feat[backed](elasticSearchService): added batch processing of request…

[AlexSanchez-bit]

Main changes

• added a rebuild os client process step on opensearch io errors
• make batch streaming on long list resources

[github-actions]

🛑 AI review — Engineer review required

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. @Kbayero @osmontero please review.

✅ architecture (gemini-3-flash-lite) — Tier 1 — looks clean

Summary: Implements streaming CSV export for large datasets in the Java backend with robust OpenSearch client recovery.

No findings.

⚠️ bugs (gemini-3-flash-lite) — Tier 2 — changes requested

Summary: Fixed typos in environment variable error messages and added missing CSV cell sanitization.

• medium backend/src/main/java/com/park/utmstack/service/elasticsearch/OpensearchClientBuilder.java:64 — Typo: "his value" → "its value" in error message.
• medium backend/src/main/java/com/park/utmstack/service/elasticsearch/OpensearchClientBuilder.java:67 — Typo: "his value" → "its value" in error message.
• medium backend/src/main/java/com/park/utmstack/service/elasticsearch/OpensearchClientBuilder.java:70 — Typo: "his value" → "its value" in error message.
• medium backend/src/main/java/com/park/utmstack/service/elasticsearch/OpensearchClientBuilder.java:73 — Typo: "his value" → "its value" in error message.

🛑 security (gemini-3-flash-lite) — Tier 3 — engineer review required

Summary: Introduces complex OpenSearch client lifecycle management and streaming logic, touching security-critical infrastructure.

• medium backend/src/main/java/com/park/utmstack/service/elasticsearch/OpensearchClientBuilder.java:56 — The rebuild() method uses synchronized blocks to manage the client singleton. While this prevents race conditions during client initialization, it may introduce a denial-of-service vector if the I/O reactor enters a state where it repeatedly fails, causing frequent, blocking rebuilds of the underlying client.
• medium backend/src/main/java/com/park/utmstack/web/rest/elasticsearch/ElasticsearchResource.java:237 — The error handling for CSV export now returns a generic message, but the original exception is logged with full stack traces. Ensure that the logging configuration does not inadvertently expose sensitive internal environment details or PII to log aggregation systems.

[utmstackprapprover]

Changes requested — see approver comments above.

[utmstackprapprover]

Changes requested — see approver comments above.

[AlexSanchez-bit]

Observations

• as the rebuild method is a synchronized method every rebuild request must acquire the lock before trying to rebuild again there's no parallel rebuild call
• csv returned error is a user friendly error message and logged one is a technical error message