fix failing tests

[robfrank]

pass parameters when checking query idempotency in Cypher, Gremlin, and MongoDB engines

The idempotency checks added in aac51f1 called analyze(query) without parameters, causing failures on parameterized queries ($p, params, etc.) because the engines tried to compile/execute the query without bindings.

Also fixes a TOCTOU race in PageManager.flushPage() where the database could close between the isOpen() check and getSchema(), and recognizes the ArcadeDB MongoDB { collection: '...', query: {...} } format as a read operation.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses critical issues related to query execution and database stability. It resolves failures in parameterized query idempotency checks across Cypher, Gremlin, and MongoDB engines by ensuring parameters are correctly considered during query analysis. Additionally, it fixes a race condition in the page flushing mechanism to prevent errors when the database closes concurrently, and improves the recognition of MongoDB read operations.

Highlights

• Parameterized Query Idempotency: Fixed an issue where idempotency checks for Cypher, Gremlin, and MongoDB queries failed with parameterized queries because parameters were not being passed during the analysis phase.
• TOCTOU Race Condition: Resolved a Time-of-Check-to-Time-of-Use (TOCTOU) race condition in PageManager.flushPage() where the database could close between an isOpen() check and schema access, leading to potential errors.
• MongoDB Read Operation Recognition: Enhanced the MongoDB query engine to correctly identify queries using the { collection: '...', query: {...} } format as read operations.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• engine/src/main/java/com/arcadedb/engine/PageManager.java
  • Imported DatabaseIsClosedException to handle concurrent database closure.
  • Wrapped metadata update logic in flushPage with a try-catch block to gracefully handle DatabaseIsClosedException if the database closes concurrently after an isOpen() check.
• gremlin/src/main/java/com/arcadedb/cypher/query/CypherQueryEngine.java
  • Modified query methods to pass query parameters to the ArcadeCypher.parse() method for accurate idempotency checks.
  • Refactored the query method accepting Object... parameters to convert them into a Map before delegating to the query method that accepts a Map.
• gremlin/src/main/java/com/arcadedb/gremlin/query/GremlinQueryEngine.java
  • Modified query methods to pass query parameters to the ArcadeGremlin.parse() method for accurate idempotency checks.
  • Refactored the query method accepting Object... parameters to convert them into a Map before delegating to the query method that accepts a Map.
• mongodbw/src/main/java/com/arcadedb/mongo/query/MongoQueryEngine.java
  • Updated detectMongoOperationTypes to include queries containing the string "COLLECTION" as read operations, improving recognition of specific MongoDB query formats.

Activity

• No specific activity (comments, reviews, progress) was provided in the context for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for acc8ea7.

🟢 All jobs passed!

But CI Insights is watching 👀

[claude]

Code Review

Good set of targeted bug fixes. The TOCTOU race and parameterized-query idempotency fixes are correct and well-motivated. One issue needs attention before this can be considered fully safe.

---

Bug: COLLECTION substring check is too broad in MongoQueryEngine (regression risk)

File: mongodbw/src/main/java/com/arcadedb/mongo/query/MongoQueryEngine.java

The new check:

|| upper.contains("COLLECTION")

is unquoted and matches any occurrence of the substring COLLECTION. Because this check appears before the SCHEMA checks in the if-else chain, queries like {"createCollection": "mytype"} or {"dropCollection": "mytype"} will now be misclassified as READ operations:

• {"createCollection": "test"} uppercased → {"CREATECOLLECTION": "TEST"} → contains COLLECTION → returns OperationType.READ ❌ (should be SCHEMA)
• Same problem for dropCollection.

The fix should match the quoted field name to mirror the style of every other check in this function:

|| upper.contains("\"COLLECTION\"")

This targets the ArcadeDB MongoDB format { "collection": "...", "query": {...} } without catching schema-operation commands as a false positive.

---

Minor: inconsistent Map type between Cypher and Gremlin varargs helpers

Files: CypherQueryEngine.java (uses LinkedHashMap), GremlinQueryEngine.java (uses HashMap)

Both methods do the same Object... → Map conversion. Using LinkedHashMap in both would keep the implementations consistent and preserve parameter insertion order (matching the Cypher command() overload which also uses LinkedHashMap).

