fix: prevent NPEs from sparse API arrays, add coordinate validation, and enforce Optional discipline

[WilliamAGH]

Summary

This PR hardens the SDK against real-world Apple Maps API responses that contain unexpected nulls, adds fail-fast coordinate validation, and aligns the codebase with project null/Optional rules (NO1a-e).

---

Bug Fixes

Null-safe list normalization across all domain models

Problem: List.copyOf() throws NullPointerException when the source list contains null elements. Apple Maps API responses occasionally return sparse arrays with null entries (e.g., a routes array like [route1, null, route3]).

Solution: Replaced List.copyOf() with a stream-and-filter pattern in 17 domain model records:

// Before (throws NPE on null elements)
routes = List.copyOf(routes);

// After (filters nulls safely)
routes = rawList.stream().filter(Objects::nonNull).toList();

Affected models: AlternateIdsEntry, AlternateIdsResponse, AutocompleteResult, DirectionsResponse, DirectionsRoute, ErrorResponse, EtaResponse, Place, PlaceLookupError, PlaceResults, PlacesResponse, SearchAutocompleteResponse, SearchResponse, SearchResponsePlace, StructuredAddress

Preserve stepPaths index alignment with steps array

Problem: When filtering null stepPath entries, the positional relationship between stepPaths.get(i) and steps.get(i) was broken, causing route rendering bugs.

Solution: Null stepPath entries are now converted to empty lists (List.of()) instead of being removed, maintaining index alignment. Null Location elements within individual paths are still filtered.

URL-encode origin and destinations in EtaInput

Problem: Coordinates contain commas (37.7749,-122.4194) and destinations are pipe-separated (loc1|loc2), but these reserved characters were not URL-encoded per RFC 3986, causing malformed URIs.

Solution: Apply URLEncoder.encode() to origin and destinations parameters in toQueryString().

Make optional API response fields nullable

Problem: PlaceLookupError.id and SearchResponse.displayMapRegion were required fields, but the API sometimes omits them, causing deserialization NPEs.

Solution:

• PlaceLookupError: Changed constructor to accept nullable String (renamed to rawId) with an Optional<String> id() accessor—per NO1c, Optional should not be used as constructor parameters
• SearchResponse.displayMapRegion: Changed from required to Optional<MapRegion>

Return Optional from getOrigin() per NO1a

Problem: AppleMapsAuthorizationService.getOrigin() returned nullable String, violating project rule NO1a (public methods never return null).

Solution: Changed return type to Optional<String>, normalized at construction time, and updated HttpAppleMapsGateway to use ifPresent() pattern.

Fix Sonatype snapshot publishing

Problem: CI workflow was publishing version 0.1.5 to the snapshot repository, but Sonatype Central requires the -SNAPSHOT suffix, causing HTTP 400 errors.

Solution: Extract base version from gradle.properties and append -SNAPSHOT suffix before passing to Gradle publish task.

---

New Features

Fail-fast coordinate validation

Benefit: Invalid coordinates (out of range, NaN, Infinity) now fail immediately at Location or DirectionsEndpoint construction with clear error messages, rather than propagating to the API and returning cryptic errors.

Validation rules:

• Latitude must be in range [-90, 90]
• Longitude must be in range [-180, 180]
• Both must be finite (not NaN or Infinity)

new Location(91.0, 0.0);  // throws IllegalArgumentException: "latitude must be between -90.0 and 90.0"
new Location(Double.NaN, 0.0);  // throws IllegalArgumentException: "latitude must be a finite value"

---

Documentation

• Added Javadoc for origin parameter in AppleMapsAuthorizationService and HttpAppleMapsGateway constructors
• Added Javadoc for getOrigin() method explaining return behavior

---

Other Changes

• Dependencies: Jackson BOM 3.0.4, NMCP plugin 1.4.3
• Tooling: Added Spotless plugin with make lint target for code formatting
• Cleanup: Normalized trailing whitespace across files

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Optional Origin header can be specified for API requests.
  • Enforced code formatting via added formatting tooling and lint target.

• Bug Fixes

  • Improved null-safety: list fields tolerate null inputs and drop null elements.
  • Added coordinate validation for geographic inputs.
  • Search map region and place lookup ID are now optional.
  • ETA query string now URL-encodes origin/destinations.

• Tests

  • Added extensive unit tests for validations and null-element normalization.

• Chores

  • CI: dynamic snapshot versioning and made dependency-graph step resilient.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

This PR adds CI snapshot extraction and Spotless formatting, tightens domain model null handling by filtering null list elements, adds Location coordinate validation and related tests, makes several fields Optional (PlaceLookupError.id, SearchResponse.displayMapRegion), percent-encodes ETA query params, and wires optional Origin handling into auth/gateway code.

