[localserver] get messages history

[capcom6]

Summary by CodeRabbit

• New Features

  • Added a new API endpoint to retrieve messages with filtering by processing state, date range, device ID, and pagination options.
  • Responses now include total message count in the X-Total-Count header.
  • Enhanced message data returned by endpoints to include recipient states, encryption status, and detailed state history.
  • Introduced message counting and selection capabilities with flexible filtering and pagination.
  • Added support for webhook configurations and detailed logging entries.

• Improvements

  • Improved database performance with new composite indices for message queries.
  • Streamlined internal message data structures for consistency across endpoints.
  • Updated database schema to version 15 with expanded message and recipient tracking.
  • Refined message query methods for more accurate and efficient data retrieval.

• Bug Fixes

  • Corrected message statistics queries to use the appropriate timestamp field for filtering.

[github-actions]

🤖 Pull request artifacts

file	commit
app-release.apk	254865c
app-release.aab	254865c

[coderabbitai]

Walkthrough

This change upgrades the SMS gateway application's database schema to version 15, introducing new tables, indices, and relationships. It adds query and pagination methods for messages, updates entity indices, and refactors domain models and API routes for message retrieval and response. Several type aliases and class definitions are introduced or replaced for domain message representations.

Changes

Cohort / File(s)	Change Summary
Database Schema Update app/schemas/me.capcom.smsgateway.data.AppDatabase/15.json	Adds schema version 15 with new tables (Message, MessageRecipient, RecipientState, MessageState, WebHook, logs_entries), indices, foreign keys, and schema identity tracking.
Room Database Versioning app/src/main/java/me/capcom/smsgateway/data/AppDatabase.kt, app/src/main/java/me/capcom/smsgateway/data/Migrations.kt	Increments Room DB version to 15, adds auto-migration from 14 to 15, and appends a newline in Migrations.kt.
Message Entity Indices app/src/main/java/me/capcom/smsgateway/data/entities/Message.kt	Updates entity indices: removes single-column index on state, adds composite indices on (state, processedAt) and (state, createdAt).
DAO Enhancements app/src/main/java/me/capcom/smsgateway/data/dao/MessagesDao.kt	Adds methods for counting and selecting messages with filters and pagination; corrects a query to use processedAt instead of createdAt.
Service Layer Extensions app/src/main/java/me/capcom/smsgateway/modules/messages/MessagesService.kt	Adds methods for counting and selecting messages with source, state, date range, limit, and offset filters.
Domain Model Refactor app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/Message.kt, app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/GetMessagesResponse.kt, app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/PostMessageResponse.kt	Introduces Message class and nested Recipient class; adds type aliases for response types; removes now-redundant data classes in favor of domain model reuse.
API Route & Response Updates app/src/main/java/me/capcom/smsgateway/modules/localserver/routes/MessagesRoutes.kt	Adds paginated/filterable GET endpoint for messages; updates POST and GET message-by-id responses to use new domain model; implements entity-to-domain mapping extension function.
API Specification Update app/src/main/assets/api/swagger.json	Adds /messages GET endpoint with filtering and pagination; moves and consolidates MessageStatus and MessageRecipient schema definitions; removes duplicates.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant API (MessagesRoutes)
    participant Service (MessagesService)
    participant DAO (MessagesDao)
    participant DB

    Client->>API (MessagesRoutes): GET /messages?state=&from=&to=&limit=&offset=
    API (MessagesRoutes)->>Service (MessagesService): countMessages(source, state, start, end)
    Service (MessagesService)->>DAO (MessagesDao): count(source, state, start, end)
    DAO (MessagesDao)->>DB: SQL COUNT query
    DB-->>DAO (MessagesDao): count result
    DAO (MessagesDao)-->>Service (MessagesService): count
    Service (MessagesService)-->>API (MessagesRoutes): count

