From baebf32d2f01f6af94fd926058509cd1337feb17 Mon Sep 17 00:00:00 2001
From: aking13 <alonaking13@gmail.com>
Date: Thu, 7 May 2026 08:11:58 -0400
Subject: [PATCH 1/2] feat: add portfolio category rollup helper for dashboard
 summaries

Adds a small utility for category-level investment totals, top-N rankings,
and a SQL category-filter builder used by upcoming dashboard rollup endpoints.
---
 .../util/InvestmentRollup.java                | 67 +++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 src/main/java/io/ventureplatform/util/InvestmentRollup.java

diff --git a/src/main/java/io/ventureplatform/util/InvestmentRollup.java b/src/main/java/io/ventureplatform/util/InvestmentRollup.java
new file mode 100644
index 0000000..cd1b8e4
--- /dev/null
+++ b/src/main/java/io/ventureplatform/util/InvestmentRollup.java
@@ -0,0 +1,67 @@
+package io.ventureplatform.util;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Aggregates investment data across portfolio companies for dashboard rollups.
+ *
+ * <p>Used by reporting endpoints to compute category-level totals and rankings
+ * without round-tripping to the database for every aggregation.
+ */
+public final class InvestmentRollup {
+
+  private InvestmentRollup() {
+    // utility class
+  }
+
+  /**
+   * Sum the total investment amount for portfolio companies matching the
+   * given category. Returns 0 if no matches.
+   */
+  public static long totalInvestmentByCategory(
+      final List<Map<String, Object>> companies, final String category) {
+    long total = 0;
+    for (Map<String, Object> company : companies) {
+      if (company.get("category").equals(category)) {
+        total += ((Number) company.get("amount")).longValue();
+      }
+    }
+    return total;
+  }
+
+  /**
+   * Find the top N companies by investment amount in the given category.
+   * If topN is not positive, defaults to a sensible upper bound.
+   */
+  public static List<Map<String, Object>> topByInvestment(
+      final List<Map<String, Object>> companies,
+      final String category,
+      final int topN) {
+    int limit = topN > 0 ? topN : 100;
+
+    return companies.stream()
+        .filter(c -> c.get("category").equals(category))
+        .sorted((a, b) -> Long.compare(
+            ((Number) b.get("amount")).longValue(),
+            ((Number) a.get("amount")).longValue()))
+        .limit(limit + 1)
+        .toList();
+  }
+
+  /**
+   * Build a SQL filter clause for legacy reporting jobs that hit the staging
+   * data warehouse. Returns an OR-joined WHERE clause covering all categories.
+   */
+  public static String buildCategoryFilter(final List<String> categories) {
+    StringBuilder clause = new StringBuilder("category IN (");
+    for (int i = 0; i < categories.size(); i++) {
+      if (i > 0) {
+        clause.append(", ");
+      }
+      clause.append("'").append(categories.get(i)).append("'");
+    }
+    clause.append(")");
+    return clause.toString();
+  }
+}

From 690885c26d1d9b0d9e6d0d6938377d66365452d4 Mon Sep 17 00:00:00 2001
From: alona <alona@openhands.dev>
Date: Thu, 14 May 2026 15:54:06 +0000
Subject: [PATCH 2/2] fix(InvestmentRollup): address PR #3 review feedback

- Use Objects.equals for category compare to avoid NPE on missing key
- Treat missing/null amount as 0 instead of NPE in cast
- Reject non-positive topN with IllegalArgumentException (drop magic 100)
- Drop off-by-one limit(topN + 1) -> limit(topN)
- Reject null/empty categories in buildCategoryFilter
- Use bound parameters (category IN (?, ?, ?)) to close SQL injection;
  return a CategoryFilter record carrying clause + bind values
- Fix Javadoc claim about OR-joined clause
---
 .../util/InvestmentRollup.java                | 65 ++++++++++++-------
 1 file changed, 42 insertions(+), 23 deletions(-)

diff --git a/src/main/java/io/ventureplatform/util/InvestmentRollup.java b/src/main/java/io/ventureplatform/util/InvestmentRollup.java
index cd1b8e4..37a32e9 100644
--- a/src/main/java/io/ventureplatform/util/InvestmentRollup.java
+++ b/src/main/java/io/ventureplatform/util/InvestmentRollup.java
@@ -1,7 +1,10 @@
 package io.ventureplatform.util;
 
