# golangci-lint configuration for ai-compliance-sdk
# Docs: https://golangci-lint.run/usage/configuration/
#
# Philosophy: catch real bugs and security issues; skip style nits on legacy code.
# Run: cd ai-compliance-sdk && golangci-lint run --timeout 5m ./...

run:
  timeout: 5m
  modules-download-mode: readonly

linters:
  disable-all: true
  enable:
    # --- Correctness ---
    - errcheck        # unhandled error returns
    - govet           # suspicious constructs (shadow, printf, copylocks, …)
    - staticcheck     # SA* checks: bugs, deprecated APIs, ineffectual code
    - ineffassign     # assignments whose result is never used
    - unused          # exported/unexported symbols that are never referenced

    # --- Security ---
    - gosec           # G* checks: SQL injection, hardcoded credentials, weak crypto, …

    # --- Complexity / maintainability ---
    - gocyclo         # cyclomatic complexity > threshold
    - gocritic        # opinionated but practical style + correctness checks
    - revive          # linter on top of golint; many useful checks

    # --- Formatting / imports ---
    - goimports       # gofmt + import grouping

linters-settings:
  errcheck:
    # Don't flag fmt.Print* and similar convenience functions.
    exclude-functions:
      - fmt.Print
      - fmt.Println
      - fmt.Printf
      - fmt.Fprint
      - fmt.Fprintln
      - fmt.Fprintf

  gocyclo:
    # Handlers and store methods that wrap many DB queries are allowed to be
    # somewhat complex. This is a reasonable threshold.
    min-complexity: 20

  gosec:
    # G104 (unhandled errors) is covered by errcheck; G304/G306 (file
    # path injection) would need context — keep but accept on review.
    excludes:
      - G104

  revive:
    rules:
      - name: exported
        arguments:
          - checkPrivateReceivers: false
          - disableStutteringCheck: true
      - name: error-return
      - name: increment-decrement
      - name: var-declaration
      - name: package-comments
        disabled: true   # not enforced on internal packages

  gocritic:
    enabled-tags:
      - diagnostic
      - performance
    disabled-checks:
      - hugeParam       # flags large structs passed by value — too noisy until we audit
      - rangeValCopy    # same reason

issues:
  # Don't fail on generated protobuf stubs or vendor code.
  exclude-rules:
    - path: "_pb\\.go$"
      linters: [all]
    - path: "vendor/"
      linters: [all]

  # Report at most 50 issues per linter so the first run is readable.
  max-issues-per-linter: 50
  max-same-issues: 5

  # New code only: don't fail on pre-existing issues in files we haven't touched.
  # Remove this once a clean baseline is established.
  new: false