    API (MessagesRoutes)->>Service (MessagesService): selectMessages(source, state, start, end, limit, offset)
    Service (MessagesService)->>DAO (MessagesDao): select(source, state, start, end, limit, offset)
    DAO (MessagesDao)->>DB: SQL SELECT query
    DB-->>DAO (MessagesDao): message rows
    DAO (MessagesDao)-->>Service (MessagesService): message list
    Service (MessagesService)-->>API (MessagesRoutes): message list

    API (MessagesRoutes)-->>Client: Response (messages, X-Total-Count)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~15–20 minutes

Possibly related PRs

• [localserver] add support for data messages #235: Introduced database schema version 14 and added support for data messages, which is directly built upon and extended by the current PR's schema and message handling changes.

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch localserver/get-messages-history

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (3)

app/src/main/java/me/capcom/smsgateway/data/AppDatabase.kt (1)

61-61: Consider implementing manual migration as fallback.

While auto migration is configured, having a commented placeholder for MIGRATION_14_15 suggests awareness of potential complexity. Consider implementing the manual migration as a safety measure, especially for production environments.

app/schemas/me.capcom.smsgateway.data.AppDatabase/15.json (1)

104-112: Single-column createdAt index is probably redundant

index_Message_createdAt duplicates the leading column of index_Message_state_createdAt.
SQLite can satisfy a search on just createdAt by using the composite index, so the extra index costs ~1 MiB per million rows without improving query plans.

-          {
-            "name": "index_Message_createdAt",
-            "unique": false,
-            "columnNames": [
-              "createdAt"
-            ],
-            "orders": [],
-            "createSql": "CREATE INDEX IF NOT EXISTS `index_Message_createdAt` ON `${TABLE_NAME}` (`createdAt`)"
-          },

app/src/main/java/me/capcom/smsgateway/modules/localserver/routes/MessagesRoutes.kt (1)

46-97: Well-implemented GET endpoint with good validation and error handling.

The new GET endpoint provides comprehensive functionality with:

• Proper parameter parsing and validation
• Date range validation (start <= end)
• Appropriate error handling with meaningful HTTP status codes
• Pagination support with X-Total-Count header
• Clean exception handling

Consider adding a maximum limit validation to prevent potential performance issues:

 val limit = call.request.queryParameters["limit"]?.toIntOrNull() ?: 50
+val validatedLimit = limit.coerceAtMost(1000) // Prevent excessive queries

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 09e7f5a and 775f8c2.

📒 Files selected for processing (11)

• app/schemas/me.capcom.smsgateway.data.AppDatabase/15.json (1 hunks)
• app/src/main/java/me/capcom/smsgateway/data/AppDatabase.kt (2 hunks)
• app/src/main/java/me/capcom/smsgateway/data/Migrations.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/data/dao/MessagesDao.kt (2 hunks)
• app/src/main/java/me/capcom/smsgateway/data/entities/Message.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/GetMessagesResponse.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/Message.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/PostMessageResponse.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/routes/MessagesRoutes.kt (5 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/messages/MessagesService.kt (6 hunks)
• app/src/test/java/me/capcom/smsgateway/modules/messages/MessagesServiceTest.kt (1 hunks)

🔇 Additional comments (33)

app/src/main/java/me/capcom/smsgateway/data/Migrations.kt (1)

86-86: LGTM: Cosmetic formatting improvement.

The addition of a newline at the end of the file follows good formatting practices.

app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/GetMessagesResponse.kt (1)

1-3: LGTM: Clean type alias definition.

The type alias provides clear semantic meaning for message list responses and improves API readability.

app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/PostMessageResponse.kt (1)

3-3: LGTM: Good consolidation of response types.