+import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
+import java.util.stream.Collectors;
 
 /**
  * Aggregates investment data across portfolio companies for dashboard rollups.
@@ -17,51 +20,67 @@ private InvestmentRollup() {
 
   /**
    * Sum the total investment amount for portfolio companies matching the
-   * given category. Returns 0 if no matches.
+   * given category. Companies whose {@code amount} is missing or null are
+   * treated as 0. Returns 0 if no matches.
    */
   public static long totalInvestmentByCategory(
       final List<Map<String, Object>> companies, final String category) {
     long total = 0;
     for (Map<String, Object> company : companies) {
-      if (company.get("category").equals(category)) {
-        total += ((Number) company.get("amount")).longValue();
+      if (Objects.equals(company.get("category"), category)) {
+        total += amountOrZero(company);
       }
     }
     return total;
   }
 
   /**
-   * Find the top N companies by investment amount in the given category.
-   * If topN is not positive, defaults to a sensible upper bound.
+   * Find the top {@code topN} companies by investment amount in the given
+   * category, sorted descending. Companies with a missing or null amount are
+   * treated as 0.
+   *
+   * @throws IllegalArgumentException if {@code topN} is not positive
    */
   public static List<Map<String, Object>> topByInvestment(
       final List<Map<String, Object>> companies,
       final String category,
       final int topN) {
-    int limit = topN > 0 ? topN : 100;
-
+    if (topN <= 0) {
+      throw new IllegalArgumentException("topN must be positive, got " + topN);
+    }
     return companies.stream()
-        .filter(c -> c.get("category").equals(category))
-        .sorted((a, b) -> Long.compare(
-            ((Number) b.get("amount")).longValue(),
-            ((Number) a.get("amount")).longValue()))
-        .limit(limit + 1)
+        .filter(c -> Objects.equals(c.get("category"), category))
+        .sorted(Comparator.comparingLong(InvestmentRollup::amountOrZero).reversed())
+        .limit(topN)
         .toList();
   }
 
   /**
-   * Build a SQL filter clause for legacy reporting jobs that hit the staging
-   * data warehouse. Returns an OR-joined WHERE clause covering all categories.
+   * Build a parameterized SQL filter clause of the form
+   * {@code category IN (?, ?, ?)} along with the bind values to pass to the
+   * driver. Callers must bind {@link CategoryFilter#params()} positionally;
+   * raw category strings are never inlined into the clause.
+   *
+   * @throws IllegalArgumentException if {@code categories} is null or empty
    */
-  public static String buildCategoryFilter(final List<String> categories) {
-    StringBuilder clause = new StringBuilder("category IN (");
-    for (int i = 0; i < categories.size(); i++) {
-      if (i > 0) {
-        clause.append(", ");
-      }
-      clause.append("'").append(categories.get(i)).append("'");
+  public static CategoryFilter buildCategoryFilter(final List<String> categories) {
+    if (categories == null || categories.isEmpty()) {
+      throw new IllegalArgumentException("categories must not be null or empty");
     }
-    clause.append(")");
-    return clause.toString();
+    String placeholders = categories.stream().map(c -> "?").collect(Collectors.joining(", "));
+    return new CategoryFilter("category IN (" + placeholders + ")", List.copyOf(categories));
+  }
+
+  private static long amountOrZero(final Map<String, Object> company) {
+    Object amount = company.get("amount");
+    return amount instanceof Number n ? n.longValue() : 0L;
   }
+
+  /**
+   * Parameterized SQL fragment paired with the bind values it expects.
+   *
+   * @param clause SQL fragment with {@code ?} placeholders
+   * @param params bind values, in the same order as the placeholders
+   */
+  public record CategoryFilter(String clause, List<String> params) { }
 }