Changes

Cohort / File(s)	Summary
CI & Build ​.github/workflows/CI.yaml, Makefile, build.gradle.kts	Extract snapshot VERSION in CI and pass to publish; continue-on-error on dependency graph update; add lint Make target; add Spotless plugin and hook spotlessCheck into check; bump nmcp and jackson-bom versions.
Auth & HTTP Gateway src/main/java/.../AppleMapsAuthorizationService.java, src/main/java/.../HttpAppleMapsGateway.java	Make origin optional (store as Optional<String>), add constructor accepting origin, and set Origin header via Optional.ifPresent when present.
Location & Endpoint Validation src/main/java/.../Location.java, src/main/java/.../DirectionsEndpoint.java	Add latitude/longitude finiteness and range validation in Location and call validation from DirectionsEndpoint.fromLatitudeLongitude.
Null-safe List Normalization (many models) src/main/java/.../{AlternateIdsEntry,AlternateIdsResponse,AutocompleteResult,DirectionsResponse,DirectionsRoute,ErrorResponse,EtaResponse,Place,PlaceResults,PlacesResponse,SearchAutocompleteResponse,SearchResponsePlace,StructuredAddress,SearchResponse}.java	Replace List.copyOf(Objects.requireNonNullElse(...)) with explicit null checks and stream-based filtering: null input → empty list; drop null elements. Make SearchResponse.displayMapRegion an Optional with a normalizeOptional helper.
PlaceLookupError change src/main/java/.../PlaceLookupError.java	Replace required id with @JsonProperty("id") String rawId and expose id() as Optional<String>; relax canonical constructor null requirement.
ETA request encoding src/main/java/.../EtaInput.java	Percent-encode origin and destinations when building the ETA query string.
Minor cleanup src/main/java/.../AppleMaps.java	Small whitespace/formatting adjustment; removed an extra blank line in a resolver helper.
Tests — validation & normalization src/test/java/.../{LocationValidationTest,DirectionsEndpointValidationTest,NullElementListNormalizationTest,PlaceLookupErrorTest,SearchResponseDisplayMapRegionTest,EtaInputTest}.java	Add tests for Location validation and DirectionsEndpoint, broad null-element filtering across models, PlaceLookupError Optional id deserialization, SearchResponse.displayMapRegion optional handling, and percent-encoded ETA query string/URI creation.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related issues

• [Detail Bug] PlaceLookupError requires non-null id, causing deserialization failure when API omits id #29 — Matches PlaceLookupError.id→Optional deserialization changes.
• [Detail Bug] DirectionsEndpoint.fromLatitudeLongitude accepts invalid coordinates without validation #19 — Matches addition of coordinate validation invoked by DirectionsEndpoint.
• [Detail Bug] DirectionsResponse normalization crashes on null elements (List.copyOf NPE) #14 — Matches safer DirectionsResponse normalization and null-element handling.
• [Detail Bug] EtaInput produces unencoded query string; URI.create() fails for multi-destination ETAs #28 — Matches EtaInput.toQueryString percent-encoding of origin/destinations.
• [Detail Bug] SearchResponse deserialization fails when displayMapRegion is missing or null #17 — Matches making SearchResponse.displayMapRegion optional and normalization changes.

Possibly related PRs

• Add Origin header support, switch to nmcp publishing, comprehensive Javadoc #9 — Overlaps origin handling changes in authorization/gateway code.
• chore: bump version to 0.1.2-SNAPSHOT #7 — Related to VERSION_NAME/SNAPSHOT handling in CI workflows.

Poem

Lists now filter out the stray,
Lat/longs checked the proper way,
Optionals cradle missing ids,
CI snapshots set their keys,
Tests march on — robust by day 🌟

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 9.09% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: fixing NPE issues in sparse API arrays, adding coordinate validation, and enforcing Optional discipline per project rules.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, detailing bug fixes, new features, and other changes with clear explanations and code examples.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e1becbc5b0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

This PR implements defensive null handling across domain models, adds coordinate validation, improves query string encoding, integrates code formatting tools, and updates dependencies. The changes include two breaking API changes that convert non-optional fields to Optional fields to handle missing/null API responses more gracefully.

