chore: remove dead cr_security property

[yingbull]

The cr_security cookie-revolver framework toggle is dead code - no Java,
JSP, XML, or other source reads this property. Removing the unused entry
and its surrounding comments from all three property files.

The cr_securityquestion database table (in database/mysql/caisi/) is a
separate schema artifact left in place; the database/ directory is
protected and table removal would require a coordinated migration.

---

Summary by cubic

Removed the dead cr_security “cookie-revolver” toggle and comments from all properties files; no code reads this property, so there is no behavior change.
The cr_securityquestion DB table remains; dropping it will require a separate migration.

^{Written for commit 475c4df. Summary will update on new commits.}

[sourcery-ai]

Sorry @yingbull, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

[coderabbitai]

Warning

Rate limit exceeded

@yingbull has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 56 minutes and 35 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 56 minutes and 35 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6234d0b4-7003-4024-af15-fbe54489416d

📥 Commits

Reviewing files that changed from the base of the PR and between b2e9356 and 475c4df.

📒 Files selected for processing (3)

• .devcontainer/development/config/shared/volumes/carlos.properties
• src/main/resources/carlos.properties
• src/main/webapp/WEB-INF/QuatroShelter.properties

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/remove-cr-security-dead-code-UDbFZ

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch claude/remove-cr-security-dead-code-UDbFZ

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[penify-dev]

Failed to generate code suggestions for PR

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[cubic-dev-ai]

No issues found across 3 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

Architecture diagram

sequenceDiagram
    participant Server as Application Context
    participant Config as .properties Files
    participant Auth as Security Middleware
    participant DB as MySQL (caisi)

    Note over Server, Config: System Initialization
    Server->>Config: CHANGED: Load application configuration
    Config-->>Server: Return properties (cr_security removed)

    Note over Server, Auth: Runtime Request Handling
    Server->>Auth: validateSession()
    Auth->>Auth: Internal Security Processing
    Note right of Auth: Logic branch for "Cookie-revolver" sec framework is now unreachable

    Note over Auth, DB: Database State
    Note over DB: Schema artifact "cr_securityquestion" remains present but unusedByApplication()

Loading

[gemini-code-assist]

Code Review

This pull request removes the legacy cr_security configuration (Cookie-revolver security framework) from several properties files, including the devcontainer configuration and the main application resources. This cleanup is consistent with the CARLOS EMR 2025 maintenance goals of removing unused functionality. I have no feedback to provide as there were no review comments.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Removes the unused cr_security (“cookie-revolver sec framework”) property and its related comments from configuration files, aligning configs with the current codebase where this toggle is no longer read.

Changes:

• Deleted cr_security=off and adjacent “cookie-revolver” comment blocks from three properties files.
• Kept surrounding configuration entries intact (no functional config changes beyond removal).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/main/webapp/WEB-INF/QuatroShelter.properties	Removes dead cr_security property and its comment block.
src/main/resources/carlos.properties	Removes dead cr_security property and its explanatory comments.
.devcontainer/development/config/shared/volumes/carlos.properties	Removes dead cr_security property and its comment block from devcontainer-mounted config.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud