go-lint failed on every PR: golangci-lint v1.62-alpine is built with go1.23 and
refuses to load a go1.24.0 module's config ("language version go1.23 lower than
targeted 1.24.0"), so it never actually linted.
- container v1.62-alpine -> v1.64.8-alpine (built with go1.24.1)
- revive `exported` used the old map-argument form, which v1.64 rejects
("expecting a string, got map") -> string form (disableStutteringCheck)
- running golangci for the first time surfaces ~15 pre-existing findings in
unrelated packages (academy/whistleblower/iace/training + a few tests);
switch issues.new:false -> new-from-merge-base:main so only newly changed
lines fail (the config already anticipated this)
- new-from-merge-base needs the merge base -> go-lint checkout now does a full
clone (local `main` ref) instead of a shallow single-branch clone
Verified locally with v1.64.8: a clean branch over main lints to 0 issues
(pre-existing debt ignored), config loads cleanly. Touches only CI config.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- loc-budget CI job: remove if/else PR-only guard; now runs scripts/check-loc.sh
(no || true) on every push and PR, scanning the full repo
- sbom-scan: remove || true from grype command — high+ CVEs now block PRs
- scripts/check-loc.sh: add test_*.py / */test_*.py and *.html exclusions so
Python test files and Jinja/HTML templates are not counted against the budget
- .claude/rules/loc-exceptions.txt: grandfather 40 remaining oversized files
into the exceptions list (one-off scripts, docs copies, platform SDKs,
and Phase 1 backend-compliance refactor backlog)
- ai-compliance-sdk/.golangci.yml: add strict golangci-lint config (errcheck,
govet, staticcheck, gosec, gocyclo, gocritic, revive, goimports)
- delete stray routes.py.backup (2512 LOC)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Benjamin Admin