Skip to content

lint: fix 8 targeted golint categories from lint-monster scan#43126

Open
pelikhan with Copilot wants to merge 10 commits into
mainfrom
copilot/lint-monster-targeted-cleanup
Open

lint: fix 8 targeted golint categories from lint-monster scan#43126
pelikhan with Copilot wants to merge 10 commits into
mainfrom
copilot/lint-monster-targeted-cleanup

Conversation

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Resolves 77 targeted custom-lint findings across 8 narrow categories. Excludes the shared function-length backlog (tracked separately).

Changes by category

  • defer inside loop — extracted probeServer() helper in mcp_inspect_mcp_scripts_server.go so defer resp.Body.Close() is scoped to a single function call, satisfying both deferinloop and httprespbodyclose

  • time.Sleepselect — replaced blocking sleep in mcp_inspect.go shutdown path with select { case <-time.After(...): case <-ctx.Done(): } for proper context cancellation

  • Discarded json.Unmarshal errors — wrapped bare unmarshal calls in logs_awinfo_backward_compat_test.go and dependabot_test.go with if err != nil { t.Fatalf(...) }

  • Redundant .Error() in format strings — removed .Error() from %s format args in 5 locations (frontmatter_error.go, model_alias_validation.go, actions_build_command.go, generate_action_metadata_command.go)

  • len(strings.Split(...)) count anti-pattern — replaced with strings.Count(...)+1 in codex_logs.go, pip.go, xml_comments.go

  • sort.Sliceslices.SortFunc — updated safe_jobs.go using strings.Compare (avoids name collision with a cmp variable in the same package's test files)

  • map[string]bool as set — converted to map[string]struct{} for two local seen variables (lsp_manager.go, runner_topology_validation.go) and the full public API chain in action_resolver.go/action_cache.go (struct fields, GetUsedCacheKeys() return type, PruneOrphanedEntries() parameter, all read/write sites, and both test files)

  • len(s) > 0s != "" — 50+ replacements across 34 files

// Before
failedResolutions map[string]bool
usedCacheKeys     map[string]bool

func (r *ActionResolver) GetUsedCacheKeys() map[string]bool { ... }
func (c *ActionCache) PruneOrphanedEntries(referencedKeys map[string]bool) int { ... }

// After
failedResolutions map[string]struct{}
usedCacheKeys     map[string]struct{}

func (r *ActionResolver) GetUsedCacheKeys() map[string]struct{} { ... }
func (c *ActionCache) PruneOrphanedEntries(referencedKeys map[string]struct{}) int { ... }

Copilot AI linked an issue Jul 3, 2026 that may be closed by this pull request
8 tasks
…p[string]bool, redundant .Error(), len(s)>0, strings.Split, sort.Slice, time.Sleep)

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Cleanup targeted custom lint findings lint: fix 8 targeted golint categories from lint-monster scan Jul 3, 2026
Copilot AI requested a review from pelikhan July 3, 2026 06:55
@pelikhan pelikhan marked this pull request as ready for review July 3, 2026 06:56
Copilot AI review requested due to automatic review settings July 3, 2026 06:56
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Test Quality Sentinel completed test quality analysis.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

PR Code Quality Reviewer completed the code quality review.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Design Decision Gate 🏗️ completed the design decision gate check.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Targets a batch of small, behavior-preserving refactors to satisfy a lint-monster scan across several focused Go lint categories, with a notable API-level adjustment in the workflow action cache/resolver “set” types.

