API Revision Deployment Monitoring

[BiyonFernando]

Purpose

This PR include implementation of API Revision Deployment Monitoring. The breakdown of the implementation is as bellow

Healthcheck implementation

• Rest API implementation with the logic
• Persist data to the database
• logic to invoke API from Gateway
   

Revision deployment status implementation

• Rest API implementation with the logic
• Persist data to the database
• logic to invoke API from Gateway
   

Cleanup logic implementation

 

Publisher Portal Related implementation

• Publisher Rest API implementation
• Data retrival for the Rest APIs
   

Admin Portal

• Admin Rest APIs with the logic
• Data retrival

[coderabbitai]

📝 Walkthrough

## Walkthrough

This change set introduces a comprehensive gateway instance and deployment status management feature to the API Management system. It adds new database tables, DAO classes, configuration options, REST API endpoints, and supporting logic for gateway registration, heartbeat, status notification, and cleanup. The implementation spans backend Java classes, REST APIs, OpenAPI specifications, configuration files, and SQL schema scripts, enabling real-time gateway monitoring, deployment status tracking, and administrative visibility into gateway environments.

## Changes

| Cohort / File(s) | Change Summary |
|---|---|
| **Gateway Instance & Deployment Status DB Schema**<br>`features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/*` | Added `AM_GW_INSTANCES`, `AM_GW_INSTANCE_ENV_MAPPING`, and `AM_GW_REVISION_DEPLOYMENT` tables to all supported RDBMS scripts for gateway instance tracking, environment mapping, and deployment status. |
| **Gateway Notification & Cleanup Configuration**<br>`features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json`,<br>`features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json`,<br>`features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2` | Introduced new configuration keys and XML sections for gateway notification, heartbeat, deployment acknowledgement, registration, and cleanup. Updated unit mappings for new config keys. |
| **Gateway Notification Configuration DTO**<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java` | Added a new DTO with nested classes to encapsulate gateway notification and cleanup configuration parameters. |
| **API Manager Configuration Parsing**<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java` | Extended to parse and expose `GatewayNotificationConfiguration` from XML. |
| **Gateway Management DAO**<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java` | Added new DAO for gateway instance and deployment record CRUD, heartbeat, status updates, and cleanup operations. |
| **Gateway Revision Deployment Stats DAO**<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java`,<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java` | Moved and extended logic for merging revision deployment DTOs to include gateway deployment statistics. Added new SQL queries for deployment stats and live gateway counts. |
| **APIRevisionDeployment Model & DTO Mapping**<br>`components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java`,<br>`components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java` | Added integer fields for live, deployed, and failed gateway counts; updated DTO mapping to include these fields. |
| **Publisher API OpenAPI Spec**<br>`components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml`,<br>`components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml` | Extended `APIRevisionDeployment` schema with new gateway count properties. |
| **Gateway Notification & Deployment Status REST APIs**<br>`components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml`,<br>`components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/webapp/WEB-INF/web.xml`,<br>`components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java`,<br>`components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java` | Added new REST endpoints and implementations for gateway registration, heartbeat, and deployment status notification. Updated OpenAPI spec and web.xml to expose new APIs. |
| **Gateway Notification Internal Logic**<br>`components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java`,<br>`components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java` | Introduced singleton classes for gateway registration, heartbeat, and deployment status notification to event hub. |
| **Gateway Notification Integration**<br>`components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayStartupListener.java`,<br>`components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java`,<br>`components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java` | Integrated notification logic into gateway startup, JMS event handling, and in-memory API deployer for deployment/undeployment events and reconnects. |
| **Gateway Registration Status Tracking**<br>`components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/DataHolder.java` | Added enum and fields to track gateway registration/acknowledgment state and gateway ID. |
| **Admin API: Gateway Instance Listing**<br>`components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java`,<br>`components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml`,<br>`components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml` | Added new GET endpoint and implementation to list gateway instances for an environment. Extended OpenAPI specs with new schemas. |
| **API Constants**<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java` | Added constants for gateway notification, registration, heartbeat, deployment status, and cleanup configuration. |
| **Gateway Validation Scheduler**<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java`,<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java` | Added scheduler for periodic cleanup/expiration of gateway instances based on heartbeat. Integrated scheduler lifecycle with APIManagerComponent. |
| **Utility Method Removal**<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java` | Removed `mergeRevisionDeploymentDTOs` utility, logic now resides in DAO. |
| **Gateway Module Build**<br>`components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml` | Added Maven compiler plugin config for Java 9 source/target. |
| **Gateway Listener Test Update**<br>`components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java` | Added static mocking for `DeploymentStatusNotifier` in test setup. |
| **Internal API Spec Checksum**<br>`components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256` | Updated SHA-256 checksum for modified OpenAPI spec. |
| **APIUtil Method Access Modifier**<br>`components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java` | Changed `getLocalAddress()` method from private to public static for external usage. |