Changes:

• Changed SearchResponse.displayMapRegion and PlaceLookupError.id from required to optional fields (breaking changes)
• Implemented consistent null filtering for list elements across all domain models
• Added coordinate validation to Location and DirectionsEndpoint with proper bounds checking
• Fixed ETA query string encoding to properly URL-encode special characters (commas and pipes)
• Integrated Spotless code formatter and updated build dependencies

Reviewed changes

Copilot reviewed 28 out of 30 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
EtaInputTest.java	Updated test expectations for proper URL encoding and added URI validity test
SearchResponseDisplayMapRegionTest.java	New test verifying Optional handling for missing/null displayMapRegion
PlaceLookupErrorTest.java	New test verifying Optional handling for missing/null error IDs
NullElementListNormalizationTest.java	Comprehensive test suite covering null element filtering across all model classes
LocationValidationTest.java	New test verifying coordinate validation (bounds and finiteness)
DirectionsEndpointValidationTest.java	New test verifying coordinate validation in factory method
EtaInput.java	Added URL encoding for origin and destination coordinates
SearchResponse.java	Changed displayMapRegion from SearchMapRegion to Optional, added null filtering
PlaceLookupError.java	Changed id from String to Optional
Location.java	Added coordinate validation logic with bounds and finiteness checks
DirectionsEndpoint.java	Added coordinate validation call in fromLatitudeLongitude factory
Multiple model files	Implemented consistent null element filtering in normalizeList methods
HttpAppleMapsGateway.java	Added documentation for Origin header parameter, removed trailing whitespace
AppleMapsAuthorizationService.java	Added documentation for Origin parameter and getOrigin method
AppleMaps.java	Removed trailing whitespace
build.gradle.kts	Updated Jackson BOM to 3.0.4, nmcp plugin to 1.4.3, added Spotless plugin configuration
Makefile	Added lint target for running checks
CI.yaml	Improved snapshot version extraction and publishing

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@build.gradle.kts`:
- Around line 71-73: Update the Jackson BOM version used in the Gradle
dependencies: replace the non-released version string
"tools.jackson:jackson-bom:3.0.4" with the stable "3.0.3" (the entry is in the
implementation(platform(...)) line), and ensure the transitive
implementation("tools.jackson.core:jackson-databind") continues to align with
that BOM; alternatively, if 3.0.4 is intentionally required, add a comment
documenting that it's a forward-looking pin and verify the artifact is available
in your registries before keeping "3.0.4".

In
`@src/main/java/com/williamcallahan/applemaps/adapters/mapsserver/AppleMapsAuthorizationService.java`:
- Around line 58-65: Change the public API to avoid returning null by making
getOrigin() return Optional<String> and normalizing the value once in the
AppleMapsAuthorizationService constructor: store a non-null Optional (e.g.,
Optional.ofNullable(orig)) as a private field or convert the existing origin
field to an Optional during construction, and update getOrigin() to return that
Optional; also apply the same normalization pattern to the other public getters
mentioned (lines 97-99) so no public method ever returns null.

In
`@src/main/java/com/williamcallahan/applemaps/domain/model/PlaceLookupError.java`:
- Around line 9-19: Change the record component type in PlaceLookupError from
Optional<String> to a nullable String parameter and normalize it in the
canonical constructor: update the record header to use PlaceLookupErrorCode
errorCode, `@Nullable` String id, keep Objects.requireNonNull(errorCode,
"errorCode") in the canonical constructor (remove the Objects.requireNonNullElse
call that handled Optional), and add a public Optional<String> id() accessor
that returns Optional.ofNullable(id) so callers receive an Optional but callers
constructing the record can pass a plain String or null.

🧹 Nitpick comments (2)

src/main/java/com/williamcallahan/applemaps/adapters/mapsserver/HttpAppleMapsGateway.java (1)

71-79: Consider normalizing blank origin to null. This avoids accidentally sending an empty Origin header, which some servers treat as invalid.

♻️ Suggested tweak

 public HttpAppleMapsGateway(String authToken, Duration timeout, String origin) {
-    this(new Dependencies(authToken, timeout, origin));
+    String normalizedOrigin = (origin == null || origin.isBlank()) ? null : origin.trim();
+    this(new Dependencies(authToken, timeout, normalizedOrigin));
 }

src/test/java/com/williamcallahan/applemaps/domain/model/DirectionsEndpointValidationTest.java (1)

8-26: Nice foundation for coordinate validation tests! 🎯

The test structure is clean and the naming is behavior-focused, which makes it easy to understand what's being verified. One small learning opportunity: you're testing the lower bound for latitude (-90.1), but there are a few more edge cases that could strengthen confidence:

• Latitude too high (90.1)
• Longitude out of bounds (-180.1, 180.1)
• Special floating-point values (Double.NaN, Double.POSITIVE_INFINITY)

These would ensure the validation logic is comprehensive. That said, the current tests do validate the core behavior nicely!