Changes:

  • Replaced several string-emptiness and “line count” anti-patterns (len(s)>0, len(strings.Split(...))) with clearer/cheaper equivalents (s != "", strings.Count(...)+1).
  • Updated safe-outputs/action-cache plumbing to use map[string]struct{} as a set, including exported method/parameter types and corresponding tests.
  • Improved MCP inspect shutdown/readiness paths (helper extraction for HTTP probes, and Sleepselect for ctx-aware waiting) and tightened test unmarshalling error handling.
Show a summary per file
File Description
pkg/workflow/xml_comments.go Avoids len(strings.Split(...)) allocation for line-count logging.
pkg/workflow/shell.go Replaces len(s)>0 loop condition with s != "".
pkg/workflow/safe_outputs_messages_config.go Uses str != "" guard before indexing str[0].
pkg/workflow/safe_jobs.go Switches sort.Slice to slices.SortFunc for entry ordering.
pkg/workflow/runner_topology_validation.go Converts local “seen” set to map[string]struct{}.
pkg/workflow/pip.go Avoids len(strings.Split(...)) allocation for line-count logging.
pkg/workflow/model_alias_validation.go Removes redundant .Error() in formatted error strings.
pkg/workflow/lsp_manager.go Converts local “seen” set to map[string]struct{}.
pkg/workflow/js.go Uses resultStr != "" guard before indexing the last byte.
pkg/workflow/frontmatter_error.go Removes redundant .Error() when formatting error text.
pkg/workflow/dependabot_test.go Stops discarding json.Unmarshal errors in tests.
pkg/workflow/compiler_safe_outputs_job.go Replaces len(part)>0 with part != "" when building handler names.
pkg/workflow/codex_logs.go Avoids len(strings.Split(...)) allocation for line-count logging.
pkg/workflow/claude_tools.go Uses toolName != "" guard before indexing toolName[0].
pkg/workflow/action_resolver.go Converts resolver “sets” to map[string]struct{} and updates exported API.
pkg/workflow/action_resolver_test.go Updates tests for map[string]struct{}-based sets.
pkg/workflow/action_cache.go Updates prune API to accept map[string]struct{} referenced-key set.
pkg/workflow/action_cache_test.go Updates pruning tests for map[string]struct{} referenced-key sets.
pkg/cli/yaml_frontmatter_utils.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/workflows.go Replaces len(word)>0 with word != \"\" during title casing.
pkg/cli/runner_guard.go Replaces len(trimmed)>0 with trimmed != \"\" for non-JSON output handling.
pkg/cli/remove_command.go Replaces len(rest)>0 with rest != \"\" before indexing.
pkg/cli/poutine.go Replaces len(trimmed)>0 with trimmed != \"\" for non-JSON output handling.
pkg/cli/mcp_inspect.go Replaces blocking sleep with ctx-aware select during shutdown.
pkg/cli/mcp_inspect_mcp_scripts_server.go Extracts readiness probe helper to avoid defer in loop + ensure body close.
pkg/cli/logs_awinfo_backward_compat_test.go Stops discarding json.Unmarshal errors in tests.
pkg/cli/git.go Replaces len(strings.TrimSpace(...))>0 with != \"\" checks.
pkg/cli/generate_action_metadata_command.go Removes redundant .Error() and replaces len(word)>0 checks.
pkg/cli/codemod_user_rate_limit.go Replaces len(trimmed)>0 with trimmed != \"\" in indentation detection.
pkg/cli/codemod_upload_assets.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/codemod_slash_command.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/codemod_serena_import.go Replaces len(trimmed)>0 with trimmed != \"\" in block-exit logic.
pkg/cli/codemod_run_install_scripts.go Replaces len(ind)>0 with ind != \"\" indentation detection.
pkg/cli/codemod_pull_request_target_checkout_false.go Replaces len(next)>0 with next != \"\" before indexing.
pkg/cli/codemod_playwright_domains.go Replaces len(trimmed)>0 with trimmed != \"\" in block-exit logic.
pkg/cli/codemod_permissions_write.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/codemod_network_firewall.go Replaces len(trimmed)>0 with trimmed != \"\" in top-level key detection.
pkg/cli/codemod_mcp_network.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/codemod_mcp_mode_to_type.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/codemod_expires_integer.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/codemod_engine_to_top_level_helpers.go Replaces len(trimmed)>0 with trimmed != \"\" in block-exit logic.
pkg/cli/codemod_engine_steps.go Replaces len(trimmed)>0 with trimmed != \"\" in block-exit logic.
pkg/cli/codemod_engine_env_secrets.go Replaces len(trimmed)>0 with trimmed != \"\" in block-exit logic.
pkg/cli/codemod_discussion_flag.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/codemod_difc_proxy.go Replaces len(trimmed)>0 with trimmed != \"\" in block-exit logic.
pkg/cli/codemod_cli_proxy_mode.go Replaces len(trimmed)>0 with trimmed != \"\" in insertion scanning logic.
pkg/cli/codemod_bash_anonymous.go Replaces len(trimmed)>0 with trimmed != \"\" in block-exit logic.
pkg/cli/codemod_assign_to_agent.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/codemod_agent_session.go Replaces len(trimmedLine)>0 with trimmedLine != \"\" in block-exit logic.
pkg/cli/audit_report.go Replaces len(line)>0 with line != \"\" before indexing.
pkg/cli/actions_build_command.go Removes redundant .Error() in formatted error strings.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 51/51 changed files
  • Comments generated: 2
  • Review effort level: Low