## Sequence Diagram(s)

```mermaid
sequenceDiagram
    participant Gateway
    participant GatewayNotifier
    participant EventHub (Control Plane)
    participant GatewayManagementDAO
    participant DB

    Note over Gateway: Startup or reconnect
    Gateway->>GatewayNotifier: registerGateway()
    GatewayNotifier->>EventHub: POST /notify-gateway (REGISTER)
    EventHub->>GatewayManagementDAO: insert/update gateway instance
    GatewayManagementDAO->>DB: Write gateway record
    EventHub-->>GatewayNotifier: Response (REGISTERED/ACKNOWLEDGED)

    Note over Gateway: Periodic heartbeat
    Gateway->>GatewayNotifier: startHeartbeat()
    GatewayNotifier->>EventHub: POST /notify-gateway (HEARTBEAT)
    EventHub->>GatewayManagementDAO: updateGatewayHeartbeat()
    GatewayManagementDAO->>DB: Update last_updated
    EventHub-->>GatewayNotifier: Response (ACKNOWLEDGED)

    Note over Gateway: API deployment event
    Gateway->>DeploymentStatusNotifier: submitDeploymentStatus(apiId, revisionId, success, ...)
    DeploymentStatusNotifier->>EventHub: POST /notify-api-deployment-status
    EventHub->>GatewayManagementDAO: insert/update deployment record
    GatewayManagementDAO->>DB: Write deployment status
    EventHub-->>DeploymentStatusNotifier: Response (success/error)

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~90+ minutes

Suggested reviewers

• tgtshanika
• chamilaadhi
• tharindu1st
• npamudika
• Krishanx92
• RakhithaRR
• Arshardh
• dushaniw
• HeshanSudarshana

</details>

<!-- walkthrough_end -->
<!-- This is an auto-generated comment: all tool run failures by coderabbit.ai -->

> [!WARNING]
> There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.
> 
> <details>
> <summary>🔧 ast-grep (0.38.6)</summary>
> 
> <details>
> <summary>components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java</summary>
> 
> 
> 
> </details>
> 
> <details>
> <summary>components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java</summary>
> 
> 
> 
> </details>
> 
> <details>
> <summary>components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java</summary>
> 
> 
> 
> </details>
> 
> </details>

<!-- end of auto-generated comment: all tool run failures by coderabbit.ai -->

<!-- announcements_start -->

> [!NOTE]
> <details open="true">
> <summary>⚡️ Unit Test Generation is now available in beta!</summary>
> 
> Learn more [here](https://docs.coderabbit.ai/finishing-touches/unit-test-generation), or try it out under "Finishing Touches" below.
> 
> </details>

<!-- announcements_end -->
<!-- internal state start -->


<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKNwSPbABsvkCiQBHbGlcSHFcLzpIACIAQSsASUgbEgkkeHwsABESbi98WTYMUIBZTPV8CngMImjIOUhsREpIACF4WUyAMUoMTFp8FGKKRWwGaXQFZl4SWDJESQ94acii3GoMrAAzSshmcoIqmsh4pP80hczIJTyCtcQNGDnGWExSZGqGL2wle1TlXwAaxI8iY00y7EQHCMUAAVLCABIkNBeXCwBhzBiAyAJFYkNYbTIceFPVDVCT4LxSZAMfwbY42ACiAGVoCdEsgAO7qWBhZ7kcaIRDOeT5IjwBhhQbcSg7CjMSBzFFol6iQGIAA0PEoC0Q4mOaI8StRvIxauu1DQUr5HloloEaGaWv6QwpgOqRHZCWQWxGCsNkAA4tQSJy0LINDDIPCUhdNpAcrdCuxIMz1rgmji8QTxESSczlvAvM5rQHjWizVitWiyRgvj8JkzWV6uTzIGKJaWqFibddcvlk8V7OnM/gtl6/Kl0plNRb1g7mtqKLqaHWPGO+ag7etnRh6OT8AxCVgN6cfX7e8GaGGI1H4QBhSKYbDcSAAGXw4sluLy+PYx+JWEng8Wx0FoWhkA7SUCEVfpIkYJ8MBfHgRkFZpZzRfBsCIXlEBlBh4C2TslHWItkGcDwMHwUISGLARKhDWhIwMOFYSsbABC8JA5j4KxKnWXwUmLGh6B/VZ/1zDBANJD462+JRkADJQpHybg1n4cd2M47iWibNkz3QPdezYDFMCQZgfV2bcrX8XAqlSFE+RGbDeUNRcz2Y1jYloZhqmsfiUWk9xrDsFFEEGNBwOQbzfKwPSW3QfJjm5FUAygwz6Gsyc7PgBzfCPbgVCLdRcuQAVpGFFxIDlPYDkqD0Mr2TA0HFY5TknOMrhuAd7mYgB5KQqB8atnlA7QLOtXh8DSX4rS2bwvDAPU0B7cLvkk6rdn2DAKiOT12vOacsG6u5IS1JhBoah0sTIeh4va5TaPwNT2C1ayFw8GVlyQVdxi1K9Q3DIYaG7STZxdX1MlXehuAC3xqhoIgqDBza+HolUtK4xAeMamK/NhigBIecxLHvFh7nsRxmBFNxRrsfxxkWehmG8cRfymCneGWZwi3kSH/WeNA8BYRiOtyzkWgAAyYJQqFUdRtElxqAyFzC+HaToMB6Cg+j3fBHmC4F5FhhHzxYXswQpijoRY6NYVjcXkkCYI9Vx4XqZEp20lDGAqiIUgKCCwW8FgXZ/CCEIohsqcff5yBpcUZR5dIyWtU5BAMTCP2A6jrBVZFz3Pn8AlfEOn2prQg3nnRhCeaIqI0WoFBQgGCYqNCfwwDLzlErpWh5G7qJLfUcijMb0IA27jmXVQNBuDyCUVHgzIvHkdOyBwAgPc7bvyP8HgheaJi71hWIxE2JePDJ1hIX4LAyd+ABFbAUXUeQXRScLsAocZIBKZrSBrEAgYSAug7YAFUMD0WwHuKIz8SDBCDCMTkKoyZrh1kHDwg8+Am2KFELCoQrSw1XOIRybB9hVSQA4JYWAAyS0TD1dgaZqBNAAHLUUIrlCgGghBoAkGgJWRF4Lr33kIQQNIsJeHoAIDwEdgj7lgURHaNBV4oHHAGIgIYbwoDKtRSc4o9SUDoFqJ8tAGowXIZUeQJAAAerwmiSSrh4Bw/sQjxjDIpCK4FJhMAwERIg39L5NRscsRwkA5HOPgAALw8JWbEMFaAjFfAGSkClQhiIEFyOYtDngRJ0dVBaTixahhaFNGaQ9E72B2vPEguAPg+AccjBqoce4wWWL+dSNYaSYmxH5dGvIHS4DNPQGeN8zEhkpgIXyQp4xsEwhBKuqBLYpg8ZOGUos0T+A8OINglk+D4m4K8XURTVahz4CtQEVFOSRFoKQegAZfHjB1vUPA1x4D0HbpAWxC8CIRFBJkIi8oUDZgkvGPyDzyaQkjKAkBYCYzSCwj/Dwb5kTYi6PAGxmDikSz4O89gnCo6Ti/ki9sqLriIJggGBIGBuB4DTHSBUccAwImgNAKwRLYYYEXJ8mRDUppfVUV8fAR9HixAUL8RA1SZShFWWUvF9zBhERsZuGQ8gmgNStHZWQYAUqwC7gi7+gp6j5CxCckOuxfGArYPc14E8EAfCFIg1ZSq6CeTtu1Zk+FOFHg2mglcZAGCyGAaAqAwVsGU1cYYkZ4ENV7CoQ1SWZ9xjcFwErJUssD5UDmS0Sl/IfaSwAPRkDSCMDA9wC0AG9i3wFLWsBItAAC+BbNHXnDIgJW91EhfL3Lg0I4LBY+T8u1PCohvXHmtNTBG2gsC+P9XWNebZqI4yYD4UQkklq4FkPBQMjI2S3V7Q8GSkBVlWjmZFS0Lw3jbMGPMb+HhmRZAANKQFIOQZGlQaSYEgOQIgHCJn+DwjODw1r4CatkDKZAMDCKVGYKvaFkBYWhuDmrDlmQlA2qbpFMxBpniJoYMm1NipkQZsKlm2pObBhdMmfq4lv9934ARseyR9BaTIhoEMWdP0A3yBkUeJo65DT7J7Qx4okHYF8ELdW2tkIlYDG/Xo75wrtn2qI5FFo3yuK/Lg8BfwcoSAjQ8Kci1oduV6Jglh3s6bSnODQNmvgFjp2kSwFBuUvlN3Hp5P2puAHEW/0KmiN18JmRUxFBpSA197jBrAcFZZomOPySiP09A59MhBJlksaYIwpBWyMrFXYw6vVER9fGTjhj50RveGDeDSHDPmvOeBADR9ew+cNR4J82IlWNTlehycjpyjHBqp8rD5jcNJtyIRqzOCbN2YnY56dCguVcfndV4CjQoFYVgfQPJSN8AoNNJkJ5WBi7TuQAgHCXEcKe0dD4qo4gjy+F7ajHg1F8WOXaVlv8Q4BCvN1QQr5NifnqAW1a8dG4fPrTBTk2JkLRPwYMOwgphMcZmMQAwJolwTz1bMZJRyWwSB0GutiWVWX5X1BBGhm0i4D2eTAIYAwJgoC3TC/nYgZBlCe1i5wFC/BhBrsWKq8VSc1CaG0LoWn9PwBIbJKPTehBX3s4qTfYoXAqA9wcE4KqDR0ty2F1oHQ+gjAS9MAYMEnLIQFrnssIguAC2VCIBoTk4UABMGgjwUHohgLQ3Arci+9wWxAP8C2TowAW3h/DbcUCIAWx3+AncFrdx7i33vmDW6T/AIPicvAFtOA7DHDDTrFB4XwtA0Johl4MBYE4CRWdvtFur6mVUNymRqNIWmWzv0+wRiQAO1VcpSMQIAFAJJYnVkHQAGN4yYwNTVqSWWxtA3PH+GSfxRU6NUllxKQi/ZDL9TQPnFhnwIN0o6NxIufNj58HIRr4jpD1kwoABzl2HPSkFwCDRqzRX8tDmaHCCT3kSZw3Dcg8Hrn72PSMUSnCmBhGFoDGFdUgARyXRaHSgtShhGF8C2HyB7mb3eDAP3mpiUGYhJhOFRHZ02E8V7CUGvyaRnDC0U0JnwRwQ4k027XCFKijG8h6xAIgi4Eli5n4XY0YxHzHy0SXw22n3jj4ImUYznyLGENbW3zENXxdF4KqH4JoVCA3xIC3x3yVj8mvyFHjhzynDz37AL1TUjCgA4KiG/0UChAQxDQkKYM7EYxfwvzkMBgUKnwAAoABKJWZQ2lbSSUCkd5P4XANw2gbQsQrwwQ0w0fSIkQzw4oPwoYWuAwxNU/Yw8/OItYSWFbXgpwyUFw2pLoefdwifaIlIgIwoyAEI+gD/Uo2QhI+QnfGIocGQhfRInfFIvQ4sdIowzqDAC/XI/IwI5g4o3AN8RYKI7wqooyAooI2ohjeo2pKYzfLo6IxjTQmY5I3QmdPo5ADIhIM/TIYY9gPIowRkPUbmDnSpKeEgLYOULnEoOgeARwAwMvaIGEY3U3CEUTNPFPG3O3B3Z3V3ZwD3L3H3DQFtDw/3QPYPUPYvCPKPGPOPBPTIAE1PGEm8AtalF4ihWQU4Nw7hMPEvD48vSvWIaveXZGKIevULJvV4FvRAWmDwSWPE/EKxIkuIygJWfQrka7MgJk8YBVYGbvWkvsJMdSZaDMXRcQIrY8ZAGAvaXsb7LwbEB6HIlMCuCqVIuhEfWIHwM8JWGwpiE4LYN/fwEfDVLAB6ClCKMWDHHELIONRAD2DEAzSUxhIcGUzMVABwKZdQK7ZABwfDCqeaLwR4BIdRZ4bEoGfwAxOycdB/IDfJIbLEK5G5O5T0kfaUkcB1CAwYAMtzYMymMMoUCMp7AMWxH6BqXM9gR4LofLDkL0goKIGqAMQFV2HZDwLw9eLAT5K0uIhqbAqIM8HwnMrUn0/M/JYsoMqOEMsYNCSs5YEDEMVRNAC0loeswvHEKHL5KQIcDcHc0IDou9T9FyQhQ42IEJRAUo1mJWWxAjMgycqUlMX0gsucz/EZH0Mo+gXVXsLvHWRySgEYPgdLZWZ4J88bWZCqFqEgIpehKc3AZhWU9heUrhPY5aNcfJaoEqV+GJBRC2GcOyMYQ4RqfjUUr8ynW0ZC4cFhSDbgbcaQR4BAwTS9Zk60E89sT8TsXYUC3YJk2gLiZKcA/AhCw3CvSwQ0kGRU0sZ4Sg4sagrlWggHfiBgzwRY/FcQVvW2Kw+gLgngs44oVCthDheuPgE80yxAdCglCgPYtIw4jkgk7kpMXk22MoMxeuFjEiigMiyoHgsYzsZyrkxIYk3why/k+OEKlwVygcXk60PC0hLiGJeOKy/M2yiyyWDyxQAlZmWpH/QKmo+iSkZEY6OIw0rwM8Lw5kWpYAelD0PQdAGZIgcgZojwt8FQWiWcBqg0MgTAcIkWaoLUEqxCScEfe8Jku5ccyKg46KjAfE0KhIYkpWNpOSBsVsy/ei2UyZaZDHciLcvgTUt8uLF0LqOis8gDckr4liH4lgM3f4y3QE5EkE2PME93TISEwE6ExIuEhgIPadRE8PO3aPZ3ePcEjEp6rE368sWAAtLfTKrhIvfhUvCk6S6ktnWk+okLRvccUclkgwMVcgLAuayWBG8yzC2CGQfHLABGaA2A0U6mPoUgF9RI1TE0WqZReqZKTzfc9qJm+C9SOMiMHEPtD4EFPBH8yYBYGoSIAgPOIyJK0DFKiYS1eAAJZSzNWzcjZcaqC8AMdqf+ZmloNWjW48LUT4eSZpZEQmGRJufqziT7XALUduMdDaIC/hLwWcYW503cegWyKqWGTTUqIpKK4PJzciewYZbwKIWxUQYWPgZoCgNIX+GCZoIyJUW2tjeTDC4rGgpuF1BREGT2j4ccB2m5ZiGLOa7rCYU9AqxQa0R0WQOsWAUtLCRAVRBMrjezWMtmhodOp/SYAAKWZD6lYQPi3XwEigWycwah9uWurGWBCFs24C1ASHZSw0az9u7RLUyHUjom6sbuB3VrvQ+QprzqwHowRiKS7r1E1pTK5SWGQFIyaxghfGYua27x+k1o/NSKtGxgokygvVDikUoEeCRGcFwDttCF2WFBwIonsELCUsFV8rItzhWKHC+gyDMXu1XjTjbBIj/L7G+09DFFak9A3BZTZVQ0fsPVaCXX0W/vHRdEzqgezqofZXDhdjqUaEXAXE7FOXxQvsahHrHpnpTE3RlFU1lmJgMCrpv3iwbGQFNPIOWkJnfwIGSWeFYegajrmBgMiAoHwZVH5RaGxjwAGE5CwCEpEs9Etp+AajDBKgG12BBlimYcVrwXvxfBgYASdqjK8b6F8DmC8C+j2Hrt/2+yLHoFEfHsKknsij2UYbvo8foB0eztgfgsPUZHv0ErggajJAls9gArIYahqgSD6lxi7QFsARTGgpTTIPJRVI4Y5igwvpvq/pSY2haa4ZCH+3jo2gcHnn4mQADtFF4slFNtPtqNAxQmekoB0tHhGXni4iiGVIal6ddjjrR0cSIJktIJoNzVoqoLko3DoM9l2CCslG0rYNtlYXLhqKirJsSMRoSr8gTnBHIEeuT1T2BNRPeohKhs0GFr+oBuqCBrQGRNBtj3Bo+pDyBebRhuRBNHhpeYprAdJOyqgExk7FnVIrEF2GefkNeYoAitthxclBlM7EQGboxFLWiWsIifjnJowpaBf2pWwvGDJexZqNNPjjqOSZBi325esF5aZclgFbUdwAgazuoBFYpfCfmX5eWOHGehlbYblb8Ouu+LACMF+K+bqUxKBMj1epd3RM9yBZ+vkNBYRNJKhdRNhcTwRZBaAqCYLSyEtARFSQxeL1Rq+MpIxtr09npNxo4veFZPjg9fWC9dAfsscuPUFJsWhiiAAqtGJu2s7DIDCSJY8JSETOUs/k5WaFkweLwpw3bxlOkB4NYT6mgAAH0mwrAx6shGQshV9E17xH0a2AB1N8VtndNt7eyWJkQMBIVkRkJkNt0VDNyULg+OYWvNphySQtoDJWQAlTLN/0cDDwE9Q/EZTx/ClW0UyWGt+txt5t1tvIk4WmrldYHCudyWYW5apWVZOm0YEUx4O/B+wel/N/F0D/N/FRp7R9xI593Ag/dDRs1x54KlyUED+QxdrpzYFdx+wRPvWgZ0GdsIv9oyNNzIDdDYSUX9loffYFDpdgOAjgkqVLHwWQTDvlyWJALfRDkGOgCKhN8iPd60Wyb+POeofAUqr9aoHB+kOxmMjwH22+pMjaB+xcVAEgHkKWEdsd6ACdy9/gCTWITtntvtrIAdq99wRcfGuZ8pcJ5vcycgpMnsF0COKqDRNmqTn+mcmeJQYoOyjzGsfcmWogOWq4ehT171+ywgqS4g2SlGI5vsE5lGM5tS+g+gS5mom53Sywrjzd5lxIljgt6QItkgF9tsT2l2eOU9htlkJt1hFtwdww7TvqXt/ty9mfZT8dydrCvFeN/z6NwLi4lLnrWD3vWiegFQyQCZXr5jzp6T5D7L1MhdsbrLwDVDoYQ9hl494r898r9T3ohR9rtAGN2WLrk4Lj6oTl4A9DiQ1QiZXq5/UDtt1Ip5qN7bzriw/bnrK5xVn/eOC7l9WpLfZa9jjb9Iu7nb3kx7/SzS5ghjyVr7q7mqnKY4J9rIHo/YzbgHh7vSrjl7hj0b/N48FDxcF/THpdibub5oX7xH/7gL2NvbkH9H8V0asqnRfHwxK0kntr5Hin4HtHmo3r8HlVj/Bn8bzIHHkgLwvn2bnL1mhDmb7Hybx+hHln8n3b5iK4nZUWCC+4x4/iLgF4sxd4z4nVvV+6v4w1hFv50E81r663K12EgPf621pEkGh181o1xF61rGVcHUVF+QoekoZkF4oUeCqYsrH1lG7VgNmvBXbGjXeQRkq9Am4KHNm8L3n3uC0gAPt3uNqK1Ad+jZQYLvJGCZbi3+12hUlGGqY670whIyGBbi/4WHSAcBTlMs5c7wCcE8i2juWpeyakXsA6LIq4ZavW82AMVcAaicamV8f9jiNzSOgvmc4TxefUT0UMtCDz3kGviebdmIFtqwN8PqAATWiCjPHG4o6KVPtMMkMMJkIhWhQtpdbvKBiQoEZBsWfMyFXyBy/MjsutopOtCF/vscHurK5NwKlSF0Jk1ICPACwvkZBnRyeztQq+yFNvrtRHiN9dSEMefHek2p5kGKEwACmvzCAb9og4CNbtvz34H8nu1HIJng0mCSF2MvXB9sLRJZrt1EG/ePuGEYG4Vhg77dBgt2SpLc9SuGAXqIEyAChcA7HU0o8D6hYBE+k4XxCIMw5igWClCUZkIIoDoYZ8DA9FnG1rDYVSEnsNIFaEfa1IOWd7Lln4SHZSdKAwrHop+lXSilO4FgnuhJz7oPFKgWCB4gBgQDHAAyqOKoA0yuB6hXBSzcasOVh5s1IGV/MQIekM6xIpqtdbxBpglBA4Z+DFNZPxBtL0Bb0+8STiQH1RY8NoVwaQQzGEFrpgulJEgspUs4KVRASlU5mXVi4XNGCWlNzos3YJo8zutA9MJ2EMqnchuHQwjkGDRass+AGgoYQAG5Zqm3LfIn195wMSAqfTGg5Q+YPUjePzY1vbn+Zm9LWILa3mCxDx2t7eYNR3s61+qu9MaiAD3h4WmHJ85hS2IPgIlR7Pd2hx3frkZWQrWUSWmAphBlU0GQAAAvAmDeHfChh0JIwbe0wCmDxhN3UmlMO94zD/etwrQV521q95IgOVLyrlHypKtBuahJYqERsYkBEaF9OEaQGh4qk1+0AbdiYkyCegeyy0aYFqA+4BpE4tARkIeVwCy8nmMIpPn7xT4IjVqRZSfkkLoqF9z6pzW0l2hHwUVYESYA8pCDRF5VXuDdBYswQFaCDZBa6ZnpyMSJXCeRNwwPnGzWo6DQM7GVgbIEYFUjPQddXUdvVwbxwHBVgtdkdiEEYARBZOPTJOF9DSBPBi/DiD4PgB+CsAAQgDI1CHJJgNUl/OfJEO1a3VdWJuA3ga3OHG8TWGwiGha1WGW8cSOw23sDUjzQs0SqYp3iC1OFvpzhW+ZhITBfDzC30yNMkrr1D40k68ONKPnjViGx9ngxnN9jAV/i59NaAFOhCyzsp8l4xKYftGyTLHrAKx3AKsQlX5LTsaBzwqRPO0GGDj8kWGOAtSl7BLC5adAWqsnUoDliMw3AMQRE2dCHV/stZY4ErQIqpNJkfogMWERfCekIKggCOr2G86+cb2R3MLKaPNGMAUQXtO0WN0sGJF2OMEBwb2GFrb1DQgYicTwytDpMm4DQA8O6GOCSwpW6raBhFQCabjkJQvFIqaTTgZxeQ+IkMrAAsa7YsAUEJ8ZUiuSqgsQpdJccS00G6FdEGAMAEhB8CNRcGhxAIdwAwlsZQJRZTRpZhtoasW438BqOY1wCWNPc8BQYIgT4DIFgBnA9ApgXyT7B0RrqSSmULC6NMIuilGzNFzqEEwGhoPTNs0Nubdcog84vrouJ/E/CRhK4v7ocXHGQNKxfI1IksMN6JjVhL1FMXC3N7AtfqWYwGvsNzEO8Cxxwl3giNLGJEDx7k/UTWOyq68Yx+vT5ubiTHrDTeqYwKRmPDA2tQpdvcKYcMim+SQWeAMiO60BEMUSWNYv1iFypJh8salMSPmFnxq0xUA6bIROoXppGo6ExlFCkCJXH8lMO742pFcAqlcR3MsneAI7SexF9ZADUMvmYW2qZgs+NAcgl+lsQgwgmsoocGRIEDdpaAj2BTuxT6TUAzQyAXYHPxmgvxaOUZXxlOkO6TBNkxGJaJuVkTBBEEx5YUTOQySzh/8q/OsHPAcDCQlpXaBeo6XjCQyC+S5XUh+WdApYMAWoASsAKUAoygB4Ta0eLw8K+1lYS9OkdwErr8gfh+QRJsfTNobRSM2tEGIuUzjXZBkmcBYDEhGoXTeQHtFEFqDGZNNzawSUJAqG5lMAp829bmVNCRgVR4wkY8ikymeCG0/Gyk/xIEkcSi1eGtdPRnQBjoZCbEAzVxpRmzilJKA2DTsIzN5A6kZkxwAuhiiiAcyAJLoTVK3WIzPZKQ/THZrrNgh7h4Ijyb+P4C+xsyc6bteMOsEQDqhmIA01aYuUDIzIaCR4LADIjmZoRrZYyY0bRCj5ow2ZiWR0Pgj44YEWojwVoOnPoD/T0A+8MgBEn3YwxUIFUWOopz4D9lVSfs5mcpg8GpJ8kdIYZBpyXBGzcGPGeQAGFRz6NNZLshOlGSTnDdBRUclSgg3Totwa0a6VRIRAgls1UADgugKMP4CCZuQToG0O/BLkYAy5T2YSKUkrnmz7cbQP2WbO87XAqAz0gMHkgn6BkeGAYE2fJSbmOzYYzsmqE3Rbpt1MwRfefpsGJmURRR7tEMimGuxWhYmE9MmSsSqAEUog+goMOFGRkz1p0saIWUOBdCu8wsyQnav9OrAOlmgaOK0mKWAq+B2oV9IcOqmOAtMm2zYACvw0lCCM3O7TVbC0y+C5Qhw2zPABME2Y8MAKAdUqLwwaiKYDWyteoBcjHDjhqZdmKIe2Lmr/8JghDJosQ2wiNRUZPFf2CNmcg4Q/sGSJARPNZlDJTZx87zi7WAXxgB6HobelJJkmAL42NdZRhE3IICL/gb4j0B+KGBfiXQadMiS3AolDzDgyAPPuMAjJUDMhGqTifvKLkIML564wJo5F678keFuQADBI2rjnzww0C4cH5TEAYCZ4e4SQO8jumfDpyKQoue6W9GLz5CyWS5LtizLqQsg0ASpiOgIjF8AF2k6SuULkr6TqhhkxpjFxMkaUXuSXAmlAHuYk0FGa42gK8J/7vDmJnkk3m9U2HpjhaGgSaQ8AGlzLgRmLRDKK0WJc8ImMy8vlsvc7sswRa4Mlg4QVamkeCkrQUeEWqmylSRGqb3PWgZEw9PQh0DHG8v46CdAxcMoUO8pVLX9NgWoD8McFRkPx9MqYD5V8iAHEjoVtPITogHzlGKPQjIPoI7VoBasrlYreZLcp56+KZJZLAwErxuIVJfgavJ4lwARDq1YA0YiALGP1YZTfJiys1jlMtbtIs8IU8FmFJRIlS4WTvLldnkSB+o72dSOqSH3RpNTGxrU6PsyTbz44O8auWFXiwGqD4yasQVTt21iC7862WQLVbEDraMgAAGip3baBgtVjIHVXqtNWn5W2dbcBFYANWqcbASheYpau1W6q62fUN8FkH1WGqSuJQPqAADUJ2ksPfOASmUvzzx1xY4OQCjRYcnmfUSPGZCiTHgcgctTYFeyJo+wE1wbToZM2hHLi2lr/DjlAS4EKIFgvwI4mKvVUGcVMUVJQEogmAsxUQ/o+CC9zoHVBHIaquLP4EPmikfaf84RvNDrA44ppMA//g1CNhJN4mWSyRhMC8LDtGQo7Jru2wRCMhYgNgaAK0C3XQBJYE5HGdojxRudS1yCqTHvRTAH0vaWoH2qY0v7SBF6uydYNMHBhGQKFoQcBDYDfASJb2OSz2A0DngygClXgwrJ2H8ywBNpl9W8gvxIW7SJYh04DUdMex9rNAKssKIMAMnBi0NSTbIXkIsX5kl1K6tda6vq5Vcu2NXXTvpwa6MgSupG8NUevUVgCJgNUckK/BhiZKp6EEN6PaEzmCtNaqM2cAhPb4EargQm7esOr0Q7Aq+cKsCrfgBQn1lK+qQdQth0ESJBox6oGCOvHQAcPQdM3kNdhE1vQ6KFyTMnQFqbFAUZmK2xv7PPWzgdN7tLxiXTvVLzXOQwwxUzIZaNQbZXMyXpJBFkd9jY02HWsgC8LUxlUgssQn5q1Q8yAt2UQOiMHFkTzqo1/SoD4UeA5A58rMWoiiEK41Rn5jczzezOc2cyEt8gZUrzIi3laFAwskMUFrmbJanSUs3YFPPA1wE4AfcJ2flEU2UySsJFdVX2BbVxodoLMBUKALQAhIxtTkR2egrqRahgQuQMAK/CkBhAl629PJI3KezPyL5HocBqynZS+ISE+AqRv6VqTWhogwGzTMeFDxIKyBj4Mqi+CWjgbJmA2uLAov+ze5NaPZXjesGyj4orgWDRQOdEQjIRfNjUZtULFRAIRHtr4KVshCUDFgRaCOGsnGs9C4aO56UUjsXGmgaUNJeVNeQ8lbHFzPod6DcjGnEBSBShnS3SYc2PzHMahRkz7epXi6NDmCIy1oT11VVvaeGmqr1XqpdVGrTV5qmfJ6utXeq7VxxB1U6pdXhqh2Yum1T6r9UBroARqpkMGrDVuqY1+aukoWra4prNEO0dNZJEzW1Js1nk04HWtEyU8uOOu+onrq1FMTc6x4FrjWst08720K/PYKzA7Wk79leupRL2o92ThVNMEKTc7rBgW11qg9eddxpO1PqtN8gU9UMNnAfkE9zG64bOCmaa1Z1Jm7LdDoK4J7Xp09d+b4D001BZwbCqGBI0pFcTQdr4aRaFsV7XEPYFKtwd7B7gPFqVkAWlThAZV3V0p3zH3H5OykBTOVKwAqbyqKn8qYWRw3ycKtOBG14KFANBIrOUqSq6x0qhscGybFtTWxEbDsZwK7HOIXwJkp7C/XSGqsVS4egOVcGz1yVRxhhRIEvoDir6lNLuxytO3TY2T6BJa/+ZkDf19ay1gBFgQOPPWAGlZ5u2eFx3yWLdCKRSE1SUDfCZpL5DHPuJNWiaMhxI1u/JNtNuhH4+wNAMQJuIV3erT2CQLoAkHvBaqKmrCOtveDHqUHAw36mg2PUfLYGK+CiN0IZmVUoRehwGcVrzz/0X0IDylC4nI1wxCGndt+jAKIY/18ttpoMZRj7vZh26KZkBwHUkgWaCKZZHgRA8gdohO0o99YJ/DbEsJShuAYASICpG7SXwDKxYe3LbH4lNx79kkLgAtJIWe1UihCtDEEJ9rJ67Kj3MOWZrqUWana6h5SlwEK0Mtitnht7FgCgFYxnRPG4JDVrm0xaqolW+LS6FFlJbGskstLdwltiZdx0rhzYFwGq1Ra6t3MrI6Cvq2xaxZ+Rq4C1qKNQAt8MO58K+DKNEhPts8tbWwG8PJHZwWUWyADqwBA6iKPhvcO+pYz164j8MQMUMcV4rRjF8zQmEnufrOAmsuhhQPfml6D0MQ0TSAPoa+QcH3852hGPTo5R85VtahxpZU0EAiBIhK/d5o5PAO9aNDGAcQ2Khe7Ec+ADHPHsIePByHJILEsCD1hgiKZFwAYF+hUj8Tv7dm8OeSexVR1waqJcmvJh7KsUdyjtaBaqGpNQD47vK1O0LgcxUo9Kou/S4ySzo7nDKLJyXJ7tZKeG2TplPQnEWAf/2yGPjmtN45yZBNQHSe15Z/fLP5Ov8HhTJ/g4qNZPYiJkEPXAByZEPcnjwXhYEnPBWMIVJtGQZgBoBYAaA+oJQLA+EZYCGm1gHI0movpFNKnQT4pmGHisKqOFFiCp4E1afjCAnpD7x+E0AYwCajzTwp42ivpdNimUpjKtKcsJ8nD62VALT6uPryCT69h0+vMY60hrz6J9dofANnm9wlBrcBqvqBvrRpV4ZVO+uVS2Jj4H7/xnkl/AMSOgDTWghJb3OAnARgdVko5UUrhMmDpsTUZCcVmwEjwkATiQxZCvcc92HcaA09ddh4DwOkLGg4gSdU/oSBZnwirQcBDOY0A9nSA/ZgaUOYbWUR80a5vs73wHM/8tzUp+OVXMUi4ZP4rMWqoRhghRNFxVoLBRuCOIbnkKa7XnJEK1BCIQYDUP7OwHsitgVQBydzCGoRB9RWQYmSIAYWrIYBd6ZaEcbJEmB9wwAK8UUD9AelEpKQXfDib4BAtgXoA5BSHTlsL1BC8WAGyOlBgjiQAjYA/BUJergtDg+gbALULhdZCBbBidfRsy6XMwCsYCPyEMIegSC+NuAyg9i7/Tvr6bIAXhaIPeCZBWqsg0QLUHECsC2BQ1rbBSzECZBD1GQ94VTvJZ8LWgmAexuboPTS7EWLarVbmp6BgTfI108CvLSxUgBNl9kKxtbPAEout9m4YRJUnRSUUATp1xwFHHkCBg5yiAQQ7irSPQvQS/xPgSOumxCZhMGO92NHIfK3ybL0wnu9OBKF5C2dBFSkPjdCcGAuLVtOC2sgwAM3NVNqFSOrR0SqtWb2w/F3/gCsUjrbGomhRPbVvaLQcJOiwJ0exZdB0W1giyU7LRASt+MPgPDfxe9H43qikZWoGYKRl10hh7ggW0Gb/1qSzhSmxwZkI/AMPP8YK+dD9VygknHAWsSKPeLEnyBNYH12maMuSj4vsY/zgihBjJr3Cek+We5pUkgCCt8wHDYVuirSJX5/ZcdFATkLdmEWwaGoxFiQYNH/FPjidA6w8BMn6tJsmcaUCZk9jXOX6yAVQQ421C7RfL4w3FLKHHC2ko2pzk0t+MDCuM5nHKzoGNAFdqREMqW1xMqwltyie1mIOksk5UIZ19KaCAymkwlyaGsEGTLxJVlMqKqLFU+wAKsyYR/5NU9zL5o800sQBeFLzqIa834EQBmnNusQTM9mdiB9RFhzKofc9UjPLKoSwqnlfGZzEz78xgqhFsKrTMZn4AC5nM0lI8pMsJbbJ2UyqySveAQwqVx5ardlvZEf+6Ab3ErfL5AqNmB58BNgHeQx2IVMFmtFeuKCsJtaOt/ovrfCKG3jbw402782TGj7AW6Yq2/CUKm23Ezc+4fU7bQDpm9brtg27mZ2XBmB9YZp3ubY5Vl2J91tiFvawFVOsUzsZ521vhf1O13bpJeqfWMxqyqG8zYsNrpVzU9wabjujwuPbWA5mwTnYhmrNmNrtWRz4I2ukZG4pFDVBCFg2tUz8bSlZAhibUyrIcVSnyC60pwdUrT3kFogkuydnUA+jxdrGok3RrSNfXCWTN24/gIuOyGGXIm5OIyKMbc6A7DZthG0T0ljW/R1w44YWn9Z/6yKLrCjIZiZNkhJ0NoLodaT+YwdLzzlRqF0KfZUEpH/LVlpiqJ1UyysJ4BM4B+QQbzYhMHFVkFVTow1e0IoPgXbMgFs6LTQh1Sw+2uB9BFhWO0iaxCnekxDgb1QQ3+lJa07QAEgYauoLsE/smr7Velg2Gw5XpTBSMSAK4EB0uhbAk9dQi8Zd2qVWQ6KZ93/Ag0C58gv0VocUIeX6PL1pgs2J6cdAvSlZfoIteRgYQUWOL5kHDvxjvVTv0WNCXVXwGP29wV6nsmD4w1bUvGP1L+mQUB2bpycUVGH7Gcc4uCSf6bRUnEqa3Jy8YgqaC/GFCLkEAbbUnaAF1Y2E1Ou/wam4R7xXfx7hHEN77AJ/i/y+N3xUtRYc8qHTmo7AhHjuaWu4vGnjHqAO0nzdHuPtDA30Sa4tfIWMFH3qUOwfkWslSVDh/DlD20BegAqQy+ioQF+/ciMf0iNGDFTmzTu5sxrsNtQ5nXF1pOJd6Toy+Aj7Cire3TR/T4oFvYWXF2ll3dy2ysA0BpmsWey5ggcvFt7seCY96++wHdtnKjuvhSAFwBRfG1N7ed8lnaYboAvGML9p/l9vKJtovC0AW56+G+SzyaXbATrV6NST6XNkwjr0EC9wCDP9rXxwl4sT5YkuhwiO8jH1CkSjcoHqtxlz49fBwPJIzL7GKy6cgcuLTeLgZ3tYDGwvrlXtpF/HCRVYBhaT/H6KrY+5PtsVyrmZ6q8FrquhnWrol9GnQwErQih3BZt9xOfPLxHHhH5dLYu5NVi0nVGRLepgC0v6reoevsxQw71BZANAAANoABdF9JyCsBaHH12ti19FD9PWvigPLzV/y7B46vHXergTmNRPJGu9QJr2FWa6TuWjXl5r9l5a8zeWbuXGr60zywFcFu6ATrqtQswGkeu7HXryNx90tw/KPuCMmFcCtmvjvY7gxeO4neDcvrjHlz8N4xDZc9OM3851F9m5bfZq83nYQV7q4lYqsX7vb016B0Hewrh357lUmO6HeTuPuBNzILO8jfSvCZob3AMu5EirvkE67rlzm9bdwu93Hb6UwKxftb5nDog091s+fchul3hTugF+5VeNunaf7nd22/zeIvC3h70IqB9A7uvIPA7sFT9HqofK/XMFgN91S1AvvgHb7j98YijexuE3RAJNym8WYIeG3G7tV1u9te7vJQ+7zD9LdxdZvc7uZt10d12f4Amqbpr1yc5RWyAMVsFtYH253rkevAbHn95u+bfce0PgHjD526Ld/L6eiRKjyvWpSVBZYSnqt/O5lcmOKIxn6YGp85caeUPYp7T7x6A88F9XOiAaXZ+4CmfVBlACz2e+rcR34APynzzZ/8A+eHPVrpt8575eueTzALni4YZoBb55PsTtYP/Hnj6bAvUH6L0h7WBxe7X/u/odUHWf/OD3gnpt+7dE8mCSA4nvLiYxqJcFDi+Hm8PWnbbhfYPEb9tqO/zLJTy8qUuMYPpWERmwX7KsfT3djN92+V1d0qbXdTP1348HugtNtbfBW6JVU9qVQWe310ld98q8NnI05CDB02a38JMECqgY7SO0aiLs+YPPMgAgXgDb57sSUHEikXZZ2syytWK6t+O/XfgadYT1tWQWq5kHW0fjgIJ2u/JQv7ATL8WSlv/ToSzaSb/12t/tA8xxf74NAxEZbGkaNhKB1tAw3bEriGrHa0H9VjIEgf98ZCA/22sQfH4T7rYJBWEwP1hPeBZDuqBudPgn0T6Z8s+2fxq1hCGrrYlB4giQVhIGFWqXwBLoQf24fPPPQ4p8YWJfuGWb5oDlFJ5IIUVYmBpQGrKAqC7S8/MyPDZxwBoA+6wANnIZA169Qk+3ooXkslO1+7jMkeCgikUxyN3zvF16q3wmjujQwaIH1twfkP1fHNvl/fpHAMiPgBuF4eO+T1MnlEbI6jcxPFH8TwN1qGx87QcMMfoGM7+PsZCFHadoS8k5pFS/HnpJioS896Xl+BbHzoW+zu+ec64TOgr7/zvJ+U+AfQP1XdAFB+B+bAUPsLIuve4fKHKr33W5kUGIPenvHuxYWt+e9JT2ePWNDc38991tvfYa+g31H99g+IfvfpgfHsH97Rh/Du308cXu+Pfnv0/na7P8xaRg27TKgu6N7NvjeozaYyF9N4rtT6q7EUh28Pazy0ACAFwm8EJFnTT00+M8zf1i31Z7Is3ns99Us0JpeDIemLw2uJ00khRTYZyOQycDeB3sRSHhwTAL0aACoAuUPHD4A+od81CAvCe4zZcb0YGWEsA7djG6NFjV/AksB1bPnatHNMgiGt42cJ0mAfOQQBAobNYAgcNGoGTT4A1DRJUDNBTKtnjhwPVAPbYBpM+FqVrkMIzWAZAhrn81NgFQLXxtCevRkDHgRkBcs1DKKhAZf8FpW9QIjcdEb1aZL3UIsC9eyyCFH7bCjtBVBT7k/xzkIyAA4v8JxTdRJYaQPECTSMa2YcxJFTTrxakBflkgTDBqDYCrgG2UGNfEZx1w4D7dzXc5xLGoEe4kKH/nkDzNW5CdoZApqGNpvLcOxCNFArIOlIQgiS1DJDNGQAbkYjcRSMV5jVIkSMkAIYy1AItfmTSNotGrVqMoghIyLAkjWIJmNELBrUaMJZZo0KNUgkoxQDfA3IKyZ2rRzmTIGtcvVCtFGQehaDptKozqsajT40C0GjPI2GDtgUYNthTRB7U6McgzpxpB69IIODZSglJ3odejfeB7IYg3w1+1o4EhHjAJjB4OmMbROY2iC/IN31kZgoYPHsUScBSGSw0ID9GtAX8c4z7Q4/Ypx3NE1egMcoE9f8V2xhFagNBlRYTp3UgNwG/XPUzAqrA6Uy/bpSuNXnJnXOYhlL5xFsfncZTMki1SYSBMJgkALENQXLKXBdJvV/0jI//fWGQD1A3wLuYHmErzuwO8OEM2cPCIAPpC19Y8A0AfAhkJd1eQnuC7U9dAwOFDAA8xQANxAjQDkCMyUI2KD2AGQNlDqQrDkVDaQ90z5M1Q8YO5DpQ/9ypD5Q/oUND0iLkNVCLQgBS0DYdXUIS8/jSEMA4nFcE3bIureOHLo6AQREECIYfin0DI4HykdC79eRSwB7JCPXNDxQ/9wVZ3Q/9hCCPAyJ29CDKVrU4kWvVIkBlBQ24gjDBTfvTv8RvcM0f9mQib1Ls2QuM37sDhWfXm9nqYVVdYUQEVQ49l9a+GWEwAhqUDZw+FqWgCDvXShixidLALaxCIUQFkAvgYDA09+/XDC3wQ1DjWPBmQaOkMZGvTwU3EYvSgHbDDeK9g3E6EXhxDATSE8XQAzxBwRGw2SRcPmY5wriG3BKgJWCToU6aFQhRKVDvnZttfGcLpC4whE3N0djaBThN4w+MBdA4kBiSBx5OfgLNJbrf0MjcgcRZyAtVGWCTcVZaeZ3S55CS8PeQFwpcLeYTnC0XIZDIaxG3caCJkSnwjETKGOtF+WCRfBsJfUn/xKdfcKlNEBBYCgFnATumfD/gUPxjCZDHIP6ALaMulAjnQT/GmBH5ISWegSDRIhQjtwTYEXCB5ZcM8U6vLCJtJrEIAVP5r3IlQolRUCnQvhaOC2nBB1GStgpgaoNiI9M/wstWUJZw+cMkgJIjWSkiEGKZVYpkTHGCUkZ6PEwwJdsdSVypiTfEP2Zy/Ck0Z0qTd51Mk6TCkKjAEcYzgi4FgVqhYRgxavz8jyQkqBwExKNTCKQiTTk3Otj6NqhjUmw3wElg9wmgH8J5iJQCyjcudsFHDA0CcKftpwtknXCAzEbz5I3vIsNDNvJTuyf8Lbb6nLsbeSu0hZaw+2yHsFvWM3WUWwt2yXMVzLb030dvSAL29izRezbEBDLEUVsDzTcxVs1baQCvNztZcBSJmze6m3EmI/YCkADKfWhPx5zbMwGiiwaqJvwOAvlhmA0gdulURYlEZEgAh6LIFaB7weOHVsUKWpH2c7zG6MfNxwO70GIBpN8yeMeGBoC/NjfChleRHrVjQcdh4CeSiA0nDCypBIbEzFCAzLJqGy8TrdH3ftrQSWG7ZKgQECcjOQaykfIkICyG3pw6VBWOAKLYIATUrpI/mQpkABBStBfiBYHYwjYdC0w1wmXsxYwFmebGzC65Xi2u0NpcDm7Q5tIiJsj15HGDHUkZXtWJ1SOcSn4FjuSIBJMPIwkIoJK/N51JDWdfUI51PbJVhx1toyW3hc9daW1DtTiZCgVtKAdc1mjBzeaOejNbFaImF+iZ/QOjlzI6M8kTbB/yLtyw5/1ykWo3YRrDipOsO/9uorPF6jF9R2MGji8AbxuoQzYbw7tMpU1k9jOVeJUjI7wiUBIAC0HUxA1LcQs0qA08DQFkBbMJONeAncAAFYAANmnsIAoNjGi+wkswVUJDe9ARBYgMAGLiS4uiXVAwkR/W6l44V2NLD3YuOKaiLedKI0Bk48YDTj5mPoG9ws4igBzi842DCHjC40uJfZrsa5xot44AAAYAAThIAAAFgABGEuNXincLYB3iSAdeK2BV4/HAABmGRAvitgAQFXiAAdhLiBAIuIAAOLYAvj14reO3ii4ouPXi744uIvjwIEuJ3jIoD+IeIt4p3HvjaAF+J3iGAC+KLjn4gRAxjIoJ+IYAd49+Jfi0AdeI3i0Ae+L/jV4neKgSt4l+JIBCEt+JLi0AEuIQSS4reIYB14ouLQAi4p3FUBNyVeIYAz4mhKdwd41QC2AGAAQHviL49BPviBAK9jYpl0KWLiiCCPZi6VwuIkJViSQ+oTJDhbGKIJp2EcgBv9BvKOO7iGoj2P7jNAQeOHjU4mbwTMv/LqIbDE4/3EoB7wgtGFVMqOs3gA0rBikbtdxe8LEhOwme0riI+auImijAZezI4ODUo1Jo7Exu0cTZSZxKsSU4sSG3sj9Xexgh8RFvl+kUhSIJUo44TBwmcFGLlWadNxYJO9xQkpoHCTk6FOL2IQYSMUMwjIR+wDAGOBaRCTHlJoD4g9QF9iIkQQ8bEjpPo+H3DkalTIKIBeoVbD5ZPaVCP5iAwaoFpQNCH6HmkFoDuSAtqgVAVgdakXjkjot41eNXiz5O6Gdg+mdRQXl2NK8Kg5nLemU1Cig7pNehPLfpOYplBIIFnkDKdDk185knWAWSlkjE1xRxwTAB3lgMeNBSCVZRQ2v4glNmkhl2oGGUSTZSZ9RldEZbI1mT2LZanQtLHXKygpYNANHQcqlJ333JKnaFR44dYWNEWSt4uSVCAmyWTQ2TxOdq1bg5SVB0P5lY8OycdUHWcCBxAItRF7B02IB2MdawDTgzQZEd0VIdM/dpI/I15BSU3loVYCKyc4JXgxocoHBKKZYSJf7CGcBcVFIz9LRSACLj7k6lB2lHIFxJaAcmMCi90tpTGRY0JBf5XLJEASsl21jgKP04lCg+pTOhPLKVMjonce5L6hn0WTh3Y2wf+iasOkrVPciZEvSTkTKTfm2pMa/NnXMkAovUIq9MPHJIcTakxAAKTXElYEWEu7VkOajE4oeIiTxgDQC5VYXK0Ptd0wngkF47NexLyTEAepNEEg7WZXzIMgrUMOTigVPnuNE9HNOLSDktYHLSmlLUARU0EGgCTYsZWYSbTtpLO0OJg0qtO9wXEyJMjTao6OPqjY4/yUrDY0xVKTiE0oxPf8bbdqL9jOo5M1rsLEwxJsSJ9OxK3xw0/tLyB3EiuJ7CQ2Be3ak4A9NkyScwErCCTzKWQA3Te0qdKiSqaDAJvY7IStWtB4k7EM5NJwCOHLcQ9FgPagfaLiDxxio+CDX4cHTgKKZWI9dMSJN08YGKTZQFaDKSK5aaDxRI6PSErJP1E80lgFpLfDzTVqW1FPMhQCYE+AWAOejZpkkyoKawrgGEy41p6RdXQt8HEZjCBjvJqHxhKM+5G3Y7CEjRU5w1NfE3Vt1XdX3VxDKACcsno1dQ4ytdWPUSZPSQxNbiGJezmqUUQPuFwjjXWWLnAVAfjSoVPQQFw08t7ElKBxUTIISH4Q3RlLM9KARARftQ/Y5yO4uUjeUaDEBL6FcxI6CcM6MwsFuUgczPUjKzkfEbkyiA5XV4MQdpEFwX3gXXS/gtleDFzNUEike9RY8nrQ6wU9rfQN2SjrojRlcERkfDDM93FEWkkE9fSlPb4MwW5IGCieGhBE44NGTKd9lBRMiIiO5E1LCNj4ATMJZuMndT3UtVJWDEyUjPuSnTaiQ2XrgzMn5KyAAAcmQBUTOFJJTis7REJSc6VB0QExQGXHUVunb93P56mGTkWj21TJ3P4WmOVOWS7U9VMvpNU64SGzngelN8dDM/zyMZPLUzIRTtEETW8dX3R/WRSOmfLOPp5QciH2TTUo8nxSRNR7mChJMsVK2TQiZrPj0ghPaj5RmMyVJuTpUnvQO1IARZOWT85VZI/T2+fLJacI7flFgUHrbbN1FiYKADu4PoEhRqcYNCVJJ0/xS8nq1VrVIlWz5UxONTArElVMxk7UhHN8tY6VHNmF0c98E/BsIzPlfpCrWhweSFsbHEaZmAz2DD02aC7INTLRIyAcykIV8DWNFSd7LkUMklZ0jobJPlhghbMmDA6NxcpzIgcHOWhzcy/7AYJeCEHKoAbps9a2X3JX04RnoD+oGG2GgLYOagDQQZWgNfC2sdGxqgamIjOqVZg4hwzoAHbOhIz0nBxmOATk3mWRT+AL6EVIMZNVJsZsTMXOQgNwZaHghrIFazF5SLMinaUGpN1Lp1lYz1JUpIopRLr9/UqyVmNNucDPkJIM+r0jSXY+/x7i1hPuIhdx03oBRB40wpJHjjEz/0HtF08xInTLExvNTjbEi9KvT4APtPGA3EnZXzz9QhjkzSMMxIjzSvCIvI8IrAZjIrSJ8+QjnyEmWgHuMG064XbSW0ljU3z2RO2K7Te8iDOvSu8qJMHTtEkdJLtozMuzjSV0vu3adpAaePzjy4kaM8TewhkhrjDvaAAYz02WhT3RhMU2Hxzhw6ZSMAd4x4ELQFpYgESJJYLgDGwU0SOkgVfsyExrlBWFoA8c2aXYAHpJgC7JfsikX7K3BbHBO2xhEsd+HfSE7YhV4JmMikRlA0Ofri91TLWwI0thMprm0c+AaIDqzeMrVTIEw0NZNdh6IfuHVlqYIrgPyl85jL2ITDCYGegJ1dqyINYAHaHuw5mL6EWZJLU0WTc1jRZkPVrNGLKUcEnMLWcAqABe2SDQrI9VQKJHRIIspt6eCS9ym4fbKJlVsDbP7l8QAwRnybwaykF4lYC1OloZyNLiktGuMjXksO5OIGq5auPTjUt9LM6gDF/xXuV7pqlfvgXl3c9xGuxlfCsm8AIBO9kcD6AHpml50IJ7CtTV4rUEhytQNbO3prAmiExkjwLIoQZm1aZP/IHU+eCSRkcic0xl7C6mFkYXceOALRwCzOJPICOWUigLiCTAm+T5Ccgg8MIUFSR4BiwcgHQBoEO1GcQZyU8Hxt0fDXw7l4BbBxZiwyWAuoFmM4HBgxzEQYFNEq0p7Is1a0n6FXxMrTOCO0TsDzMV87ZQqNdgnzAtOOUi0g4tuRciHnH+jsmFy0qznilMC4ZZ5AYtxlfkiGSyATNcO1UdmQcBHvA2fZkGZAO5LoCpI3wb9UZAjCseAN8vdCQvUiWTZHyRlJLX7z34O5IgRxLd+I9TN88ZdRXSxt6DPV1EnsL/mAzUM9wv/pMkzLI6THjNdBGcci6xVSLnADIWpzMi8GL4B8i2VKWSiih4ih0ZfTOVkYqQpovAUkXKMBPYhC2fJEKuAEgP+ivdH4rILmsygoKivCTdi4AfCidi1A2ChrOgAj1NEpo5GJWfMizpAJWC8JpC2QschfLSCHgBgQHEA3oGsCqCPVJYK3zLTtCq0t0KgYGPI+VtbdQTPcrSgwqRKBuHsmYRpgK0oRgaEjLRlKnC8MBcKeS3oqVKWS/hWdgLk+OA/IrS7UuSBGC3wq1AtOSjSCKB2Y0vCKMos134ykI80tULSoFMtIC+wP0TUBPXbRBtLF4B7AtKs9b2XYB55aPRtJnSiQExTGObgA4JGsKsr2LQ06tOezJiY4sVKGy84px9JgBOCnwcom6PXxji78XuKzCayinLDi84leK10WRigAJywtKcSni0tNTQ5y5UvTLzk4hQfVFC+DgHd22S93bZ0qBihzLCYrgDBKISlkGZAtQWEoSB4SpkHdKIy4Bw59g8yQvvLBFTKKRkPyxwC4ACSrUHxKKfP73dKzfDrxnxIVROHAqPS+FWuFxDaIXBMKBfrJRsx4WWS7QTAnELTpT9fiHas/0scJKiMQsBRPs6KbaF2hHGNsAcy+AXhSJyxeO+jIpzyNRUxkI8lINdTadckw9TvIr1N8ic8v1JUSG/egB/yUNETFCAwCi9IgL5CFcJIK+mXgvkBJSwQvlJL0yfJELeK1Mn0rZSwytclZSVwvn8ogJStQy1KwyuW0J4rouzKVS7gtCBdK/goMEtyy/B3Lzyo4oaTGoekrxBGSu1Nsr6iM0AEKLKwiCMrhClfK0qoKyQPIKV8jUrgrmAHUvzK9SnvS3V6s/dXdLhaFQoUK6yzCvz84nFT090vCX0v0KAygquDKh2UCpXobdHriirHCuUucL8yVwq90kqtjLcqtSz8rzKGNSdkLLAi6jVbY6qqD2aq6SVqurKbwIqu0NLS7qpY8g0eOH9FRyiqGjLuAQcuyUPQOMpHzzK3yrWB/KhQOnLU+RKs7KeCObWjK8EAOHdLXeH0vvw/Sr6MOqvhM8pOq9ylfD2rGTSKrmBoql6pMpHi96q+KV8dytvKmTWsuSrKymfBfKZ8N8p6LJLXMu/LISv8scs4ShEpAql6SMu4BwKk0t2keqnghxz0qhCpQq9+JCuIFUKmfHQraAdtiwqlAGmrwrdRC4lv86ohMR0Tq8mNIHjr8qdOrDENYDQLRu2RkFaAwAJny6Bo8EgAEANAGxFgwn8xqV28vEt/J8S64xe1qhNJViN4QbEZcAbz7wx8BvxFqq8RSpzAkLTfxH9SWEQ1Ja2DCHECwqsmeB7wE1S6A/gZOjlpE/YbANAv8n2EkyklNjITL7E1coMrYqmpNPKwk73H2dqyCG2OA2kztCSAPag4gcs4AeTlIrf8VrNCA5i70GZ0msBoFazHa87V+xXkZUGBicI0WLMYrEp2vhDLmI2p1AFYtPIkqM8qSqzzvUqKOUSWhO5ghBQ6WITvhVERKIdz44M2qlqvAS2sMjtgWQmdr6bT0HTZo6hRjBjEANeSohBcKw3+AHsGon4pFEvP3CAKteRMaZrvcoS0lSVFvRV47iGOE711eQmC4APwTkFPyK8tmtHTL8qEgAxfceAC0BB0T3AkAd46sNm9TEtvNTxb6tPAtxH6gtGfrV02M3S9k/MNKPyI07dKGj8zWWtGj5a0NkPS/Ehjk9K6kIBoL960LfEQBAwV6PLUbvK40lhkGuJxAb+8m9LLzZxI9D5YtfP4tj8juciCFBDwZOWqKVQFH1HRvKdq0QbnSdCw+9ctK8Lh9oLTQpohYUnCi1x/xBNFOA8YT3Bfw8Gl4r7FngO3DTVSjavRbSdjFjXEYk2XbInMyq9SE6lpNDbEgi7UWbK/Q+nJzzwjhnKRrHFvvCXUF9jiMenb862Yri6AN/crkfJSixOCcRkFIHH4wXJRIi5cQXGCDxxag8zLq8BcHhoy8UwRiwQpIAPQMzgc/fJF8RBoQuGKAHSU0W2c1we40trZ6dlPnogSt93t9FgS7Oo8vCGJoWYCDMdmaUPlMMvDknERcCHN8cldEiAxAY3PMxZq8MCSbxgOtKNtj0JpK4CIUK4rIqRw24vIdBikVO1iQcmXBaYcimhkXATGm4tCAK067GgtV65iDET1MMOs9AgOXYCx0xKVyIxFK68Sp5tIuWuqpiZK9WP8j5KrWLe4AXF7kzTEGxAAkb2AVBsSJ0G2pCU9EGn5UbT5GmBg3y3m/L1bDYvIxr3z44G5tEwS829PeYz81lUaia8i3lvrISB+tigNAf+uby50u2yTN4WXyS/rLcH+tig/6l+uFUAWupCBaoXVu00T27YdLBbdEiFs0AoWy3BhbqgOFpfrb8g1DOsMW6oGcr76meK8AZa7sOal90mANri/EndH0gu0ByqLR1G83CrQRW4oHrQm0TB0XjOOHrHgFHBGIFxbEAOoDvyOA2kuYiu+B8zGSsQihyoaXjPjkoqMRFhvFa+0UwqNaM63DGebqag+BMZy67hFWxEivVOb4NsrwlGalk/SzpLbo0enHovKy1G2KDQB0jHqZqxJpOczqwiSysUFZ6QMErqsUh7xri9cqCrqqzctw8juP6MPLdAlyxDbU2g8uIMuAnqrNL2va1q8JQymfEucz4B3xDLYVawrKa0Jfr0ksDC7tDCQAKYixiB1HH32YLFWvRyl0DHVbFQzWYyooTUucmnKexIcyS2hynYWHKPUMUyS3QpHLbRrKbFkluOny9EGAvnBIgDLUgA+oWIBDgncP4CIVKbVHHmZDiJ6g4BIoWKF9rMo5PA4BEGutj7h/CfeFVKfQ85F1Tp2YUFCqiFHrScBFaZ+iBCn23hngpmIL9n2M0s6sDdq1cGaoHbiKgWMALkXFNrq8zqzQLg6j7K9izb4OjctngTwBstTYu4xQljaUC+IITbCMJNruKkOtcDTbIhUAtq9kOxstpBZpfDIKVbpRyH8aj7BHPzbHywtvbYy28+CkAcKvqrS4AKAIo0ctHRqF0d9HaIDjKkTVBxRDjpFSqulE6Vqq5ANmzSXVidY1eQtg261AFpQB1d+DUipAKPUfSuxWNHTY78m1sM1Zk1TSygNJbqm2bnnLyL5s66w5s+dG6yyV+ce4chT/yMFSr13RIAYVt4bzhMVt4bJW53g8Jhzfck/sTW5VowtWsR7glKZqgFyo61wBDoAo2OmNraJEYSgFCL5ie6sktiO56tI6oMr6ti7fqq0Hi78ugqOS7Oygtqaai2ktvjguOitvrbSmodj6qG23MsE722xSy/sQijRMjjiW1mvPyWQsdMhaQgaFstgMSeltox78s9uZaqWtlo5bCzKuIVq4G3g35blKxjEkwIuytCtapW+5plb0wtbAzQAwcLr86VWhlsTSj0dVpygWIyYDaTmOqR31bpaVH2NbeGlADNaiCzcStams6gFNk7W27LF4aoN1vWzhm4em9b+OPgr9b5QHYvbNQwXsoM7d7A6rK6w29pojaFyyeRw6VyvDtcC1y7Lty7Gm2QGaaCo5koo7VsVDuo79KhSFo6ZEWSDMRGO3wDu6jUCrohrDiSssa69oO6sdBcActsWBK2lUmrbmuutuLbYVfjvy56CttrDUO5Lrvh4ikVDIHaJgBwM5Kh2nkqSYWmUdq8JoclIEna8i1eMxTl23ABxS9wBdtXil29ClXbL4Ddq3ad2vdokl3MQ9ogwSCzMoQZL25YFPbH6i9pPab2u9unYP2/7BXp4ITTt/aMwvgCaB4KPsG2gkOT6iMAgO4yxA76Mk73dqIO0tmUQN6qNQO59ybuL3a3DPHoJ6EOqqsw7rytsGXKQa3Pnw6BuHHseqF7UnrI7MugbgS6oMnLrz6WSinqqBmyuxgY6ilJjt1aAmr3QucOe7JtW0fte51lIN2wislLkonsVFgUQakWrUJzZZqT8C/C4Omriu8UpvRZ+z9Tk7vKxTrwJNmjSlU7aAQnXbENO5+jJ0dOnnL06K1QzuCzjOs7s+hvu+rQs6L0Kzq9obOzyMkr7Og5rVinO3PJOaxlH2FW7Jc4hwPdfO4Jv+IAu4AdwAgu6Vq90LetEF3bCFa3r0qmAO3qd6Mq6buGdlCd3pNbb24jHzsSwy+ovyX/b6kpbvcV3HJhxumdILQ78xMUfqWW3OPzi9uIrocL00rPtDaNylUyw6C+mNuL6seuro3LceyvoK6lM9PtH6Yu+PuK6mB/gc1KiemVAL6WegwtLaOernp46dqmoBnw3K1rsJj9LR/SEGFO5vWV5biJ8I70vkI+ueJXiHXiJbiwmONJb2aobopaRuqlrG6Q8Cbt8x78oKkIKKAGgbm7tvKBpfzuW/sMmjN2kDQKwmGt9I7JRoJwjcGJwVZGXiGgPA1A1cfcqLH9qzV828qq4dvCv7IoZCwwBYe7vCPkmegWIBdtiDYhXLYanknaoKiYobXwarModEIVyjNszh7ypPTlzJgJvv9EPc/dh97QqwvTCwQC4CEXBsw/wBmBp5Dqwmt+mkLtSIvKIgJTAcFXkvP4e+di11RH9H2kQaRYhSQmiY1IIdaU303YFWHR+gWPEpn+pWKUh166So/7a/OSqbqoAcyOiqjYw83L4cBywbG8yWjmtsG9QUbtIHHB8gcoGC0VwZ4gPBugfLVYhnrCka0hn2CQs7fLgfkKFqqEF2V1y9YhaJFCdw3D8WgHVsGLGAbsuKBVENq0WG2aZYZhGhCaoaSJLysP2YAI/MLG4cREZTA8A5ho6HyR8RzLNCVbwBwlnw/yHYiJHCY0kZRGxhike755i9i24p0Aqod0HyVHygMHHYLvQ15mcs+uZqh0/rqsGr6ggeG7Xhqlp+GwGZ+pIHWAMgdaiP/RFrm8A456jRa/cFUanj/6hwYBoUY0Kz6jgND0CdjIyCBvADn8vdP2938gcIP6r0cE3PMQRnuAhGWvAfEKH4RurXxHWR7eiqHWRgfAi4bhuaIeN2BzzmMhxWfmAjHkKAgBSaKmhcWcd94WGFpRVNU3w1aRySoG/ZIbegp2MEx8O0f63RVwWyheOU8ITAmlFYfYp0TdRREqiALUBQJRi3GJcjlOg4dkSa6t/tUpBlI5uiiLhuSTWGQo9Wj6Acs8QvrrZK65m+chR1vRFH29MUeMGT63bHPrcBgborDr6wgbsHiBo0dpbqwr4aNG/h6Wq8HOWueyW799CQ09HesWgEyHshnvHzbXgVbRkQN4bBrXDEhuWzuHvKpTL6hAhiipe1QcfFJxYIh04BTHIR1N3xzYRrQiKGV8EobcoCRnQiHYQx6CfMJwmlywaGlgtWRaH7xO2Rg1fejwC6GNwHoc9Rgh7uVLbpiZCbcKUlaQFvgAwdkeRHRhm8BpB0Rv5EKjVtbEeqVEG2Cfip4J3Drn4fULuronI/BibbR2m8AkvszgdHy3BSh+kYWgYBZQiQn/RkGtc4XsUP0EmyR+5tEm7gqoXDsBRv8lrHxEmPj2G1MdYb/GSJiULErbO1/qr9Jx/sec6GTEHlekdzL0ZurjM68dvHjYSrtu9ixz8f0rH9H8bIANhmQ2hAmRv0Y8IdCKwOkBaOgMS4BogYKDUnORxibcdCEfeCIUfZFiaxGTcnEZNa6gZGzwmuAHeLxHSh1ka0qsJzPtin+QJEaEnE9BC1OLXIciokn2LKSbgmZJ2jhymP1GxDynIAAqaZGFJsKdw6AKUqfKMYgOKcqn1J1Ee5HxJqGXOodJ67CqG2prWU6mCpner0G29bFCMHu9U+suJd6/QYXGfYcUePrJRwdLxxwoqbrlH8B3KUMsEKY6fHH9x6/vOFLUOthoAVgfixH1BuzcYt5Lp6F2FLWYHhCQV5uuWtfzYGi8ZixxAr1rEZVkQEfe6Xa0evLhKuvnIINTcm8R9oo818GunxnVMH/GNI3sCmdMCCIL+dQZ2dWg6YkkUjMMBhapWSTsOfTWCmwEDFTsN8TFqCUKnqPKVkA62ZJI0AIIw9V2VwPOzTfTogl0AybGZ5PGZnWZlUM9w3shaTrYbZZ8qFnhaEWdjDPqN7Nln3kTmYcJgjAKu1I7WsIIydPQaIxZkagyJtK0vAZoMm02g6owa1Og5BRyNBgnYJS0WjQWeWBhZtmZPI62C5A0BYQFWbAQzQq4FFlNZpYIahKjBrXSMOgzYPqNEtT8CaM9gglj4Bl1Jmdlm2ZuIs+p3ZnwijB2jFGcpmK9amagByXPo3uCY5mWcSI62FGfZmAcWeUeml6D2YxyL0bzP1zsGe2e1NZZouesgsBvXIwA62CYwrnwsL4MNm654WaLmUZyWcNnOZyTtRMZ1EEE363BLaI0o864hXmzraiDgoFmcLOHnxcxpwCPC38HXy2ZZ+9CfMwUsjUY/paJvaeGAQ6CyZf7ux6ycc6zh6cbzyhx4KJX6+xz/vOHSoHrL2a3+rlKyGT+qDo3B02eEMJm/ICBVB74Q7qR669eAwDRmAMPAbemFRzQE+mwF6dK1GQ8L4YemnpoKw2lXpjcagWSB/wDWVlEGjEwsEKIQD+mTxhbpgaD0i8ZKAVDeCDpSl6Vy0L8JLa7y44IuSBXhD5W3sGiAeyOoEIVlZQio+1J6p7H4QDczMGQHHZ0Wbd785+QkLn69fus/CrgXPXsBCsMR3iGa0Gheoa923w0ktogZVv0stoHoMaC+g9RYshxOopHTZeF62BlLLtMRY8I5ZmQw0BxZi9IHni6FEGiAYp5VthdJYcxYdm450Wa+mf+F2dNQTZexasTHFmKYMXXF9xfrmC5p2eQpfFwEA0AxmOtgtmnFmIBcWDgsJeEX5Zz3ATmMloLXiXPjRJY0XogUJdjmC5oufpd/AMubYA8l5JePLUlhufr1oXS0GbmxjNud8zKlgpZSWil8Rb7n69AJeToglpJbaXCaNSJo4qBTVGvlbNS2CtBd2HrE3J15mFNsd44NhYIDAMQmFiXRABTkGh40ieXKWSAAhDyXmAApcUFe5CKF3mNJCZCAJeDSetL9FYrsaOHM89/uXqH5q+ZOa1EiSmlHYFyvLQX449MRgW2MO9FunJu+6YBRHpg5Dl8C0ZBdBWBh4VF2hZAZbz8Q08MAE6duEXup4Qncf6egbAZ0hdgC/Ek43hDOF+MFCaa+98IdCB6vbujVDuVrjoQZbJDwoA9ANwoE4aIDg00i1yFRD5hKQXGfZSR51CRlsEgWldxD4wTiEPAYlo9DxWugsQuhG9KaMOABaZrFV5WQrUsBZz4IYbO01RZ6qF+WsFvSnjhgAcD15XvBPnCuBku32cGwVV74MWM9F/mbc18UCymB5NVjUKBqm3HVd9E9VwMXkWroKoL1nn5E1bjQfAXRceC+ZVYMDn2gjYOUotgsOaa0CjKOaexuKT4qbcmcsVElhgAL2YwAHVzJCdX3Kho01mKjTU39XYtIOaDXeZK2e2Dw53YNS0o561fjXnQzo2TWRV8qiURwbL7XHR7gn4KaDlM/7XgdxjXzPeCUjACK7mHFhY1UXpjVJ076j7VXPIijAFHVn74QwwwphsdTkm2iO5Tur371Ot0bWgU5c/tgJzzTqXdr8WccfDCB641EFXB18mZVXu12HVVWTp2RmkSdmivzuXexwW19SnlwcZB502HFdBnq1vHtFCPwr0y0q1DKdchBM5/5tAjsqJkfA9Um0mKIBqZpkbsSFUwJa8BaqPoKA3QEMBESa22GEdtWukp2lA2cfCDaQ3UVDEALAYkBDaZHcN2AGg3elrwBKAdF9tFhQmR/+BsQUgLVB0JqNpDfo2XALIE+NCN5jaC0VCsNe6BCjBDePLE1zDelTsN48to2WNwkY42BNoLTY2xDJjak2tUbjYjnSiKOf428eo4PFyhNj0BE3/mkuci9MaoY0k3I2S0Ho2xjKwF8y4N3w0M3JYdTZfBSNz2gs3pjbKmWnhRwXDWn9pkwe15mAI6bVXTpx4esH3p6BdcENAWBf+XnB84UQBHvAtFoABAF3Ai32WohYBnfB50bbErxtdtij94V8cmmmKn0hmrH9e6N3azvO8T7RR5FlbXmc0OZbR1DCfHxbYQ1Jth3VYgN8DrZTgEri6A1OVn0ZBJfR2ne8a0bskvgZ8LnwZ9efVXXa3mQVfFl6KG7Pzj8AKFdEcAUkwllIM9VMDi8IuYaAKNh3St8FiBWQR1WdU5LVahRKyaInxUsrACdg0d2fHANaAd+VoCHZgfaAHARRt132SMwgPraq3ufRn2Z9ht/n2p8hfEX2UsmfCX2NnhLA+zj9ITE1vqs4s4xkM0THKFfYwVt0LGos/OYXjMbFtzJq+2V/WID3U3wOYhui9MUcaosQQD0SMQ6wYRvp8efd7diARtxHZb9lqVaM4rHQI8F+ARXGgCKQawJwLS3+tkneJ9SfMelb8/vdv1XwrOdUHaSzfZ+jZYwhIyFOAIdjzPBBGYz6CqBVt/HYR2Ftxn0ybmt6ne3CoQsVYUBvgZgDm2JMG7bu3afHS1oNV8XGscgV1En2ZAyfC30q5lCDba22ZdXbdyaV6DgLS270uaFcFcd6i1ItHMQqIwAUJdTKV2wOGCETQOdobfJ3ISyneX81dr3TKL6d2im3F9JsxhmrrpWBGVRjOaWPiiT5w4aqEb17PNsmv+wcegAgkAFwG3SdvnzO3ptykFm3DiSPcV1++ENW3V7wBuJsAvCYuKLj9LU9ngJwEN8GQNbAec23Vd+SAEfRGQXfjBVNt+tgd3dLGAHnMWQVXRKB2UTvdYRu9t8H+hDtmwD6hjtndQSAWQNoEu34CWti72e9hkU787tyAAb2bAJve3VW9n+I72D9pfZ73ZeWfB82Pl6NJsHMFq6Z83Qt1rHC3It6Ldi3HvJzdDRi9g91L23t8vYF9vt0Xz+2tKmbZ12a9wPZdJz9y/Zb2292/bZB79lffCbBfNHYx2z9xveb3r99vf330D5fa1A+9kX178h9kfcksEDrUFR2NtjHaPU7GpkASBAwcemH3B92ve9VqdvMta2mQEbZOBQ9snYp2ED/SzEYW2PtlU5wsTbeoMW2R/feWIF9BYumgtkLacHv9/3F/2YtoeIAOowIvbmkS9jnaZALdsnwJK+dmPar24D+OC4PkdvA4v2CD1A+IPD9zA9V3ED/A6v2HDxfdIPUwE/ehKkD+w5v3HDjA5GqNHMRj8P3DgI88Oj9vMuMPud63dsPkDwg6PU7difZ22p9jRwNNgfefcCOvD8g4H2qDzg9oOvQZXaYO+oFg7YP8jmg6R3ij3g7a3ISwQ9e2w9kQ6qOeD8Q8ZBJDxkGkPmQWQ8RLFhBQ/XGvlqEh+WTpr/cZa4tqLa0O4tiOJAW+js6cgXlDrBdUPPhu6Y0Os8WAH/34t4aO8HHR8aMPTmXJyae3Hacef27wxrtC5dJLU4DAASgQMCNKvxx/QRACtnayi6SUIBZJ7QDxo8hLOt+CCDEJgentopSIACUr3td3Xfat++Zbbl24dkECPVLnRoDg8bnBdzucIsvIa8IBVgQDKaPyRCjePhDz7ewOftsXwl8Dj+CDH4Jtxob1aQdl7uUdJd+mIN4Zdvg3l2o+A126y1FUHZvVzC1GAU5WqPHYHgHiQnYIhUJTE/L3RtmPbp3jJxnbCa4+UA6MOudug1MPqfA9QJPtkbsEF2aHQYhF3hhMXfoAJdv2a8F8yEFLqMv0U3dLh0fa3e3poT5eOsL0LdAKpPpd9QFl3uYKqHh2GT6IpdIXQP5MybsOnHY5PqLXTB5Pidho6xOztq4AFnpt4U4Z2UvMJsWb5OsQZT2lANPYkS8CTPcNwubU+duX9m29Z9SNY+v1tg9D+CAMO/TgU5gOLDlSklhrD5XfiP/Dog8iPe9mwH73KDjg7H37d1I9bZp9jI7n2F9u/a8OGfI7ZO3t96Eou2+oVoGyOoj/Xd8O3DlA4iP2zh/d6Pn9xQ4GPvqIY5um1D0Y8i21j7Q77qsz4A8w9+Tj7bo1Ud3E+gPzDoE/gPmj1w7sPwjis4nPMD+g/R22jss7PO0Dpw7IPqzig8H2ODyo6p2Ud7A4YO2jko7KP2D6g5LOeDpkD4PqfOo63Pw9lkAAv4eTdvHoJD3dA6PqDLo9iA5Dqc/PWZzvRPf3gtz/cXPBQFY4LQVzyY/XP9DkA8MPGQGI+lOSaqnxp8Dz6vasOED287HPzzkg6iOXD+i8SPBzzA+HPWLjw4vPgj2gy4vxzpi8wPJTy3diPOLfi/b36zlI9l0XSdI9n26fNs8EvHzms5fP/zwo5cOfzxkFYO/zgo+PP9LIC9qOd9sC6aP3zsQ5gu2juC86Puj+Q+nP+j9C/nO/l7C/vyxj/C50O3lmy9mOlDy1nsv/AEY5wuxjiyDi3VztFZ8GnRxWr2PeDNLeSjYgigQiLGAOkELhxOCrRO89EOTOIwFMvUB4IjLj4/Z28z7c4gPhfKA/F8cKiU9IupTnnb34+djE6EP8z+U6v0fjodZwpqgVzHHRATmi5qgBZsE7tP5ANbZMRe+s05RLET4qqXVmykUDRP8yKq9yvwL/K73Oir2q6JOgd0k6oDyT7QvVSodmk9h37ThXejDILug8/PrzzHd9r3d/wE938d7059leT9TKyuIL0Q5gOQz+PfIwJrhn2EuTDii7MPXdgXfyDy+KaZUowmH2hdPEgX3J/ZuswssBKtQMdxxy/Ndi2NPWrPq9hOndu52w6GYm09pOIT+k9ovjzkG4SBijw67ZOTrrk8mGidvk+qvtz5kEguadlUFj2RTsM5FjOV4v0OOO5YTjjpkohdc7H3Us+dViHly+ZYJv+mAA3O9PEPcmuRtgs8PP0b98/Ev7zjA5ChlL/I8kvtt6S4TArVWS/YvV9uti7Ot9nffP3WgJnwH2vCEXxNUJbrw84uwjhi4NvJzzyRmO/N+UfmOP94Y8cuf9rPACvHvVc9hdsziDn5urr6a8Kv8T1q8sPizui+Nu2Lys92uhfL8+QMA77i8Uupb584qOdrrA5Dv9rjS60uY70Q5qP+D0C+JvwL0m5TvWj9o8sukLno/Nv3Ly2/OmvLlQ6wuljgFdwvHbpOJ0OgDoi83OSLsi/KvKLuU59uizyC/Fvlboo/r3RzwO54vvDrVVP3w7gS4fOTgI3dCPe7iO9Hvnr0S57vTzk29lvJ9ps9l0lboO6ju8j189jv1L/8tKPNL8o83uU7/S7TvDLjO+Muo9qC5zuLLhC6suUL8cZf3wW54YwvFj+BYoHlj/y6FAnbgi7cvUL2y/Jan78u5fuvh/y9vtP7x72Cvtj7xN2OHZfY8iv8hhhauN+aKcP0r4ZodQauqHHpqUWNfR67L2Sbz45mLAhBa7q9CDefARzYD4E46uNr7q8hPer12H6v4T1enat828BX3WBAdkoedXj0++xPID37dmvXd+a9+PyCVhopPVrpG5h3wTza7RuBZ/q2ZObfYKtxvPT06+5Pzr308G3/TwU+DPUcKm4T2OH17ZnvyLtv1lO8Hpefokhdg81VP2rf64SBKTta+RvKHzk5GcpH8XcBL0LLgLIekmcG8ncDT764x9MmzBVhuI3eG5sK46xSCCRLT+R6wAvd3yh92zrgNBUecHzO8dEQTl0g0e49vsG0fKqCK6l9VZXsGpQqIe6O7RWocM9sik9qM9xRU9tYYz2pExM6edkznPdTO89x5e5vC9vm+lMrr9R84rCzo87Fvh7xi9HvkjuW7ktmzuS6yO17zs/X3N907d7O99te6NvJ7ke6CP172s9UvdL6y5/uPL2c4+my7224ruwtqu5Aea7tc7rucz4i8FuuHgq54fvbjp5Fu/b4887u17q89wOen028wPcjpZ50v3z4O5wPvzne9/Pk73S9TuQLk+9Ofrr/58vupD6+/zvVnu+7Qu/77y7gWfYoB8i3mAfZ+dvCL454bvdH0q5Ev9H3ncMfqL3247unnru5YuiXmZ58O7n/u7baJ7+e77vI7vR8dUxLp58XvGzmS5n3MjhS9HvXnlS/efz7zG+KOfnve+0u3z8+70vGQYC4EO2nsm+guEwcy/BeZDyF9vvzyGF8fu4X3y6cukXlF6/vzBowAtuyw/zYwXVXu272e4tiRYcQwGOLfAeuW0K6gfUtrJ/oWITBB9OOpwrwguOrjm48lLMrzh/Z8cr1R/APdzr2+KvG7sq5lOafbB7APcH2q++PiT6SOHX7S/F/IfGTzq7pOoT/x42QBrtmnzbkT/IFRO2H2UjDf3jnc5xOA3ua5BlCHljutAhH7QusfRH207pOHHxk+kflr1PzkePTiJ8UeCbi65e3fXkm7JvbrzR9DPtH8U6DfsX5u7eugkD69MeVTpcAsenHqx61PSIhil1P8nYkuhu/H2h7hvrC6t+pPbH8R6ofJHht9ne2Gj5L8RKgI1Bie3OeI0RhbsBdAYbwn+x784EDyiY7e4n8N8zve3oU/7f7rpnb6KZtbZCye6nAMHK4BzoMRD6yAQp9Zv08lM57GGnrm81ijnt29aevX9p4pvOn0W/PuKXwS8WfuX5l/lvZL9l67uxnjfe7Od9vs4HOyXwe5HOaXqe4wOoXpV9/uVXrZ4XOdn9Q+AeTX+sEZ5UX+D/EGPb/14ufhbmi5ufunuZ96eFnh55vPSX/u65e/nj57juvnzHYFek7g+/+ej7wF+hLJX7O7Mvc7iF+QvC7tZ+Lu5j0u4WOAHhF7fuNXtj++AOPgi64/czp66xeXrgx6ou27rp/Q+JPyO5JfhP55+P2KPjD9HuqX8elc/p7uz9nuTzhI9QOcPwZ7w/Wzru6k+lPmT+3vHLXe8U/lnky4BeJXpD6lewX+C/ledP95l1fe4q28M+bbpj8AfTPh2/2fTXyz9cvtX0BaLu9Xgr++XGPhy+Y+lzrPAYgJwoK4S30VpLbCvoHzJ/pv7Xgg0mmzjl18SBLj64/0tfJ/chTUVoeCEK2op9DSHfgXwU9d2o3st5wo43pz8PX/il0iTfUblN/XeAnzd8YfKu5h9I/c3poHzf/Tz274+S3wHYEeK3mR/B2RH7d7Eeur+98dPtvpk6bfaIVk9bf7H8987eBb7t4SeP31J9FP63p07Df6XkN7lP3rxU8+uVpYXene/r2d8BvXc7b8xu8ZDx/i0vHld84sTT1N/5zaXC0+Yea3lG4keIfz78se8Za4r+/In/9WielH2J6Julvvt7B+wzyn+0QIUocdWHjOLaE2aL6QR9n7YH6M6ZujJqp8vXLJ9m4UT752