Add alert service to block tenants

[ThaminduR]

$subject

[wso2-engineering]

Log Improvement Suggestion No: 1

Suggested change

	*/
	public JSExecutionAlert(String tenantDomain, String serviceProvider, AlertType alertType,
	long resourceValue, long threshold, String threadName) {
	this.tenantDomain = tenantDomain;
	this.serviceProvider = serviceProvider;
	this.alertType = alertType;
	this.resourceValue = resourceValue;
	this.threshold = threshold;
	this.threadName = threadName;
	this.timestamp = System.currentTimeMillis();
	public JSExecutionAlert(String tenantDomain, String serviceProvider, AlertType alertType,
	long resourceValue, long threshold, String threadName) {
	if (log.isDebugEnabled()) {
	log.debug("Creating JS execution alert for tenant: " + tenantDomain + ", SP: " + serviceProvider +
	", alert type: " + alertType + ", resource value: " + resourceValue +
	", threshold: " + threshold);
	}
	this.tenantDomain = tenantDomain;
	this.serviceProvider = serviceProvider;
	this.alertType = alertType;
	this.resourceValue = resourceValue;
	this.threshold = threshold;
	this.threadName = threadName;
	this.timestamp = System.currentTimeMillis();
	}

[wso2-engineering]

Log Improvement Suggestion No: 2

Suggested change

	* Create a new instance of JSExecutionEnforcer by loading configuration from the system.
	*
	* @return A new instance of JSExecutionEnforcer with loaded configuration.
	*/
	public static JSExecutionEnforcer createFromConfiguration() {
	int maxViolationsPerTenant = loadMaxViolationsPerTenant();
	long violationWindowInMillis = loadViolationWindow();
	long blockDurationInMillis = loadBlockDuration();
	long criticalMemoryLimit = loadCriticalMemoryLimit();
	if (LOG.isDebugEnabled()) {
	LOG.debug(String.format("Initialized JS Execution Alert Service with config: " +
	public static JSExecutionEnforcer createFromConfiguration() {
	int maxViolationsPerTenant = loadMaxViolationsPerTenant();
	long violationWindowInMillis = loadViolationWindow();
	long blockDurationInMillis = loadBlockDuration();
	long criticalMemoryLimit = loadCriticalMemoryLimit();
	LOG.info(String.format("Initializing JSExecutionEnforcer with configuration: maxViolationsPerTenant=%d, " +
	"violationWindow=%dms, blockDuration=%dms, criticalMemoryLimit=%d bytes",
	maxViolationsPerTenant, violationWindowInMillis, blockDurationInMillis, criticalMemoryLimit));

[wso2-engineering]

Log Improvement Suggestion No: 3

Suggested change

	long expiryThreshold = currentTime - violationWindowInMillis;
	private void cleanupExpiredAlerts() {
	if (LOG.isDebugEnabled()) {
	LOG.debug("Starting cleanup of expired alerts and blocks");
	}

[wso2-engineering]

Log Improvement Suggestion No: 4

Suggested change

	public void setExecutionEnforcer(JSExecutionEnforcer executionEnforcer) {
	this.executionEnforcer = executionEnforcer;
	}
	public void setExecutionEnforcer(JSExecutionEnforcer executionEnforcer) {
	this.executionEnforcer = executionEnforcer;
	if (log.isDebugEnabled()) {
	log.debug("JSExecutionEnforcer has been set for monitoring script executions.");
	}
	}

[wso2-engineering]

Log Improvement Suggestion No: 5

Suggested change

	// Push alert to the enforcer.
	if (executionEnforcer != null) {
	long threshold = (monitorType == MONITOR_TYPE_TIME) ? timeoutInMillis : memoryLimitInBytes;
	JSExecutionAlert alert = new JSExecutionAlert(tenantDomain, serviceProvider, alertType,
	consumedResourceValue, threshold, originalThread.getName());
	executionEnforcer.pushAlert(alert);
	}
	// Push alert to the enforcer.
	if (executionEnforcer != null) {
	long threshold = (monitorType == MONITOR_TYPE_TIME) ? timeoutInMillis : memoryLimitInBytes;
	JSExecutionAlert alert = new JSExecutionAlert(tenantDomain, serviceProvider, alertType,
	consumedResourceValue, threshold, originalThread.getName());
	executionEnforcer.pushAlert(alert);
	if (log.isDebugEnabled()) {
	log.debug(String.format("Pushed %s alert for service provider: %s, tenant: %s",
	alertType, serviceProvider, tenantDomain));
	}
	}

[wso2-engineering]

Log Improvement Suggestion No: 6

Suggested change

	* @param violationCount The new violation count.
	*/
	public void updateViolationCount(String tenantDomain, int violationCount) {
	public void updateViolationCount(String tenantDomain, int violationCount) {
	if (LOG.isInfoEnabled()) {
	LOG.info(String.format("Updating violation count for tenant: %s to %d", tenantDomain, violationCount));
	}
	try {

[wso2-engineering]

