# golangci-lint configuration for the eeco repository.
#
# Slice 1 of the CI quality-bar effort: errcheck, gosec, govet,
# staticcheck, and unused on top of the `go vet` minimum already run by
# `make verify`. Run locally with `make lint`; CI gates on the same
# target. The golangci-lint version is pinned in the Makefile
# (GOLANGCI_LINT_VERSION) so local and CI stay byte-identical.

version: "2"

linters:
  default: none
  enable:
    - errcheck
    - gosec
    - govet
    - staticcheck
    - unused
  settings:
    gosec:
      # eeco is a local, single-operator CLI. The rules below assume a
      # network-facing service with untrusted input; they misfire on
      # eeco's deliberate design and are excluded with that rationale.
      excludes:
        - G101 # "hardcoded credentials" — eeco's only matches are env-var NAMES (e.g. the ANTHROPIC_API_KEY default for ai_api_key_env); the secret value is read from the environment at call time, never stored in source or config
        - G104 # unhandled errors — errcheck already owns error-checking; G104 is a redundant blanket re-report
        - G122 # symlink TOCTOU in a WalkDir callback — eeco scans the operator's own checkout, not an untrusted tree
        - G204 # subprocess with variable args — running git/cosign/gh/pagers/workflows is the product
        - G301 # 0o755 workspace directories — deliberate, matches the git-tree convention, operator-readable
        - G302 # 0o644 workspace files via OpenFile — deliberate, same rationale as G301
        - G304 # file access via a computed path — eeco reads and writes its own workspace by path
        - G306 # 0o644 WriteFile — deliberate, same rationale as G302
        - G404 # weak RNG (math/rand) — the only use picks a cosmetic home-screen tip at random; tip selection is not security-sensitive and needs no crypto/rand
        - G702 # command-injection taint analysis — the taint-analysis sibling of G204; eeco's subprocess args (git/cosign/gh/…) run with explicit argv and no shell, so an operator-supplied value reaching runGit as a commit message or git flag can never inject a command
        - G703 # path-traversal taint analysis — same family as G304, same rationale
  exclusions:
    presets:
      # Standard unchecked-error idioms: writes to stdout/stderr, Close,
      # Flush, os.Remove — the error is unactionable at the call site.
      - std-error-handling