D8zPrPk5+B+hb+N+c+69kL+b2ncWl6cOsPmW/fBx9gZ7SO2XqL9Ge19oj/Vupn/s67vZn+e81/qP5fdo/wF+j7f3DX5r78vIttr/lirP3m/rv3br1+u+8T/j4Jf/b0c9t/5nrw7E+w7kP61+FnmL+S/eX2T9DvE7/e7j+1f0V/Ff07pb4y/NPq++y+C73L9q/8vku4a+jP7Z5K/K7sY49+EKL39dvuP4d/s/cXxz6ueBPwl6j+7f5i8SBSz429D+RPw2/Jeu/6P68O/P+i+7/PP6I7Ku4j/v7C+9fhs9w+jf+S+i+nzje5T/uDlXY7/qdhT+T+eX1P9S+M/pX4j2NPmV60/c/h39826vov8GPGvny6NeK/7sE9+qv3rtjE8vqvPq+L/kv+K+TP8v/d/b/kgDrYncC+IYAOvpsdTxlAFzxrAFwrnSk7Xin0HXjyMkgGcdJvr2BpviVE5vr4IFvnj5WfpG9DgPVcJHCc5iHmRAVflt8ufjt87Hj1csmnQ9gUsd88hqd9Ltud9gMkD94nu1t/fvuc+HqW97vmScwBmDsKPM99rTq9863oGcD3nn5vvkbMW3h7sFHvjcfTiz89/hXtadp+80ng9cdHrZ8m7jD8jHhO9lTkdBzHij8NTgDd53uHIl3sgpcfkad8fjDcDvmm96HiT97Mi99a3qjdOfkDB++NT9IZO6cRAW28xAco8JAfQCPjtYD5AP3wUnlo85ARGcvxqL9YzoZNKnhJRqngSEblnU9oPjZNGnnB9vfui9ffugDNvoJ8XPq38w/lEd+nkvdWXi2d5/ib9VbuM9iPhb8yPv3drfsgcR/gv9pbrF8RXo/tK/r/9//px9YgQh9PXsC9GAbNdEgS38bfgP8ojhH9h/h0CXnov83nsK81fp89E/hv8hXlK8VPml9M/gf9YLnK9ELjl9owtUC//gADq/i09GgQoDg3q9c8Xq0Dg/u0C2/s4c1/ur9t1KUDyPrdtKPiUCegbxdqXmcDdgVqB6XhP8UgRJdp/lJcIvnP8RnpJ8+gdy8BgSv8+Xuv8Evr88Kgdv9xgbv83ASC8Uvpl887nMD44AsDagVq8H/jq8C/s/9z/nOdL/vC8ESIi9Wvt/9b2itBAAZA1gAYt0gZmACFKIRAnklFBf3n19ILDGpEAfBAbAFpxUwI8d9Kiwshvs69XXuN8M+uUZgCo8B4QG094QAhVE+lgDEUnq1Nvu1dE3sQDqHqQCN3um9qlPm1vjlLQrQGd9B+hd8jAK0VOQX79ePniduQX/AWAWg9tfEtd2Aco4uAbDB1rru93vkk8vvrqCEnC48mhkdd2Tk4C1NEmRGMHwCnTgTsXAftAkPqD8fAUzsjABfEOQafA6/tzsYfuqD8AhcgEfltQkfr9d1TpEMm/pYchQU6dMfpDJsfnUY8fpDI13lc5xQaYDVsCKCNjDY8inB99CAVUwkgNz9BLG7s73vT8UmIxgAfktJXQQ6DPvt4CB3g9cx1sU9IzowMAgRU9JEmKcB0DzkaCMOELlt84v0vzlBgAI8DMEotWGqU4K9NvRqRk6RFiqmxais9B6iuT934EZA6fvjtvdqbAIPtXUoPufNThvesmni50a/jZ9gQch99sNc82gVcDUgVWdygSPtwvob8sga8DI7oR8Jnj2dd9pb9jgUPd7gc88qgRiDuwKi80Xg0Cu3sCDmgZc8UPkeDtgSeCe/p0C9ro89XwWUDo7v8CvgQn8E7iMDpPiK8d/kC9JAVndQXtn8ZgTfdQXDN8f/p+CCLt+Da/pi9FARsDG/oBDm/sBCNfucDu7gcCbAEcCigX39IIWvch/pP9TwTcCgvnQY7gTsCb9peCmzpF9sgW8DzwVv9YIfF9mDoK9EIQCCxXgZc1Pul8pgbK8svrMC8/vMCPwViCYQdMd4QZ8s7LsiC1XvbdvhsKhcAMlpQHhsccQcQsMVjy0P8r18IAf18oAYN9RoHpDxZHN8xBig9rQO1B2jDn49MnMBMHqxUNPJd8arit9MAdG8omk1cYMC1dIwQm9HQbt8JHvt8UwYd8JQbjImHjIAe1JkZLQDQCfIXldVQUwCgkPw8tQYI9HvpwDEbhYC5wfe9hJp4DnTtFkzQc29afo4D/vkz9CbpdckPmz93QW2Dyor6CcXhVc8XnD8gwRylZiuOBxwf0ocwW2g0fi2UbAav98wZk14wfk59AVDdDAcmCYTjFC0wYJYf2m99qLLPAswfClHHpoDRodY9Fwc4DmfnVCEgdID2foO85gNCZIARlsuOEIAHEGWMtJp9BZQMFDGrqns5eqmsrClBQjIOOZR+FOFIrquDdmsSEfIpuCMztfNdwYr99wYH927hRC7zuxcdfnWdHgQb9eIS8COXgs87wfkC2gLvxVOGKhnwacDyzm+DFXo791nppC3/k18y/rs8xjgaD9IQBhDIYAd6gYRDJAf+CQYar8V/j59RPuBDxPh58oIUv8hIcjshgfBDfgWJCYIcjs0/lJD6jqhCs/of8c/gpCT/vfcnhs78tIdf9ItiTCDIQc8KYYDCMXmsCR3koD8AUkC1fgzDB/vsCtYUOcGIVR9WIWPcQjv58WYWvdbgYy8PPjxDMgcM94YTkd3geJDhIfsCk/qMDD7pJDj7tJDJgehCRYZhCFXrp9oXk78Atv/dS/h/8iYbLC7IWTCFYauMHhmf8DPispfqLDBtTL3VLXmeN8Qby0YDLwY8gNhA9CKDNQhmyRqYIeQwAKbhZCO4NM4a1AHKE/IE7IuJS4c9I31m9DeCLqZe6mhx4ILnDIQQ/c39sLQTSKMB5Ykehq4bTQ/1GvoCDB/h+OKlBngAgF+EPYBnBsrBnABCFTcBsA1ALOZBoPtRrQOvFE9uBRidErlvgK1AAlP0oFZNIsVKMECrllXVvoccMHOn9Djmk3UXlsAshvKC19Pp5c44dawdhBtIbcG/VW8ii1h9EWIYpAAFwwDqJZhNOIKANAARunaMuwiZDuvlA9tkH0w17AnxYRNcI/4QAigqlEMN3jnwVnFhx9gFiAyHJuIc0uwIM+HnAhlrQgrjLTd3uFOkUgB28SAIDwguCT0AAALJuBpz+AJyxwIojouiaiAtXRNjJsUUjzWBBhJYT2pPYLniCrPbR7kTcQf4F8DHieZBg3PXSoI/3bfiTBHzKKZZ0ea4riImN44UVZBSpFNjZISNihpWqQYuOry/cGwQV0XpKCrKIC4NNkQIgDiCoBLIAEAPbpG5OwQg5eOBz4L2gFRPSJHIVkTsAbtjaABfjSuLCT8IuhBPw4LCZIeb6bAPiCaYWQC0eYRE/4T0jSCJRryIiGYYAYUgEGKVIWwZib2AW+xPTbxzAcF/CJ8HzweIqjgTqKgSVJXhGGpL6KGJYhE8nUhGBcEES4AR9AggcewUAO7gD5PCQWI2IQ7Rc2B8QHFBlANBGUoQYCtI90AEAVeFhAPpj2RXEwfyNSSrIFm5Z7cIG82DcGc3LcExAoKJxnScK/AOzoTI2X5TInsH9oVABPwz/RRwklq3wjZ76JXuzkDF+H+xMxKp4K2zoRKeImRLhpmRU5E7pB0ZWvHY4XjPxKQI8MCiRNCKSRN5iyQOHrYBBzD72CYy4sOYwJTIGAXZLKCP6Glh32Fx7i0cjiS0HAJjSeWirXGyRJ5CNbXFGljfye/gGIzRFH2EJGKAV3ynI1WSR0MaRgAYvQtVV5FayHWSJ0NrJgSGBADBVKbmIR0DYgTDARGepowbOxS1tSBgYohRBwGVWg5w3aJUjJ17+mPlb+CKdLnQHpDSZGDjYokCJ2GaxToRViLnIgZKbAIvbByfZx+UPOCnkK2RF0GDYI5f+hkRV8CI6cMDoWSbIh6ByBDgIKHygZhhTFN8TYoythcSNUIk9XiSsol9DdgB4iyTewC+KJUj+KUOokoh2r3hNOCuIhqDIQGCD7xfta/4DsiUAdxgbQFlLljOUCdvGxQUSbeinZSeAwIUHIWolaBQONLJ2KdKJ49Z5HyuGlFuFeNFBIZXIPZa3KnrKCBcAKlIogZKxw+Umz1rDaDWFcRRkZNPoJI+4KxQTMBUnBkKx0XTbbIahavSRVxSIAzAzof8Sh+GmwMcMlxtogkae6BzAUALhwaTRNgUufcCJXWCC3GPRBDDCwqQMXRgLDHJDPQ5uRSIXVGfgVSajTf5G32W4IaUITSCxMQjlZdZgQqbWQ7MFPKhOciACOEziIZc/iMcRAA2AeNEegW1EwQURxmo15EUAPrJ+AF9HanEMCPAD8CaKS8SQYJrCxDBYAqQVlaKSIqLjhQDJsiIIQNjfJjvJD7LYonYBo4LIoTSQpzo/bRDoxSEzDomtHuZC7I9qbjpvwQ+FXrBZEc3JZH/Qnm5U8R5hKhJ5GmRcSKnIqNJtwwOFcqIeJXI6VFiRTIDmRAxjuUEfLWhAUJIoulgoozERvcU0QZopjFfospEE9EVi0Y9txYiAVhcYl5EWRc16wSOTEc8BTHiYpTEiRRjE8Yq5E2orVgCYtNKSwTzzKYy5HSYpADPol0SvorVjSjG+Exwu+FVhBFoD2Q5Ef1G3DCqYOKJAG0bXIrY63IyB7AzQWC6pFWrucN6EAmVYiI2KqiulIUDM8OhCnAG0bHRAwjNmBpErxGUzZRDGKCYiUDbmE8wnpUFDezBwrPSGBAtmNeQ6ZQmIK4MqC1IY7zjokhSlJa5I5ZckzPADhpUQNiT5AZ6CE4AcqYpTei6kF6zqxbCw0pZrFP0TaBV8L6HXrep5RAuX7XzMWxnNYLGd1IPqwnQKjMmXrjUoWpDrVAwgv4D8D3YVbGq2FIiAAJMIHTPrF+hMtjOetFiglBFjNsSdifTKP4EgAljy8muNcYX/dvYtmIdRu/U34Q2EJ9F5jrsWHF+EFMdbqHTgGcEdJmcMLATIZzgVcGgA1cLvotcInAdcOoA9cGLhDAP9jh4LgBJZhBAsBh3o6AHWwpWHDjjAJLh6gGwlNyLAkIEo/F8cPQlBEmgA94hfEb4rgkd4hfF74lsB14i/E74lvEEEvfFKEvfEscf9ij4i/ES4gwAgEhQkS4iXEX4k7h6cRfEn4lglxaswk0AE7hD4v/9z4vAkX4qfFaALu0DcP9j14vTit4oslaAOvEncOLUd4hAkBAALiX4vfEi4o8RAEgQk0AMQl74qvEVAE7hFknPgX4hfF2cTjjMErQA6cWgBGEsiA8EqQleEpAl14iziXcXvF74n/9wIDvEf4hfE34qQlX4o7iIAF1MjcUXEHiAzj74pbjA8ffFRAFvF94sIkS4lsAS4vQl9cVsBjcSniX4jAlaEmfEo8VABV4rQAi4rQAKcbfE88QwAi4mnj74iQkS4tAkRcXHincCXEBElsBC8XaBkQNniqEvQBlcU7jG8dFtgEtwlzcfjgqEjvFtcV3i5UmfEGAILj74nQk0EioBT4iXESAAglS8YwBaALvFBEgIAXcavEf4lvEL4uAlaACHjSEvLjj4vfFiEkLiS4k7g0AAQkmEu3jN8SziS4hfEncAzjucdgkBcXXi//sbjHiFvFIoEXEGAHgkKEgIB14rgk//l3jFkpviL4kslots/FotrQkd4objYEtziq8VLilkrAl0EsXFhEgIkrUkeAi4jvFN8aXE5UrQAGAO/i4EgQkr8eMAt4nviD8aoBacR/EhcX/FA8T/EQ8YviB8eLh/scbj8CevEP4uvFaABvEoEoQkt4pbj9cTvFBCSHiBAAwA18QIBaEuQSN4tISPAIPjo8QIBL8UwkD4u3i6cTbi//vTjRAEb0mCdnjDcZriuEtIS58EXEWcZvi78drj98Ubi/4lrjH4pnjX8ZuQb8WgA5cVsA8Eo/Fh8VvE/9pviu8WATBCRTjacTvErcSQAX4lXiGcWwlotiQkgCSQBV4lsBT8bQlV4rASjwIdIVCVAA8ErfEi4mHilkkzjxah/FYEiQBX8SgTPCW4St4qfF4iTFs/8SQlN8UskL4sQknCWglb8VkTf4nTiBACQkGALvEmcVziiiYQk7QK0SKEpviZCVfFX4rwlotkeB78VfiwCevEp8fTt88WgAYEmgBRANvj6iY/F14pvj18S/Ev4s/EmcRvEhcQwAH4lbj4EtrjqcffF0EuQT//jAkEie0SKccoTxcEbgoAIjjkcYgBUceLB0cUzh0iXsAGANwBC5m80McXBEDcAYBJYMCSDABWhYUNEByVpdhlWlwB43BqBwSWGA0UhXpElvG4DAA2ggSSCSHiV8SfiUdptpHWwPibTggAA -->

<!-- internal state end -->
<!-- finishing_touch_checkbox_start -->

<details>
<summary>✨ Finishing Touches</summary>

- [ ] <!-- {"checkboxId": "7962f53c-55bc-4827-bfbf-6a18da830691"} --> 📝 Generate Docstrings
<details>
<summary>🧪 Generate unit tests</summary>

- [ ] <!-- {"checkboxId": "f47ac10b-58cc-4372-a567-0e02b2c3d479", "radioGroupId": "utg-output-choice-group-unknown_comment_id"} -->   Create PR with unit tests
- [ ] <!-- {"checkboxId": "07f1e7d6-8a8e-4e23-9900-8731c2c87f58", "radioGroupId": "utg-output-choice-group-unknown_comment_id"} -->   Post copyable unit tests in a comment

</details>

</details>

<!-- finishing_touch_checkbox_end -->
<!-- tips_start -->

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

<details>
<summary>❤️ Share</summary>

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)
- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)
- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)
- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

</details>

<details>
<summary>🪧 Tips</summary>

### Chat

There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=wso2/carbon-apimgt&utm_content=13191):

- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  - `I pushed a fix in commit <commit_id>, please review it.`
  - `Explain this complex logic.`
  - `Open a follow-up GitHub issue for this discussion.`
- Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples:
  - `@coderabbitai explain this code block.`
  -	`@coderabbitai modularize this function.`
- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.`
  - `@coderabbitai read src/utils.ts and explain its main purpose.`
  - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`
  - `@coderabbitai help me debug CodeRabbit configuration file.`

### Support

Need help? Create a ticket on our [support page](https://www.coderabbit.ai/contact-us/support) for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

### CodeRabbit Commands (Invoked using PR comments)

- `@coderabbitai pause` to pause the reviews on a PR.
- `@coderabbitai resume` to resume the paused reviews.
- `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
- `@coderabbitai full review` to do a full review from scratch and review all the files again.
- `@coderabbitai summary` to regenerate the summary of the PR.
- `@coderabbitai generate docstrings` to [generate docstrings](https://docs.coderabbit.ai/finishing-touches/docstrings) for this PR.
- `@coderabbitai generate sequence diagram` to generate a sequence diagram of the changes in this PR.
- `@coderabbitai generate unit tests` to generate unit tests for this PR.
- `@coderabbitai resolve` resolve all the CodeRabbit review comments.
- `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository.
- `@coderabbitai help` to get help.

### Other keywords and placeholders

- Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.
- Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description.
- Add `@coderabbitai` anywhere in the PR title to generate the title automatically.

### Documentation and Community

- Visit our [Documentation](https://docs.coderabbit.ai) for detailed information on how to use CodeRabbit.
- Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback.
- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

</details>

<!-- tips_end -->

[Copilot]

Pull Request Overview

This PR implements API Revision Deployment Monitoring functionality to track and manage gateway deployments. The implementation includes comprehensive database schema changes, REST API endpoints, and gateway monitoring capabilities to provide visibility into API deployment status across gateway instances.

• Database schema additions for tracking gateway instances and their deployment status
• REST API endpoints for gateway heartbeat/registration and deployment status acknowledgment
• Cleanup scheduler for managing stale gateway data and automated monitoring infrastructure

Reviewed Changes

Copilot reviewed 57 out of 57 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/*.sql	Adds database tables for gateway instances and revision deployment tracking across all supported databases
components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/*	Admin API endpoints for retrieving gateway instances by environment
components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/*	Publisher API enhancements to show gateway deployment statistics
components/apimgt/org.wso2.carbon.apimgt.internal.service/*	Internal service endpoints for gateway registration and deployment status notifications
components/apimgt/org.wso2.carbon.apimgt.impl/*	Core implementation including DAO classes, configuration DTOs, and cleanup scheduler
components/apimgt/org.wso2.carbon.apimgt.gateway/*	Gateway-side implementation for heartbeat monitoring and deployment status reporting

Comments suppressed due to low confidence (6)

[coderabbitai]

Actionable comments posted: 43

🔭 Outside diff range comments (2)

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 (1)

858-877: Fix duplicate configuration and verify retry parameter usage.

Two issues identified:

1. Duplicate "Enabled" configuration: Line 859 has the same Enabled property as line 861 within the Heartbeat subsection. Remove the duplicate at line 859.

2. Inconsistent retry parameter usage: The DeploymentAcknowledgement section (lines 868-870) uses apim.gateway_notification.registration.* parameters instead of deployment-specific ones. Verify if this is intentional or if these should be apim.gateway_notification.deployment_ack.* parameters.

Apply this diff to fix the duplicate configuration:

 <GatewayNotificationConfiguration>
-<Enabled>{{apim.gateway_notification.heartbeat.enabled}}</Enabled>
     <Heartbeat>
         <Enabled>{{apim.gateway_notification.heartbeat.enabled}}</Enabled>
         <NotifyIntervalSeconds>{{apim.gateway_notification.heartbeat.notify_interval}}</NotifyIntervalSeconds>
         <GatewayID>{{apim.gateway_notification.heartbeat.gateway_id}}</GatewayID>
     </Heartbeat>

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java (1)

326-328: Consider propagating deployment failures

The catch block only logs the error without propagating it or affecting the method's return value. This could lead to silent failures where the JWKS or Health Check APIs fail to deploy but the overall deployment continues.

Consider either:

1. Propagating the exception
2. Tracking the failure and including it in the method's return value
3. At minimum, incrementing an error counter to affect the final result

             } catch (APIManagementException e) {
                 log.error("Error while deploying in-memory APIs for tenant domain :" + tenantDomain, e);
+                // Consider propagating or tracking this failure
+                errorCount++;
             }

♻️ Duplicate comments (1)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java (1)

153-172: Externalize the Health Check API XML configuration

Similar to the JWKS API, the hardcoded XML string for the Health Check Synapse API should be externalized for better maintainability.

🧹 Nitpick comments (38)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/DataHolder.java (2)

422-425: Consider using EnumSet for better maintainability.

The logic is correct but hardcodes the registered states. Consider using an EnumSet for better maintainability if more "registered" states are added in the future.

Alternative implementation using EnumSet:

+import java.util.EnumSet;
+
+    private static final EnumSet<GatewayRegistrationResponse> REGISTERED_STATES = 
+        EnumSet.of(GatewayRegistrationResponse.REGISTERED, GatewayRegistrationResponse.ACKNOWLEDGED);
+
     public boolean isGatewayRegistered() {
-        return gatewayRegistrationResponse == GatewayRegistrationResponse.REGISTERED || 
-               gatewayRegistrationResponse == GatewayRegistrationResponse.ACKNOWLEDGED;
+        return REGISTERED_STATES.contains(gatewayRegistrationResponse);
     }

---

57-58: Consider consistency in access patterns.

The static field gatewayRegistrationResponse with instance-level gatewayID creates a mixed access pattern. Consider whether both should be static or both should be instance-level for consistency.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1)

11465-11470: Typo in liveGatewayCount description

currenty → currently.

-            The number of gateways that are currenty live in the gateway environment
+            The number of gateway instances that are currently live in the gateway environment

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1)

4225-4227: Inefficient LIKE patterns on ENV_LABELS.

Both new queries use ENV_LABELS LIKE ? with leading wildcards (%). This prevents index usage and will full-scan AM_GW_INSTANCES on every call, which could be heavy in large gateway fleets.
Consider normalizing labels into a join table, or at least using an indexed JSON/array column if supported, instead of comma-separated text + wildcard searches.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (1)

360-368: Consider unconditional scheduler shutdown for robustness.

While the current implementation mirrors the activate method's pattern, there's a potential issue: if the configuration changes between activate and deactivate (e.g., enabled becomes false), a running scheduler might not be stopped.

Consider unconditionally calling GatewayCleanupScheduler.getInstance().stop() since the scheduler's stop method already handles the case where it's not running.

-        GatewayCleanupConfiguration cleanupConfig = configuration.getGatewayCleanupConfiguration();
-        if (cleanupConfig != null && cleanupConfig.isEnabled()) {
-            try {
-                GatewayCleanupScheduler.getInstance().stop();
-            } catch (Exception e) {
-                log.error("Error while stopping Gateway cleanup scheduler", e);
-            }
-        }
+        try {
+            GatewayCleanupScheduler.getInstance().stop();
+        } catch (Exception e) {
+            log.error("Error while stopping Gateway cleanup scheduler", e);
+        }

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (1)

239-241: Consider unit consistency in configuration keys.

There's a naming inconsistency:

• notify_interval_seconds (line 237) clearly indicates seconds
• heartbeat.notify_interval (line 240) doesn't specify units

While the unit resolution file may handle this, consider renaming for clarity:

-  "apim.gateway_notification.heartbeat.notify_interval": "30",
+  "apim.gateway_notification.heartbeat.notify_interval_seconds": "30",

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (2)

11469-11469: Spelling nit – “currently”

currenty → currently.

-            The number of gateways that are currenty live in the gateway environment
+            The number of gateways that are currently live in the gateway environment

---

11465-11483: Add a non-negative constraint to all count fields

Counts can never be negative; encode this in the schema:

         liveGatewayCount:
           readOnly: true
           type: integer
+          minimum: 0
 ...
         deployedGatewayCount:
           readOnly: true
           type: integer
+          minimum: 0
 ...
         failedGatewayCount:
           readOnly: true
           type: integer
+          minimum: 0

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayCleanupConfiguration.java (1)

24-30: LGTM on class structure, but fix the inconsistent comment.

The DTO structure is well-designed for gateway cleanup configuration. However, there's an inconsistency in the comment on line 28.

Fix the comment to match the actual default value:

-    private int dataRetentionPeriodSeconds = 120; // Default 24 hours (1440 Seconds)
+    private int dataRetentionPeriodSeconds = 120; // Default 2 minutes (120 Seconds)

The current comment says "24 hours (1440 Seconds)" but the default value is 120 seconds (2 minutes).

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (2)

22-31: Remove redundant imports

The specific DTO imports (lines 28-31) are redundant since the wildcard import at line 23 already includes them.

import org.wso2.carbon.apimgt.impl.dao.GatewayManagementDAO;
import org.wso2.carbon.apimgt.internal.service.*;
import org.wso2.carbon.apimgt.internal.service.dto.*;

import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.apache.cxf.jaxrs.ext.MessageContext;

-import org.wso2.carbon.apimgt.internal.service.dto.ErrorDTO;
-import org.wso2.carbon.apimgt.internal.service.dto.GatewayDeploymentStatusAcknowledgmentListDTO;
-import org.wso2.carbon.apimgt.internal.service.dto.GatewayDeploymentStatusAcknowledgmentDTO;
-import org.wso2.carbon.apimgt.internal.service.dto.InlineResponse200DTO;

import java.util.List;

---

33-36: Remove unused imports

The List and InputStream imports are not used in the implementation.

-import java.util.List;

-import java.io.InputStream;

import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1)

2759-2778: Consider adding indexes for improved query performance

Based on the query patterns in GatewayManagementDAO, consider adding indexes on frequently queried columns:

-- Index for faster gateway existence checks
CREATE INDEX IDX_GW_INSTANCES_STATUS ON AM_GW_INSTANCES(STATUS);

-- Index for deployment queries by API_ID
CREATE INDEX IDX_GW_REVISION_DEPLOYMENT_API ON AM_GW_REVISION_DEPLOYMENT(API_ID);

-- Index for timestamp-based queries
CREATE INDEX IDX_GW_REVISION_DEPLOYMENT_TIME ON AM_GW_REVISION_DEPLOYMENT(LAST_UPDATED);

These indexes would improve performance for:

• Gateway status checks
• Finding all deployments for a specific API
• Time-based deployment queries

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1)

2785-2792: Consider JSON / MEDIUMTEXT over generic BLOB for GW_PROPERTIES

If the column is meant to hold human-readable key/value data (e.g., gateway meta, labels), declaring it as JSON (MySQL 5.7 +) or at least MEDIUMTEXT allows:

• server-side validation (JSON_VALID()),
• partial querying with -> operators,
• better compression by the storage engine.

A raw BLOB makes the data opaque to the database and complicates future migrations.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (3)

19742-19743: Improve unique key generation

Consider using a more robust approach for generating unique keys instead of string concatenation with null handling.

-            String uniqueKey = (environmentName != null ? environmentName : "") +
-                    (vhost != null ? vhost : "") + (revisionUuid != null ? revisionUuid : "");
+            String uniqueKey = String.format("%s:%s:%s", 
+                    Objects.toString(environmentName, ""), 
+                    Objects.toString(vhost, ""), 
+                    Objects.toString(revisionUuid, ""));

Also add the import at the top of the file:

import java.util.Objects;

---

19801-19837: Consider combining database queries for better performance

The method executes two separate queries to fetch deployment stats and live count. These could potentially be combined into a single query or executed in parallel for better performance.

Consider creating a single query that retrieves both deployment statistics and live gateway count, or use a stored procedure to reduce database round trips. This would improve performance especially when processing multiple deployments.

---

19757-19760: Missing break statement in switch default case

While not causing issues in the current implementation (as status remains null), it's a good practice to include a break statement in the default case.

                 default:
                     // Handle the case where revisionStatus is not one of the expected values
+                    log.warn("Unknown revision status: " + revisionStatus);
                     break;

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1)

4198-4205: Re-evaluate table schema & add operational indexes

The current definition is minimal and works functionally, but a couple of small tweaks would make it more robust and future-proof:

1. ENV_LABELS – comma-separated lists quickly become painful to query. If you anticipate any server-side filtering/joining on labels, consider a link-table (AM_GW_INSTANCE_LABEL) instead of an inline VARCHAR.
2. STATUS is likely to be queried frequently (dashboards / clean-up jobs). Add an index on this column, or at least on LAST_UPDATED, to avoid occasional full-table scans.
3. LAST_UPDATED has no default; remember to populate it explicitly (e.g. DEFAULT CURRENT_TIMESTAMP) or you will need to set it from all mutation code paths.

These are low-risk improvements that keep the table performant as the row count grows.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2064-2079: Consider pagination parameters to avoid unbounded result sets.

If a gateway environment grows (e.g., hundreds of gateway instances in a mesh), returning the full list in one shot may be slow and memory-heavy. Most collection endpoints in this spec expose limit/offset & pagination metadata.

Add the standard limit/offset query parameters and return a GatewayInstanceList with a pagination object to keep the API consistent and scalable.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1)

2946-2953: AM_GW_INSTANCES: make LAST_UPDATED auto-managed & consider supporting longer label lists

1. LAST_UPDATED TIMESTAMP NOT NULL forces callers to always supply a value. 99 % of the time it should just reflect “now”.
2. ENV_LABELS is limited to 255 chars; a couple of env names + commas can hit that quickly.

-    ENV_LABELS VARCHAR(255) NOT NULL,
-    LAST_UPDATED TIMESTAMP NOT NULL,
+    ENV_LABELS VARCHAR(512) NOT NULL,                     -- room for >5 env names
+    LAST_UPDATED TIMESTAMP NOT NULL
+        DEFAULT CURRENT_TIMESTAMP
+        ON UPDATE CURRENT_TIMESTAMP,

This removes boiler-plate from DAO code and avoids silent NULL insert failures.
Optionally add a secondary index on (STATUS, LAST_UPDATED) if you’ll query inactive instances older than X minutes.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (2)

3576-3583: Add indexes (and optional timestamp default) to prevent table-scan hot-spots

The AM_GW_INSTANCES table will likely be polled by heartbeat/cleanup tasks using STATUS and/or LAST_UPDATED.
Without secondary indexes every lookup degrades into a full table scan on DB2.

 CREATE TABLE AM_GW_INSTANCES (
     GATEWAY_ID VARCHAR(255) NOT NULL,
     ENV_LABELS VARCHAR(255) NOT NULL,
-    LAST_UPDATED TIMESTAMP NOT NULL,
+    LAST_UPDATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
     GW_PROPERTIES BLOB NOT NULL,
     STATUS VARCHAR(255) NOT NULL,
     PRIMARY KEY (GATEWAY_ID)
 )
/
+-- highly‐selective columns
+CREATE INDEX IDX_GW_INSTANCES_STATUS       ON AM_GW_INSTANCES (STATUS);
+CREATE INDEX IDX_GW_INSTANCES_LAST_UPDATED ON AM_GW_INSTANCES (LAST_UPDATED);

Adding these two narrow indexes (or at least STATUS) keeps row-lookups and purge jobs O(log n) instead of O(n).
If you deliberately avoided indexes for write-throughput reasons, note that DB2 supports PCTFREE / INCLUDE to keep the cost negligible.

---

3590-3591: Validate STATUS / ACTION values with a CHECK constraint

Both columns look like enums (e.g. {'DEPLOYED','FAILED','REMOVED'} and {'DEPLOY','UNDEPLOY'}). Adding a CHECK keeps bad values out and simplifies analytics.

ALTER TABLE AM_GW_REVISION_DEPLOYMENT
    ADD CONSTRAINT CK_GW_REV_DEP_STATUS CHECK (STATUS IN ('DEPLOYED','FAILED','IN_PROGRESS')),
    ADD CONSTRAINT CK_GW_REV_DEP_ACTION CHECK (ACTION  IN ('DEPLOY','UNDEPLOY'));

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2)

3455-3461: Add a private constructor to prevent instantiation, for consistency with other nested constants‐holder classes

All other nested static classes (AI, TokenStatus, SubscriptionStatus, etc.) include a private constructor, enforcing the intended utility behaviour.
GatewayNotification omits this, so accidental instantiation is possible.

 public static class GatewayNotification {
+        private GatewayNotification() {
+        }

---

3462-3463: Rename timeStamp value to match constant style

Constant TIMESTAMP is mapped to "timeStamp" (camel-case S).
Other timestamp keys in the codebase appear lowercase (timestamp) or underscore separated. If this key is new, prefer "timestamp" for consistency; if it must remain, consider renaming the constant to TIME_STAMP to mirror the payload key.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2)

2046-2053: Typo & terminology – use “instances” throughout

The resource represents a collection of gateway instances, but the summary, description, and the heading repeatedly say “instants” (lines 2048-2051). This is very likely a typo that will leak into autogenerated docs/SDKs.

-  summary: Get Gateway instants in a Gateway Environment
+  summary: Get Gateway instances in a Gateway Environment
 ...
-  description: |
-    Retrieve list of gateway instants in the gateway environment.
+  description: |
+    Retrieve the list of gateway instances in the specified gateway environment.

Consistent wording helps users and future contributors; please correct everywhere the term appears in this block (and in schema definitions below).

---

5362-5375: Schema title/name mismatch and copy-paste artifact

1. Title says “Environment List” but the schema is actually a Gateway list.
2. Descriptions again use “instants”.
3. gatewayID should follow existing camelCase convention (gatewayId).
4. Adding format: date-time to lastActive improves swagger tooling validation.

-  title: Environment List
+  title: Gateway Instance List
...
-        gatewayID:
+        gatewayId:
...
-          example: "Env1_1372344"
+          example: "env1_1372344"
...
-        lastActive:
-          type: string
-          example: "2025-06-26T06:47:50Z"
+        lastActive:
+          type: string
+          format: date-time
+          example: "2025-06-26T06:47:50Z"

These small clean-ups keep the OpenAPI spec internally consistent and tooling-friendly.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (5)

18-18: Address the TODO comment before merging.

The TODO comment indicates that code formatting is incomplete. Please format the code according to project standards before merging.

---

49-49: Remove unused import from SAML2 package.

The import org.wso2.carbon.identity.sso.agent.oauth2.SAML2GrantAccessTokenRequestor.executePost appears to be unused and is from an unrelated SAML2 package. The code uses APIUtil.executeHTTPRequestWithRetries instead.

-import static org.wso2.carbon.identity.sso.agent.oauth2.SAML2GrantAccessTokenRequestor.executePost;

---

113-113: Consider using the existing scheduler instead of creating new threads.

Creating new threads directly for registration can lead to uncontrolled thread proliferation. Consider using the existing scheduler ExecutorService for registration tasks.

-        new Thread(new registerGateway()).start();
+        scheduler.execute(new registerGateway());

---

151-153: Remove redundant gatewayID validation.

The gatewayID is already validated and set in the constructor, so this validation in buildRegistrationPayload is redundant since the method is only called internally with the class field.

-        if (gatewayID == null || gatewayID.isEmpty()) {
-            gatewayID = UUID.randomUUID().toString();
-        }

---

18-18: Remove TODO comment or address formatting.

The TODO comment about formatting should either be addressed or removed before merging.

-// todo: formate the code

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (2)

107-109: Consider more specific exception handling.

The generic Exception catch might mask specific configuration or scheduling errors. Consider catching more specific exceptions like configuration errors separately from scheduling errors.

-        } catch (Exception e) {
-            log.error("Failed to start Gateway cleanup scheduler", e);
-        }
+        } catch (RuntimeException e) {
+            log.error("Configuration error while starting Gateway cleanup scheduler", e);
+        } catch (Exception e) {
+            log.error("Unexpected error while starting Gateway cleanup scheduler", e);
+        }

---

48-48: Fix typo in comment.

There's a spelling error in the comment.

-    // define sheduled task interval in seconds
+    // define scheduled task interval in seconds

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java (1)

112-120: Consider externalizing the Synapse API XML configuration

The hardcoded XML string for the JWKS Synapse API should be externalized to a configuration file or template for better maintainability and flexibility.

Consider moving this XML content to a resource file:

-                String jwksSynapseAPI =
-                        "<api xmlns=\"http://ws.apache.org/ns/synapse\" name=\"_JwksEndpoint_\" " + "context=\""
-                                + jwksApiContext + "\">\n"
-                                + "    <resource methods=\"GET\" url-mapping=\"/*\" faultSequence=\"fault\">\n"
-                                + "        <inSequence>\n" + "            <respond/>\n" + "        </inSequence>\n"
-                                + "    </resource>\n" + "    <handlers>\n"
-                                + "        <handler class=\"org.wso2.carbon.apimgt.gateway.handlers.common.JwksHandler\"/>\n"
-                                + "    </handlers>\n" + "</api>\n";
+                String jwksSynapseAPI = loadSynapseAPITemplate("jwks-api-template.xml", jwksApiContext);

This would require creating a template file and a method to load and process it with the appropriate context.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1)

89-89: Consider using a different delimiter for environment labels

Using comma as a delimiter could cause issues if environment labels themselves contain commas. Consider using a less common delimiter or properly escaping the values.

Apply this diff to use a pipe delimiter:

-String envLabels = String.join(APIConstants.DELEM_COMMA, dto.getEnvironmentLabels());
+String envLabels = String.join("|", dto.getEnvironmentLabels());

Also update the parsing logic in getGatewayInstancesByEnvironment method in the DAO to handle the new delimiter.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1)

238-270: Limit response body size to prevent memory issues

Using readAllBytes() on line 260 could cause memory issues if the server returns a large response.

Consider adding a size limit:

-String responseBody = new String(response.getEntity().getContent().readAllBytes(),
-                                StandardCharsets.UTF_8);
+InputStream content = response.getEntity().getContent();
+ByteArrayOutputStream result = new ByteArrayOutputStream();
+byte[] buffer = new byte[1024];
+int length;
+int totalRead = 0;
+int maxSize = 1024 * 1024; // 1MB limit
+while ((length = content.read(buffer)) != -1 && totalRead < maxSize) {
+    result.write(buffer, 0, length);
+    totalRead += length;
+}
+if (totalRead >= maxSize) {
+    log.warn("Response body exceeded size limit");
+}
+String responseBody = result.toString(StandardCharsets.UTF_8.name());

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (2)

95-150: Restore autocommit state after transaction

Both methods set autocommit to false but don't restore it. While connections are closed after use, it's good practice to restore the original state.

Use the utility method from APIMgtDBUtil:

 public int updateExpiredGateways(Timestamp expireTimeThreshold) throws APIManagementException {
     int updatedCount = 0;
     
     try (Connection connection = APIMgtDBUtil.getConnection()) {
+        boolean autoCommit = connection.getAutoCommit();
         connection.setAutoCommit(false);
         
         try (PreparedStatement preparedStatement = connection.prepareStatement(UPDATE_EXPIRED_GATEWAYS_SQL)) {
             preparedStatement.setTimestamp(1, expireTimeThreshold);
             updatedCount = preparedStatement.executeUpdate();
             connection.commit();
             
             if (log.isDebugEnabled()) {
                 log.debug("Updated " + updatedCount + " gateways to EXPIRED status");
             }
         } catch (SQLException e) {
             connection.rollback();
             throw new APIManagementException("Error updating expired gateways", e);
+        } finally {
+            APIMgtDBUtil.setAutoCommit(connection, autoCommit);
         }
     } catch (SQLException e) {
         throw new APIManagementException("Error getting database connection", e);
     }

Apply similar changes to deleteOldGatewayRecords method.

---

392-396: Improve encapsulation of GatewayInstanceInfo class

The inner class uses public fields which violates encapsulation principles.

Convert to a proper data class:

-public static class GatewayInstanceInfo {
-    public String gatewayId;
-    public java.sql.Timestamp lastUpdated;
-    public String status;
-}
+public static class GatewayInstanceInfo {
+    private final String gatewayId;
+    private final java.sql.Timestamp lastUpdated;
+    private final String status;
+    
+    public GatewayInstanceInfo(String gatewayId, Timestamp lastUpdated, String status) {
+        this.gatewayId = gatewayId;
+        this.lastUpdated = lastUpdated;
+        this.status = status;
+    }
+    
+    public String getGatewayId() { return gatewayId; }
+    public Timestamp getLastUpdated() { return lastUpdated; }
+    public String getStatus() { return status; }
+}

Update the usage in getGatewayInstancesByEnvironment method accordingly.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (1)

65-92: LGTM! Well-implemented REST endpoint.

The implementation follows established patterns with proper validation, error handling, and data mapping. The use of GatewayManagementDAO for data access and appropriate DTO mapping is correct.

Minor suggestion: Consider extracting the timestamp conversion logic to a utility method if this pattern is used elsewhere:

dto.setLastActive(info.lastUpdated.toInstant().toString());

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ef65dc3 and b0caf1c.

⛔ Files ignored due to path filters (15)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyApiDeploymentStatusApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyApiDeploymentStatusApiService.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApiService.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/GatewayDeploymentStatusAcknowledgmentDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/GatewayDeploymentStatusAcknowledgmentListDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/GatewayPropertiesDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/InlineResponse200DTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/NotifyGatewayPayloadDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/NotifyGatewayStatusResponseDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApiService.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstantDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstantListDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (42)

