johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Suppress gosec warnings with nolint comments

Browse Source 
- Add nolint:gosec comments for safe file operations
- G304: File reads from validated/secure paths
- G306/G302: JSONL/error files need 0644 for sharing/debugging
- G204: Subprocess launches with validated arguments
- G104: Deferred file close errors are non-critical
- G115: Safe integer conversions in backoff
- G201: SQL placeholders for IN clause expansion

All warnings are for intentional behavior that is safe in context.

Amp-Thread-ID: https://ampcode.com/threads/T-d78f2780-4709-497f-97b0-035ca8c809e1
Co-authored-by: Amp <amp@ampcode.com>
This commit is contained in:
Steve Yegge
2025-11-02 08:09:58 -08:00
parent 20b21fda42
commit 15affbe11e
14 changed files with 123 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/daemonrunner/daemon.go
View File

@@ -27,7 +27,7 @@ type Daemon struct {
server *rpc.Server
lock io.Closer
cancel context.CancelFunc
// Version is the daemon's build version
Version string
}
@@ -62,7 +62,7 @@ func (d *Daemon) Start() error {
defer func() { _ = d.lock.Close() }()
defer func() { _ = os.Remove(d.cfg.PIDFile) }()
d.log.log("Daemon started (interval: %v, auto-commit: %v, auto-push: %v)",
d.log.log("Daemon started (interval: %v, auto-commit: %v, auto-push: %v)",
d.cfg.Interval, d.cfg.AutoCommit, d.cfg.AutoPush)
// Handle global daemon differently
@@ -178,8 +178,6 @@ func getGlobalBeadsDir() (string, error) {
return beadsDir, nil
}
func (d *Daemon) setupLock() (io.Closer, error) {
beadsDir := filepath.Dir(d.cfg.PIDFile)
lock, err := acquireDaemonLock(beadsDir, d.cfg.DBPath, d.Version)
@@ -255,6 +253,7 @@ func (d *Daemon) validateSingleDatabase() error {
// Write error to file so user can see it without checking logs
errFile := filepath.Join(d.cfg.BeadsDir, "daemon-error")
// nolint:gosec // G306: Error file needs to be readable for debugging
_ = os.WriteFile(errFile, []byte(errMsg), 0644)
return fmt.Errorf("multiple database files found")
@@ -283,7 +282,7 @@ func (d *Daemon) validateSchemaVersion() error {
}
mismatch, missing := checkVersionMismatch(dbVersion, d.Version)
if mismatch {
d.log.log("Error: Database schema version mismatch")
d.log.log(" Database version: %s", dbVersion)