feat: implement $/snyk.configuration notification handler [IDE-1652]

[nick-y-snyk]

Summary

• Implement $/snyk.configuration JSON-RPC notification handler for centralized enterprise policy enforcement, replacing the typed FolderConfig/$/snyk.folderConfigs infrastructure with a generic Map<String, ConfigSetting> settings system
• Add durable persistence for global settings, in-memory storage for per-folder configs, change tracking via explicitChanges set, and outbound workspace/didChangeConfiguration using LspConfigurationParam format
• Migrate all consumers (HTMLSettingsPreferencePage, NativeProjectPropertyPage, ReferenceChooserDialog, SnykToolView, LsConfigurationUpdater) to the new FolderConfigSettings service
• Remove old infrastructure (FolderConfig, FolderConfigsParam, FolderConfigs, Settings, $/snyk.folderConfigs handler) and bump LS protocol version to 25

What this enables

Enterprise administrators configure security policies via LDX-Sync at tenant/org/machine scope. The Language Server resolves effective settings (applying precedence rules) and pushes them to the Eclipse plugin via $/snyk.configuration. The plugin persists settings durably, tracks user overrides, and sends changes back via workspace/didChangeConfiguration. This aligns Eclipse with the IntelliJ implementation for cross-IDE configuration parity.

Key design decisions

• Generic map-based settings (Map<String, ConfigSetting>) instead of typed fields — any future LS setting works without Eclipse-side code changes
• Flag-at-modification change tracking — no baseline diffing; user changes are marked immediately via markExplicitlyChanged()
• Full-state outbound — every didChangeConfiguration sends all settings with changed flags, not deltas
• Folder configs are in-memory only — LS is source of truth and re-sends on reconnect
• Lock metadata stored but not yet enforced in UI — isLocked, source, originScope are persisted for a follow-up iteration

Changes

New files

• ConfigSetting.java — per-setting value with lock metadata and outbound() factory
• LspFolderConfig.java — per-folder config with immutable withSetting() builder
• LspConfigurationParam.java — top-level notification/outbound payload type
• FolderConfigSettings.java — singleton service replacing FolderConfigs with thread-safe storage, typed convenience methods, and atomic computeFolderConfig()
• LsSettingsKeys.java / LsFolderSettingsKeys.java — LS protocol key constants

Modified files

• SnykExtendedLanguageClient.java — added snykConfiguration() handler, removed old folderConfig() handler
• LsConfigurationUpdater.java — replaced getCurrentSettings() with buildConfigurationParam()
• Preferences.java — added explicitChanges tracking (mark/is/clear, persisted)
• LsBinaries.java — REQUIRED_LS_PROTOCOL_VERSION bumped from "23" to "25"
• All consumer classes migrated to FolderConfigSettings

Deleted files

• FolderConfig.java, FolderConfigsParam.java, FolderConfigs.java, Settings.java, FolderConfigTest.java

Test plan

• 60 new unit tests added (245 total, all passing, zero regressions)
• Type deserialization: Gson round-trip for all new types including null fields, various value types, snake_case mapping
• Notification handler: all payload combinations (global-only, folder-only, both, empty), state reconciliation, scanning mode conversion, exception safety
• Change tracking: explicitChanges persistence across restart, mark/is/clear operations, multi-key support
• Outbound payload: LspConfigurationParam structure, changed flags from explicitChanges, no lock metadata in outbound, full-state semantics, reset-to-default (value: null, changed: true)
• FolderConfigSettings: singleton, path normalization, typed convenience methods, computeFolderConfig atomicity, isConfigured, updateFolderConfig
• Consumer migration verified via grep: zero remaining references to old types in production code
• PMD static analysis passes

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Blind Override of User Preferences 🟠 [major] The applyFormValue method clears the 'explicitly changed' flag whenever a value is null. Since IdeConfigData is a record, Jackson will set fields to null if they are missing from the incoming JSON payload (e.g., if the LS-served HTML form is from a different version or only sends a partial update). This causes the plugin to silently lose user overrides for any field not explicitly present in the HTML form's POST data. prefs.clearExplicitlyChanged(key); Brittle Path Normalization 🟠 [major] The normalizePath method uses toAbsolutePath(), which resolves relative paths against the process's current working directory (user.dir). If the Language Server and the Plugin have different working directories or use different path representations (e.g. symlinks on macOS like /var vs /private/var), the string-based keys in the configs Map will mismatch, causing project-specific settings to fail to apply. return Paths.get(path).normalize().toAbsolutePath().toString(); Manual Tracking Sync Risk 🟡 [minor] The performOk method relies on a hardcoded trackedKeys array to detect user changes. If a new preference is added to createFieldEditors but the developer forgets to add it to this array, manual changes to that setting will never be marked as 'explicit' and consequently will never be synchronized back to the Language Server via didChangeConfiguration. String[] trackedKeys = { Preferences.ENDPOINT_KEY, Preferences.INSECURE_KEY, Preferences.AUTHENTICATION_METHOD, Preferences.ACTIVATE_SNYK_OPEN_SOURCE, Preferences.ACTIVATE_SNYK_CODE_SECURITY, Preferences.ACTIVATE_SNYK_IAC, Preferences.SCANNING_MODE_AUTOMATIC, Preferences.ORGANIZATION_KEY, Preferences.ADDITIONAL_PARAMETERS, Preferences.ADDITIONAL_ENVIRONMENT, Preferences.PATH_KEY, Preferences.MANAGE_BINARIES_AUTOMATICALLY, Preferences.CLI_BASE_URL, Preferences.CLI_PATH, Preferences.RELEASE_CHANNEL, Preferences.SEND_ERROR_REPORTS, Preferences.ENABLE_TELEMETRY, Preferences.TRUSTED_FOLDERS };

📚 Repository Context Analyzed This review considered 154 relevant code sections from 11 files (average relevance: 0.97) plugin/src/main/java/io/snyk/languageserver/protocolextension/SnykExtendedLanguageClient.java (lines 1-106) plugin/src/main/java/io/snyk/eclipse/plugin/preferences/IdeConfigData.java (lines 1-86) CONTRIBUTING.md (lines 1-95) plugin/src/main/java/io/snyk/eclipse/plugin/preferences/HTMLSettingsPreferencePage.java (lines 1-34) plugin/plugin.xml (5 segments, lines 401-500) plugin/src/main/java/io/snyk/languageserver/FeatureFlagConstants.java (lines 1-6) plugin/src/main/java/io/snyk/eclipse/plugin/SnykStartup.java (lines 1-100) ... and 4 more file(s)