• components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java (10 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/DataHolder.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/GatewayRegistrationResponse.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (6 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayStartupListener.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java (6 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayCleanupConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java (0 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/webapp/WEB-INF/web.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 (2 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

💤 Files with no reviewable changes (1)

• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java

🧰 Additional context used

🧠 Learnings (36)

📓 Common learnings

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/webapp/WEB-INF/web.xml (5)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: Piumal1999
PR: #13132
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java:1524-1524
Timestamp: 2025-06-03T06:19:48.138Z
Learning: In PublisherCommonUtils.addAPIWithGeneratedSwaggerDefinition method, when ParseException was added to the throws clause, the calling methods in ApisApiServiceImpl.java and ImportUtils.java already had proper exception handling in place, so no additional changes were needed.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (7)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the createCanonicalQueryString method in APIUtil.java is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AWSBedrockGuardrailProviderServiceImpl.java:131-133
Timestamp: 2025-06-30T08:24:52.352Z
Learning: In WSO2 Carbon API Manager, the APIUtil.generateAWSSignature and generateAWSSignatureUsingAssumeRole methods throw APIManagementException on failure rather than returning null, so null checks on their return values are not necessary.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (6)

Learnt from: Piumal1999
PR: #13132
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java:1524-1524
Timestamp: 2025-06-03T06:19:48.138Z
Learning: In PublisherCommonUtils.addAPIWithGeneratedSwaggerDefinition method, when ParseException was added to the throws clause, the calling methods in ApisApiServiceImpl.java and ImportUtils.java already had proper exception handling in place, so no additional changes were needed.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the createCanonicalQueryString method in APIUtil.java is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/APIHandlerServiceComponent.java:194-196
Timestamp: 2025-07-01T09:56:40.853Z
Learning: In WSO2 Carbon API Manager, the ServiceReferenceHolder and APIManagerConfiguration classes guarantee that getEmbeddingProvider() returns a non-null EmbeddingProviderConfigurationDTO instance, eliminating the need for null checks before calling methods on the returned DTO.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (2)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: Piumal1999
PR: #13132
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java:1524-1524
Timestamp: 2025-06-03T06:19:48.138Z
Learning: In PublisherCommonUtils.addAPIWithGeneratedSwaggerDefinition method, when ParseException was added to the throws clause, the calling methods in ApisApiServiceImpl.java and ImportUtils.java already had proper exception handling in place, so no additional changes were needed.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (2)

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayStartupListener.java (8)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/APIHandlerServiceComponent.java:194-196
Timestamp: 2025-07-01T09:56:40.853Z
Learning: In WSO2 Carbon API Manager, the ServiceReferenceHolder and APIManagerConfiguration classes guarantee that getEmbeddingProvider() returns a non-null EmbeddingProviderConfigurationDTO instance, eliminating the need for null checks before calling methods on the returned DTO.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/AWSBedrockLLMProviderService.java:59-62
Timestamp: 2025-07-14T14:03:05.170Z
Learning: In WSO2 Carbon API Manager, API definition files are copied from their source location (features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/api_definitions/) to the runtime location (repository/resources/api_definitions/) during the build/deployment process. Therefore, the path construction using "repository" + File.separator + "resources" + File.separator + "api_definitions" in LLM provider service implementations is correct for the runtime environment.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (3)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: Piumal1999
PR: #13132
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java:1524-1524
Timestamp: 2025-06-03T06:19:48.138Z
Learning: In PublisherCommonUtils.addAPIWithGeneratedSwaggerDefinition method, when ParseException was added to the throws clause, the calling methods in ApisApiServiceImpl.java and ImportUtils.java already had proper exception handling in place, so no additional changes were needed.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (3)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (2)

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (4)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java (2)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: Piumal1999
PR: #13132
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java:1524-1524
Timestamp: 2025-06-03T06:19:48.138Z
Learning: In PublisherCommonUtils.addAPIWithGeneratedSwaggerDefinition method, when ParseException was added to the throws clause, the calling methods in ApisApiServiceImpl.java and ImportUtils.java already had proper exception handling in place, so no additional changes were needed.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (3)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayCleanupConfiguration.java (1)

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java (5)

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java (13)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: Piumal1999
PR: #13132
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java:1524-1524
Timestamp: 2025-06-03T06:19:48.138Z
Learning: In PublisherCommonUtils.addAPIWithGeneratedSwaggerDefinition method, when ParseException was added to the throws clause, the calling methods in ApisApiServiceImpl.java and ImportUtils.java already had proper exception handling in place, so no additional changes were needed.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/APIHandlerServiceComponent.java:194-196
Timestamp: 2025-07-01T09:56:40.853Z
Learning: In WSO2 Carbon API Manager, the ServiceReferenceHolder and APIManagerConfiguration classes guarantee that getEmbeddingProvider() returns a non-null EmbeddingProviderConfigurationDTO instance, eliminating the need for null checks before calling methods on the returned DTO.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/AWSBedrockLLMProviderService.java:59-62
Timestamp: 2025-07-14T14:03:05.170Z
Learning: In WSO2 Carbon API Manager, API definition files are copied from their source location (features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/api_definitions/) to the runtime location (repository/resources/api_definitions/) during the build/deployment process. Therefore, the path construction using "repository" + File.separator + "resources" + File.separator + "api_definitions" in LLM provider service implementations is correct for the runtime environment.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: Oshanath
PR: #13124
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java:2861-2863
Timestamp: 2025-05-27T16:51:06.742Z
Learning: Service layer validation in WSO2 API Manager: The getAPIProductbyUUID method in APIProviderImpl validates that retrieved artifacts are actual API Products by checking publisherAPIProduct.getType() equals APIConstants.API_PRODUCT, throwing APIMgtResourceNotFoundException if not. This service-layer approach provides centralized type validation for all API Product operations.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AWSBedrockGuardrailProviderServiceImpl.java:131-133
Timestamp: 2025-06-30T08:24:52.352Z
Learning: In WSO2 Carbon API Manager, the APIUtil.generateAWSSignature and generateAWSSignatureUsingAssumeRole methods throw APIManagementException on failure rather than returning null, so null checks on their return values are not necessary.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (4)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (2)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 (5)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11926-11933
Timestamp: 2025-06-30T06:48:38.255Z
Learning: In the WSO2 API Manager codebase, for simple XML responses where the structure is predictable and namespaces are not involved, regex-based XML extraction is preferred over using a full XML parser, as it is more performant and avoids unnecessary overhead.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/AWSBedrockLLMProviderService.java:59-62
Timestamp: 2025-07-14T14:03:05.170Z
Learning: In WSO2 Carbon API Manager, API definition files are copied from their source location (features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/api_definitions/) to the runtime location (repository/resources/api_definitions/) during the build/deployment process. Therefore, the path construction using "repository" + File.separator + "resources" + File.separator + "api_definitions" in LLM provider service implementations is correct for the runtime environment.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (2)

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (2)

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3560-3561
Timestamp: 2025-06-18T05:58:38.988Z
Learning: In the AM_DEVPORTAL_API_CONTENT table and similar DevPortal content tables, foreign key constraints are deliberately omitted because row deletions are handled separately through application logic rather than database constraints for all database types.

Learnt from: kavindasr
PR: #13145
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql:3569-3570
Timestamp: 2025-06-18T05:58:44.775Z
Learning: In AM_DEVPORTAL_API_REFERENCE tables across all database types, row deletions are handled separately through custom logic rather than using foreign key constraints with CASCADE delete actions. This is an intentional design choice to maintain control over the deletion process.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (2)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (3)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (6)

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (3)

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

🧬 Code Graph Analysis (5)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (4)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

• GatewayManagementDAO (40-397)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstantDTO.java (1)

• GatewayInstantDTO (21-120)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstantListDTO.java (1)

• GatewayInstantListDTO (24-105)

components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/java/org/wso2/carbon/apimgt/rest/api/util/utils/RestApiUtil.java (1)

• RestApiUtil (85-1394)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (2)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

• GatewayManagementDAO (40-397)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayCleanupConfiguration.java (1)

• GatewayCleanupConfiguration (24-62)

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (4)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

• GatewayManagementDAO (40-397)

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/GatewayDeploymentStatusAcknowledgmentListDTO.java (1)

• GatewayDeploymentStatusAcknowledgmentListDTO (24-105)

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/GatewayDeploymentStatusAcknowledgmentDTO.java (1)

• GatewayDeploymentStatusAcknowledgmentDTO (21-294)

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/InlineResponse200DTO.java (1)

• InlineResponse200DTO (21-80)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java (1)

• APIMgtDBUtil (50-253)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (2)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayCleanupConfiguration.java (1)

• GatewayCleanupConfiguration (24-62)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (1)

• GatewayCleanupScheduler (40-187)

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🪛 YAMLlint (1.37.1)

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml

[warning] 2308-2308: too many spaces after colon

(colons)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-carbon
• GitHub Check: build-product (3, group3)
• GitHub Check: build-product (1, group1)
• GitHub Check: build-product (2, group2)
• GitHub Check: run-benchmark-test
• GitHub Check: build-product (4, group4)

🔇 Additional comments (68)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/GatewayRegistrationResponse.java (2)

24-28: LGTM! Clean enum implementation.

The enum definition is well-structured with clear state progression from NOT_RESPONDED → ACKNOWLEDGED → REGISTERED. The naming follows Java conventions and the Javadoc provides adequate documentation.

---

21-28: LGTM! Clean enum implementation.

The enum is well-structured with clear, descriptive values representing the gateway registration lifecycle states. The implementation follows Java conventions and serves as a solid foundation for the gateway registration system.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/DataHolder.java (5)

58-58: LGTM! Instance field for gateway ID.

The gatewayID instance field is appropriately placed and follows naming conventions.

---

405-411: LGTM! Standard getter/setter implementation.

The getter and setter methods for gatewayID follow Java bean conventions correctly.

---

413-415: LGTM! Registration response getter.

The getter method correctly returns the static registration response field.

---

427-429: LGTM! Static setter implementation.

The static setter method correctly updates the static field and follows naming conventions.

---

405-430: LGTM! Well-implemented gateway management methods.

The getter/setter methods for gatewayID and the registration response management are well-implemented. The isGatewayRegistered() method correctly checks for both REGISTERED and ACKNOWLEDGED states.

components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1)

1-1: Auto-generated checksum update acknowledged

The hash merely reflects the updated OpenAPI spec (new notification endpoints). Assuming the change originated from src/main/resources/api.yaml, this is expected and requires no further review.

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java (1)

3625-3628: Remove invalid null guards and enforce non-negative gateway counts

The getters in APIRevisionDeployment return primitive int, so model.getXxxGatewayCount() != null won’t compile and null can’t occur. Instead, add an explicit check to reject or sanitize negative values (which indicate corrupt data).

• File:
components/apimgt/…/common/mappings/APIMappingUtil.java
Lines: 3625–3628

Proposed diff:

-        apiRevisionDeploymentDTO.setLiveGatewayCount(model.getLiveGatewayCount());
-        apiRevisionDeploymentDTO.setDeployedGatewayCount(model.getDeployedGatewayCount());
-        apiRevisionDeploymentDTO.setFailedGatewayCount(model.getFailedGatewayCount());
+        int liveCount = model.getLiveGatewayCount();
+        if (liveCount < 0) {
+            throw new IllegalArgumentException("liveGatewayCount cannot be negative: " + liveCount);
+        }
+        apiRevisionDeploymentDTO.setLiveGatewayCount(liveCount);
+
+        int deployedCount = model.getDeployedGatewayCount();
+        if (deployedCount < 0) {
+            throw new IllegalArgumentException("deployedGatewayCount cannot be negative: " + deployedCount);
+        }
+        apiRevisionDeploymentDTO.setDeployedGatewayCount(deployedCount);
+
+        int failedCount = model.getFailedGatewayCount();
+        if (failedCount < 0) {
+            throw new IllegalArgumentException("failedGatewayCount cannot be negative: " + failedCount);
+        }
+        apiRevisionDeploymentDTO.setFailedGatewayCount(failedCount);

⛔ Skipped due to learnings

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, `components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml` is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: nimsara66
PR: wso2/carbon-apimgt#13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AWSBedrockGuardrailProviderServiceImpl.java:131-133
Timestamp: 2025-06-30T08:24:52.352Z
Learning: In WSO2 Carbon API Manager, the APIUtil.generateAWSSignature and generateAWSSignatureUsingAssumeRole methods throw APIManagementException on failure rather than returning null, so null checks on their return values are not necessary.

Learnt from: Oshanath
PR: wso2/carbon-apimgt#13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: Oshanath
PR: wso2/carbon-apimgt#13124
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java:5845-5851
Timestamp: 2025-05-27T16:38:44.397Z
Learning: In `APIProviderImpl.getAPIProductbyUUID`, the method already throws an exception if the API Product artifact is null or not of type `APIConstants.API_PRODUCT`, guarding against downstream NPEs.

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1)

17-17: LGTM: Consistent time unit configuration

The new heartbeat notification interval configuration follows the established pattern and uses an appropriate time unit (seconds) for heartbeat intervals.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/webapp/WEB-INF/web.xml (1)

63-65: LGTM: Proper service registration

The new gateway notification and deployment status API services are correctly registered following the established pattern. This enables the control plane to receive gateway notifications and deployment acknowledgments.

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java (2)

35-37: LGTM: Clean model enhancement

The new gateway count fields are appropriately typed and named, enhancing the deployment tracking capabilities for API revisions.

---

103-125: LGTM: Proper getter/setter implementation

The getter and setter methods follow Java bean conventions and are correctly implemented for the new gateway count fields.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayStartupListener.java (4)

35-35: LGTM: Clean import addition

The GatewayNotifier import is properly added to support the new gateway notification functionality.

---

103-103: LGTM: Appropriate field declaration

The private GatewayNotifier field follows the established pattern in the class.

---

233-235: LGTM: Proper gateway notification integration

The gateway notification integration is well-implemented:

• Uses singleton pattern appropriately
• Registers gateway on startup
• Starts heartbeat for continuous monitoring
• Placement after other initialization is correct

---

392-394: LGTM: Defensive shutdown implementation

The null check before stopping the heartbeat is good defensive programming, ensuring clean shutdown even if the notifier wasn't properly initialized.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (3)

64-64: Import addition looks correct.

The import for GatewayCleanupConfiguration is necessary for the gateway cleanup functionality added in the activate/deactivate methods.

---

86-86: Import addition looks correct.

The import for GatewayCleanupScheduler is necessary for accessing the singleton scheduler instance in the lifecycle methods.

---

337-345: Clean integration of gateway cleanup scheduler startup.

The implementation correctly:

• Retrieves configuration from the APIManager configuration
• Performs null and enabled checks before starting the scheduler
• Handles exceptions gracefully with appropriate error logging
• Follows the singleton pattern correctly

The integration aligns well with the OSGi component lifecycle management pattern used throughout this class.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (4)

232-235: Gateway cleanup configuration looks well-structured.

The configuration provides reasonable defaults:

• Safely disabled by default for new feature rollout
• Conservative time intervals (60s expire, 120s retention, 60s cleanup)
• Consistent naming convention following existing patterns
• Clear time unit specification (seconds)

---

236-238: Gateway notification configuration is appropriate.

The settings provide sensible defaults:

• Enabled by default indicates this is a core feature
• 30-second notification interval is reasonable for monitoring
• Empty gateway_id allows for runtime or deployment-specific configuration

---

242-246: Deployment acknowledgment configuration demonstrates good retry strategy.

The settings implement solid patterns:

• Reasonable batch size (100) for efficiency
• Appropriate batch interval (100s) for accumulation
• Exponential backoff retry with progression factor 2.0
• Good balance of retry attempts (5) and initial duration (10s)

These values should provide robust fault tolerance for deployment notifications.

---

247-249: Registration retry configuration maintains good consistency.

The retry parameters align well with the deployment acknowledgment settings:

• Consistent max retry count (5) and initial duration (10s)
• Same exponential backoff factor (2.0)
• Maintains uniform retry behavior across gateway features

This consistency simplifies configuration management and provides predictable behavior.

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1)

11465-11483: Edits applied to an auto-generated spec file will be lost

Per past guidance (see learning from PR #13144), publisher-api.yaml under rest.api.publisher.v1 is a generated copy. Manual modifications here will be overwritten the next time the spec is re-generated. Move the three new properties to the authoritative source file (components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml) and regenerate the copy instead.

⛔ Skipped due to learnings

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, `components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml` is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: Piumal1999
PR: wso2/carbon-apimgt#13132
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java:1524-1524
Timestamp: 2025-06-03T06:19:48.138Z
Learning: In PublisherCommonUtils.addAPIWithGeneratedSwaggerDefinition method, when ParseException was added to the throws clause, the calling methods in ApisApiServiceImpl.java and ImportUtils.java already had proper exception handling in place, so no additional changes were needed.

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/LlmProvidersApiServiceImpl.java:0-0
Timestamp: 2025-07-13T16:21:39.072Z
Learning: In WSO2 Carbon API Manager LLM provider updates, the multipleVendorSupport/modelFamilySupported field is read-only - it can only be set during provider creation and is preserved from the existing provider during updates via provider.setModelFamilySupported(retrievedProvider.isModelFamilySupported()).

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13144
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/AWSBedrockLLMProviderService.java:59-62
Timestamp: 2025-07-14T14:03:05.170Z
Learning: In WSO2 Carbon API Manager, API definition files are copied from their source location (features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/api_definitions/) to the runtime location (repository/resources/api_definitions/) during the build/deployment process. Therefore, the path construction using "repository" + File.separator + "resources" + File.separator + "api_definitions" in LLM provider service implementations is correct for the runtime environment.

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2)

25-27: LGTM! Imports are properly added.

The new imports for GatewayManagementDAO and the DTO classes are correctly placed and necessary for the new gateway instances retrieval functionality.

---

65-92: Well-implemented gateway instances retrieval method.

The method follows established patterns in this class and handles the requirements correctly:

• Proper input validation and organization extraction
• Environment existence validation with appropriate exception handling
• Clean mapping from DAO objects to DTOs
• ISO-8601 timestamp formatting for API consistency
• Appropriate HTTP response structure

The implementation aligns well with the existing codebase patterns and REST API best practices.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayCleanupConfiguration.java (2)

31-61: Standard getter/setter implementation looks good.

The methods follow Java bean conventions correctly with appropriate return types and parameter handling.

---

24-62: LGTM! Clean DTO implementation.

The DTO is well-structured with appropriate default values and standard getter/setter methods. The configuration properties are logically organized for gateway cleanup settings.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1)

54-65: Well-implemented input validation

The validation logic properly checks for null and empty lists, returning appropriate error responses with detailed error objects.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1)

2759-2778: Well-designed database schema for gateway management

The new tables are properly structured with:

• Appropriate data types and constraints
• Proper foreign key relationship with CASCADE DELETE
• Composite primary key that prevents duplicate deployments per gateway/API
• Consistent naming conventions with existing tables

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (1)

19708-19708: Method refactoring looks good

The relocation of mergeRevisionDeploymentDTOs from APIMgtDBUtil to the DAO class is appropriate as it allows for better encapsulation and access to instance methods like calculateGatewayDeploymentStats.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5)

38-38: LGTM: New imports properly added for notification framework integration.

The imports for GatewayNotifier and DeploymentStatusNotifier are correctly added to support the new deployment monitoring functionality.

Also applies to: 41-41

---

80-80: LGTM: Static field declaration follows singleton pattern.

The static GatewayNotifier field is appropriately declared to support the gateway registration functionality during JMS reconnection events.

---

163-163: LGTM: Deployment status notification properly integrated for API deployment.

The implementation correctly:

• Obtains the DeploymentStatusNotifier singleton instance
• Retrieves the API revision ID from the tenant API map after successful deployment
• Submits success status with proper parameters (uuid, apiRevisionId, true, "DEPLOY")
• Handles exceptions by submitting failure status with error details

Also applies to: 189-198

---

214-222: LGTM: Deployment status notification properly integrated for API undeployment.

The implementation correctly:

• Submits success status for undeployment with null revision ID (appropriate for undeploy operations)
• Handles exceptions by submitting failure status with error code and message
• Follows the same pattern as deployment notification for consistency

---

672-674: LGTM: Gateway registration integrated into JMS reconnection handling.

The implementation properly:

• Logs the re-registration event for debugging
• Obtains the GatewayNotifier singleton instance
• Calls registerGateway() to re-register the gateway after JMS reconnection

This ensures the gateway maintains its registration status even after connection interruptions.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (4)

24-52: LGTM: Well-structured main configuration class.

The main GatewayNotificationConfiguration class properly:

• Initializes nested configuration objects with default instances
• Provides standard getter/setter methods
• Follows proper JavaBean conventions
• Organizes gateway notification settings logically

---

56-84: LGTM: Heartbeat configuration with sensible defaults.

The HeartbeatConfiguration class provides:

• Reasonable default values (enabled=true, 30-second interval)
• Proper boolean flag for enabling/disabling heartbeat functionality
• Configurable gateway ID field
• Standard getter/setter pattern

The 30-second default interval is appropriate for heartbeat monitoring without excessive overhead.

---

89-135: LGTM: Comprehensive deployment acknowledgement configuration.

The DeploymentAcknowledgementConfiguration class provides:

• Well-balanced batch processing defaults (200 items, 1-second interval)
• Proper retry mechanism configuration (5 attempts, 10-second duration, 2.0 progression factor)
• Exponential backoff support through the progression factor
• All parameters are configurable with reasonable defaults

The configuration supports efficient batching while providing resilience through retry mechanisms.

---

140-168: LGTM: Consistent registration retry configuration.

The RegistrationConfiguration class:

• Maintains consistency with deployment acknowledgement retry parameters
• Provides the same retry mechanism (5 attempts, 10-second duration, 2.0 progression factor)
• Follows the same getter/setter pattern
• Supports robust gateway registration with proper retry handling

The consistent retry configuration across different notification types ensures predictable behavior.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

2065-2068: Schema reference will inherit the typo

Because the model is referenced as GatewayInstantList, fixing the wording above without renaming the schema will introduce inconsistency (instances vs Instant). Decide upfront:

Option A – keep the name as-is and just fix visible text.
Option B (recommended) – rename the schema to GatewayInstanceList / GatewayInstance for long-term clarity (requires matching DTO & service rename).

Ensure server DTOs and mapping code are updated if you choose Option B.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (4)

120-147: Well-implemented scheduler lifecycle management.

The heartbeat scheduler lifecycle management is properly implemented with graceful shutdown, timeout handling, and proper thread interruption handling.

---

73-147: LGTM! Well-implemented gateway notification system.

The constructor properly initializes configuration and the singleton pattern is correctly implemented. The heartbeat scheduling and shutdown logic are robust with proper resource cleanup and interrupt handling.

---

189-237: LGTM! Robust registration implementation with proper retry logic.

The registration logic is well-implemented with proper authentication, retry mechanisms, and response handling. The use of separate thread for asynchronous registration is appropriate.

---

239-274: LGTM! Clean heartbeat implementation.

The heartbeat logic is straightforward and properly handles HTTP communication with appropriate error handling and debug logging.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (10)

51-67: Well-implemented singleton pattern with proper resource initialization.

The singleton implementation is thread-safe and properly initializes required resources. The use of a single-threaded executor is appropriate for sequential cleanup operations.

---

117-139: Excellent graceful shutdown implementation.

The stop method properly handles the shutdown lifecycle with timeout, forced shutdown, and thread interruption. This follows best practices for ExecutorService shutdown.

---

144-177: Well-structured cleanup task with proper error handling.

The cleanup task correctly calculates timestamp thresholds and handles both expected APIManagementException and unexpected exceptions appropriately. The logging provides good visibility into cleanup operations.

---

184-187: Simple and appropriate state query method.

The isRunning method provides clean access to the scheduler state, which is useful for monitoring and debugging.

---

19-31: LGTM!

The package declaration and imports are appropriate for this scheduler implementation.

---

40-54: Well-structured singleton implementation.

The class follows proper singleton pattern with appropriate member variables and initialization. The private constructor correctly initializes the DAO and scheduler instances.

---

56-67: Thread-safe singleton implementation.

The synchronized getInstance method ensures thread safety with proper lazy initialization. This approach is simpler and safer than double-checked locking for this use case.

---

77-110: Robust scheduler startup implementation.

The start method properly handles:

• Duplicate start attempts with guard condition
• Configuration retrieval and validation
• Graceful handling when cleanup is disabled
• Comprehensive logging and error handling
• Proper scheduling setup with configurable intervals

---

117-139: Proper executor service shutdown implementation.

The stop method follows best practices:

• Graceful shutdown with reasonable 60-second timeout
• Proper handling of InterruptedException with thread interrupt restoration
• Force shutdown as fallback
• Appropriate state management and logging

---

144-187: Well-implemented cleanup task logic.

The GatewayCleanupTask properly:

• Calculates expiration and retention thresholds based on configuration
• Executes cleanup operations through DAO methods
• Handles both specific and generic exceptions
• Provides appropriate logging for monitoring cleanup operations
• Includes a simple state check method

The timestamp calculations and DAO method invocations are correct.

features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 (1)

417-423: LGTM! Well-structured configuration section.

The GatewayCleanupConfiguration section is properly implemented with consistent naming conventions and appropriate template variable usage.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java (2)

353-409: LGTM! Comprehensive deployment status tracking

The integration of DeploymentStatusNotifier properly tracks deployment status for all scenarios:

• Initial deployments
• Redeployments with revision changes
• Failed deployments with error details

The implementation ensures deployment outcomes are consistently reported to the monitoring system.

---

365-365: Confirm case sensitivity of API revision IDs

Please verify whether API revision identifiers in your system are case-sensitive. The only occurrence of a case-insensitive comparison is here:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java:365

  if (!api.getRevisionId().equalsIgnoreCase(gatewayAPIDTO.getRevision())) {

If revision IDs must match exactly (including case), replace equalsIgnoreCase with equals(). Otherwise, the current comparison is acceptable.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java (7)

54-54: LGTM!

The import for GatewayCleanupConfiguration is correctly placed and follows the established package structure.

---

78-78: LGTM!

The import for GatewayNotificationConfiguration is correctly placed and follows the established package structure.

---

152-152: LGTM!

The field declaration follows the established pattern for configuration objects in this class, with proper initialization to prevent null pointer issues.

---

234-234: LGTM!

The field declaration follows the established pattern for configuration objects in this class, with proper initialization to prevent null pointer issues.

---

790-794: LGTM!

The XML parsing conditional blocks follow the established pattern used throughout this method. The use of constants for element names ensures consistency and maintainability.

---

3032-3034: LGTM!

The getter method follows the established pattern and provides appropriate access to the configuration object.

---

3095-3097: LGTM!

The getter method follows the established pattern and provides appropriate access to the configuration object.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1)

305-354: Well-implemented shutdown logic

The shutdown method properly handles all cleanup tasks including:

• Canceling scheduled tasks
• Flushing pending batches
• Graceful shutdown with timeouts
• Forced shutdown as fallback
• Proper interrupt handling

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

40-397: Well-structured DAO implementation

The DAO follows good practices:

• Proper use of prepared statements
• Consistent error handling
• Resource management with try-with-resources
• Clear separation of concerns

Consider adding bulk operations in the future if performance becomes a concern when processing multiple deployment updates.

[coderabbitai]

Review continued from previous batch...

[coderabbitai]

Actionable comments posted: 7

♻️ Duplicate comments (12)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2)

19717-19722: Fix misleading Javadoc

The Javadoc mentions "Handle connection rollback logic" but this method doesn't handle any connection rollback. It processes ResultSet and builds a list of APIRevisionDeployment objects.

-    /**
-     * Handle connection rollback logic. Rethrow original exception so that it can be handled centrally.
-     * @param rs result set
-     * @throws SQLException sql exception
-     * @throws APIManagementException api management exception
-     */
+    /**
