Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity
Files
8ec8af4c2da85d6c896f801c9aee4d4b4e13e91a
breakpilot-compliance/ai-compliance-sdk/.golangci.yml
Sharang Parnerkar 58f108b578 phase 5: flip loc-budget to whole-repo blocking gate [guardrail-change] 
- loc-budget CI job: remove if/else PR-only guard; now runs scripts/check-loc.sh
  (no || true) on every push and PR, scanning the full repo
- sbom-scan: remove || true from grype command — high+ CVEs now block PRs
- scripts/check-loc.sh: add test_*.py / */test_*.py and *.html exclusions so
  Python test files and Jinja/HTML templates are not counted against the budget
- .claude/rules/loc-exceptions.txt: grandfather 40 remaining oversized files
  into the exceptions list (one-off scripts, docs copies, platform SDKs,
  and Phase 1 backend-compliance refactor backlog)
- ai-compliance-sdk/.golangci.yml: add strict golangci-lint config (errcheck,
  govet, staticcheck, gosec, gocyclo, gocritic, revive, goimports)
- delete stray routes.py.backup (2512 LOC)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 14:29:43 +02:00

89 lines
2.7 KiB
YAML
Raw Blame History

# golangci-lint configuration for ai-compliance-sdk
# Docs: https://golangci-lint.run/usage/configuration/
#
# Philosophy: catch real bugs and security issues; skip style nits on legacy code.
# Run: cd ai-compliance-sdk && golangci-lint run --timeout 5m ./...
run:
timeout: 5m
modules-download-mode: readonly
linters:
disable-all: true
enable:
# --- Correctness ---
- errcheck # unhandled error returns
- govet # suspicious constructs (shadow, printf, copylocks, …)
- staticcheck # SA* checks: bugs, deprecated APIs, ineffectual code
- ineffassign # assignments whose result is never used
- unused # exported/unexported symbols that are never referenced
# --- Security ---
- gosec # G* checks: SQL injection, hardcoded credentials, weak crypto, …
# --- Complexity / maintainability ---
- gocyclo # cyclomatic complexity > threshold
- gocritic # opinionated but practical style + correctness checks
- revive # linter on top of golint; many useful checks
# --- Formatting / imports ---
- goimports # gofmt + import grouping
linters-settings:
errcheck:
# Don't flag fmt.Print* and similar convenience functions.
exclude-functions:
- fmt.Print
- fmt.Println
- fmt.Printf
- fmt.Fprint
- fmt.Fprintln
- fmt.Fprintf
gocyclo:
# Handlers and store methods that wrap many DB queries are allowed to be
# somewhat complex. This is a reasonable threshold.
min-complexity: 20
gosec:
# G104 (unhandled errors) is covered by errcheck; G304/G306 (file
# path injection) would need context — keep but accept on review.
excludes:
- G104
revive:
rules:
- name: exported
arguments:
- checkPrivateReceivers: false
- disableStutteringCheck: true
- name: error-return
- name: increment-decrement
- name: var-declaration
- name: package-comments
disabled: true # not enforced on internal packages
gocritic:
enabled-tags:
- diagnostic
- performance
disabled-checks:
- hugeParam # flags large structs passed by value — too noisy until we audit
- rangeValCopy # same reason
issues:
# Don't fail on generated protobuf stubs or vendor code.
exclude-rules:
- path: "_pb\\.go$"
linters: [all]
- path: "vendor/"
linters: [all]
# Report at most 50 issues per linter so the first run is readable.
max-issues-per-linter: 50
max-same-issues: 5
# New code only: don't fail on pre-existing issues in files we haven't touched.
# Remove this once a clean baseline is established.
new: false
Reference in New Issue View Git Blame Copy Permalink