Replacing the explicit data class with a type alias to Message eliminates duplication and ensures consistency across the domain model.

app/src/main/java/me/capcom/smsgateway/data/entities/Message.kt (1)

16-20: Verify composite index usage in DAO queries

• Detected one DAO method in app/src/main/java/me/capcom/smsgateway/data/dao/MessagesDao.kt:48
  @query("… WHERE (:state IS NULL OR state = :state) AND createdAt BETWEEN … ORDER BY createdAt DESC …")
  – This will leverage the [state, createdAt] composite index.
• No DAO queries found filtering by state and ordering by processedAt
  – Please confirm any queries that should use the [state, processedAt] index are present.
• Double-check whether the standalone createdAt index is still required for queries without a state filter.

app/src/main/java/me/capcom/smsgateway/data/AppDatabase.kt (2)

27-27: Database version increment looks correct.

The version bump to 15 aligns with the schema changes described in the PR.

---

42-42: AutoMigration v14→v15 only modifies indices on the Message table
All other tables, columns, foreign keys and defaults remain unchanged. Specifically, v14’s index_Message_state and index_Message_processedAt are dropped and replaced with two composite indices (index_Message_state_createdAt, index_Message_state_processedAt). Room’s auto-migration fully supports adding and removing indices, so no manual migration is required.

app/src/test/java/me/capcom/smsgateway/modules/messages/MessagesServiceTest.kt (2)

26-52: Good basic test for object creation.

This test provides actual value by verifying MessageWithRecipients construction and basic property access. The test covers different recipient states which is useful.

Consider enhancing this test to cover edge cases like empty recipient lists, null values, or invalid states.

---

26-52: LGTM - Good functional test for domain object construction.

The test properly verifies the creation and properties of MessageWithRecipients objects, including message attributes, recipient count, and processing states. This provides good coverage for the domain model construction.

app/src/main/java/me/capcom/smsgateway/modules/messages/MessagesService.kt (6)

24-24: LGTM!

The import is necessary for the new methods and correctly placed.

---

58-58: Excellent code organization with regions.

The addition of region markers improves readability and maintainability of this large service class. The logical grouping (Health, Lifecycle, Send, Read) makes sense.

Also applies to: 76-76, 78-78, 88-88, 90-90, 103-103, 105-105, 143-143

---

126-130: Well-designed count method with proper delegation.

The method signature is clean with appropriate parameters for filtering. The nullable state parameter allows for flexible filtering, and the delegation to DAO is correct.

---

132-142: Consistent and well-designed select method with pagination.

The method follows the same filtering pattern as countMessages while adding pagination support. Parameter order is logical and the DAO delegation is appropriate.

---

24-24: LGTM - Appropriate import addition.

The EntitySource import is correctly added to support the new query methods.

---

58-143: LGTM - Well-organized code with clear regional separation.

The addition of region comments (Health, Lifecycle, Send, Read) significantly improves code readability and logical organization. The new countMessages and selectMessages methods provide a clean service layer interface that appropriately delegates to the DAO layer.

app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/Message.kt (2)

6-20: Well-designed domain model with good encapsulation.

The Message class has a clean structure with appropriate property types. The nested Recipient data class is well-designed, and the states map provides useful audit trail functionality.

Consider if any property validations are needed (e.g., non-empty id, valid phone numbers in recipients).

---

6-20: LGTM - Well-designed domain model.

The Message class provides a comprehensive domain model with appropriate properties for tracking message state, recipients, and historical state transitions. The nested Recipient data class is well-structured, and the use of Map<ProcessingState, Date> for state history provides good auditability.

app/src/main/java/me/capcom/smsgateway/data/dao/MessagesDao.kt (7)

15-16: LGTM!

The new imports are necessary for the added DAO methods and properly placed.

---

20-20: Good organization with region markers.

The region grouping improves code organization and makes the DAO methods easier to navigate.

Also applies to: 57-57

---

38-42: Well-implemented count query with proper nullable handling.

The SQL query correctly handles the nullable state parameter and uses proper parameter binding. The BETWEEN operator for date range is inclusive on both ends - ensure this matches the intended behavior.

---

44-56: Excellent implementation of paginated select with proper transaction handling.

The method correctly uses @Transaction for consistency, includes proper ordering (most recent first), and implements pagination correctly. The rowid inclusion is necessary for Room's relationship loading.

---

15-16: LGTM - Appropriate imports for new functionality.