Comment thread pkg/cli/mcp_inspect.go
Comment on lines +138 to +141
select {
case <-time.After(mcpScriptsServerShutdownDelay):
case <-ctx.Done():
}
Comment thread pkg/workflow/dependabot_test.go Outdated
Comment on lines +606 to +610
data, _ := os.ReadFile(packageJSONPath)
var pkgJSON PackageJSON
json.Unmarshal(data, &pkgJSON)
if err := json.Unmarshal(data, &pkgJSON); err != nil {
t.Fatalf("Failed to unmarshal package.json: %v", err)
}
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🏗️ Design Decision Gate — ADR Required

This PR makes significant changes to core business logic (137 new lines in pkg/) but does not have a linked Architecture Decision Record (ADR).

📄 Draft ADR committed: docs/adr/43126-enforce-targeted-golint-categories.md — review and complete it before merging.

🔒 This PR cannot merge until an ADR is linked in the PR body.

📋 What to do next
  1. Review the draft ADR committed to your branch — it was generated from the PR diff
  2. Complete the missing sections — add context the AI could not infer, refine the decision rationale, and list real alternatives you considered
  3. Commit the finalized ADR to docs/adr/ on your branch
  4. Reference the ADR in this PR body by adding a line such as:

    ADR: ADR-43126: Enforce Targeted Golint Categories from Lint-Monster Scan

Once an ADR is linked in the PR body, this gate will re-run and verify the implementation matches the decision.

❓ Why ADRs Matter

"AI made me procrastinate on key design decisions. Because refactoring was cheap, I could always say 'I'll deal with this later.' Deferring decisions corroded my ability to think clearly."

ADRs create a searchable, permanent record of why the codebase looks the way it does. Future contributors (and your future self) will thank you.

📋 Michael Nygard ADR Format Reference

An ADR must contain these four sections to be considered complete:

  • Context — What is the problem? What forces are at play?
  • Decision — What did you decide? Why?
  • Alternatives Considered — What else could have been done?
  • Consequences — What are the trade-offs (positive and negative)?

All ADRs are stored in docs/adr/ as Markdown files numbered by PR number (e.g., 0042-use-postgresql.md for PR #42).

🏗️ ADR gate enforced by Design Decision Gate 🏗️ · 64.2 AIC · ⌖ 9.96 AIC · ⊞ 8.5K ·
Comment /review to run again

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🧪 Test Quality Sentinel Report

⚠️ Test Quality Score: 72/100 — Acceptable

Analyzed 4 test functions (across 4 files): 3 design, 1 implementation, 0 violations.