+     * Merge revision deployment DTOs from ResultSet and enrich with gateway deployment statistics
+     * @param rs result set containing revision deployment data
+     * @return list of APIRevisionDeployment objects with deployment statistics
+     * @throws SQLException if database access error occurs
+     * @throws APIManagementException if error occurs while processing deployments
+     */

---

19792-19845: Resource management issues in calculateGatewayDeploymentStats

The method has several resource management issues:

1. Connection is obtained but might not be properly closed if an exception occurs between the two queries
2. The error is logged but swallowed, which could hide critical issues
3. Two separate queries could be combined for better performance

The current implementation closes resources incorrectly between queries:

• Line 19823 closes the PreparedStatement and ResultSet but keeps the connection open
• If an exception occurs after this line, the connection might leak

-            APIMgtDBUtil.closeAllConnections(ps, null, resultSet);
-
+            APIMgtDBUtil.closeAllConnections(ps, null, resultSet);
+            ps = null;
+            resultSet = null;

Also, consider propagating the SQLException instead of just logging it:

         } catch (SQLException e) {
-            log.error("Error while calculating gateway deployment statistics for revision: " + revisionUuid +
-                              " and environment: " + environmentName, e);
+            handleException("Error while calculating gateway deployment statistics for revision: " + revisionUuid +
+                              " and environment: " + environmentName, e);

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

67-70: Address SQL wildcard vulnerability in environment filtering

The LIKE queries for environment filtering are vulnerable to SQL wildcard injection if environmentId contains '%' or '_' characters, which could lead to unintended matches.

This issue was already identified in a previous review. Please implement the suggested wildcard escaping fix.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (3)

2044-2051: Typos in public API surface – “instant” ➜ “instance”.
The newly-added operation still exposes the misspelling “instant” (summary, description, schema names). This was raised earlier but not fixed; once released it becomes a permanent breaking-change.

---

2073-2075: Over-permissive scope – use apim:environment_read for a pure GET.

The endpoint is read-only; apim:environment_manage is unnecessary and violates the least-privilege rule.

-        - OAuth2Security:
-            - apim:admin
-            - apim:environment_manage
+        - OAuth2Security:
+            - apim:admin
+            - apim:environment_read

---

5375-5387: Schema field conventions not followed.

• gatewayID → gatewayId (camel-case Id convention).
• lastActive lacks format: date-time.
• status should be an enum: [ACTIVE, INACTIVE, STALE].

-        gatewayID:
+        gatewayId:
           type: string
           example: "Env1_1372344"
-        lastActive:
-          type: string
+        lastActive:
+          type: string
+          format: date-time
-        status:
-          type: string
-          example: "ACTIVE"
+        status:
+          type: string
+          enum: [ACTIVE, INACTIVE, STALE]
+          example: ACTIVE

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (3)

53-55: Fix thread safety issues with static field modifications.

The static fields notifyIntervalSeconds, gatewayNotificationEnabled, and gatewayID are modified in the constructor, which creates thread safety issues if multiple instances are created concurrently. Since this is a singleton, these should be instance fields instead.

Also applies to: 77-85

---

214-215: Potential resource leak when reading response content.

Using readAllBytes() on the InputStream can cause resource leaks if an exception occurs. Consider using try-with-resources or proper resource management.

---

258-260: Same resource leak issue as in registration logic.

The response content reading has the same potential resource leak issue as the registration logic.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (2)

55-56: Avoid modifying static fields from instance methods.

The configuration fields (batchSize, batchIntervalMillis) are declared as static but modified in the constructor. This is problematic because it creates confusion about whether these are class-level or instance-level configurations and could lead to race conditions in a multi-threaded environment.

Also applies to: 78-79, 94-95

---

173-173: Consider adding queue size limits to prevent memory issues.

When the gateway is not registered, jobs are queued indefinitely. This could lead to memory issues if the gateway never registers and jobs keep accumulating.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (1)

2308-2308: Fix YAML formatting issue.

YAMLlint detected too many spaces after the colon.

-      title:  API Revision Deployment Status acknowledgements List
+      title: API Revision Deployment Status acknowledgements List

🧹 Nitpick comments (9)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (3)

33-49: Fix typo in comment.

The class design and field organization look good, but there's a typo in the comment.

-    // define sheduled task interval in seconds
+    // define scheduled task interval in seconds

---

77-105: Consider adding configuration validation.

The start method is well-implemented with proper error handling and logging. However, consider validating configuration values to prevent issues.

            if (!configuration.isEnabled()) {
                log.info("Gateway cleanup scheduler is disabled in configuration");
                return;
            }

+            // Validate configuration values
+            int cleanupInterval = configuration.getGatewayCleanupConfiguration().getCleanupIntervalSeconds();
+            if (cleanupInterval <= 0) {
+                log.error("Invalid cleanup interval: " + cleanupInterval + ". Must be positive.");
+                return;
+            }

            log.info("Starting Gateway cleanup scheduler with interval: "
-                             + configuration.getGatewayCleanupConfiguration().getCleanupIntervalSeconds() + " Seconds");
+                             + cleanupInterval + " Seconds");

---

141-143: Consider making isRunning field volatile for thread safety.

While the current implementation works in practice, the isRunning field should be marked as volatile since it's accessed from multiple threads.

-    private boolean isRunning = false;
+    private volatile boolean isRunning = false;

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (5)

109-111: Use APIMgtDBUtil.rollbackConnection for consistent error handling

Consider using the utility method for rollback to maintain consistency with the codebase pattern.

- } catch (SQLException e) {
-     connection.rollback();
-     throw new APIManagementException("Error updating expired gateways", e);
- }
+ } catch (SQLException e) {
+     APIMgtDBUtil.rollbackConnection(connection, "Error updating expired gateways", e);
+ }

---

141-143: Use APIMgtDBUtil.rollbackConnection for consistent error handling

Same as the previous method, consider using the utility method for rollback.

- } catch (SQLException e) {
-     connection.rollback();
-     throw new APIManagementException("Error deleting old gateway records", e);
- }
+ } catch (SQLException e) {
+     APIMgtDBUtil.rollbackConnection(connection, "Error deleting old gateway records", e);
+ }

---

225-239: Consider reordering parameters to match SQL column order

The parameter order in the method signature doesn't match the SQL column order, which could be confusing for maintenance.

Consider reordering to match the SQL:

- public void insertDeployment(String gatewayId, String apiId, String status, Timestamp lastUpdated, String action,
-                              String revisionId) throws APIManagementException {
+ public void insertDeployment(String gatewayId, String apiId, String status, String action, 
+                              String revisionId, Timestamp lastUpdated) throws APIManagementException {

And update the parameter binding accordingly.

---

251-265: Consider reordering parameters to match SQL column order

Same issue as insertDeployment method - parameter order doesn't match SQL column order.

Consider reordering for consistency:

- public void updateDeployment(String gatewayId, String apiId, String status, Timestamp lastUpdated,String action,
-                              String revisionId) throws APIManagementException {
+ public void updateDeployment(String gatewayId, String apiId, String status, String action,
+                              String revisionId, Timestamp lastUpdated) throws APIManagementException {

---

50-51: Unused SQL constant for deployment cleanup

The DELETE_OLD_DEPLOYMENTS_SQL constant is defined but there's no corresponding method that uses it. This might indicate missing cleanup functionality.

Would you like me to implement the missing deleteOldDeploymentRecords() method or is this intentionally reserved for future implementation?

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

5376-5387: Minor naming/style nits

• The schema name is GatewayInstance but the title is lowercase gateway instances in the gateway environment – capitalise for consistency, e.g. Gateway Instance.
• Consider clarifying lastActive with an ISO-8601 format hint:

lastActive:
  type: string
  format: date-time
  example: "2025-06-26T06:47:50Z"

These tweaks improve generated docs and client typings.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b0caf1c and f186cdd.

⛔ Files ignored due to path filters (15)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyApiDeploymentStatusApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyApiDeploymentStatusApiService.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApiService.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/GatewayDeploymentStatusAcknowledgmentDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/GatewayDeploymentStatusAcknowledgmentListDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/GatewayPropertiesDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/InlineResponse200DTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/NotifyGatewayPayloadDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/dto/NotifyGatewayStatusResponseDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApiService.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstantDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstantListDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (43)

• components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java (3 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/DataHolder.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/GatewayRegistrationResponse.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (6 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayStartupListener.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java (0 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/webapp/WEB-INF/web.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/internal/PublisherCommonServiceComponent.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2 (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

💤 Files with no reviewable changes (1)

• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java

✅ Files skipped from review due to trivial changes (4)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/internal/PublisherCommonServiceComponent.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql

🚧 Files skipped from review as they are similar to previous changes (29)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/webapp/WEB-INF/web.xml
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/APIRevisionDeployment.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayStartupListener.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/GatewayRegistrationResponse.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/templates/repository/conf/api-manager.xml.j2
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/DataHolder.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/InMemoryAPIDeployer.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql

🧰 Additional context used

🧬 Code Graph Analysis (2)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (2)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

• GatewayManagementDAO (40-397)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1)

• GatewayNotificationConfiguration (24-210)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java (1)

• APIMgtDBUtil (50-253)

🪛 YAMLlint (1.37.1)

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml

[warning] 2308-2308: too many spaces after colon

(colons)

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-product (4, group4)
• GitHub Check: build-product (1, group1)
• GitHub Check: run-benchmark-test
• GitHub Check: build-product (2, group2)
• GitHub Check: build-product (3, group3)
• GitHub Check: build-carbon

🔇 Additional comments (14)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java (4)

19-31: LGTM! Clean and necessary imports.

The package structure follows WSO2 Carbon conventions and all imports are relevant to the scheduler functionality.

---

51-67: LGTM! Proper singleton implementation.

The singleton pattern is correctly implemented with thread safety. The synchronized method approach is appropriate for this use case where getInstance() calls are infrequent.

---

112-134: Excellent shutdown implementation!

This follows Java concurrent best practices perfectly - graceful shutdown with timeout, proper InterruptedException handling, and thread interrupt status restoration.

---

148-182: LGTM! Robust cleanup task implementation.

The cleanup logic is well-designed with proper error handling, timestamp calculations, and logging. The two-phase approach (expire then delete) is logical and the non-atomic nature is acceptable for cleanup operations.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (1)

19708-19708: LGTM - Method call updated correctly

The method call has been updated to use the new local implementation instead of the external utility method.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (9)

159-169: Well-implemented existence check

The method uses efficient SELECT 1 pattern and proper resource management. Good implementation.

---

180-192: Clean insert implementation

The method properly handles resource management and parameter binding. The hardcoded "ACTIVE" status is appropriate for new gateway insertions.

---

202-213: Consistent existence check implementation

Follows the same efficient pattern as gatewayExists method. Well implemented.

---

275-285: Appropriate heartbeat update implementation

The method correctly updates the timestamp and sets status to "ACTIVE" for heartbeat updates. Good implementation.

---

297-310: Well-implemented gateway instance update

The method properly updates gateway instance information and sets appropriate status. Good implementation.

---

327-340: Good result mapping implementation

The result set mapping to GatewayInstanceInfo objects is well implemented with proper resource management.

---

350-364: Robust timestamp comparison logic

The method correctly handles timestamp comparison with proper null checking and handles the non-existence case appropriately.

---

375-390: Consistent timestamp comparison implementation

Follows the same robust pattern as isGatewayTimestampInorder method. Well implemented.

---

392-396: Appropriate data transfer object

Simple and effective data class for transferring gateway instance information. The public fields are acceptable for internal DAO usage.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (14)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1)

137-163: Gateway cleanup task implementation is correct and focused.

Based on the retrieved learning, the data retention cleanup is handled at the data insertion location rather than in this periodic task. The current implementation correctly focuses only on marking gateways as expired based on heartbeat inactivity, which aligns with the architectural decision.

The error handling, logging, and transaction management are all properly implemented.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (2)

249-263: Parameter order mismatch between method signature and SQL execution.

The method signature has parameters in the order: gatewayId, apiId, status, lastUpdated, action, revisionUuid, but the SQL parameters are set in a different order: gatewayId, apiId, status, action, revisionUuid, lastUpdated.

Apply this diff to fix the parameter order:

-    public void insertDeployment(String gatewayId, String apiId, String status, Timestamp lastUpdated, String action,
-                                 String revisionUuid) throws APIManagementException {
+    public void insertDeployment(String gatewayId, String apiId, String status, String action,
+                                 String revisionUuid, Timestamp lastUpdated) throws APIManagementException {

---

275-289: Same parameter order issue in updateDeployment method.

The method has the same parameter order inconsistency as insertDeployment, plus a missing space after comma in the signature.

Apply this diff to fix both issues:

-    public void updateDeployment(String gatewayId, String apiId, String status, Timestamp lastUpdated,String action,
-                                 String revisionUuid) throws APIManagementException {
+    public void updateDeployment(String gatewayId, String apiId, String status, String action,
+                                 String revisionUuid, Timestamp lastUpdated) throws APIManagementException {

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (3)

5362-5375: GatewayInstanceList title & items reference are still inconsistent
The schema still carries the misleading title Environment List and points to the correct GatewayInstance items, but the title should be Gateway Instance List for clarity.

This has been pointed out in a prior round; please update to avoid confusion in generated docs/SDKs.

---

5376-5387: Property casing/typing tweaks remain unaddressed

gatewayID breaks camel-case convention (gatewayId elsewhere).
lastActive lacks a format: date-time.
Consider restricting status with an enum [ACTIVE, INACTIVE, OFFLINE].

Same feedback was given earlier – re-raising for completeness.

---

2044-2080: Add the standard 406 NotAcceptable response to align with other collection endpoints

All existing GET collection endpoints in this file expose a 406 error contract (see /throttling/policies/application or /subscriptions above). Omitting it here breaks symmetry and can trip code-gen tooling that relies on a uniform error matrix.

@@
           $ref: '#/components/responses/NotFound'
+        406:
+          $ref: '#/components/responses/NotAcceptable'

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5362-5387: Rename fields & add missing schema metadata for GatewayInstance / GatewayInstanceList

The new schemas still carry the issues called out in earlier reviews:

1. gatewayID breaks the repo-wide camel-case Id convention (environmentId, applicationId, …).
2. lastActive is a timestamp but misses format: date-time, so generators treat it as a plain string.
3. status should be an explicit enum (ACTIVE, INACTIVE, STALE) to guide clients.
4. GatewayInstanceList.title is copy-pasted (“Environment List”) which is misleading.

-    GatewayInstanceList:
-      title: Environment List
+    GatewayInstanceList:
+      title: Gateway Instance List
...
-        gatewayID:
+        gatewayId:
           type: string
           example: "Env1_1372344"
...
-        lastActive:
-          type: string
+        lastActive:
+          type: string
+          format: date-time
           example: "2025-06-26T06:47:50Z"
...
-        status:
-          type: string
-          example: "ACTIVE"
+        status:
+          type: string
+          enum: [ACTIVE, INACTIVE, STALE]
+          example: ACTIVE

Fixing this now prevents a permanent public-API wart and avoids messy breaking changes later.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (3)

104-109: Use thread pool instead of creating threads manually.

Creating threads manually can lead to resource issues. Consider using the existing scheduler or a dedicated thread pool for gateway registration.

 public void registerGateway() {
     if (log.isDebugEnabled()) {
         log.debug("Registering Gateway with ID: " + gatewayID);
     }
-    new Thread(new registerGateway()).start();
+    scheduler.submit(new registerGateway());
 }

---

222-224: Potential resource leak when reading response content.

Using readAllBytes() on the InputStream can cause resource leaks if an exception occurs. Consider using try-with-resources or proper resource management.

-                String responseBody = new String(response.getEntity().getContent().readAllBytes(),
-                                                 StandardCharsets.UTF_8);
+                try (InputStream inputStream = response.getEntity().getContent()) {
+                    String responseBody = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+                }

---

267-269: Same resource leak issue as in registration logic.

The response content reading has the same potential resource leak issue as the registration logic.

-                String responseBody = new String(response.getEntity().getContent().readAllBytes(),
-                                              StandardCharsets.UTF_8);
+                try (InputStream inputStream = response.getEntity().getContent()) {
+                    String responseBody = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+                }

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (2)

199-199: Consider adding queue size limits to prevent memory issues.

When the gateway is not registered, jobs are queued indefinitely. This could lead to memory issues if the gateway never registers and jobs keep accumulating.

+    private static final int MAX_QUEUE_SIZE = 10000; // Add as configurable parameter
+    
     private void handleBatchedSubmission(DeploymentStatusJob job) {
+        if (currentBatch.size() >= MAX_QUEUE_SIZE) {
+            log.warn("Deployment status queue is full. Dropping oldest job.");
+            currentBatch.poll(); // Remove oldest
+        }
         currentBatch.offer(job);
         // rest of method...
     
     private void handleImmediateSubmission(DeploymentStatusJob job) {
         if (DataHolder.getInstance().isGatewayRegistered()) {
             // ... existing logic
         } else {
+            if (currentBatch.size() >= MAX_QUEUE_SIZE) {
+                log.warn("Deployment status queue is full. Dropping oldest job.");
+                currentBatch.poll(); // Remove oldest
+            }
             currentBatch.offer(job);
         }
     }

Also applies to: 215-215

---

303-305: Fix potential resource leak in response handling.

The InputStream from response.getEntity().getContent() should be properly closed to prevent resource leaks.

-                String responseBody = new String(response.getEntity().getContent().readAllBytes(),
-                                                 StandardCharsets.UTF_8);
+                String responseBody;
+                try (InputStream inputStream = response.getEntity().getContent()) {
+                    responseBody = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+                }

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2)

1180-1190: Response schema still an ad-hoc {status: string} object

Previous review recommended re-using the concrete GatewayDeploymentStatusAcknowledgmentList (or a dedicated result DTO) instead of a generic status wrapper, to keep the contract self-documenting and SDK-friendly. The change has not been applied.

---

2310-2311: Remove the extra space after the colon in title

YAML-lint still flags “too many spaces after colon”.

-      title:  API Revision Deployment Status acknowledgements List
+      title: API Revision Deployment Status acknowledgements List

🧹 Nitpick comments (4)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1)

55-56: Fix incorrect class name in JavaDoc comment.

The JavaDoc comment refers to "GatewayCleanupScheduler" but the actual class name is "GatewayValidationScheduler".

-     * Returns the singleton instance of GatewayCleanupScheduler.
+     * Returns the singleton instance of GatewayValidationScheduler.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2044-2080: Consider adding the standard Accept header parameter for consistency

Most list endpoints in this spec include the reusable Accept header parameter (#/components/parameters/Accept). The new /environments/{environmentId}/gateways GET omits it, which makes the surface slightly inconsistent and forces clients to rely on defaults.

       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

Not critical, but aligning with the common pattern avoids surprises for client generators that rely on explicit media‐type negotiation.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1)

264-264: Consider using retry logic for heartbeat requests.

The registration logic uses APIUtil.executeHTTPRequestWithRetries() but the heartbeat uses direct httpClient.execute(). For consistency and resilience, consider applying the same retry logic to heartbeat requests.

-                HttpResponse response = httpClient.execute(request);
+                try (CloseableHttpResponse response = APIUtil.executeHTTPRequestWithRetries(request, httpClient,
+                                                                                            retryDuration,
+                                                                                            maxRetryCount,
+                                                                                            retryProgressionFactor)) {

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (1)

1126-1165: Consider returning 201 Created on successful gateway registration

A heartbeat is idempotent, but a registration creates a new resource (gateway instance). Using HTTP 201 for the REGISTER flow better reflects REST semantics and helps SDKs distinguish the two cases. Example diff:

-      responses:
-        '200':
-          description: Successful response for registration or heartbeat.
+      responses:
+        '201':
+          description: Gateway registered successfully.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/NotifyGatewayStatusResponse'
+        '200':
+          description: Heartbeat acknowledged.
           ...

This is optional, but improves API expressiveness.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd4131b and 7a6328b.

⛔ Files ignored due to path filters (3)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (30)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (3 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml

🚧 Files skipped from review as they are similar to previous changes (20)

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql

🧰 Additional context used

🧠 Learnings (8)

📓 Common learnings

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.048Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:35.964Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.654Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java:0-0
Timestamp: 2025-07-28T02:15:19.932Z
Learning: In WSO2 Carbon API Manager, the AM_GW_REVISION_DEPLOYMENT table uses the column name REVISION_ID (not REVISION_UUID) for referencing API revision identifiers. This is distinct from other tables (like AM_REVISION) that use REVISION_UUID.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (8)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.048Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:35.964Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (9)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.442Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java:0-0
Timestamp: 2025-07-28T03:41:10.644Z
Learning: In WSO2 Carbon API Manager, scheduler.scheduleAtFixedRate calls are not typically wrapped in try-catch blocks, following a consistent pattern across the codebase. This design decision prioritizes consistency with existing scheduler implementations over additional error handling.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:35.964Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (9)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:35.964Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/test/java/org/wso2/carbon/apimgt/spec/parser/definitions/OASParserUtilTest.java:174-176
Timestamp: 2025-06-18T08:15:46.118Z
Learning: CodeRabbit flagged duplicate production flags in OASParserUtilTest.java but provided incorrect line numbers (174-176). The actual issue exists at lines 403 and 430 where sandbox endpoint tests incorrectly use the true flag instead of false.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the createCanonicalQueryString method in APIUtil.java is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.442Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (16)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:35.964Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.048Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.442Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java:319-340
Timestamp: 2025-07-28T02:28:05.259Z
Learning: In WSO2 Carbon API Manager, environment IDs are validated during environment creation to prevent SQL wildcard characters (% and _), eliminating the need for SQL wildcard escaping in queries that use environment IDs as parameters.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the createCanonicalQueryString method in APIUtil.java is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.654Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java:0-0
Timestamp: 2025-07-28T02:15:19.932Z
Learning: In WSO2 Carbon API Manager, the AM_GW_REVISION_DEPLOYMENT table uses the column name REVISION_ID (not REVISION_UUID) for referencing API revision identifiers. This is distinct from other tables (like AM_REVISION) that use REVISION_UUID.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (14)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.048Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:35.964Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java:0-0
Timestamp: 2025-07-28T02:15:19.932Z
Learning: In WSO2 Carbon API Manager, the AM_GW_REVISION_DEPLOYMENT table uses the column name REVISION_ID (not REVISION_UUID) for referencing API revision identifiers. This is distinct from other tables (like AM_REVISION) that use REVISION_UUID.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.654Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (13)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.048Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:35.964Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java:0-0
Timestamp: 2025-07-28T02:15:19.932Z
Learning: In WSO2 Carbon API Manager, the AM_GW_REVISION_DEPLOYMENT table uses the column name REVISION_ID (not REVISION_UUID) for referencing API revision identifiers. This is distinct from other tables (like AM_REVISION) that use REVISION_UUID.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.654Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (13)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.822Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.048Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java:0-0
Timestamp: 2025-07-28T02:15:19.932Z
Learning: In WSO2 Carbon API Manager, the AM_GW_REVISION_DEPLOYMENT table uses the column name REVISION_ID (not REVISION_UUID) for referencing API revision identifiers. This is distinct from other tables (like AM_REVISION) that use REVISION_UUID.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in wso2/api-manager#3971.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:35.964Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

🧬 Code Graph Analysis (2)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (4)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/DataHolder.java (1)

• DataHolder (43-431)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2)

• APIConstants (32-3519)
• GatewayNotification (3460-3518)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (2)

• GatewayNotificationConfiguration (24-210)
• DeploymentAcknowledgementConfiguration (98-144)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1)

• APIUtil (338-12008)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIMgtDBUtil.java (1)

• APIMgtDBUtil (50-253)

🪛 YAMLlint (1.37.1)

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml

[warning] 2310-2310: too many spaces after colon

(colons)

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-product (2, group2)
• GitHub Check: build-product (4, group4)
• GitHub Check: build-product (3, group3)
• GitHub Check: build-product (1, group1)
• GitHub Check: build-carbon
• GitHub Check: run-benchmark-test

🔇 Additional comments (20)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (2)

71-98: LGTM! Scheduler initialization and startup logic is well-implemented.

The start method correctly handles:

• Thread-safe singleton initialization
• Configuration validation and early return if disabled
• Proper scheduler setup with configured intervals
• Comprehensive logging for operational visibility

The implementation follows WSO2 Carbon API Manager patterns for scheduler components.

---

103-125: Excellent shutdown handling with proper resource cleanup.

The stop method implements robust shutdown logic:

• Graceful shutdown with timeout handling
• Force shutdown as fallback
• Proper interrupt handling to maintain thread state
• Clear status tracking

This follows best practices for executor service lifecycle management.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (8)

45-80: SQL query constants are well-defined and secure.

The SQL queries use proper parameterized statements to prevent SQL injection. The query structure aligns with the database schema design mentioned in the retrieved learnings.

---

100-123: Excellent transaction management in cleanup operations.

The updateExpiredGateways method correctly:

• Uses transactions with proper commit/rollback handling
• Implements appropriate error handling and logging
• Returns meaningful counts for operational monitoring

---

132-155: Robust implementation of data retention cleanup.

The deleteOldGatewayRecords method follows the same excellent pattern as the expiration method with proper transaction handling and logging.

---

185-216: Well-structured gateway instance insertion with environment mapping.

The method correctly handles the normalized relationship between gateway instances and environment labels using transactions to ensure data consistency.

---

321-358: Sophisticated gateway update with environment mapping refresh.

The updateGatewayInstance method properly handles the complex update scenario by:

• Updating the main gateway record
• Clearing existing environment mappings
• Inserting new environment mappings
• All within a transaction for consistency

This correctly implements the normalized relationship design mentioned in the retrieved learnings.

---

367-385: Simple and effective environment-based gateway querying.

The getGatewayInstancesByEnvironment method uses a proper JOIN to retrieve gateway instances for a specific environment. Based on the retrieved learning, environment IDs are validated during creation to prevent SQL wildcard characters, so no additional escaping is needed.

---

395-409: Timestamp validation methods prevent out-of-order updates.

These methods provide important safeguards against processing stale heartbeat or deployment messages. The logic correctly handles the case where records don't exist by returning false, ensuring that updates are only applied when they represent newer information.

Also applies to: 420-435

---

454-458: Simple and appropriate data transfer object.

The GatewayInstanceInfo class provides a clean way to return gateway instance data. The public fields approach is appropriate for this internal DTO use case.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (3)

54-92: LGTM! Thread safety issues have been resolved.

The singleton implementation correctly uses volatile for the instance field and all configuration fields are now properly declared as instance fields rather than static. The constructor properly initializes configuration from the API Manager configuration service.

---

144-185: LGTM! Well-structured payload building.

Both payload building methods properly handle edge cases like null gatewayID and network address resolution failures. The JSON structure follows the API specification and includes proper error handling.

---

115-142: LGTM! Proper lifecycle management.

The heartbeat lifecycle methods implement proper resource management with graceful shutdown, timeout handling, and appropriate thread interruption. The configuration check prevents unnecessary resource usage when heartbeat is disabled.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (6)

73-89: LGTM! Static field issues have been resolved.

The configuration fields are now properly declared as final instance fields and initialized from the configuration service in the constructor. This addresses the previous thread safety concerns with static field modifications.

---

94-103: LGTM! Thread-safe singleton implementation.

The double-checked locking pattern is correctly implemented with a volatile instance field and proper synchronization.

---

105-126: LGTM! Well-designed thread pool management.

The thread pool creation uses proper thread factories with daemon threads and atomic counters for naming. The separation of scheduler and processor thread pools provides good isolation of concerns.

---

232-248: LGTM! Robust batch processing with proper error handling.

The batch submission uses proper thread pool management with graceful degradation (CallerRunsPolicy) and fallback processing in the current thread on rejection. The debug logging provides good visibility into thread pool utilization.

---

318-353: LGTM! Well-structured data classes.

The BatchPayload and DeploymentStatusJob classes are properly designed to match the API specification. The constructor properly handles null values and timestamp generation, and the field mapping aligns with the expected DTO structure.

---

136-154: LGTM! Proper resource cleanup on shutdown.

The shutdown method implements proper executor service cleanup with appropriate timeouts, graceful termination attempts, and fallback to forced shutdown. Thread interruption is handled correctly.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (1)

2254-2283: Verify server-side validation of gatewayId for HEARTBEAT payloads

gatewayId is optional in the unified NotifyGatewayPayload, but a heartbeat from an un-registered gateway is meaningless. Ensure the implementation rejects HEARTBEAT requests missing gatewayId, even though the schema allows it.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (5)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2)

5362-5374: Schema title is still wrong – should be “Gateway Instance List”

The title string was not updated when the schema name changed from GatewayInstantList to GatewayInstanceList.

-    GatewayInstanceList:
-      title: Environment List
+    GatewayInstanceList:
+      title: Gateway Instance List

---

5376-5387: Property naming & metadata still deviate from existing conventions

1. gatewayID → gatewayId (camel-case Id like environmentId, applicationId, …)
2. lastActive should specify format: date-time so generators treat it as a timestamp.
3. status is a free-form string – add an explicit enum (ACTIVE, INACTIVE, STALE, …) to guide clients.

     GatewayInstance:
-      title: gateway Instances in the gateway environment
+      title: Gateway instance in the gateway environment
       type: object
       properties:
-        gatewayID:
+        gatewayId:
           type: string
           example: "Env1_1372344"
-        lastActive:
-          type: string
+        lastActive:
+          type: string
+          format: date-time
           example: "2025-06-26T06:47:50Z"
-        status:
-          type: string
-          example: "ACTIVE"
+        status:
+          type: string
+          enum: [ACTIVE, INACTIVE, STALE]
+          example: ACTIVE

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (2)

298-308: Fix potential resource leak in response handling.

The InputStream from response.getEntity().getContent() should be properly closed to prevent resource leaks.

-                    String responseBody = new String(response.getEntity().getContent().readAllBytes(),
-                                                     StandardCharsets.UTF_8);
+                    String responseBody;
+                    try (InputStream inputStream = response.getEntity().getContent()) {
+                        responseBody = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+                    }

---

198-217: Consider adding queue size limits to prevent potential memory issues.

When the gateway is not registered, jobs are queued indefinitely in currentBatch (lines 199 and 215). If the gateway never registers or takes a long time to register, this could lead to unbounded memory growth.

Consider adding a configurable maximum queue size:

+private static final int MAX_QUEUE_SIZE = 10000; // Make this configurable

 private void handleBatchedSubmission(DeploymentStatusJob job) {
+    if (currentBatch.size() >= MAX_QUEUE_SIZE) {
+        log.warn("Deployment status queue is full. Dropping oldest job.");
+        currentBatch.poll(); // Remove oldest
+    }
     currentBatch.offer(job);
     // ... rest of method
 }

 private void handleImmediateSubmission(DeploymentStatusJob job) {
     if (DataHolder.getInstance().isGatewayRegistered()) {
         List<DeploymentStatusJob> singleJobList = Collections.singletonList(job);
         submitBatchForProcessing(singleJobList);
     } else {
+        if (currentBatch.size() >= MAX_QUEUE_SIZE) {
+            log.warn("Deployment status queue is full. Dropping oldest job.");
+            currentBatch.poll(); // Remove oldest
+        }
         currentBatch.offer(job);
     }
 }

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (1)

2310-2311: YAML-lint: double space after colon still present
Previous review already highlighted this — the extra space before “API” violates YAML style and may break tooling.

-      title:  API Revision Deployment Status acknowledgements List
+      title: API Revision Deployment Status acknowledgements List

🧹 Nitpick comments (5)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

45-51: Consider performance optimization for cleanup query.

The DELETE_OLD_DEPLOYMENTS_SQL uses a subquery with NOT IN which can be inefficient for large datasets and may not handle NULL values correctly.

Consider using a LEFT JOIN approach for better performance:

-private static final String DELETE_OLD_DEPLOYMENTS_SQL = 
-        "DELETE FROM AM_GW_REVISION_DEPLOYMENT WHERE GATEWAY_ID NOT IN (SELECT GATEWAY_ID FROM AM_GW_INSTANCES)";
+private static final String DELETE_OLD_DEPLOYMENTS_SQL = 
+        "DELETE d FROM AM_GW_REVISION_DEPLOYMENT d LEFT JOIN AM_GW_INSTANCES g ON d.GATEWAY_ID = g.GATEWAY_ID WHERE g.GATEWAY_ID IS NULL";

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2044-2080: Add standard Accept header & 406 response for consistency with other GET endpoints

All other read-only list endpoints in this spec include an Accept header parameter (via #/components/parameters/Accept) and declare a 406 NotAcceptable response. Omitting it here makes the surface inconsistent and forces clients to guess the default.

@@
       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'
@@
           $ref: '#/components/responses/NotFound'
+        406:
+          $ref: '#/components/responses/NotAcceptable'

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (3)

2277-2283: Clarify gatewayId semantics for REGISTER vs. HEARTBEAT
The description implies the field is assigned on registration, yet it is also the identifier the gateway must send on subsequent heartbeats. A short note such as “Returned by the control-plane on successful registration; must be sent by the gateway on every subsequent request” removes ambiguity.

---

2315-2317: Wrong wording in list schema description
GatewayDeploymentStatusAcknowledgmentList is not “Number of APIs returned.” – replace “APIs” with “acknowledgments” to keep the contract self-describing.

---

2340-2344: timeStamp description references heartbeat, not deployment status
Copy-paste residue: this timestamp represents when the deployment event occurred, not a heartbeat. Update the description to avoid confusion for SDK generators.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (7)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2)

5362-5374: Schema title & naming mismatch

GatewayInstanceList is titled “Environment List” – copy-paste residue that confuses client SDKs and documentation tooling. Rename to “Gateway Instance List”.

-    GatewayInstanceList:
-      title: Environment List
+    GatewayInstanceList:
+      title: Gateway Instance List

---

5376-5387: Standardise property names & enrich schema metadata

gatewayID, lastActive, and status still deviate from existing conventions and lack helpful metadata:

1. Use gatewayId (camel-case Id) – aligns with environmentId, applicationId, etc.
2. Add format: date-time to lastActive.
3. Restrict status with an explicit enum (ACTIVE, INACTIVE, STALE, …).

-    GatewayInstance:
-      title: gateway Instances in the gateway environment
+    GatewayInstance:
+      title: Gateway instance in the gateway environment
       type: object
       properties:
-        gatewayID:
+        gatewayId:
           type: string
           example: "Env1_1372344"
-        lastActive:
-          type: string
+        lastActive:
+          type: string
+          format: date-time
           example: "2025-06-26T06:47:50Z"
-        status:
-          type: string
-          example: "ACTIVE"
+        status:
+          type: string
+          enum: [ACTIVE, INACTIVE, STALE]
+          example: ACTIVE

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

5376-5387: gatewayID casing & missing format: date-time – same concern as last review

Previous feedback requested:

1. Rename gatewayID → gatewayId (camel-case, aligns with environmentId)
2. Annotate lastActive with format: date-time
3. Optional enum for status

Those changes are still absent in this generated copy.
Re-sync with the source specification so both originals and generated artifacts reflect the agreed model.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (3)

104-109: Use thread pool instead of creating threads manually.

Creating threads manually can lead to resource issues. Consider using the existing scheduler or a dedicated thread pool for gateway registration.

---

222-223: Potential resource leak when reading response content.

Using readAllBytes() on the InputStream can cause resource leaks if an exception occurs. Consider using try-with-resources or proper resource management.

---

267-268: Same resource leak issue as in registration logic.

The response content reading has the same potential resource leak issue as the registration logic.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1)

198-217: Consider adding queue size limits to prevent memory issues.

When the gateway is not registered, jobs are queued indefinitely. This could lead to memory issues if the gateway never registers and jobs keep accumulating.

🧹 Nitpick comments (3)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2044-2076: Minor consistency nit – expose standard Accept header

Most collection endpoints declare an Accept parameter for content negotiation. /environments/{environmentId}/gateways omits it, breaking spec uniformity.

       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

Adding it keeps the contract symmetrical with the rest of the Admin API.
No functional impact – purely descriptive.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2)

2044-2076: Add missing 406 response & standard Accept header for contract symmetry

All collection-style GET endpoints in this spec expose a 406 NotAcceptable response and the reusable Accept header parameter.
/environments/{environmentId}/gateways omits both, breaking consistency and forcing client-side special-casing.

@@
       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'
@@
           ...
+        406:
+          $ref: '#/components/responses/NotAcceptable'

---

5362-5374: Schema title is misleading (‘Environment List’)

GatewayInstanceList still carries the copy-pasted title “Environment List”, which confuses SDK generators and human readers.

-    GatewayInstanceList:
-      title: Environment List
+    GatewayInstanceList:
+      title: Gateway Instance List

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 300dbb5 and 5650dc2.

⛔ Files ignored due to path filters (3)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (31)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (3 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml

🚧 Files skipped from review as they are similar to previous changes (23)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml

🧰 Additional context used

🧠 Learnings (6)

📓 Common learnings

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (10)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/test/java/org/wso2/carbon/apimgt/spec/parser/definitions/OASParserUtilTest.java:174-176
Timestamp: 2025-06-18T08:15:46.118Z
Learning: CodeRabbit flagged duplicate production flags in OASParserUtilTest.java but provided incorrect line numbers (174-176). The actual issue exists at lines 403 and 430 where sandbox endpoint tests incorrectly use the true flag instead of false.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the createCanonicalQueryString method in APIUtil.java is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (9)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (9)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java:0-0
Timestamp: 2025-07-28T03:41:10.644Z
Learning: In WSO2 Carbon API Manager, scheduler.scheduleAtFixedRate calls are not typically wrapped in try-catch blocks, following a consistent pattern across the codebase. This design decision prioritizes consistency with existing scheduler implementations over additional error handling.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (15)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (18)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in wso2/api-manager#3971.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3885-3891
Timestamp: 2025-07-28T13:03:45.797Z
Learning: In WSO2 Carbon API Manager, BiyonFernando prefers storing JSON data in BLOB columns as it can be visualized from DB clients, rather than using CLOB for human-readable text storage.

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🔇 Additional comments (14)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (4)

54-66: LGTM! Thread safety issues have been resolved.

The field declarations now correctly use instance fields instead of static fields, and the singleton instance is properly declared as volatile. This addresses the previous thread safety concerns.

---

71-92: LGTM! Constructor properly initializes all configuration.

The constructor correctly loads configuration from ServiceReferenceHolder, handles gateway ID initialization with proper fallback to UUID generation, and sets up all required fields.

---

94-99: LGTM! Singleton pattern is correctly implemented.

The singleton implementation uses proper synchronization with the volatile instance field, ensuring thread-safe lazy initialization.

---

144-185: LGTM! Payload building methods are well implemented.

Both buildRegistrationPayload and buildHeartbeatPayload methods correctly construct JSON payloads using Gson, handle timestamps properly, and include appropriate error handling for IP address retrieval.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (4)

41-63: LGTM! Singleton pattern and class structure are well implemented.

The class correctly implements the singleton pattern with volatile instance field and proper synchronization. Constructor properly initializes dependencies.

---

71-98: LGTM! Start method properly handles configuration and scheduling.

The start method correctly checks running state, loads configuration, respects enable/disable settings, and properly schedules the cleanup task with appropriate intervals.

---

103-125: LGTM! Stop method implements proper shutdown sequence.

The stop method correctly implements graceful shutdown with timeout, proper exception handling, and thread interruption restoration following best practices for executor service shutdown.

---

137-163: LGTM! Task implementation correctly handles gateway expiration.

The GatewayValidationTask properly calculates expiration thresholds, marks expired gateways, and includes appropriate logging and error handling. The scope is correctly focused on expiration marking, with data retention cleanup handled at the data insertion location as clarified.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (6)

67-72: LGTM! Static field modification issues have been resolved.

The configuration fields are now properly declared as instance fields instead of static fields, which addresses the previous thread safety concerns about modifying static fields from the constructor.

---

73-103: LGTM! Constructor and singleton pattern are well implemented.

The constructor properly loads configuration without modifying static fields, and the singleton pattern uses correct double-checked locking with proper synchronization.

---

105-131: LGTM! Thread pool management is well designed.

The class properly creates dedicated executors with custom thread factories, uses daemon threads appropriately, and configures thread pools with proper parameters and rejection policies.

---

136-154: LGTM! Shutdown method implements proper cleanup.

The shutdown method correctly handles graceful shutdown of both executors with appropriate timeouts, proper exception handling, and thread interruption restoration.

---

298-308: LGTM! HTTP request handling properly uses try-with-resources.

The HTTP request handling correctly uses try-with-resources for the CloseableHttpResponse, ensuring proper resource cleanup and preventing resource leaks.

---

332-353: LGTM! DeploymentStatusJob class is well implemented.

The inner class properly represents deployment status data with correct field initialization, appropriate type conversions, and proper null handling for optional fields.

[BiyonFernando]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2)

5376-5387: Property casing & typing inconsistencies in GatewayInstance

Consistency with rest of OAS:

1. Use camelCase (gatewayId) as elsewhere (environmentId etc.).
2. lastActive should expose format: date-time to aid tooling.
3. status values are well-defined (ACTIVE, INACTIVE, OFFLINE) ­– declare an enum.

-        gatewayID:
+        gatewayId:
           type: string
           example: "Env1_1372344"
-        lastActive:
-          type: string
+        lastActive:
+          type: string
+          format: date-time
           example: "2025-06-26T06:47:50Z"
-        status:
-          type: string
-          example: "ACTIVE"
+        status:
+          type: string
+          enum: [ACTIVE, INACTIVE, OFFLINE]
+          example: "ACTIVE"

---

5362-5374: Schema title & items reference are misleading

GatewayInstanceList is titled “Environment List”, which confuses doc-readers and code-gen tools. Rename to a meaningful title.

-    GatewayInstanceList:
-      title: Environment List
+    GatewayInstanceList:
+      title: Gateway Instance List
...
-          items:
-            $ref: '#/components/schemas/GatewayInstance'
+          items:
+            $ref: '#/components/schemas/GatewayInstance'

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5362-5387: Schema still carries earlier naming / typing issues

The exact same observations were raised in a previous review; they remain unaddressed here.

-    GatewayInstanceList:
-      title: Environment List
+    GatewayInstanceList:
+      title: Gateway instance list
...
-        list:
+        list:
           type: array
           items:
             $ref: '#/components/schemas/GatewayInstance'

-    GatewayInstance:
-      title: gateway Instances in the gateway environment
+    GatewayInstance:
+      title: Gateway instance in the gateway environment
...
-        gatewayID:
+        gatewayId:
           type: string
           example: "Env1_1372344"
-        lastActive:
-          type: string
-          example: "2025-06-26T06:47:50Z"
+        lastActive:
+          type: string
+          format: date-time
+          example: "2025-06-26T06:47:50Z"
-        status:
-          type: string
-          example: "ACTIVE"
+        status:
+          type: string
+          enum: [ACTIVE, INACTIVE, STALE]
+          example: ACTIVE

This aligns with prevailing conventions (camelCase Id, date-time formats, explicit enums) and corrects the copy-paste title error.

🧹 Nitpick comments (4)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (3)

34-40: Update class documentation to reflect actual implementation scope.

Based on the retrieved learning that data retention cleanup is handled at data insertion location, the documentation should be updated to accurately reflect that this scheduler only handles marking gateways as expired, not the full cleanup operations mentioned.

 /**
  * Scheduler for cleaning up gateway heartbeat data from the database.
  * This scheduler runs periodically to:
  * 1. Update gateway status to EXPIRED for gateways that haven't sent heartbeat within the expire time
- * 2. Delete gateway records that are older than the data retention period
- * 3. Clean up orphaned deployment records
  */

---

55-57: Fix incorrect class name in JavaDoc comment.

The comment refers to "GatewayCleanupScheduler" but the actual class name is "GatewayValidationScheduler".

     /**
-     * Returns the singleton instance of GatewayCleanupScheduler.
+     * Returns the singleton instance of GatewayValidationScheduler.
      */

---

48-48: Consider making isRunning volatile for better thread visibility.

While not critical for this use case, making the isRunning field volatile would ensure immediate visibility of state changes across threads.

-    private boolean isRunning = false;
+    private volatile boolean isRunning = false;

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2044-2080: Consider adding the standard Accept header parameter for response content negotiation

All list-fetching operations in this spec expose an Accept header parameter (e.g. /throttling/policies/..., /applications, /environments). Omitting it here introduces an inconsistency that client SDK generators and tooling rely on.

       parameters:
+        - $ref: '#/components/parameters/Accept'
         - $ref: '#/components/parameters/environmentId'

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5650dc2 and 5f20c93.

⛔ Files ignored due to path filters (3)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (31)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml

🚧 Files skipped from review as they are similar to previous changes (25)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (10)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java:0-0
Timestamp: 2025-07-28T03:41:10.644Z
Learning: In WSO2 Carbon API Manager, scheduler.scheduleAtFixedRate calls are not typically wrapped in try-catch blocks, following a consistent pattern across the codebase. This design decision prioritizes consistency with existing scheduler implementations over additional error handling.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (15)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (18)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in wso2/api-manager#3971.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3885-3891
Timestamp: 2025-07-28T13:03:45.797Z
Learning: In WSO2 Carbon API Manager, BiyonFernando prefers storing JSON data in BLOB columns as it can be visualized from DB clients, rather than using CLOB for human-readable text storage.

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2078-2078: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🔇 Additional comments (4)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (4)

71-98: Well-implemented scheduler startup logic.

The start method properly handles configuration validation, prevents double-starting, and provides good operational logging. The use of scheduleAtFixedRate is appropriate for periodic cleanup tasks.

---

103-125: Excellent graceful shutdown implementation.

The stop method implements proper graceful shutdown with timeout handling and correct InterruptedException management, following Java concurrency best practices.

---

137-163: Focused and well-implemented cleanup task.

The GatewayValidationTask correctly implements the core functionality of marking expired gateways with proper error handling and conditional logging to reduce noise while maintaining operational visibility.

---

77-86: Appropriate configuration handling pattern.

The configuration retrieval and validation logic properly ensures the scheduler only starts when gateway notifications are enabled, with clear logging for operational visibility.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (2)

198-217: Address unbounded queue growth concern.

While the batching logic is well-implemented, there's still a potential memory issue when the gateway is not registered - jobs are queued indefinitely without size limits. This could lead to memory exhaustion if the gateway never registers.

Consider adding a configurable maximum queue size check:

 private void handleBatchedSubmission(DeploymentStatusJob job) {
+    if (!DataHolder.getInstance().isGatewayRegistered() && currentBatch.size() > MAX_QUEUE_SIZE) {
+        log.warn("Deployment status queue is full. Dropping oldest job.");
+        currentBatch.poll(); // Remove oldest
+    }
     currentBatch.offer(job);

 private void handleImmediateSubmission(DeploymentStatusJob job) {
     if (DataHolder.getInstance().isGatewayRegistered()) {
         List<DeploymentStatusJob> singleJobList = Collections.singletonList(job);
         submitBatchForProcessing(singleJobList);
     } else {
+        if (currentBatch.size() > MAX_QUEUE_SIZE) {
+            log.warn("Deployment status queue is full. Dropping oldest job.");
+            currentBatch.poll(); // Remove oldest
+        }
         currentBatch.offer(job);
     }
 }

---

303-304: Fix resource leak in response handling.

The InputStream from response.getEntity().getContent() is not properly closed, which can lead to resource leaks.

Apply this fix to ensure proper resource management:

-                    String responseBody = new String(response.getEntity().getContent().readAllBytes(),
-                                                     StandardCharsets.UTF_8);
+                    String responseBody;
+                    try (InputStream inputStream = response.getEntity().getContent()) {
+                        responseBody = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+                    }

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

2044-2078: Add missing Accept header parameter for contract symmetry

All other collection–style GET endpoints include the reusable #/components/parameters/Accept header so SDK generators can negotiate the response media type.
The new /environments/{environmentId}/gateways endpoint omits it, breaking the otherwise-uniform contract.

@@
       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

(No behavioural change – just metadata.)

🧹 Nitpick comments (1)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2044-2082: Add an Accept header parameter for consistency with the rest of the Admin API

Most collection/list endpoints in this spec expose the Accept header as an explicit parameter (e.g. /throttling/policies/custom, /applications).
/environments/{environmentId}/gateways omits it while still defining 406 NotAcceptable as a possible response. Exposing the header keeps the surface uniform and avoids ambiguity for generated SDKs.

       parameters:
+        - $ref: '#/components/parameters/Accept'
         - $ref: '#/components/parameters/environmentId'

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f20c93 and b1e7520.

⛔ Files ignored due to path filters (4)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstanceDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (32)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml

🚧 Files skipped from review as they are similar to previous changes (26)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (9)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (10)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (15)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (18)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in wso2/api-manager#3971.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3885-3891
Timestamp: 2025-07-28T13:03:45.797Z
Learning: In WSO2 Carbon API Manager, BiyonFernando prefers storing JSON data in BLOB columns as it can be visualized from DB clients, rather than using CLOB for human-readable text storage.

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🔇 Additional comments (10)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2)

3291-3293: LGTM!

The new gateway-related constants for organization deletion are consistent with the existing pattern and align with the PR's gateway management functionality.

---

3458-3518: Well-structured gateway notification constants.

The new GatewayNotification class provides a comprehensive set of constants for the gateway notification feature. The constants are well-organized with:

• Clear categorization for different functional areas (heartbeat, deployment acknowledgement, cleanup)
• Sensible default values for batch processing, retry logic, and thread pool configuration
• Consistent naming conventions following the existing codebase patterns
• Proper endpoint definitions using the existing INTERNAL_WEB_APP_EP pattern

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (6)

58-72: LGTM! Proper field declaration and thread safety.

The field declarations are well-designed with proper use of final instance fields, thread-safe collections, and synchronization objects. The previous issue with static field modifications has been correctly addressed.

---

73-89: LGTM! Proper constructor implementation.

The constructor correctly initializes all configuration fields from the service configuration and properly sets up the thread pools and scheduler. This addresses the previous concern about static field modifications.

---

94-103: LGTM! Correct singleton implementation.

The double-checked locking pattern is properly implemented for thread-safe singleton initialization.

---

105-126: LGTM! Well-designed thread pool configuration.

The thread pool creation methods properly configure executors with appropriate sizing, naming, and daemon thread settings for background processing.

---

136-154: LGTM! Proper resource cleanup implementation.

The shutdown method follows best practices with graceful termination, appropriate timeouts, and proper interrupt handling for both executors.

---

318-353: LGTM! Well-designed inner classes.

Both BatchPayload and DeploymentStatusJob classes are properly designed with appropriate encapsulation, immutability through final fields, and correct data representation for JSON serialization.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5364-5393: Describe lastActive as an RFC 3339 timestamp and tighten the schema

lastActive is a timestamp but is currently just a free-text string.
Adding format: date-time (OAS-native RFC 3339) improves client generation, validation, and documentation. No functional impact.

       GatewayInstance:
         title: Gateway instance in the gateway environment
         type: object
         properties:
           gatewayId:
             type: string
             example: "Env1_1372344"
           lastActive:
             type: string
+            format: date-time
             example: "2025-06-26T06:47:50Z"

While touching the schema, consider whether a separate enum value such as INACTIVE (previously suggested) is preferable to EXPIRED. If EXPIRED is correct, no action needed.
[ suggest_essential_refactor ]

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

5364-5392: Verify gateway-instance status vocabulary

GatewayInstance.status currently allows only ACTIVE | EXPIRED.
Backend code (e.g. DAO & scheduler) formerly distinguished INACTIVE/OFFLINE states; narrowing the enum here will 422-fail such records at the REST layer.

Please confirm the final state list and update either:

• the enum in the spec, or
• the DAO/service logic that persists other states.

[tag added for follow-up]

[BiyonFernando]

Actionable comments posted: 0

♻️ Duplicate comments (3)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (2)> 198-217: Address unbounded queue growth concern.

While the batching logic is well-implemented, there's still a potential memory issue when the gateway is not registered - jobs are queued indefinitely without size limits. This could lead to memory exhaustion if the gateway never registers.
Consider adding a configurable maximum queue size check:

 private void handleBatchedSubmission(DeploymentStatusJob job) {
+    if (!DataHolder.getInstance().isGatewayRegistered() && currentBatch.size() > MAX_QUEUE_SIZE) {
+        log.warn("Deployment status queue is full. Dropping oldest job.");
+        currentBatch.poll(); // Remove oldest
+    }
     currentBatch.offer(job);

 private void handleImmediateSubmission(DeploymentStatusJob job) {
     if (DataHolder.getInstance().isGatewayRegistered()) {
         List<DeploymentStatusJob> singleJobList = Collections.singletonList(job);
         submitBatchForProcessing(singleJobList);
     } else {
+        if (currentBatch.size() > MAX_QUEUE_SIZE) {
+            log.warn("Deployment status queue is full. Dropping oldest job.");
+            currentBatch.poll(); // Remove oldest
+        }
         currentBatch.offer(job);
     }
 }

As batchSize is configurable and we flush the currentBatch when currentBatch size is reached batchSize.

303-304: Fix resource leak in response handling.
The InputStream from response.getEntity().getContent() is not properly closed, which can lead to resource leaks.
Apply this fix to ensure proper resource management:

-                    String responseBody = new String(response.getEntity().getContent().readAllBytes(),
-                                                     StandardCharsets.UTF_8);
+                    String responseBody;
+                    try (InputStream inputStream = response.getEntity().getContent()) {
+                        responseBody = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+                    }

Fixed

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)> 2044-2078: Add missing Accept header parameter for contract symmetry

All other collection–style GET endpoints include the reusable #/components/parameters/Accept header so SDK generators can negotiate the response media type.
The new /environments/{environmentId}/gateways endpoint omits it, breaking the otherwise-uniform contract.

@@
       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

(No behavioural change – just metadata.)

🧹 Nitpick comments (1)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)> 2044-2082: Add an Accept header parameter for consistency with the rest of the Admin API

Most collection/list endpoints in this spec expose the Accept header as an explicit parameter (e.g. /throttling/policies/custom, /applications).
/environments/{environmentId}/gateways omits it while still defining 406 NotAcceptable as a possible response. Exposing the header keeps the surface uniform and avoids ambiguity for generated SDKs.

       parameters:
+        - $ref: '#/components/parameters/Accept'
         - $ref: '#/components/parameters/environmentId'

As /environments/{environmentId}/gateways is sub-resource of /environments and all the other endpoints in /environments do not expose the Accept header as an explicit parameter. Introducing this will create a inconsistency.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (4)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

2051-2054: Missing Accept header parameter – repeat of prior feedback

Earlier review already highlighted that all collection-style GET endpoints expose an optional Accept header to keep SDK generators happy.
The new /environments/{environmentId}/gateways endpoint still omits it.

       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (2)

64-66: Make configuration fields private for better encapsulation.

The fields should be declared as private to follow encapsulation best practices.

-    private final int maxRetryCount;
-    private final double retryProgressionFactor;
-    private final long retryDuration;
+    private final int maxRetryCount;
+    private final double retryProgressionFactor;
+    private final long retryDuration;

---

105-110: Use thread pool instead of creating threads manually.

Creating threads manually can lead to resource issues. Consider using the existing scheduler or a dedicated thread pool for gateway registration.

 public void registerGateway() {
     if (log.isDebugEnabled()) {
         log.debug("Registering Gateway with ID: " + gatewayID);
     }
-    new Thread(new registerGateway()).start();
+    scheduler.submit(new registerGateway());
 }

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1)

199-217: Add queue size limit to prevent memory issues.

When the gateway is not registered, jobs are queued indefinitely which could lead to memory exhaustion. Add a configurable maximum queue size check.

 private void handleBatchedSubmission(DeploymentStatusJob job) {
+    if (currentBatch.size() >= maxQueueSize) {
+        log.warn("Deployment status queue is full (size: " + maxQueueSize + "). Dropping oldest job.");