The imports for EntitySource and ProcessingState are correctly added to support the new query methods.

---

24-24: Good bug fix - Using processedAt instead of createdAt.

The change from createdAt to processedAt in the countFailedFrom query is correct, as it should count failed messages based on when they were processed, not when they were created.

---

38-56: LGTM - Well-designed query methods with proper nullability handling.

The new count and select methods are well-implemented with:

• Proper SQL nullability handling using (:state IS NULL OR state = :state)
• Appropriate use of @Transaction annotation for the select method
• Consistent ordering by createdAt DESC
• Good parameter naming and documentation

app/src/main/java/me/capcom/smsgateway/modules/localserver/routes/MessagesRoutes.kt (9)

13-13: LGTM!

The new imports are necessary for the added functionality and properly organized.

Also applies to: 17-17, 19-19

---

46-97: Comprehensive and well-implemented GET endpoint with proper error handling.

The endpoint provides excellent filtering and pagination capabilities with proper parameter validation, error handling, and response formatting. The date validation and total count header are particularly good touches.

Consider adding parameter validation for negative limit/offset values to prevent potential issues.

---

244-245: Good refactoring to use consistent domain model.

The changes properly integrate with the new domain model by using the Message.Recipient class and toDomain mapping function. Setting isHashed = false appears to be a reasonable default.

Also applies to: 247-252, 272-272

---

292-309: Clean domain mapping function with proper property transformation.

The extension function provides excellent encapsulation of entity-to-domain mapping logic. The states transformation correctly converts timestamps to Date objects.

The hardcoded isHashed = false suggests this feature is planned but not yet implemented - consider adding a TODO comment if this is temporary.

---

13-19: LGTM - Appropriate imports for new functionality.

The imports for MessageWithRecipients, DateTimeParser, and GetMessageResponse are correctly added to support the new endpoint and domain mapping functionality.

---

244-245: LGTM - Consistent domain model usage.

The addition of isHashed = false and proper positioning of isEncrypted aligns with the new domain model structure.

---

247-252: LGTM - Updated to use domain Recipient class.

The change to use me.capcom.smsgateway.modules.localserver.domain.Message.Recipient is consistent with the new domain model design.

---

272-272: LGTM - Consistent use of domain mapping.

The change to use the toDomain extension function provides consistent mapping between database entities and domain models.

---

292-309: Device ID is safely initialized before route usage

The toDomain extension cleanly maps MessageWithRecipients to the domain Message, handling recipients and state history.
The LocalServerService.start method assigns a generated deviceId if it’s null before calling WebService.start, so by the time any MessagesRoutes handler invokes requireNotNull(settings.deviceId), it’s guaranteed to be non-null.

app/schemas/me.capcom.smsgateway.data.AppDatabase/15.json (1)

4-5: Migration from v14 → v15 is marked but not implemented

The schema declares database version 15. Unless a full auto-migration is registered and verified at runtime, Room will throw an IllegalStateException when the application starts.
Double-check that AppDatabase.autoMigrations (or a manual Migration(14, 15)) is in place and covered by instrumentation tests before shipping.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

app/src/main/assets/api/swagger.json (1)

142-148: Consider specifying maxItems for the top-level array response

Static analysis (CKV_OPENAPI_21) warns about arrays without an upper bound. Setting maxItems (e.g., 1000) aligns with the proposed limit maximum and prevents overly large payloads.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d8a4640 and e60c1bc.

📒 Files selected for processing (1)

• app/src/main/assets/api/swagger.json (2 hunks)

🧰 Additional context used

🪛 Checkov (3.2.334)

app/src/main/assets/api/swagger.json

[MEDIUM] 143-148: Ensure that arrays have a maximum number of items

(CKV_OPENAPI_21)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build / build-apk

🔇 Additional comments (1)

app/src/main/assets/api/swagger.json (1)

759-764: isHashed description references a phoneNumber field that doesn’t exist at the message level

The description says “Whether the phoneNumber is the first 16 characters …” but MessageStatus has no phoneNumber property—only recipients[].phoneNumber. Clarify the wording or move the flag to MessageRecipient if that is the intent.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

app/src/main/assets/api/swagger.json (2)

94-106: Enum added for state filter – previous feedback fully addressed

The state query parameter now exposes an explicit enum with all five allowed values, aligning the contract with MessageStatus.state and enabling strict validation in generated clients. Nicely done.

