fix: resolve code check issues

[hexqi]

Summary

• Replace wildcard imports (*) with explicit imports in test files (SqlIdentifierValidatorTest, DynamicServiceSqlInjectionTest, AiChatV1ServiceImplTest)
• Remove redundant trailing comma in array initializer in SqlIdentifierValidatorTest
• Use Locale.ROOT with String.toLowerCase() in AiChatV1ServiceImpl to fix locale-sensitive operation warning

Test plan

• All 377 unit tests pass
• mvn clean package builds successfully
• Application starts without errors

Summary by CodeRabbit

Release Notes

• Refactor

  • Improved code organization through optimized import management across service and test files.
  • Enhanced host validation robustness with locale-aware string processing to ensure consistent behavior across different system configurations.

• Tests

  • Updated test file imports for improved maintainability and clarity.

[coderabbitai]

Warning

Rate limit exceeded

@hexqi has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 51 minutes and 41 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 07119536-1a5a-4ea6-a533-ee35fbf7f161

📥 Commits

Reviewing files that changed from the base of the PR and between 37e2b7b and 25f817a.

📒 Files selected for processing (4)

• base/src/main/java/com/tinyengine/it/service/app/impl/v1/AiChatV1ServiceImpl.java
• base/src/test/java/com/tinyengine/it/common/utils/SqlIdentifierValidatorTest.java
• base/src/test/java/com/tinyengine/it/dynamic/service/DynamicServiceSqlInjectionTest.java
• base/src/test/java/com/tinyengine/it/service/app/impl/v1/AiChatV1ServiceImplTest.java

Walkthrough

This pull request performs import statement cleanup across multiple test files by replacing wildcard imports with explicit imports for specifically-used assertion methods. Additionally, the AiChatV1ServiceImpl file is updated with locale-safe string conversion using Locale.ROOT in host validation logic and reformatted for consistent line endings.

Changes

Cohort / File(s)	Summary
Locale-safe URL validation base/src/main/java/com/tinyengine/it/service/app/impl/v1/AiChatV1ServiceImpl.java	Adds java.util.Locale import and updates loopback host detection to use host.toLowerCase(Locale.ROOT) for locale-agnostic lowercasing. Reformats import block and constants with consistent line endings. URL validation and internal-network blocking logic remain functionally equivalent.
Test import refactoring base/src/test/java/com/tinyengine/it/common/utils/SqlIdentifierValidatorTest.java, base/src/test/java/com/tinyengine/it/dynamic/service/DynamicServiceSqlInjectionTest.java, base/src/test/java/com/tinyengine/it/service/app/impl/v1/AiChatV1ServiceImplTest.java	Replaces wildcard JUnit assertion imports (Assertions.* or java.util.*) with explicit imports of only the assertion methods actually used in each test file (assertDoesNotThrow, assertThrows, assertEquals). Test logic and assertions remain unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Poem

🐰 Imports now explicit, no wildcards to roam,
Locale.ROOT keeps our hosts safe at home,
Each assertion named clear, no guessing required,
Clean code and best practices—just what we desired!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'fix: resolve code check issues' is vague and generic, using non-descriptive language that doesn't convey specific details about the changeset.	Consider a more specific title such as 'fix: use explicit imports and Locale.ROOT for locale-safe operations' to better reflect the actual changes made.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 51 minutes and 41 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@base/src/main/java/com/tinyengine/it/service/app/impl/v1/AiChatV1ServiceImpl.java`:
- Around line 303-314: The validation currently resolves the hostname in
resolveHostAddresses and checks isBlockedAddress but then calls
httpClient.send(requestBuilder.build(), ...) with the original hostname allowing
DNS rebinding; fix by performing the send to the validated IP(s) instead of the
hostname: after resolveHostAddresses(host) and checking isBlockedAddress, pick
an allowed InetAddress and construct the request URI to use that IP (or create
an InetSocketAddress) while preserving the original Host header on
requestBuilder.build() so SNI/Host remain correct; alternatively implement
strict allowlist-only behavior or global egress-layer private-range blocking in
AiChatV1ServiceImpl to ensure the address used by httpClient.send cannot differ
from the validated InetAddress.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4265026e-fd88-4ed8-9dad-f47ab7a62e31

📥 Commits

Reviewing files that changed from the base of the PR and between b8b6258 and 37e2b7b.

📒 Files selected for processing (4)

• base/src/main/java/com/tinyengine/it/service/app/impl/v1/AiChatV1ServiceImpl.java
• base/src/test/java/com/tinyengine/it/common/utils/SqlIdentifierValidatorTest.java
• base/src/test/java/com/tinyengine/it/dynamic/service/DynamicServiceSqlInjectionTest.java
• base/src/test/java/com/tinyengine/it/service/app/impl/v1/AiChatV1ServiceImplTest.java