Hotfix/rules correlation field

[AlexSanchez-bit]

Main changes

• added correlation as an alias for afterEvents to have new field correlation compatibility

[github-actions]

🛑 AI review — Engineer review required

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. @Kbayero @osmontero please review.

🛑 architecture (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Breaking change to rule definition schema requires synchronized agent/server update.

• high backend/src/main/java/com/park/utmstack/service/DefinitionSyncService.java:251 — Renaming 'correlation' to 'afterEvents' in the rule schema is a breaking contract change. This forces a synchronized update for all agents currently parsing these rules; implement a backward-compatible mapping or versioned schema instead.

🛑 bugs (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Potential NullPointerException and data loss due to map mutation in mapToRuleYaml

• high backend/src/main/java/com/park/utmstack/service/DefinitionSyncService.java:251 — The map.remove("correlation") call returns the value, but if the map is immutable (e.g., Collections.unmodifiableMap or certain Map implementations), this will throw an UnsupportedOperationException. Additionally, if the map is shared across threads, this mutation introduces a race condition.

🛑 security (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Insecure deserialization via SnakeYAML loadAs on untrusted map input.

• high backend/src/main/java/com/park/utmstack/service/DefinitionSyncService.java:254 — The use of yaml.loadAs() on a string dumped from a map is vulnerable to arbitrary code execution if the map contains malicious YAML tags. Use a safe constructor or restrict class loading to prevent instantiation of arbitrary objects.

[utmstackprapprover]

Approved — no blocking issues, deps OK, authorized author. Any non-blocking warnings are listed above.

[github-actions]

❌ Go dependencies check failed

There are outdated Go dependencies, or modules that could not be inspected.
Run bash .github/scripts/go-deps.sh --update --discover locally and
commit the updated go.mod / go.sum files.

Script output

🔍 Discovered 25 Go projects

📦 Dependencies with updates available:

  📁 ./agent:
     - github.com/elastic/go-sysinfo: v1.15.4 → v1.15.5
     - gorm.io/gorm: v1.31.1 → v1.31.2

  📁 ./as400:
     - github.com/elastic/go-sysinfo: v1.15.4 → v1.15.5
     - gorm.io/gorm: v1.31.1 → v1.31.2

  📁 ./utmstack-collector:
     - github.com/elastic/go-sysinfo: v1.15.4 → v1.15.5
     - gorm.io/gorm: v1.31.1 → v1.31.2

  📁 ./installer:
     - github.com/cloudfoundry/gosigar: v1.3.121 → v1.3.122

  📁 ./plugins/gcp:
     - google.golang.org/api: v0.285.0 → v0.286.0

  📁 ./plugins/modules-config:
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.77.0 → v1.78.0
     - google.golang.org/api: v0.285.0 → v0.286.0

  📁 ./plugins/aws:
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.77.0 → v1.78.0

  📁 ./agent-manager:
     - gorm.io/gorm: v1.31.1 → v1.31.2

�[0;31m❌ Please update dependencies before merging.�[0m

[utmstackprapprover]

Changes requested — Go dependencies check failed (see above).