fix(lint): address gosec, misspell, and unparam warnings

- gate.go: fix "cancelled" → "canceled" misspelling, add #nosec for
  validated GitHub IDs in exec.Command, mark checkTimer escalated as
  intentionally false, rename unused ctx param
- sync_divergence.go: add #nosec for git commands with validated paths,
  mark unused path param
- sync_branch.go: add #nosec for .git/info/exclude permissions
- setup.go: add #nosec for config file permissions
- recipes.go: add #nosec for validated config file paths
- external_deps.go: add #nosec for SQL with generated placeholders

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
beads/crew/fang
2026-01-05 22:06:52 -08:00
committed by Steve Yegge
parent ee179f5b6d
commit 7b0f398f11
6 changed files with 19 additions and 17 deletions

View File

@@ -100,7 +100,7 @@ type UserRecipes struct {
// LoadUserRecipes loads recipes from .beads/recipes.toml if it exists.
func LoadUserRecipes(beadsDir string) (map[string]Recipe, error) {
path := filepath.Join(beadsDir, "recipes.toml")
data, err := os.ReadFile(path)
data, err := os.ReadFile(path) // #nosec G304 -- path is constructed from validated beadsDir
if os.IsNotExist(err) {
return nil, nil // No user recipes, that's fine
}
@@ -173,7 +173,7 @@ func SaveUserRecipe(beadsDir, name, path string) error {
// Load existing user recipes
var userRecipes UserRecipes
data, err := os.ReadFile(recipesPath)
data, err := os.ReadFile(recipesPath) // #nosec G304 -- path is constructed from validated beadsDir
if err == nil {
if err := toml.Unmarshal(data, &userRecipes); err != nil {
return fmt.Errorf("parse recipes.toml: %w", err)
@@ -199,7 +199,7 @@ func SaveUserRecipe(beadsDir, name, path string) error {
}
// Write back
f, err := os.Create(recipesPath)
f, err := os.Create(recipesPath) // #nosec G304 -- path is constructed from validated beadsDir
if err != nil {
return fmt.Errorf("create recipes.toml: %w", err)
}