📊 Metrics (4 modified test functions)
Metric Value
Analyzed 4 (Go: 4, JS: 0)
✅ Design 3 (75%)
⚠️ Implementation 1 (25%)
Edge/error coverage 3 (75%)
Duplicate clusters 0
Inflation No
🚨 Violations 0
Test File Classification Issues
TestAwInfoMarshaling (modified) pkg/cli/logs_awinfo_backward_compat_test.go design_test / high_value None — lint fix adds error assertion to previously-unchecked json.Unmarshal calls
TestActionResolverFailedResolutionCache (modified) pkg/workflow/action_resolver_test.go design_test / high_value None — idiomatic _, ok := map[key] replaces map[key] bool lookup
TestActionResolverUsedCacheKeysOnCacheHit / TestActionResolverGetUsedCacheKeysReturnsCopy (modified) pkg/workflow/action_resolver_test.go design_test / high_value None — same idiomatic map check fix
TestPruneOrphanedEntries* (5 functions, modified) pkg/workflow/action_cache_test.go implementation_test / low_value Map literal style map[string]bool{...: true}map[string]struct{}{...: {}} — mechanical type change, no behavior change
TestGenerateDependabotManifests_WithDependencies (modified) pkg/workflow/dependabot_test.go design_test / high_value None — lint fix adds error assertion

Context

All changes in this PR are mechanical lint fixes — not new tests. The four changed test files have only minimal, targeted edits:

  • logs_awinfo_backward_compat_test.go: added if err := json.Unmarshal(...); err != nil { t.Fatalf(...) } (2 places) — fixes errcheck lint.
  • action_resolver_test.go: replaced map[bool] key lookups (e.g. if !resolver.failedResolutions[key]) with idiomatic _, ok := map[key] — fixes map[string]bool lint.
  • action_cache_test.go: replaced map[string]bool{...: true} with map[string]struct{}{...: {}} — fixes map[string]bool lint.
  • dependabot_test.go: added if err := json.Unmarshal(...); err != nil { t.Fatalf(...) } — fixes errcheck lint.

No new test functions were added; no test logic was changed. All changes improve test correctness by surfacing previously-swallowed errors.

Verdict

Passed. 25% implementation tests (threshold: 30%). No guideline violations. All changes are lint-compliance fixes that strictly improve test quality.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🧪 Test quality analysis by Test Quality Sentinel · 74.2 AIC · ⌖ 12.6 AIC · ⊞ 6.8K ·
Comment /review to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Test Quality Sentinel: 72/100. 25% implementation tests (threshold: 30%). All changes are mechanical lint-compliance fixes that improve test correctness by surfacing previously-swallowed errors.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: lint-monster targeted cleanup ✅

Clean, well-scoped lint fixes. All 8 categories are addressed correctly. Changes are safe mechanical improvements with no functional regressions.

Highlights:

  • probeServer helper is a good extraction — correctly scopes defer resp.Body.Close() and the //nolint:nilerr comment is appropriate for probe semantics
  • select { case <-time.After(...): case <-ctx.Done(): } is the right pattern for interruptible sleeps
  • map[string]struct{} migration is complete and consistent — struct fields, public API signatures, and all call sites updated in sync with test files
  • slices.SortFunc + strings.Compare avoids the cmp variable name collision thoughtfully
  • strings.Count(s, "\n")+1 is the idiomatic line-count replacement
  • Removing .Error() from %s format args is correct (the error interface already formats via Error() when used with %s/%v)

One non-blocking finding (inline): dependabot_test.go line 605 still discards the os.ReadFile error — the json.Unmarshal guard was added but data, _ := os.ReadFile(...) on the preceding line wasn't updated.

🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 49.6 AIC · ⌖ 6.12 AIC · ⊞ 4.8K

@@ -605,7 +605,9 @@ func TestGenerateDependabotManifests_WithDependencies(t *testing.T) {
// Verify package.json content

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The json.Unmarshal error is now correctly handled, but os.ReadFile on the preceding line still discards its error with _. If the file is missing or unreadable, data will be empty and the unmarshal will fail with a confusing unexpected end of JSON input rather than a clear file-not-found message. Consider:

data, err := os.ReadFile(packageJSONPath)
if err != nil {
    t.Fatalf("failed to read package.json: %v", err)
}

@copilot please address this.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skills-Based Review 🧠

Applied /codebase-design and /tdd — no blocking correctness issues; leaving as COMMENT with a few targeted observations.

