fix: fix inconsistent naming pattern

[JisoLya]

Currently, the configuration keys in rest-server.properties use snake_case (e.g., server_port), which is inconsistent with the naming convention expected by ServerOptions.java. This mismatch causes the following issues:

• User-defined configurations are ignored at startup.
• The server defaults to hardcoded values in ServerOptions.java.

Terminal logs show warnings such as: "arthas.xxxx is redundant ...", indicating that the properties are not being recognized or registered.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 1.57%. Comparing base (fc391a7) to head (bda5d52).

❗ There is a different number of reports uploaded between BASE (fc391a7) and HEAD (bda5d52). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (fc391a7)	HEAD (bda5d52)
	3	2

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #2945       +/-   ##
============================================
- Coverage     35.61%   1.57%   -34.04%     
+ Complexity      333      43      -290     
============================================
  Files           801     779       -22     
  Lines         67533   65018     -2515     
  Branches       8780    8332      -448     
============================================
- Hits          24053    1026    -23027     
- Misses        40916   63906    +22990     
+ Partials       2564      86     -2478     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR enhances security for Arthas debugging endpoints by restricting remote access and standardizing configuration naming patterns across the codebase.

Changes:

• Added localhost-only access restriction to the store node's arthasstart endpoint
• Standardized Arthas configuration property names from snake_case to camelCase (e.g., arthas.telnet_port → arthas.telnetPort)
• Changed default Arthas IP binding from 0.0.0.0 to 127.0.0.1 and expanded disabled commands to include jad,ognl,vmtool

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
hugegraph-store/hg-store-node/src/main/resources/application.yml	Added Arthas configuration with localhost-only IP binding and expanded disabled commands
hugegraph-store/hg-store-node/src/main/java/org/apache/hugegraph/store/node/controller/PartitionAPI.java	Added remote access check to arthasstart endpoint and new forbiddenMap helper method
hugegraph-store/hg-store-node/src/main/java/org/apache/hugegraph/store/node/AppConfig.java	Updated default values for Arthas IP and disabled commands
hugegraph-server/hugegraph-dist/src/assembly/static/conf/rest-server.properties	Renamed Arthas properties to camelCase and updated default values
hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java	Updated default values for Arthas IP binding and disabled commands

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Due to the lack of activity, the current pr is marked as stale and will be closed after 180 days, any update will remove the stale label

[imbajin]

‼️ Critical: /v1/partition/{id} response schema changed unexpectedly

Before this PR, this endpoint serialized the Raft object directly, so callers could read fields like groupId, leader, and partitions from the top level. Wrapping it as { "status": ..., "raft": ... } is a wire-format change unrelated to the Arthas hardening, and it will break existing scripts/tools that already consume the old shape.

If the goal here is only to return a proper HTTP status for /arthasstart, I'd keep the existing payload for /partition/{id} and avoid broad response-shape changes in the same patch.

[imbajin]

‼️ Critical: This wraps /compat in a new body envelope

Previously the response was the compaction result itself: { "code": ..., "msg": ... }. After this change it becomes { "status": 200, "body": { "code": ..., "msg": ... } }, which silently breaks any caller reading code/msg from the top level.

If we only need an HTTP 200 transport status here, we can keep the original JSON contract:

Suggested change

	return ok("body", map);
	return ResponseEntity.ok(map);

[imbajin]

⚠️ Important: Store APIs currently use status = 0 for success, not 200

IndexAPI.okMap() and the pre-change PartitionAPI.okMap() both expose success as status: 0. Switching the JSON payload to status: 200 changes the existing API contract for every endpoint routed through ok(...) (/v1/partitions, /v1/partition/*, /v1/arthasstart, etc.), even though the HTTP status is already conveyed by ResponseEntity.

To keep the transport semantics improvement without breaking body-level consumers, the helper should preserve the old success code:

Suggested change

	return ResponseEntity.ok(Map.of("status", 200, k, v));
	return ResponseEntity.ok(Map.of("status", 0, k, v));