+        currentBatch.poll(); // Remove oldest
+    }
     currentBatch.offer(job);

     if (currentBatch.size() >= batchSize && DataHolder.getInstance().isGatewayRegistered()) {
         synchronized (batchLock) {
             if (currentBatch.size() >= batchSize) {
                 processCurrentBatch();
             }
         }
     }
 }

 private void handleImmediateSubmission(DeploymentStatusJob job) {
     if (DataHolder.getInstance().isGatewayRegistered()) {
         List<DeploymentStatusJob> singleJobList = Collections.singletonList(job);
         submitBatchForProcessing(singleJobList);
     } else {
+        if (currentBatch.size() >= maxQueueSize) {
+            log.warn("Deployment status queue is full (size: " + maxQueueSize + "). Dropping oldest job.");
+            currentBatch.poll(); // Remove oldest
+        }
         currentBatch.offer(job);
     }
 }

Add maxQueueSize as a configurable parameter with a reasonable default (e.g., 10000).

🧹 Nitpick comments (1)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

5364-5376: Add pagination object for consistency with other List schemas

Most list-returning schemas (e.g. ThrottlePolicyDetailsList, EnvironmentList) expose a pagination field so clients can page through large result sets.
GatewayInstanceList lacks this field; adding it keeps the contract uniform and avoids special-casing in SDKs/UI code.

     GatewayInstanceList:
       title: Gateway instance list
       type: object
       properties:
         count:
           type: integer
@@
         list:
           type: array
           items:
             $ref: '#/components/schemas/GatewayInstance'
+        pagination:
+          $ref: '#/components/schemas/Pagination'

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b1e7520 and 2a2edf0.

⛔ Files ignored due to path filters (4)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstanceDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (32)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml

🚧 Files skipped from review as they are similar to previous changes (25)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (10)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/test/java/org/wso2/carbon/apimgt/spec/parser/definitions/OASParserUtilTest.java:174-176
Timestamp: 2025-06-18T08:15:46.118Z
Learning: CodeRabbit flagged duplicate production flags in OASParserUtilTest.java but provided incorrect line numbers (174-176). The actual issue exists at lines 403 and 430 where sandbox endpoint tests incorrectly use the true flag instead of false.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the createCanonicalQueryString method in APIUtil.java is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (9)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (9)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java:0-0
Timestamp: 2025-07-28T03:41:10.644Z
Learning: In WSO2 Carbon API Manager, scheduler.scheduleAtFixedRate calls are not typically wrapped in try-catch blocks, following a consistent pattern across the codebase. This design decision prioritizes consistency with existing scheduler implementations over additional error handling.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (18)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in wso2/api-manager#3971.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3885-3891
Timestamp: 2025-07-28T13:03:45.797Z
Learning: In WSO2 Carbon API Manager, BiyonFernando prefers storing JSON data in BLOB columns as it can be visualized from DB clients, rather than using CLOB for human-readable text storage.

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-product (3, group3)
• GitHub Check: run-benchmark-test
• GitHub Check: build-product (4, group4)
• GitHub Check: build-carbon
• GitHub Check: build-product (1, group1)
• GitHub Check: build-product (2, group2)

🔇 Additional comments (1)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1)

40-40: Add volatile modifier to singleton instance field.

The singleton instance field should be volatile to ensure thread-safe lazy initialization with double-checked locking pattern.

-    private static GatewayValidationScheduler instance;
+    private static volatile GatewayValidationScheduler instance;

⛔ Skipped due to learnings

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5364-5393: Add format: date-time to lastActive; revisit status enum

lastActive is a timestamp but is missing the format: date-time hint used elsewhere in the spec (e.g. createdTime, updatedTime). Adding it improves generated-SDK typing and Swagger-UI rendering.

-        lastActive:
-          type: string
-          example: "2025-06-26T06:47:50Z"
+        lastActive:
+          type: string
+          format: date-time
+          example: "2025-06-26T06:47:50Z"

Optional: earlier feedback suggested ACTIVE | INACTIVE | STALE; the current EXPIRED value is fine if intentional, but double-check alignment with gateway-runtime status names to avoid mismatches.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

2051-2054: Add the standard Accept header parameter

All other collection-style GET operations in this spec expose the reusable #/components/parameters/Accept parameter so SDKs can negotiate response media-types uniformly.
This new sub-resource breaks that contract symmetry.

       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1)

105-110: Use thread pool instead of creating threads manually.

Creating threads manually can lead to resource issues. Consider using the existing scheduler or a dedicated thread pool for gateway registration.

    public void registerGateway() {
        if (log.isDebugEnabled()) {
            log.debug("Registering Gateway with ID: " + gatewayID);
        }
-        new Thread(new registerGateway()).start();
+        scheduler.submit(new registerGateway());
    }

🧹 Nitpick comments (2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

5381-5386: Declare lastActive as RFC-3339 date-time for tooling friendliness

Tooling (code-gen, validation, UIs) can auto-parse timestamps when the property is annotated with format: date-time.
Keeping the field as plain string doesn’t change the wire format but loses the benefit.

-        lastActive:
-          type: string
+        lastActive:
+          type: string
+          format: date-time

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1)

3469-3471: Consider improving string concatenation formatting.

While functionally correct, the line break in the middle of the string concatenation could be improved for better readability.

Apply this formatting improvement:

-        public static final String NOTIFY_API_DEPLOYMENT_STATUS_BATCH_PATH = INTERNAL_WEB_APP_EP + "/notify-api"
-                + "-deployment-status";
+        public static final String NOTIFY_API_DEPLOYMENT_STATUS_BATCH_PATH = INTERNAL_WEB_APP_EP + 
+                "/notify-api-deployment-status";

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2a2edf0 and f8b9d03.

⛔ Files ignored due to path filters (4)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstanceDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (32)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml

🚧 Files skipped from review as they are similar to previous changes (24)

• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json

🧰 Additional context used

🧠 Learnings (6)

📓 Common learnings

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (10)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java:0-0
Timestamp: 2025-07-28T03:41:10.644Z
Learning: In WSO2 Carbon API Manager, scheduler.scheduleAtFixedRate calls are not typically wrapped in try-catch blocks, following a consistent pattern across the codebase. This design decision prioritizes consistency with existing scheduler implementations over additional error handling.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (10)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/test/java/org/wso2/carbon/apimgt/spec/parser/definitions/OASParserUtilTest.java:174-176
Timestamp: 2025-06-18T08:15:46.118Z
Learning: CodeRabbit flagged duplicate production flags in OASParserUtilTest.java but provided incorrect line numbers (174-176). The actual issue exists at lines 403 and 430 where sandbox endpoint tests incorrectly use the true flag instead of false.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the createCanonicalQueryString method in APIUtil.java is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (10)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/definitions/AsyncApiParserUtil.java:23-25
Timestamp: 2025-06-18T10:50:32.454Z
Learning: In WSO2 API Manager, when API specification parsing logic was extracted to org.wso2.carbon.apimgt.spec.parser component, the original classes in org.wso2.carbon.apimgt.impl.definitions (like AsyncApiParserUtil) were kept as deprecated wrapper classes that extend the new implementations. This inheritance is maintained for backward compatibility to support custom workflows that may extend these original classes, not removed as "needless inheritance".

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (15)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (18)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in wso2/api-manager#3971.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3885-3891
Timestamp: 2025-07-28T13:03:45.797Z
Learning: In WSO2 Carbon API Manager, BiyonFernando prefers storing JSON data in BLOB columns as it can be visualized from DB clients, rather than using CLOB for human-readable text storage.

🧬 Code Graph Analysis (1)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (3)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2)

• APIConstants (32-3519)
• GatewayNotification (3460-3518)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1)

• GatewayManagementDAO (40-459)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1)

• GatewayNotificationConfiguration (24-210)

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🔇 Additional comments (11)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2044-2082: New endpoint definition looks consistent with existing Environment APIs

The path, parameter usage, success/error responses, and OAuth2 scope (apim:environment_read) follow the same patterns already used for the /environments family of endpoints, so nothing blocks merging from a spec-consistency point of view.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (4)

53-67: LGTM! Singleton implementation and field declarations are correct.

The volatile instance field ensures thread-safe lazy initialization, and all configuration fields are properly declared as private instance fields rather than static, which addresses the thread safety concerns from previous reviews.

---

72-100: LGTM! Constructor and singleton initialization are well-implemented.

The constructor properly loads configuration from multiple sources and handles gateway ID generation with appropriate fallbacks. The synchronized getInstance method ensures thread-safe singleton creation.

---

218-244: LGTM! HTTP response handling has been properly implemented.

The response handling correctly uses try-with-resources blocks and reads from the inputStream variable to avoid the double reading issue flagged in previous reviews. Resource management is properly handled.

---

274-284: LGTM! Heartbeat response handling is correct.

The heartbeat response processing properly uses try-with-resources and reads from the inputStream variable, avoiding the resource leak and double reading issues identified in previous reviews.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (4)

37-59: LGTM! Singleton implementation follows best practices.

The class properly implements the singleton pattern with a volatile instance field for thread safety, and cleanly initializes its dependencies in the constructor.

---

64-91: LGTM! Scheduler startup logic is well-implemented.

The method properly checks for duplicate starts, loads configuration appropriately, and follows the established WSO2 pattern for scheduler initialization without wrapping scheduleAtFixedRate in try-catch blocks.

---

96-118: LGTM! Scheduler shutdown logic follows best practices.

The stop method properly implements graceful shutdown with timeout handling and correct interrupt management, following standard Java executor service shutdown patterns.

---

130-156: LGTM! Task implementation correctly focuses on its intended scope.

The GatewayValidationTask properly handles marking gateways as expired based on heartbeat inactivity. Based on the architectural decision mentioned in previous reviews, the data retention cleanup is handled at the data insertion location rather than in this periodic task, which explains why deleteOldGatewayRecords is not called here.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2)

3291-3293: LGTM!

The new constants for gateway data management during organization deletion are well-placed and follow the existing naming conventions.

---

3459-3518: Well-structured gateway notification constants!

The new GatewayNotification class is comprehensive and well-organized with:

• Clear logical grouping of related constants
• Appropriate default values for configuration parameters
• Consistent naming conventions
• Good coverage of all aspects of the gateway notification feature including registration, heartbeat, batch processing, and cleanup

[BiyonFernando]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5378-5387: Add date-time format and harmonise status enum for GatewayInstance

lastActive is still a plain string – generators will treat it as an arbitrary string rather than an RFC-3339 timestamp.
Likewise, the status enum suddenly switches to EXPIRED whereas earlier discussions revolved around INACTIVE / STALE. The enum should capture all intended states and remain stable across specs.

-        lastActive:
-          type: string
-          example: "2025-06-26T06:47:50Z"
+        lastActive:
+          type: string
+          format: date-time
+          example: "2025-06-26T06:47:50Z"

-        status:
-          example: ACTIVE
-          default: ACTIVE
-          enum:
-            - ACTIVE
-            - EXPIRED
+        status:
+          example: ACTIVE
+          default: ACTIVE
+          enum:
+            - ACTIVE
+            - INACTIVE
+            - STALE

Adds typed metadata for tooling, and prevents future breaking renames of states.

Also applies to: 5388-5393

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

2051-2053: Add the Accept header parameter for contract symmetry

All other collection-style GET endpoints expose an optional Accept header via

- $ref: '#/components/parameters/Accept'

Om​itting it here silently breaks SDK generators that rely on a uniform interface.

       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

🧹 Nitpick comments (1)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2048-2051: Minor wording – use lowercase “instances”

The phrase “gateway Instances” capitalises Instances mid-sentence:

Retrieve list of gateway Instances in the gateway environment.

-        Retrieve list of gateway Instances in the gateway environment.
+        Retrieve list of gateway instances in the gateway environment.

Purely cosmetic, but keeps prose consistent with the rest of the spec.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f8b9d03 and 79fb538.

⛔ Files ignored due to path filters (4)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstanceDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (33)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml

🚧 Files skipped from review as they are similar to previous changes (27)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (9)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java:0-0
Timestamp: 2025-07-28T03:41:10.644Z
Learning: In WSO2 Carbon API Manager, scheduler.scheduleAtFixedRate calls are not typically wrapped in try-catch blocks, following a consistent pattern across the codebase. This design decision prioritizes consistency with existing scheduler implementations over additional error handling.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/Environment.java:341-355
Timestamp: 2025-07-19T14:50:12.218Z
Learning: In WSO2 Carbon API Manager, input validation for model properties like apiDiscoveryScheduledWindow is performed at the REST API level rather than in individual setter methods, avoiding code duplication and ensuring validation occurs at the entry point.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AzureContentSafetyGuardrailProviderServiceImpl.java:75-84
Timestamp: 2025-06-30T06:50:20.514Z
Learning: In WSO2 Carbon API Manager, initialization of service components (like GuardrailProviderService implementations) is guaranteed to occur before service methods are called, so additional initialization validation checks in service methods are not needed.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (15)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (18)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in wso2/api-manager#3971.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3885-3891
Timestamp: 2025-07-28T13:03:45.797Z
Learning: In WSO2 Carbon API Manager, BiyonFernando prefers storing JSON data in BLOB columns as it can be visualized from DB clients, rather than using CLOB for human-readable text storage.

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: run-benchmark-test
• GitHub Check: build-product (4, group4)
• GitHub Check: build-product (1, group1)
• GitHub Check: build-product (2, group2)
• GitHub Check: build-product (3, group3)
• GitHub Check: build-carbon

🔇 Additional comments (7)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (7)

34-44: LGTM! Proper singleton pattern implementation.

The class fields are well-structured with appropriate types and access modifiers. The volatile keyword on the instance field ensures thread-safe singleton access.

---

46-49: LGTM! Proper singleton constructor.

The constructor correctly initializes the required components with appropriate access control for the singleton pattern.

---

51-59: LGTM! Thread-safe singleton implementation.

The synchronized method approach ensures thread safety and prevents multiple instance creation. This pattern is appropriate for the scheduler's usage context.

---

61-91: LGTM! Well-structured scheduler startup.

The method properly handles state checking, configuration loading, and task scheduling. The feature toggle and logging provide good operational control and visibility.

---

93-118: LGTM! Excellent executor service shutdown implementation.

The method follows best practices for graceful shutdown with proper timeout handling, fallback to forced shutdown, and correct InterruptedException handling that preserves thread interrupt status.

---

120-125: LGTM! Simple and appropriate state accessor.

The method provides necessary visibility into scheduler state for external components.

---

127-156: LGTM! Focused and well-implemented cleanup task.

The task correctly implements gateway expiration logic based on heartbeat inactivity. The time calculation, database interaction, and error handling are all properly implemented. The focused scope aligns with the architectural decision to handle data retention cleanup at the data insertion location.

[coderabbitai]

Actionable comments posted: 5

♻️ Duplicate comments (3)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5383-5389: Add format: date-time to lastActive to keep JSON<->object mapping precise

The same point was raised earlier and is still unresolved – without the explicit format, many generated clients treat the field as an opaque string instead of a timestamp.

         lastActive:
           type: string
+          format: date-time
           example: "2025-06-26T06:47:50Z"

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1)

130-156: LGTM: Task implementation aligns with design decision.

Based on the retrieved learnings, the data retention cleanup is handled at the data insertion location rather than in this periodic task. The current implementation correctly focuses only on marking gateways as expired based on heartbeat inactivity, which aligns with the architectural design.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

2051-2054: Missing Accept header parameter breaks contract symmetry

All other collection‐style GET endpoints include an Accept header parameter ($ref: '#/components/parameters/Accept'). Omitting it here makes SDKs that assume a uniform contract fail at compile‐time.

       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

🧹 Nitpick comments (6)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (2)

35-35: Fix typo in class documentation.

The word "liveliness" should be "liveness" in the class documentation.

- * Scheduler for validating liveliness of gateway and expired them
+ * Scheduler for validating liveness of gateways and expiring them

---

52-52: Fix incorrect class name in comment.

The comment refers to "GatewayCleanupScheduler" but should refer to "GatewayValidationScheduler".

-     * Returns the singleton instance of GatewayCleanupScheduler.
+     * Returns the singleton instance of GatewayValidationScheduler.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

5381-5384: Consider marking gatewayId as required

gatewayId uniquely identifies a gateway instance; returning objects without it is useless and causes nullable typings in generated SDKs.

     GatewayInstance:
       title: Gateway instance in the gateway environment
       type: object
+      required:
+        - gatewayId

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (2)

126-126: Fix typo in error message constant.

There's a typo in the constant name: ERROR_HEARTBEAT_REGISTREATION should be ERROR_HEARTBEAT_REGISTRATION.

-        error.setMessage(APIConstants.GatewayNotification.ERROR_HEARTBEAT_REGISTREATION + e.getMessage());
+        error.setMessage(APIConstants.GatewayNotification.ERROR_HEARTBEAT_REGISTRATION + e.getMessage());

---

153-155: Consider initializing gatewayManagementDAO consistently.

The lazy initialization pattern here is inconsistent with how the DAO is used elsewhere in the class (lines 84, 111 use GatewayManagementDAO.getInstance() directly). Consider either:

1. Initialize gatewayManagementDAO field in constructor, or
2. Use GatewayManagementDAO.getInstance() consistently throughout the class

-            if (gatewayManagementDAO == null) {
-                gatewayManagementDAO = GatewayManagementDAO.getInstance();
-            }
+            GatewayManagementDAO dao = GatewayManagementDAO.getInstance();

And update line 157:

-            int deletedCount = gatewayManagementDAO.deleteOldGatewayRecords(retentionTimestamp);
+            int deletedCount = dao.deleteOldGatewayRecords(retentionTimestamp);

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (1)

2301-2308: ipAddress restricts gateways to IPv4 only

format: ipv4 blocks legitimate IPv6 deployments (and dual-stack pods on Kubernetes).
Use a pattern that accepts both families or introduce a separate ipv6Address field.

-        ipAddress:
-          type: string
-          format: ipv4
-          description: The IP address of the gateway instance.
+        ipAddress:
+          type: string
+          description: IPv4 or IPv6 address of the gateway instance.
+          pattern: '^([0-9]{1,3}(\\.[0-9]{1,3}){3}|([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4})$'

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (4)

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1)

61-61: Consider adding queue size limits to prevent memory issues

The currentBatch queue is unbounded (LinkedBlockingQueue without capacity). When the gateway is not registered, jobs are queued indefinitely which could lead to memory exhaustion if the gateway never registers.

Define a maximum queue size:

-private static final BlockingQueue<DeploymentStatusJob> currentBatch = new LinkedBlockingQueue<>();
+private static final int MAX_QUEUE_SIZE = 10000; // configurable
+private static final BlockingQueue<DeploymentStatusJob> currentBatch = new LinkedBlockingQueue<>(MAX_QUEUE_SIZE);

Also update the queueing logic to handle full queue:

 private void handleBatchedSubmission(DeploymentStatusJob job) {
-    currentBatch.offer(job);
+    if (!currentBatch.offer(job)) {
+        log.warn("Deployment status queue is full. Dropping job for API: " + job.apiId);
+    }

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1)

3479-3479: Fix typo in constant name.

The constant name contains a typo - "REGISTREATION" should be "REGISTRATION".

Apply this diff to fix the typo:

-        public static final String ERROR_HEARTBEAT_REGISTREATION = "Error during registering heartbeat: ";
+        public static final String ERROR_HEARTBEAT_REGISTRATION = "Error during registering heartbeat: ";

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5378-5389: Add format: date-time to lastActive

lastActive represents an ISO-8601 timestamp but is currently declared only as type: string.
Adding the explicit format improves client-side typing and generator output:

 lastActive:
   type: string
+  format: date-time
   example: "2025-06-26T06:47:50Z"

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

2044-2076: Missing Accept header parameter breaks contract symmetry

All other collection-style GET endpoints expose an optional Accept header (via #/components/parameters/Accept) so that SDK generators can negotiate media types uniformly.
Omitting it here creates an outlier and silently breaks generated clients.

@@
       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

🧹 Nitpick comments (1)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

2044-2074: Remove 406 response or add Accept header parameter for consistency

The operation advertises a 406 Not Acceptable response but does not declare an Accept header parameter.
Either add the standard Accept parameter (as used in many other collection endpoints) or drop the 406 response code to keep the contract internally coherent.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 003486f and c63b58f.

⛔ Files ignored due to path filters (4)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstanceDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (33)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml

🚧 Files skipped from review as they are similar to previous changes (28)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration class, all fields including nested configuration objects (HeartbeatConfiguration, DeploymentAcknowledgementConfiguration, RegistrationConfiguration, GatewayCleanupConfiguration) are initialized with default values at field declaration level, ensuring that getGatewayNotificationConfiguration() and all its nested getters never return null.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:81-87
Timestamp: 2025-07-30T13:59:48.856Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration, all nested configuration objects including GatewayCleanupConfiguration are initialized with default values at field declaration level, and the configuration parsing only updates existing values through setters, ensuring that null checks are unnecessary as the objects are guaranteed to be non-null.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (17)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration class, all fields including nested configuration objects (HeartbeatConfiguration, DeploymentAcknowledgementConfiguration, RegistrationConfiguration, GatewayCleanupConfiguration) are initialized with default values at field declaration level, ensuring that getGatewayNotificationConfiguration() and all its nested getters never return null.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's APIManagerConfiguration class, the gatewayNotificationConfiguration field is initialized with a new GatewayNotificationConfiguration() instance during object construction, making getGatewayNotificationConfiguration() guaranteed to never return null. The configuration parsing only updates existing values through setters rather than replacing the entire object.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's APIManagerConfiguration class, the gatewayNotificationConfiguration field is initialized as "new GatewayNotificationConfiguration()" at field declaration level, making getGatewayNotificationConfiguration() guaranteed to never return null. The GatewayNotificationConfiguration class also initializes all its nested configuration objects with default values at field declaration level.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:81-87
Timestamp: 2025-07-30T13:59:48.856Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration, all nested configuration objects including GatewayCleanupConfiguration are initialized with default values at field declaration level, and the configuration parsing only updates existing values through setters, ensuring that null checks are unnecessary as the objects are guaranteed to be non-null.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:81-87
Timestamp: 2025-07-30T13:59:48.856Z
Learning: In WSO2 Carbon API Manager's GatewayValidationScheduler, the gatewayCleanupConfiguration is guaranteed to be non-null because GatewayNotificationConfiguration initializes it with default values in the constructor, and the configuration parsing only updates existing values rather than setting them to null.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the createCanonicalQueryString method in APIUtil.java is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (13)

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's APIManagerConfiguration class, the gatewayNotificationConfiguration field is initialized with a new GatewayNotificationConfiguration() instance during object construction, making getGatewayNotificationConfiguration() guaranteed to never return null. The configuration parsing only updates existing values through setters rather than replacing the entire object.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration class, all fields including nested configuration objects (HeartbeatConfiguration, DeploymentAcknowledgementConfiguration, RegistrationConfiguration, GatewayCleanupConfiguration) are initialized with default values at field declaration level, ensuring that getGatewayNotificationConfiguration() and all its nested getters never return null.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:81-87
Timestamp: 2025-07-30T13:59:48.856Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration, all nested configuration objects including GatewayCleanupConfiguration are initialized with default values at field declaration level, and the configuration parsing only updates existing values through setters, ensuring that null checks are unnecessary as the objects are guaranteed to be non-null.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's APIManagerConfiguration class, the gatewayNotificationConfiguration field is initialized as "new GatewayNotificationConfiguration()" at field declaration level, making getGatewayNotificationConfiguration() guaranteed to never return null. The GatewayNotificationConfiguration class also initializes all its nested configuration objects with default values at field declaration level.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:81-87
Timestamp: 2025-07-30T13:59:48.856Z
Learning: In WSO2 Carbon API Manager's GatewayValidationScheduler, the gatewayCleanupConfiguration is guaranteed to be non-null because GatewayNotificationConfiguration initializes it with default values in the constructor, and the configuration parsing only updates existing values rather than setting them to null.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: nimsara66
PR: #13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AWSBedrockGuardrailProviderServiceImpl.java:110-111
Timestamp: 2025-06-30T08:32:41.219Z
Learning: In WSO2 Carbon API Manager callout service implementations, error messages should reference the actual parameter names/keys that callers provide in configuration maps, not the internal variable names used in the method implementation. This helps users understand what they need to configure.

Learnt from: Oshanath
PR: #13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (16)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's APIManagerConfiguration class, the gatewayNotificationConfiguration field is initialized with a new GatewayNotificationConfiguration() instance during object construction, making getGatewayNotificationConfiguration() guaranteed to never return null. The configuration parsing only updates existing values through setters rather than replacing the entire object.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (18)

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: AnuGayan
PR: #13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Learnt from: tharindu1st
PR: #13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml is an automated copy file; changes should be made in the original source file, not in this generated copy.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like /notify-api-deployment-status in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: tharindu1st
PR: #13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new /tenant-info GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the TenantInfoList schema.

Learnt from: BiyonFernando
PR: #13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in wso2/api-manager#3971.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Learnt from: thisaltennakoon
PR: #13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Learnt from: BiyonFernando
PR: #13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3885-3891
Timestamp: 2025-07-28T13:03:45.797Z
Learning: In WSO2 Carbon API Manager, BiyonFernando prefers storing JSON data in BLOB columns as it can be visualized from DB clients, rather than using CLOB for human-readable text storage.

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-product (1, group1)
• GitHub Check: run-benchmark-test
• GitHub Check: build-product (3, group3)
• GitHub Check: build-product (4, group4)
• GitHub Check: build-product (2, group2)
• GitHub Check: build-carbon

🔇 Additional comments (2)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1)

3460-3518: Well-structured gateway notification constants.

The new GatewayNotification inner class is well-organized with clear logical groupings, appropriate default values, and follows the established naming conventions. The constants comprehensively cover all aspects of the gateway notification feature including payload types, status values, error messages, configuration keys, and sensible defaults for batch processing and retry mechanisms.

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

5364-5393: Align GatewayInstance schema and verify status enums

– The common GatewayInstance schema is missing its primary identifier.
Add a required: ["gatewayId"] block to:
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

– Ensure the status enum is consistent across your APIs.
Currently it’s defined as [ACTIVE, EXPIRED]; if your gateway lifecycle also supports INACTIVE and OFFLINE, include them (and mirror this in the v1 spec), or call out the breaking change in your release notes.

Proposed diff in admin-api.yaml (common):

 GatewayInstance:
   title: Gateway instance in the gateway environment
   type: object
+  required:
+    - gatewayId
   properties:
     gatewayId:
       type: string
@@
-    status:
-      example: ACTIVE
-      default: ACTIVE
-      enum:
-        - ACTIVE
-        - EXPIRED
+    status:
+      example: ACTIVE
+      default: ACTIVE
+      enum:
+        - ACTIVE
+        - INACTIVE    # add if supported
+        - OFFLINE     # add if supported
+        - EXPIRED     # existing value, if still applicable

Please update both the common and v1 definitions as needed and verify there are no downstream breakages.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (1)

5364-5393: gatewayId still not marked as required & status enum deviates from previous agreement

The same feedback was given earlier and marked fixed, yet the generated copy still lacks it:

     GatewayInstance:
       title: Gateway instance in the gateway environment
       type: object
+      required:
+        - gatewayId
       properties:
@@
-        status:
-          example: ACTIVE
-          default: ACTIVE
-          enum:
-            - ACTIVE
-            - EXPIRED
+        status:
+          example: ACTIVE
+          default: ACTIVE
+          enum: [ACTIVE, INACTIVE, OFFLINE, EXPIRED]

• Marking gatewayId as mandatory prevents useless partial objects in SDKs.
• Extending the enum reflects the three recognised runtime states plus the newly introduced “EXPIRED”.

🧹 Nitpick comments (7)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (2)

35-35: Fix grammatical error in class documentation.

The comment contains a grammatical error. "expired them" should be "expire them".

- * Scheduler for validating liveliness of gateway and expired them
+ * Scheduler for validating liveness of gateway and expire them

---

52-52: Fix incorrect class name in documentation.