📋 Key Themes & Highlights

Key Themes

  • Stale log message (mcp_inspect_mcp_scripts_server.go line 85): probeServer extraction moved the request-creation logic inside the helper, but the error log at the call site still says "Failed to create request" — should be updated to match the helper's abstraction.
  • Condition readability (runner_topology_validation.go lines 89, 93): the comma-ok lookup is in the if init position but the branch condition tests an unrelated predicate — unconventional enough to trip a future reader.
  • Incomplete error hygiene in tests (dependabot_test.go): json.Unmarshal errors are now correctly checked (great!), but os.ReadFile and yaml.Unmarshal on nearby lines still use blank identifiers, leaving silent failure paths.
  • map[string]struct{} API readability: the public API change is correct and memory-efficient, but a named type alias (ActionKeySet) would signal set semantics to readers without adding overhead.

Positive Highlights

  • ✅ Clean probeServer extraction — scopes defer resp.Body.Close() correctly and simplifies waitForServerReady.
  • select-based shutdown in mcp_inspect.go — proper context propagation, correct behaviour on forced cancellation.
  • ✅ Full public API chain updated consistently: struct fields, method signatures, all test files.
  • slices.SortFunc + strings.Compare avoids the cmp naming collision noted in the PR description — good defensive naming.
  • strings.Count(...)+1 is a clear improvement over allocating a slice just to len it.

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 129.4 AIC · ⌖ 5.57 AIC · ⊞ 6.6K
Comment /matt to run again

Comments that could not be inline-anchored

pkg/cli/mcp_inspect_mcp_scripts_server.go:85

[/codebase-design] Misleading log message: the log still says &quot;Failed to create request&quot; but that logic now lives inside probeServer. The error returned is a request-construction failure, not a network failure — but the log label no longer matches.

<details>
<summary>💡 Suggested fix</summary>

Update the error log to match the helper's semantics:

if err != nil {
    mcpInspectLog.Printf(&quot;Probe error (non-retryable): %v&quot;, err)
    return err
}

This also helps readers distin…

pkg/workflow/runner_topology_validation.go:89

[/codebase-design] The condition if _, ok := seen[&quot;sudo&quot;]; containsSudoCommand(trimmed) &amp;&amp; !ok separates the map lookup from the predicate it guards — the ok binding is visible in the outer if even when containsSudoCommand is false, which makes this harder to reason about.

<details>
<summary>💡 Suggested rewrite (standard Go idiom)</summary>

The conventional form keeps the lookup co-located with the guard:

if containsSudoCommand(trimmed) {
    if _, ok := seen[&quot;sudo&quot;]; !ok</details>

<details><summary>pkg/workflow/dependabot_test.go:606</summary>

**[/tdd]** `os.ReadFile` error is silently discarded on this lineif the file read fails, `json.Unmarshal` below will see empty `data` and produce a misleading zero-value struct rather than failing fast.

&lt;details&gt;
&lt;summary&gt;💡 Suggested fix&lt;/summary&gt;

```go
data, err := os.ReadFile(packageJSONPath)
if err != nil {
    t.Fatalf(&quot;Failed to read package.json: %v&quot;, err)
}

The json.Unmarshal error is now correctly checked (good!), but the ReadFile on this line still uses the blank identif…

pkg/workflow/dependabot_test.go:340

[/tdd] Both os.ReadFile and yaml.Unmarshal errors are silently discarded here — this was not touched in the PR but is in the same test file where json.Unmarshal errors were just fixed. A read failure would produce a silent zero-value DependabotConfig causing a false-pass.

<details>
<summary>💡 Suggested fix</summary>

data, err := os.ReadFile(dependabotPath)
if err != nil {
    t.Fatalf(&quot;Failed to read dependabot.yml: %v&quot;, err)
}
if err := yaml.Unmarshal(data, &amp;config); err !</details>

<details><summary>pkg/cli/mcp_inspect_mcp_scripts_server.go:59</summary>

**[/codebase-design]** `probeServer` swallows the transport error and returns `(false, nil)`this is correct for the retry loop, but the `//nolint:nilerr` comment only explains *that* it is intentional, not *why* callers can retry safely. A future reader might conclude the `nilerr` suppression is wrong and add error propagation, breaking the polling loop.

&lt;details&gt;
&lt;summary&gt;💡 Suggested comment improvement&lt;/summary&gt;