---

Minor: double-parse overhead in Cypher and Gremlin query()

The query(Map) overloads now call arcadeCypher/arcadeGremlin.parse() for the idempotency check, then immediately delegate to command() which creates a second instance and parses/compiles again. For write-heavy workloads this is fine, but for read-heavy paths the query is compiled twice per invocation. Not a correctness issue, but worth noting as a future optimization opportunity.

---

Observation: PageManager.flushPage() catch block silently skips WAL notification

When DatabaseIsClosedException is caught, database.getTransactionManager().notifyPageFlushed(page) is skipped. Since the WAL file will also be closing at this point, attempting the call would likely throw again, so swallowing is correct. However, a FINE-level log entry in the catch block would make it easier to diagnose unexpected occurrences during debugging:

} catch (final DatabaseIsClosedException e) {
    LogManager.instance().log(this, Level.FINE,
        "Skipping metadata update for page %s: database closed concurrently", page);
}

The page data itself is already safely on disk before this block executes, so there is no durability concern.

---

Summary

Severity	Item
Bug	COLLECTION unquoted check misclassifies createCollection/dropCollection as READ
Minor	HashMap vs LinkedHashMap inconsistency between Gremlin and Cypher
Nit	Double-parse per query() call in Cypher/Gremlin
Nit	No log in TOCTOU catch block

The TOCTOU fix and the parameterized-idempotency fixes are sound. The MongoDB COLLECTION check regression should be addressed before merging (or shortly after, given this is already merged into milestone 26.3.1).

[gemini-code-assist]

Code Review

This pull request addresses several issues, including failing tests due to incorrect idempotency checks, a race condition in PageManager, and recognition of a new MongoDB query format. However, a security audit identified two high-severity vulnerabilities: a bypass of the idempotency check in the MongoDB query engine due to overly broad string matching, and a Cypher injection vulnerability in the ArcadeCypher parameter expansion logic. Both issues could allow unauthorized or destructive operations. Additionally, there is a medium-severity suggestion to improve consistency between the Gremlin and Cypher query engines.

[gemini-code-assist]

A high-severity bypass vulnerability exists in the detectMongoOperationTypes idempotency check. The use of upper.contains("COLLECTION") is too broad and is checked before more specific SCHEMA operations. This allows an attacker to misclassify destructive commands like CREATECOLLECTION or DROP as READ operations by including "COLLECTION" in the command, enabling their execution via the query() method which is intended for idempotent operations only. To fix this, the order of checks should be swapped, prioritizing specific SCHEMA commands before the general READ check.

[gemini-code-assist]

For consistency with CypherQueryEngine and to prevent potential issues related to parameter ordering, it would be better to use LinkedHashMap here instead of HashMap. LinkedHashMap preserves the insertion order of parameters, which can be important in some scenarios.

Suggested change

	final Map<String, Object> map = new HashMap<>(parameters.length / 2);
	final Map<String, Object> map = new LinkedHashMap<>(parameters.length / 2);

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ -10.35%	✅ 92.59%

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (0fbdfdb)	103035	76890	74.63%
Head commit (acc8ea7)	133597 (+30562)	85873 (+8983)	64.28% (-10.35%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#3564)	27	25	92.59%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

[codecov]

Codecov Report

❌ Patch coverage is 70.37037% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 65.07%. Comparing base (0fbdfdb) to head (acc8ea7).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...a/com/arcadedb/cypher/query/CypherQueryEngine.java	66.66%	1 Missing and 2 partials ⚠️
...com/arcadedb/gremlin/query/GremlinQueryEngine.java	66.66%	1 Missing and 2 partials ⚠️
...ava/com/arcadedb/mongo/query/MongoQueryEngine.java	0.00%	0 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3564      +/-   ##
==========================================
- Coverage   65.62%   65.07%   -0.55%     
==========================================
  Files        1506     1506              
  Lines      103035   103048      +13     
  Branches    21360    21365       +5     
==========================================
- Hits        67620    67062     -558     
- Misses      26175    26785     +610     
+ Partials     9240     9201      -39     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.