Log Improvement Suggestion No: 7

Suggested change

	resourceAdd.setName(tenantDomain);
	resourceAdd.setAttributes(attributes);
	getConfigurationManager().replaceResource(RESOURCE_TYPE_NAME, resourceAdd);
	LOG.info(String.format("Successfully updated violation count for tenant %s: %d", tenantDomain, violationCount));
	if (LOG.isDebugEnabled()) {

[wso2-engineering]

Log Improvement Suggestion No: 8

Suggested change

	JSExecutionEnforcer jsExecutionEnforcer =
	FrameworkServiceDataHolder.getInstance().getJsExecutionSupervisor().getExecutionEnforcer();
	if (jsExecutionEnforcer.isTenantBlocked(PrivilegedCarbonContext.getThreadLocalCarbonContext()
	JSExecutionEnforcer jsExecutionEnforcer =
	FrameworkServiceDataHolder.getInstance().getJsExecutionSupervisor().getExecutionEnforcer();
	if (jsExecutionEnforcer.isTenantBlocked(PrivilegedCarbonContext.getThreadLocalCarbonContext()
	.getTenantDomain())) {
	log.warn("Authentication blocked for tenant {} due to adaptive script execution violations.",
	PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain());

[wso2-engineering]

Log Improvement Suggestion No: 9

Suggested change

	FrameworkServiceDataHolder.getInstance()
	.setJsExecutionSupervisor(new JSExecutionSupervisor(threadCount, timeOutEnabled, timeoutInMillis,
	memoryLimitInBytes));
	FrameworkServiceDataHolder.getInstance()
	.setJsExecutionSupervisor(new JSExecutionSupervisor(threadCount, timeOutEnabled, timeoutInMillis,
	memoryLimitInBytes));
	log.info("JS execution supervisor initialized with threadCount: " + threadCount + ", timeoutEnabled: " + timeOutEnabled + ", timeout: " + timeoutInMillis + "ms");

[wso2-engineering]

Log Improvement Suggestion No: 10

Suggested change

	// Initialize JS execution alert service.
	JSExecutionEnforcer executionEnforcer = JSExecutionEnforcer.createFromConfiguration();
	FrameworkServiceDataHolder.getInstance().getJsExecutionSupervisor().setExecutionEnforcer(executionEnforcer);
	// Initialize JS execution alert service.
	JSExecutionEnforcer executionEnforcer = JSExecutionEnforcer.createFromConfiguration();
	FrameworkServiceDataHolder.getInstance().getJsExecutionSupervisor().setExecutionEnforcer(executionEnforcer);
	log.info("JS execution enforcer initialized and configured");

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2
#### Log Improvement Suggestion No: 3
#### Log Improvement Suggestion No: 4
#### Log Improvement Suggestion No: 5
#### Log Improvement Suggestion No: 6
#### Log Improvement Suggestion No: 7
#### Log Improvement Suggestion No: 8
#### Log Improvement Suggestion No: 9
#### Log Improvement Suggestion No: 10

[Copilot]

Comment does not start with a capital letter. Update to: "Default tracking window set to 30 seconds."

[Copilot]

Comment does not start with a capital letter. Update to: "Critical memory limit set to 500MB by default."

[Copilot]

Comment does not start with a capital letter and does not end with a period. Update to: "Initialize JS execution alert service."

[Copilot]

Comment does not start with a capital letter. Update to: "Resource type for JS execution alerts."

[Copilot]

Comment does not start with a capital letter. Update to: "Attribute keys."

[Copilot]

Missing docstring for public method getAlertCount. Add a docstring describing the method's purpose, parameters, and return value.

[Copilot]

Missing docstring for public method clearAlerts. Add a docstring describing the method's purpose and parameters.

[Copilot]

Missing docstring for public method blockTenant. Add a docstring describing the method's purpose and parameters.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

❌ Patch coverage is 3.27869% with 295 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.55%. Comparing base (8aa24f2) to head (454af50).
⚠️ Report is 21 commits behind head on master.

Files with missing lines	Patch %	Lines
...mework/config/model/graph/JSExecutionEnforcer.java	0.00%	156 Missing ⚠️
...ework/config/model/graph/TenantViolationStore.java	0.00%	103 Missing ⚠️
...framework/config/model/graph/JSExecutionAlert.java	15.00%	17 Missing ⚠️
...work/config/model/graph/JSExecutionSupervisor.java	36.84%	9 Missing and 3 partials ⚠️
...andler/request/impl/DefaultRequestCoordinator.java	0.00%	5 Missing ⚠️
.../framework/internal/FrameworkServiceComponent.java	0.00%	2 Missing ⚠️

❌ Your patch check has failed because the patch coverage (3.27%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #7574      +/-   ##
============================================
- Coverage     50.57%   50.55%   -0.03%     
+ Complexity    19117    18936     -181     
============================================
  Files          2094     2097       +3     
  Lines        122790   122950     +160     
  Branches      25559    25551       -8     
============================================
+ Hits          62106    62152      +46     
- Misses        52722    52815      +93     
- Partials       7962     7983      +21     

Flag	Coverage Δ
unit	35.17% <3.27%> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.