```go
// probe failure is expected during startup; callers should retry
ret…

</details>

<details><summary>pkg/workflow/action_resolver.go:37</summary>

**[/codebase-design]** The public return type of `GetUsedCacheKeys()` is now `map[string]struct{}` — this is the correct representation, but there is no helper or alias to signal intent (e.g. a `type ActionKeySet = map[string]struct{}`). Callers reading the signature see a raw `map[string]struct{}` with no indication it is a set.

&lt;details&gt;
&lt;summary&gt;💡 Optional improvement&lt;/summary&gt;

A type alias in the `workflow` package would make intent explicit and allow future evolution (e.g. swapping to `</details>

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocking observations on an otherwise clean lint sweep

The mechanical fixes (.Error() removal, len(s)>0→s!="", strings.Count, sort→slices, map[string]bool→struct{}, json.Unmarshal error handling, time.Sleep→select) are all correct. The map[string]struct{} public API change is complete — every call site updated, no bool-style indexing survives anywhere in the repo.

Two low-signal observations are left inline (neither blocks merge):

  • runner_topology_validation.go: if init; condition pattern introduces a maintenance hazard around key-string coupling, where mismatched init/write keys would silently read ok from the wrong slot.
  • mcp_inspect_mcp_scripts_server.go: the probeServer helper is a good extraction, but return true, nil without draining the body means connection reuse is silently disabled for every successful probe — this refactor is a good spot to close a pre-existing gap.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

🔎 Code quality review by PR Code Quality Reviewer · 164.8 AIC · ⌖ 5.76 AIC · ⊞ 5.4K
Comment /review to run again


if containsSudoCommand(trimmed) && !seen["sudo"] {
seen["sudo"] = true
if _, ok := seen["sudo"]; containsSudoCommand(trimmed) && !ok {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Condition evaluation order inverted: ok is always bound regardless of whether the check is needed.

💡 Details and suggested fix

The original code short-circuited naturally:

if containsSudoCommand(trimmed) && !seen["sudo"] {

The map was only read when containsSudoCommand returned true.

The replacement uses the if init; condition form:

if _, ok := seen["sudo"]; containsSudoCommand(trimmed) && !ok {

This unconditionally performs the map lookup on every iteration and binds ok before the condition is evaluated. The semantics are still correct today, but the pattern creates a maintenance hazard: the key string in the init ("sudo") and the key used to write (seen["sudo"] = struct{}{}) are visually separated, so a future copy-paste that changes one but not the other will silently mis-read ok from the wrong key.

A cleaner way to preserve short-circuit while using map[string]struct{}:

if containsSudoCommand(trimmed) {
    if _, ok := seen["sudo"]; !ok {
        seen["sudo"] = struct{}{}
        violations = append(violations, "sudo")
    }
}

The same applies to the apt-get install block on the following lines.

mcpInspectLog.Printf("Warning: failed to close response body: %v", closeErr)
}
}()
return true, nil

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Response body not drained before Close: connection reuse silently disabled for every successful probe.

💡 Details and suggested fix

Go's net/http Transport only reuses a keep-alive connection when the response body is fully read (or explicitly discarded) before Close. When probeServer returns true without draining the body, the TCP connection is abandoned rather than returned to the idle pool.

In a tight polling loop (up to ~25 probes at 200 ms intervals), each probe that hits a non-empty response leaves a half-open connection. The default MaxIdleConnsPerHost is 2, so after the first few probes the client opens a fresh TCP connection every time instead of reusing idle ones.

