ARM jobs will queue indefinitely and then fail.

-          - arch: arm64
-            platform: linux/arm64
-            runner: ubuntu-24.04-arm
+          - arch: arm64
+            platform: linux/arm64
+            runner: ubuntu-24.04-arm64

Likely an incorrect or invalid review comment.

health-services/individual/src/main/java/org/egov/individual/config/IndividualProperties.java (2)

93-97: Config toggle + required length look good; aligns with the new integration path

• The guarded boolean with a default false is appropriate for safely disabling IDGEN integration.
• Keeping individual.beneficiary.id.length required via Integer (no default) matches the team’s preference to avoid silent defaults in config.

---

96-97: Ensure individual.beneficiary.id.length Is Defined in All Deployment Configs

I confirmed that the property is indeed present in the default application properties:

• health-services/individual/src/main/resources/application.properties:68 → individual.beneficiary.id.length=12

However, I did not find this key in any Helm chart values*.yaml or other Kubernetes/config-map overlays. If it’s missing from your environment-specific configs, the service will fail at startup due to the unresolved @Value placeholder.

Please verify and, if necessary, add individual.beneficiary.id.length to:

• Your Helm chart values.yaml (and any environment-specific overrides)
• Kubernetes ConfigMaps or Secrets used in each overlay
• Any other custom property files or profiles (e.g., application-<profile>.properties or .yaml)

This will prevent unexpected startup failures in non-default environments.

health-services/individual/src/main/java/org/egov/individual/validators/IdPoolValidatorForUpdate.java (1)

142-153: Masked ID validation: boundary check is correct and concise

Good job adding a length guard and verifying last 4 digits numeric. This prevents StringIndexOutOfBoundsException and enforces the configured length.