---

119-126: Add a lower-bound to limit to avoid zero-item pages

limit has a maximum of 100 and a sensible default of 50, but it lacks a minimum.
Calls with limit=0 will silently return an empty page yet still consume resources.

             "schema": {
               "type": "integer",
+              "minimum": 1,
               "maximum": 100,
               "default": 50
             }

🧹 Nitpick comments (2)

app/src/main/assets/api/swagger.json (2)

160-167: Cap the array size in the 200-response schema

Static-analysis (CKV_OPENAPI_21) warns that unbounded arrays may lead to runaway payloads.
The endpoint already controls throughput via the limit parameter, so mirror that in the schema:

-                  "type": "array",
+                  "type": "array",
+                  "maxItems": 100,
                   "items": {
                     "$ref": "#/components/schemas/MessageStatus"
                   }

This keeps the OpenAPI contract consistent with runtime behaviour and silences the linter.

---

765-789: Defaults on read-only fields are redundant

state, isHashed, and isEncrypted are marked readOnly: true, so their defaults are never applied by client input.
Removing the default keywords (or relocating them to example) tightens the schema and avoids confusion for code-gen tools that warn about inert defaults.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b262039 and f38ddde.

📒 Files selected for processing (1)

• app/src/main/assets/api/swagger.json (2 hunks)

🧰 Additional context used

🪛 Checkov (3.2.334)

app/src/main/assets/api/swagger.json

[MEDIUM] 162-167: Ensure that arrays have a maximum number of items

(CKV_OPENAPI_21)

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

app/src/main/assets/api/swagger.json (2)

94-107: Enum added – previous concern resolved

The state query parameter is now restricted to the same five values defined for MessageStatus.state, closing the validation gap flagged earlier. Nice cleanup.

---

119-127: limit lacks a lower bound

You capped the upper bound at 100 but omitted a minimum, so callers may request limit=0 and receive an empty list (or worse, undefined driver behaviour). Align with common practice and require at least one item:

             "schema": {
               "type": "integer",
               "maximum": 100,
+              "minimum": 1,
               "default": 50
             }

🧹 Nitpick comments (1)

app/src/main/assets/api/swagger.json (1)

790-796: Bound the size of recipients to satisfy static-analysis rule CKV_OPENAPI_21

recipients is an unbounded array. Add maxItems (and optionally minItems) to prevent oversized payloads and silence the lingering Checkov warning.

           "recipients": {
             "type": "array",
             "description": "The list of recipients and their states.",
+            "maxItems": 100,
             "items": {
               "$ref": "#/components/schemas/MessageRecipient"
             }
           },

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f38ddde and 1a6beca.

📒 Files selected for processing (11)

• app/schemas/me.capcom.smsgateway.data.AppDatabase/15.json (1 hunks)
• app/src/main/assets/api/swagger.json (2 hunks)
• app/src/main/java/me/capcom/smsgateway/data/AppDatabase.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/data/Migrations.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/data/dao/MessagesDao.kt (2 hunks)
• app/src/main/java/me/capcom/smsgateway/data/entities/Message.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/GetMessagesResponse.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/Message.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/PostMessageResponse.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/routes/MessagesRoutes.kt (5 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/messages/MessagesService.kt (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (10)