Fix — drain the body before deferring Close:

resp, err := client.Do(req)
if err != nil {
    return false, nil (nolint/redacted):nilerr
}
defer func() {
    _, _ = io.Copy(io.Discard, resp.Body)
    if closeErr := resp.Body.Close(); closeErr != nil {
        mcpInspectLog.Printf("Warning: failed to close response body: %v", closeErr)
    }
}()
return true, nil

Note: the original inline code had the same issue — this refactor is a good opportunity to close it.

@pelikhan

pelikhan commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

/souschef

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

PR Sous Chef finished PR sous-chef nudges.

processed=5; skipped_checks_running=2; skipped_last_comment_from_sous_chef=1; skipped_cooldown=0; nudged=2; branch_update_attempts=0; formatter_pushes=0; merge_main_scheduled=0

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🤖 PR Triage

Field Value
Category formatting
Risk 🟢 Low
Score 35 / 100
Action batch_review

Score Breakdown: Impact 12 + Urgency 10 + Quality 13

Rationale: Lint cleanup across 52 files (187+/113−) for 8 golint categories from a lint-monster scan. Includes an ADR doc. Wide blast radius (52 files) but changes are mechanical/formatting. Low urgency; batch with other housekeeping PRs.

Recommended Action: Batch review — no rush, schedule with other housekeeping items.

Generated by 🔧 PR Triage Agent · 86.3 AIC · ⌖ 6.42 AIC · ⊞ 5.5K ·

@pelikhan

pelikhan commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

@copilot run pr-finished skill

Copilot AI and others added 2 commits July 3, 2026 09:07
…imer

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…y if-init pattern

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

@copilot run pr-finished skill

Done. Addressed all unresolved review threads across two commits:

  • dependabot_test.goos.ReadFile errors now checked at both line 606 and line 340; yaml.Unmarshal error also checked at line 340
  • mcp_inspect.gotime.After replaced with time.NewTimer + Stop() on the ctx.Done() path to prevent timer leaks
  • mcp_inspect_mcp_scripts_server.go — response body drained via io.Copy(io.Discard, ...) before Close so the HTTP transport can reuse connections
  • runner_topology_validation.goif init; condition refactored to nested if blocks, keeping the map key/write co-located

All local checks pass (make fmt, make lint, make test-unit). CI needs a human re-trigger to confirm.

@pelikhan

pelikhan commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, review the latest maintainer note plus any remaining non-blocking review feedback, and rerun checks after any follow-up fixes.

Generated by 👨‍🍳 PR Sous Chef · 10.6 AIC · ⌖ 3.18 AIC · ⊞ 6.6K ·
Comment /souschef to run again

…targeted-cleanup

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill, review the latest maintainer note plus any remaining non-blocking review feedback, and rerun checks after any follow-up fixes.

...

Done. The CI failure (manualmutexunlock on process_env_lookup.go:28) was caused by a file added to main after this branch was cut — the original commit had a non-deferred RUnlock(). Merged origin/main into the branch (652e0df) to pick up the fix from main (#43171). All local checks pass (make fmt, make lint, make test-unit). CI needs a human re-trigger to confirm.

@pelikhan

pelikhan commented Jul 4, 2026

Copy link
Copy Markdown
Collaborator

Copilot AI and others added 2 commits July 4, 2026 03:06
…targeted-cleanup

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 4, 2026

Copy link
Copy Markdown
Contributor Author

@copilot merge main , recompile
Fix https://github.com/github/gh-aw/actions/runs/28670499040/job/85096860982

Done. Merged origin/main (picked up 5 new commits including the arc_dind_artifacts.go addition), ran make recompile (258/258 workflows compiled successfully), and fixed a stringscutprefix lint finding in arc_dind_artifacts.go that came in via the merge (HasPrefix + TrimPrefixCutPrefix). All local checks pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[lint-monster] lint-monster: targeted custom-lint cleanup

4 participants