- Add nolint:gosec comments for safe file operations
- G304: File reads from validated/secure paths
- G306/G302: JSONL/error files need 0644 for sharing/debugging
- G204: Subprocess launches with validated arguments
- G104: Deferred file close errors are non-critical
- G115: Safe integer conversions in backoff
- G201: SQL placeholders for IN clause expansion
All warnings are for intentional behavior that is safe in context.
Amp-Thread-ID: https://ampcode.com/threads/T-d78f2780-4709-497f-97b0-035ca8c809e1
Co-authored-by: Amp <amp@ampcode.com>
Based on oracle feedback:
- Add parseChecks() helper for check normalization and validation
- Supports synonyms: dupes→duplicates, git-conflicts→conflicts
- Case-insensitive, whitespace-tolerant parsing
- Deduplicates repeated checks while preserving order
- Returns error for unknown checks (exit code 2)
- Fix JSON output robustness
- Serialize errors as strings, not objects
- Add 'failed' boolean per check
- Fix 'healthy' to include error state
- Improve error handling
- hasFailures() now includes check errors
- Exit code 1 for any failures (issues or errors)
- Exit code 2 for usage errors (invalid checks)
- Optimize database access
- Single SearchIssues() call shared across checks
- Only fetch if needed (orphans/duplicates/pollution)
- Stabilize output ordering
- Print checks in deterministic order (not map iteration)
- Use result.name for display labels
- Better UX
- Unknown checks fail fast with helpful message
- Deterministic output for CI/scripting
- More robust JSON for machine consumption