• app/src/main/java/me/capcom/smsgateway/data/Migrations.kt
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/GetMessagesResponse.kt
• app/src/main/java/me/capcom/smsgateway/data/entities/Message.kt
• app/src/main/java/me/capcom/smsgateway/data/AppDatabase.kt
• app/src/main/java/me/capcom/smsgateway/data/dao/MessagesDao.kt
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/PostMessageResponse.kt
• app/src/main/java/me/capcom/smsgateway/modules/messages/MessagesService.kt
• app/src/main/java/me/capcom/smsgateway/modules/localserver/routes/MessagesRoutes.kt
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/Message.kt
• app/schemas/me.capcom.smsgateway.data.AppDatabase/15.json

🧰 Additional context used

🪛 Checkov (3.2.334)

app/src/main/assets/api/swagger.json

[MEDIUM] 162-167: Ensure that arrays have a maximum number of items

(CKV_OPENAPI_21)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build / build-apk

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

app/src/main/assets/api/swagger.json (2)

119-126: Minimum bound missing for limit query parameter

Previous feedback already requested a lower bound; only the upper bound was added. Without a minimum, clients may pass 0 (or negative) which is semantically meaningless and can complicate backend validation.

             "schema": {
               "type": "integer",
+              "minimum": 1,
               "maximum": 100,
               "default": 50
             }

---

109-116: Add an upper bound to offset to avoid unbounded scans

offset can still be an arbitrarily large integer, forcing the DB to iterate over huge result sets. Please cap it (e.g., maximum: 100000) or migrate to a cursor-based pagination scheme.

             "schema": {
               "type": "integer",
               "minimum": 0,
+              "maximum": 100000,
               "default": 0
             }

🧹 Nitpick comments (2)

app/src/main/assets/api/swagger.json (2)

790-796: Consider capping recipients array size

The recipients list is unbounded. For very large broadcasts this can explode response sizes and client memory usage. Define a realistic maxItems (e.g., 1000) to communicate practical limits.

           "recipients": {
             "type": "array",
             "description": "The list of recipients and their states.",
+            "maxItems": 1000,
             "items": {
               "$ref": "#/components/schemas/MessageRecipient"
             }
           },

---

160-167: Response array lacks maxItems constraint

The /messages GET response allows returning an unlimited number of items, yet the limit parameter is capped at 100. Align the schema with runtime behaviour:

                 "schema": {
                   "type": "array",
+                  "maxItems": 100,
                   "items": {
                     "$ref": "#/components/schemas/MessageStatus"
                   }
                 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1a6beca and 254865c.

📒 Files selected for processing (11)

• app/schemas/me.capcom.smsgateway.data.AppDatabase/15.json (1 hunks)
• app/src/main/assets/api/swagger.json (2 hunks)
• app/src/main/java/me/capcom/smsgateway/data/AppDatabase.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/data/Migrations.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/data/dao/MessagesDao.kt (2 hunks)
• app/src/main/java/me/capcom/smsgateway/data/entities/Message.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/GetMessagesResponse.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/Message.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/PostMessageResponse.kt (1 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/localserver/routes/MessagesRoutes.kt (5 hunks)
• app/src/main/java/me/capcom/smsgateway/modules/messages/MessagesService.kt (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (10)

• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/GetMessagesResponse.kt
• app/src/main/java/me/capcom/smsgateway/data/Migrations.kt
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/PostMessageResponse.kt
• app/src/main/java/me/capcom/smsgateway/data/entities/Message.kt
• app/src/main/java/me/capcom/smsgateway/data/AppDatabase.kt
• app/src/main/java/me/capcom/smsgateway/modules/localserver/routes/MessagesRoutes.kt
• app/schemas/me.capcom.smsgateway.data.AppDatabase/15.json
• app/src/main/java/me/capcom/smsgateway/modules/localserver/domain/Message.kt
• app/src/main/java/me/capcom/smsgateway/data/dao/MessagesDao.kt
• app/src/main/java/me/capcom/smsgateway/modules/messages/MessagesService.kt

🧰 Additional context used

🪛 Checkov (3.2.334)

app/src/main/assets/api/swagger.json

[MEDIUM] 162-167: Ensure that arrays have a maximum number of items

(CKV_OPENAPI_21)