The comment refers to "GatewayCleanupScheduler" but this is "GatewayValidationScheduler".

- * Returns the singleton instance of GatewayCleanupScheduler.
+ * Returns the singleton instance of GatewayValidationScheduler.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1)

3460-3519: Consider adding JavaDoc for the GatewayNotification class.

The new GatewayNotification class is well-structured with comprehensive constants. However, for consistency with other documented inner classes in this file, consider adding JavaDoc comments to describe its purpose.

+    /**
+     * Constants related to Gateway Notification functionality
+     */
     public static class GatewayNotification {

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5386-5388: Add format: date-time for lastActive

OpenAPI tooling treats plain string differently from a timestamp.
Explicitly declaring the RFC 3339 format improves SDK generation and validation.

-        lastActive:
-          type: string
-          example: "2025-06-26T06:47:50Z"
+        lastActive:
+          type: string
+          format: date-time
+          example: "2025-06-26T06:47:50Z"

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (3)

2254-2283: gatewayId description is misleading for REGISTER payloads

gatewayId is optional and must be absent for a first-time registration, yet the description says “The unique identifier assigned to the newly registered gateway.” – wording that implies it is already known to the caller.

Consider clarifying that:

• gatewayId is required for HEARTBEAT payloads (existing gateways)
• It must be omitted for REGISTER payloads (new gateways)

If the team still prefers a single schema, at least tweak the docstring:

-          description: The unique identifier assigned to the newly registered gateway.
+          description: Gateway identifier. Present in heartbeat requests; omitted when a gateway registers for the first time.

---

2310-2321: List-level description mentions “APIs”, not acknowledgements

The list wrapper is for GatewayDeploymentStatusAcknowledgment objects but the wording re-uses copy from unrelated API list schemas.

-          description: |
-            Number of APIs returned.
+          description: |
+            Number of deployment-status acknowledgements returned.

---

2323-2358: Consider making revisionId required for DEPLOY/UNDEPLOY actions

When action is DEPLOY or UNDEPLOY, the revisionId uniquely identifies the revision being operated on and is necessary for idempotent processing.
Making it mandatory (or modelling two variants with oneOf) would enable early validation and reduce server-side error handling.

No change required if the implementation gracefully handles a missing revisionId, but stronger schema constraints would improve contract robustness.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c63b58f and e584eb5.

⛔ Files ignored due to path filters (4)

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/gen/java/org/wso2/carbon/apimgt/internal/service/NotifyGatewayApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/EnvironmentsApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/GatewayInstanceDTO.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIRevisionDeploymentDTO.java is excluded by !**/gen/**

📒 Files selected for processing (33)

• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java (5 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java (4 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256 (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql (1 hunks)
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml

🚧 Files skipped from review as they are similar to previous changes (25)

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/test/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListenerTest.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyApiDeploymentStatusApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql
• components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/java/org/wso2/carbon/apimgt/internal/service/impl/NotifyGatewayApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.default.json
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/GatewayManagementDAO.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/health/GatewayNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/GatewayNotificationConfiguration.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java
• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/conf_templates/org.wso2.carbon.apimgt.core.unit-resolve.json
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/EnvironmentsApiServiceImpl.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/internal/APIManagerComponent.java
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql
• features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql

🧰 Additional context used

🧠 Learnings (35)

📓 Common learnings

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration class, all fields including nested configuration objects (HeartbeatConfiguration, DeploymentAcknowledgementConfiguration, RegistrationConfiguration, GatewayCleanupConfiguration) are initialized with default values at field declaration level, ensuring that getGatewayNotificationConfiguration() and all its nested getters never return null.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:81-87
Timestamp: 2025-07-30T13:59:48.856Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration, all nested configuration objects including GatewayCleanupConfiguration are initialized with default values at field declaration level, and the configuration parsing only updates existing values through setters, ensuring that null checks are unnecessary as the objects are guaranteed to be non-null.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

📚 Learning: for fire-and-forget api mechanisms like `/notify-api-deployment-status` in wso2 carbon api manager, ...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1180-1202
Timestamp: 2025-07-29T03:22:44.306Z
Learning: For fire-and-forget API mechanisms like `/notify-api-deployment-status` in WSO2 Carbon API Manager, lightweight response schemas (simple status objects) are preferred over echoing back potentially large request payloads like GatewayDeploymentStatusAcknowledgmentList, as the primary purpose is acknowledgment rather than data exchange.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager's gatewaynotificationconfiguration class, all fields including nested con...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration class, all fields including nested configuration objects (HeartbeatConfiguration, DeploymentAcknowledgementConfiguration, RegistrationConfiguration, GatewayCleanupConfiguration) are initialized with default values at field declaration level, ensuring that getGatewayNotificationConfiguration() and all its nested getters never return null.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

📚 Learning: in wso2 carbon api manager's apimanagerconfiguration class, the gatewaynotificationconfiguration fie...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's APIManagerConfiguration class, the gatewayNotificationConfiguration field is initialized with a new GatewayNotificationConfiguration() instance during object construction, making getGatewayNotificationConfiguration() guaranteed to never return null. The configuration parsing only updates existing values through setters rather than replacing the entire object.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager's apimanagerconfiguration class, the gatewaynotificationconfiguration fie...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:76-79
Timestamp: 2025-07-30T14:01:04.162Z
Learning: In WSO2 Carbon API Manager's APIManagerConfiguration class, the gatewayNotificationConfiguration field is initialized as "new GatewayNotificationConfiguration()" at field declaration level, making getGatewayNotificationConfiguration() guaranteed to never return null. The GatewayNotificationConfiguration class also initializes all its nested configuration objects with default values at field declaration level.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

📚 Learning: in wso2 carbon api manager am_gw_revision_deployment table design, only one revision can be deployed...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2961-2971
Timestamp: 2025-07-28T14:36:35.061Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, only one revision can be deployed per API per gateway at any given time, making the primary key (GATEWAY_ID, API_ID) appropriate without including the revision identifier in the primary key.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager's gateway notification system, the heartbeat payload can serve dual purpo...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:2255-2281
Timestamp: 2025-07-28T02:36:45.367Z
Learning: In WSO2 Carbon API Manager's gateway notification system, the heartbeat payload can serve dual purposes - both as a regular heartbeat and as a registration mechanism when needed. This design choice makes gatewayId optional in the unified NotifyGatewayPayload schema, allowing heartbeat requests to function as registration if required.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager's gatewaynotificationconfiguration, all nested configuration objects incl...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:81-87
Timestamp: 2025-07-30T13:59:48.856Z
Learning: In WSO2 Carbon API Manager's GatewayNotificationConfiguration, all nested configuration objects including GatewayCleanupConfiguration are initialized with default values at field declaration level, and the configuration parsing only updates existing values through setters, ensuring that null checks are unnecessary as the objects are guaranteed to be non-null.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

📚 Learning: in wso2 carbon api manager am_gw_revision_deployment table design, when a foreign key for api_id ref...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql:4208-4217
Timestamp: 2025-07-27T19:20:51.530Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table design, when a foreign key for API_ID referencing AM_API(API_UUID) is added, it establishes proper referential integrity for tracking API revision deployments across gateway instances.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager am_gw_instances table, the last_updated column stores the deployment ackn...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql:2946-2952
Timestamp: 2025-07-28T13:36:36.027Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCES table, the LAST_UPDATED column stores the deployment acknowledgment timestamp from gateway notification payloads, not the database insertion time. It should not have DEFAULT CURRENT_TIMESTAMP as the timestamp comes from the gateway's heartbeat/notification message and must be set explicitly by the application code.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager's gatewayvalidationscheduler, the gatewaycleanupconfiguration is guarante...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:81-87
Timestamp: 2025-07-30T13:59:48.856Z
Learning: In WSO2 Carbon API Manager's GatewayValidationScheduler, the gatewayCleanupConfiguration is guaranteed to be non-null because GatewayNotificationConfiguration initializes it with default values in the constructor, and the configuration parsing only updates existing values rather than setting them to null.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

📚 Learning: when reviewing refactored/moved code in wso2 carbon api manager, if pre-existing issues are found th...

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:249-257
Timestamp: 2025-06-18T10:07:41.656Z
Learning: When reviewing refactored/moved code in WSO2 Carbon API Manager, if pre-existing issues are found that are outside the scope of the current PR (like code moves/refactoring), the team creates separate GitHub issues to track fixes rather than addressing them in the refactoring PR. This helps maintain focused PR scope.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager, the validateandschedulefederatedgatewayapidiscovery method should not th...

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:0-0
Timestamp: 2025-07-19T14:47:03.856Z
Learning: In WSO2 Carbon API Manager, the validateAndScheduleFederatedGatewayAPIDiscovery method should not throw exceptions or perform a null check on the environment parameter, as errors are only logged and the environment is validated earlier in the call chain to avoid impacting server startup.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon apimgt gateway service, when checking if registry properties should be updated in the...

Learnt from: Oshanath
PR: wso2/carbon-apimgt#13117
File: components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java:0-0
Timestamp: 2025-05-26T06:53:40.902Z
Learning: In WSO2 Carbon APIMGT gateway service, when checking if registry properties should be updated in the shouldUpdateRegistry method: if the secure vault resource doesn't exist in the registry, an exception should be thrown (not a graceful return true). The registry should only be updated (return true) when the secure vault exists but the specific property doesn't exist within it.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

📚 Learning: in the wso2 api manager codebase, the input to the `createcanonicalquerystring` method in `apiutil.j...

Learnt from: nimsara66
PR: wso2/carbon-apimgt#13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java:11919-11923
Timestamp: 2025-06-30T06:27:48.390Z
Learning: In the WSO2 API Manager codebase, the input to the `createCanonicalQueryString` method in `APIUtil.java` is already URL encoded, so additional encoding within this method is not required and should be avoided to prevent double encoding.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java

📚 Learning: in the wso2 carbon api manager repository, `components/apimgt/org.wso2.carbon.apimgt.rest.api.common...

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml:12880-12892
Timestamp: 2025-07-20T17:30:51.843Z
Learning: In the WSO2 Carbon API Manager repository, `components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml` is an automated copy file; changes should be made in the original source file, not in this generated copy.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: when reviewing code movement/refactoring prs, if logical issues are discovered in the moved code tha...

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java:3454-3476
Timestamp: 2025-06-18T09:51:26.533Z
Learning: When reviewing code movement/refactoring PRs, if logical issues are discovered in the moved code that existed before the refactoring, it's appropriate to defer fixing them to a separate effort with proper issue tracking, rather than expanding the scope of the refactoring PR.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager, the federatedapidiscovery abstract class internally manages scheduler li...

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java:75-111
Timestamp: 2025-07-17T13:51:10.322Z
Learning: In WSO2 Carbon API Manager, the FederatedAPIDiscovery abstract class internally manages scheduler lifecycle with a thread pool executor and concurrent map of scheduled tasks keyed by environment name, including a shutdown() method for cleanup. External storage of these instances is not required as the lifecycle management is handled within the abstract class itself.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java

📚 Learning: in the wso2 carbon api manager internal service api specification (api.yaml), not all endpoints incl...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml:1126-1166
Timestamp: 2025-08-04T03:03:47.989Z
Learning: In the WSO2 Carbon API Manager internal service API specification (api.yaml), not all endpoints include the xWSO2Tenant header parameter. Several endpoints like /block, /revokedjwt, /apis/deployed-revisions, /notify, and /correlation-configs do not include this parameter, making it acceptable for some internal service endpoints to omit the xWSO2Tenant header without breaking consistency.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in the wso2 carbon api manager repository, sample bearer tokens used in openapi yaml documentation (...

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml:0-0
Timestamp: 2025-08-03T09:31:12.930Z
Learning: In the WSO2 Carbon API Manager repository, sample bearer tokens used in OpenAPI YAML documentation (e.g., in cURL examples) are not considered a Gitleaks issue unless they are actually flagged by the tool.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager am_gw_instance_env_mapping table, the primary key is defined as just (gat...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager AM_GW_INSTANCE_ENV_MAPPING table, the primary key is defined as just (GATEWAY_ID), which allows only one environment label per gateway. If multiple environment labels per gateway are needed, the primary key should be (GATEWAY_ID, ENV_LABEL).

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager database design, biyonfernando prefers using string-based varchar columns...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T14:23:12.679Z
Learning: In WSO2 Carbon API Manager database design, BiyonFernando prefers using string-based VARCHAR columns over normalized lookup tables for fields like STATUS in gateway-related tables, prioritizing implementation simplicity and maintainability over complex normalization structures.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in the wso2 carbon api manager openapi schema, the `modelprovider` object's `name` property refers t...

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13144
File: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml:13034-13046
Timestamp: 2025-08-03T18:53:40.759Z
Learning: In the WSO2 Carbon API Manager OpenAPI schema, the `ModelProvider` object's `name` property refers to the model provider's name (not vendor), and should remain as `name` for consistency and correctness.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager am_gw_revision_deployment table, the column name revision_uuid is used co...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:3179-3189
Timestamp: 2025-07-28T18:53:01.550Z
Learning: In WSO2 Carbon API Manager AM_GW_REVISION_DEPLOYMENT table, the column name REVISION_UUID is used consistently across all database types (PostgreSQL, MySQL, Oracle, MSSQL, DB2, H2), not REVISION_ID. This column stores the revision identifier for tracking API revision deployments.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: the new `/tenant-info` get endpoint in the internal service api has proper response documentation in...

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:55:13.824Z
Learning: The new `/tenant-info` GET endpoint in the internal service API has proper response documentation in the OpenAPI specification, including a 200 response that references the `TenantInfoList` schema.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager database schema, when creating foreign key relationships between am_revis...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3894-3903
Timestamp: 2025-07-27T19:20:05.981Z
Learning: In WSO2 Carbon API Manager database schema, when creating foreign key relationships between AM_REVISION and AM_GW_REVISION_DEPLOYMENT tables, do not use CASCADE DELETE on the REVISION_ID foreign key. Revision records should not cascade delete deployment records because deployment history and current deployment state information should be preserved even if the revision record needs to be cleaned up. The relationship should prevent deletion of revisions that have active deployments, not cascade the deletion to deployment records.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml
• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java
• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: the new `/tenant-info` get endpoint in the internal service api is different from existing `/tenant-...

Learnt from: tharindu1st
PR: wso2/carbon-apimgt#13092
File: components/apimgt/org.wso2.carbon.apimgt.internal.service/.openapi-generator/api.yaml.sha256:0-0
Timestamp: 2025-05-26T07:46:05.429Z
Learning: The new `/tenant-info` GET endpoint in the internal service API is different from existing `/tenant-info/{username}` endpoints in other APIs. The new endpoint accepts filter parameters and returns lists of tenants, while the existing endpoints are for user-specific tenant information.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml

📚 Learning: in the gatewayvalidationscheduler class, the data retention cleanup is handled at the data insertion...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java:137-163
Timestamp: 2025-07-28T14:26:37.464Z
Learning: In the GatewayValidationScheduler class, the data retention cleanup is handled at the data insertion location rather than in the periodic GatewayValidationTask. The scheduler task only handles marking gateways as expired based on heartbeat inactivity.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java

📚 Learning: in wso2 carbon api manager, scheduler.scheduleatfixedrate calls are not typically wrapped in try-cat...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayCleanupScheduler.java:0-0
Timestamp: 2025-07-28T03:41:10.644Z
Learning: In WSO2 Carbon API Manager, scheduler.scheduleAtFixedRate calls are not typically wrapped in try-catch blocks, following a consistent pattern across the codebase. This design decision prioritizes consistency with existing scheduler implementations over additional error handling.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java

📚 Learning: functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with cu...

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/AsyncApiParserUtil.java:51-60
Timestamp: 2025-06-18T11:14:40.788Z
Learning: Functions in org.wso2.carbon.apimgt.spec.parser may be maintained for backward compatibility with custom workflows, even if they're not actively used in the core codebase.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

📚 Learning: in wso2 carbon api manager callout service implementations, error messages should reference the actu...

Learnt from: nimsara66
PR: wso2/carbon-apimgt#13158
File: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AWSBedrockGuardrailProviderServiceImpl.java:110-111
Timestamp: 2025-06-30T08:32:41.219Z
Learning: In WSO2 Carbon API Manager callout service implementations, error messages should reference the actual parameter names/keys that callers provide in configuration maps, not the internal variable names used in the method implementation. This helps users understand what they need to configure.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

📚 Learning: in wso2 carbon api manager database schema, the am_gw_instances table's env_labels column has been p...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql:0-0
Timestamp: 2025-07-28T13:25:39.885Z
Learning: In WSO2 Carbon API Manager database schema, the AM_GW_INSTANCES table's ENV_LABELS column has been properly normalized by creating a separate AM_GW_INSTANCE_ENV_MAPPING table that establishes a one-to-many relationship between gateway instances and environment labels, improving referential integrity and query performance.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager, environment names are unique keys across the entire system, making it sa...

Learnt from: AnuGayan
PR: wso2/carbon-apimgt#13182
File: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/FederatedAPIDiscovery.java:45-45
Timestamp: 2025-07-19T14:55:09.461Z
Learning: In WSO2 Carbon API Manager, environment names are unique keys across the entire system, making it safe to use them as keys in static maps for managing shared resources like scheduled discovery tasks without risk of conflicts between different instances.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in the graphqlschemadefinition class (and potentially other areas of the wso2 api manager codebase),...

Learnt from: thisaltennakoon
PR: wso2/carbon-apimgt#13149
File: components/apimgt/org.wso2.carbon.apimgt.spec.parser/src/main/java/org/wso2/carbon/apimgt/spec/parser/definitions/GraphQLSchemaDefinition.java:262-276
Timestamp: 2025-06-18T10:07:57.821Z
Learning: In the GraphQLSchemaDefinition class (and potentially other areas of the WSO2 API Manager codebase), template.getAuthType() can return null, which creates NPE risks when calling .equalsIgnoreCase() on the result. This specific issue has been tracked in https://github.com/wso2/api-manager/issues/3971.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

📚 Learning: in wso2 carbon api manager, biyonfernando prefers storing json data in blob columns as it can be vis...

Learnt from: BiyonFernando
PR: wso2/carbon-apimgt#13191
File: features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql:3885-3891
Timestamp: 2025-07-28T13:03:45.797Z
Learning: In WSO2 Carbon API Manager, BiyonFernando prefers storing JSON data in BLOB columns as it can be visualized from DB clients, rather than using CLOB for human-readable text storage.

Applied to files:

• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

🪛 Gitleaks (8.27.2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml

2080-2080: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-product (4, group4)
• GitHub Check: build-product (1, group1)
• GitHub Check: build-product (3, group3)
• GitHub Check: run-benchmark-test
• GitHub Check: build-product (2, group2)
• GitHub Check: build-carbon

🔇 Additional comments (7)

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/scheduler/GatewayValidationScheduler.java (1)

130-156: LGTM - Task implementation follows established design.

The cleanup task correctly focuses on marking expired gateways based on heartbeat inactivity. The implementation properly handles configuration access, timestamp calculations, DAO interactions, and error handling.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java (1)

3291-3293: LGTM!

The new constants for gateway-related organization deletion operations follow the established naming patterns and integrate well with the existing constants.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/DeploymentStatusNotifier.java (2)

199-227: LGTM! Queue capacity limits properly implemented.

The implementation correctly addresses the unbounded queue growth concern by:

• Checking the return value of offer() to detect when queue is full
• Logging detailed error messages with current and max queue sizes
• Preventing memory exhaustion by dropping jobs when queue reaches capacity

---

311-320: LGTM! Resource management properly implemented.

The implementation correctly handles resources by:

• Using nested try-with-resources blocks for both CloseableHttpResponse and InputStream
• Reading response content only once through the InputStream
• Ensuring all resources are properly closed

This addresses the previous concerns about resource leaks and double-reading of response content.

components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml (1)

5390-5394: Confirm status vocabulary matches runtime values

The schema exposes ACTIVE | EXPIRED, whereas earlier discussions (and other status-style enums) mentioned INACTIVE or STALE.
Please verify the backend actually emits only these two literals to avoid contract drift.
If additional states are possible, expand the enum here before it becomes locked-in.

components/apimgt/org.wso2.carbon.apimgt.internal.service/src/main/resources/api.yaml (2)

1126-1165: Add tenant header to keep multi-tenant contract intact

Neither /notify-gateway nor its response model carries tenant context.
Most internal-service endpoints that can be called by multiple tenants include xWSO2Tenant (see /keymanagers, /apis, …). Omitting it here forces implementers to rely on out-of-band mechanisms to determine tenant, which breaks the uniform contract the spec already follows elsewhere.

     post:
+      parameters:
+        - $ref: '#/components/parameters/requestedTenant'

Aligning the new endpoint with the existing pattern avoids surprises for SDK generators and consumers.

---

1166-1208: Repeat the tenant header for the deployment-status endpoint

For the same reason as the previous comment, include the shared requestedTenant parameter on /notify-api-deployment-status to preserve consistency and avoid implicit tenant resolution.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify thread pool configuration values for the batch processor.

The batch processor thread pool is configured with:

• Min threads: 2
• Max threads: 8
• Queue size: 50

Please verify these values are appropriate for the expected gateway notification load in production environments.

---

🌐 Web query:

What are the recommended thread pool configuration values for batch processing in high-throughput systems, specifically for min/max threads and queue size?

💡 Result:

Recommended thread pool configuration values for batch processing in high-throughput systems depend on whether your tasks are CPU-intensive or I/O-intensive, but the key is to balance throughput, latency, and resource usage while preventing overload or resource exhaustion.

Thread Pool Size (min/max threads):

• For CPU-intensive batch tasks: Set the pool size (min and max) to the number of CPU cores (N) or cores + 1—this ensures maximum CPU utilization without excessive context switching[1][2][5].

• For I/O-intensive batch tasks: Configure the pool to 2N or higher, as threads spend significant time waiting for I/O, and more threads can be used without exhausting the CPU. Some sources even suggest experimenting with higher multiples of N for highly asynchronous workloads[1][5].

• General best practice: Start with corePoolSize = N or 2N depending on workload, and adjust maximumPoolSize upward only if you see underutilization and no resource contention; avoid "unbounded" thread pools as they easily lead to resource exhaustion[1][9][10].

Queue Size:

• Batch processing with high throughput: Use a bounded queue to buffer tasks; an unbounded queue may eventually exhaust system memory and is not recommended in most scenarios[1][7][5].
• Queue sizing tip: The optimal queue size can be estimated using Little’s Law:

  L = λ * W
  

  where L is the number of parallel tasks (queue + active), λ is the average task arrival rate, and W is the average execution time[5]. Set the queue size based on the maximum number of pending tasks the system can handle without excessive memory or latency.

Example Recommendations:

• For a machine with 16 CPU cores performing I/O-bound batch processing:
  • corePoolSize: 32 (2 x CPUs)
  • maxPoolSize: 32–64 (test for appropriate scaling)
  • queueCapacity: 1000–5000 (monitor memory and task wait time to fine-tune)[1][5][8][9]
• For a CPU-bound batch ETL job on an 8-core server:
  • corePoolSize: 8–9
  • maxPoolSize: 8–10
  • queueCapacity: 100–500

Other Considerations:

• For latency-sensitive workloads, increase the thread count and decrease queue size; for pure throughput, buffer with a larger queue and set thread count to available resources[1][3][5].
• Monitor thread pool metrics in production (active threads, queue wait time, queue size) and adjust conservatively if you observe saturation, high latencies, or frequent application-level throttling/rejection[5][6][8].
• Never set queue size to unbounded for batch; this risks out-of-memory errors and unpredictable latencies[7].

Summary Table:

Workload Type	corePoolSize	maxPoolSize	queueCapacity
CPU-intensive	N or (N+1)	N or (N+1)	Small (<1000)
I/O-intensive	2N or higher	2N–4N (test upper bound)	Moderate (500–5000)
High-throughput batch	As above, balance to avoid overload	As above	Bounded only

Always validate configuration through load testing under production-like conditions before deploying to live workloads[5][9][6][8].

Citations:

• 1: https://www.alibabacloud.com/blog/java-thread-pool-implementation-and-best-practices-in-business-applications_601528
• 2: https://pythonspeed.com/articles/two-thread-pools/
• 3: https://www.alibabacloud.com/blog/601528
• 4: https://docs.oracle.com/middleware/12213/wls/PERFM/wls_tuning.htm
• 5: https://engineering.zalando.com/posts/2019/04/how-to-set-an-ideal-thread-pool-size.html
• 6: https://blog.devops.dev/how-to-determine-java-thread-pool-size-a-comprehensive-guide-4f73a4758273
• 7: https://discuss.elastic.co/t/change-threadpool-queue-size-for-batch-process/110788
• 8: https://discuss.elastic.co/t/thread-pool-configuration-max-thread-pool-size/228089
• 9: https://softwaremill.com/threadpools-executors-and-java/
• 10: https://openliberty.io/docs/latest/thread-pool-tuning.html

---

Adjust batch‐processor thread‐pool settings to match workload and available cores

The hard-coded values in
components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
(lines ~3503–3507)
may be too low for high-throughput or I/O-bound workloads. Rather than 2/8 threads with a 50-task queue, configure based on CPU cores (N) and task characteristics:

• For CPU-bound work:
– corePoolSize ≈ N (or N+1)
– maxPoolSize ≈ N (or N+1)
– queueCapacity: modest (e.g. < 1000)

• For I/O-bound/high-throughput work:
– corePoolSize ≈ 2 × N
– maxPoolSize ≈ 2 × N up to 4 × N (tuned under load)
– queueCapacity: bounded moderate (500–5 000), based on λ×W

• Always avoid unbounded queues; monitor active threads, queue wait times, and adjust conservatively under production load.

Recommendation:

1. Externalize these constants to config (e.g. system properties or deployment files).
2. Initialize thread counts at runtime using Runtime.getRuntime().availableProcessors().
3. Perform load tests under expected gateway notification rates to fine-tune corePoolSize, maxPoolSize, and queueSize.

🤖 Prompt for AI Agents

In
components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
around lines 3503 to 3507, the batch processor thread pool settings are
hard-coded and may not suit all workloads. Refactor these constants to be
configurable via external configuration such as system properties or deployment
files. Modify the initialization to dynamically set corePoolSize and maxPoolSize
based on Runtime.getRuntime().availableProcessors(), adjusting queue size
accordingly. Ensure the configuration supports tuning for CPU-bound or I/O-bound
workloads and avoid unbounded queues by setting reasonable limits. Finally,
recommend load testing to fine-tune these values under expected production
conditions.

[coderabbitai]

🛠️ Refactor suggestion

Add missing Accept header & drop atypical 400 to match contract of all other collection GETs

Every collection‐level GET in this spec advertises an optional Accept header and omits 400.
This fresh /environments/{environmentId}/gateways operation diverges from that convention, which breaks client uniformity and Swagger-codegen templates that rely on a stable surface.

       parameters:
         - $ref: '#/components/parameters/environmentId'
+        - $ref: '#/components/parameters/Accept'

@@
-        400:
-          $ref: '#/components/responses/BadRequest'

While touching the block, consider lower-casing “gateway Instances” in the description to avoid mid-sentence capitalisation drift.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	/environments/{environmentId}/gateways:
	get:
	tags:
	- Environments
	summary: Get Gateway Instances in a Gateway Environment
	description: |
	Retrieve list of gateway Instances in the gateway environment.
	parameters:
	- $ref: '#/components/parameters/environmentId'
	responses:
	200:
	description: |
	OK.
	List of gateway Instances in the gateway environment returned
	headers:
	Content-Type:
	description: |
	The content type of the body.
	schema:
	type: string
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/GatewayInstanceList'
	400:
	$ref: '#/components/responses/BadRequest'
	404:
	$ref: '#/components/responses/NotFound'
	406:
	$ref: '#/components/responses/NotAcceptable'
	security:
	- OAuth2Security:
	- apim:admin
	- apim:environment_read
	x-code-samples:
	/environments/{environmentId}/gateways:
	get:
	tags:
	- Environments
	summary: Get Gateway Instances in a Gateway Environment
	description: |
	Retrieve list of gateway Instances in the gateway environment.
	parameters:
	- $ref: '#/components/parameters/environmentId'
	- $ref: '#/components/parameters/Accept'
	responses:
	200:
	description: |
	OK.
	List of gateway Instances in the gateway environment returned
	headers:
	Content-Type:
	description: |
	The content type of the body.
	schema:
	type: string
	content:
	application/json:
	schema:
	$ref: '#/components/schemas/GatewayInstanceList'
	404:
	$ref: '#/components/responses/NotFound'
	406:
	$ref: '#/components/responses/NotAcceptable'
	security:
	- OAuth2Security:
	- apim:admin
	- apim:environment_read
	x-code-samples:

🤖 Prompt for AI Agents

In
components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml
between lines 2044 and 2078, add an optional Accept header parameter to the GET
/environments/{environmentId}/gateways operation to align with other collection
GETs, and remove the 400 response to maintain consistency with the spec. Also,
update the description text to use lowercase "gateway instances" instead of
"gateway Instances" for consistent capitalization.