version: "2"

run:
  timeout: 5m
  tests: false

linters:
  default: 'none'
  enable:
    - errcheck
    - gosec
    - misspell
    - unconvert
    - unparam

  settings:
    errcheck:
      exclude-functions:
        - (*database/sql.DB).Close
        - (*database/sql.Rows).Close
        - (*database/sql.Tx).Rollback
        - (*database/sql.Stmt).Close
        - (*database/sql.Conn).Close
        - (*os.File).Close
        - (os).RemoveAll
        - (os).Remove
        - (os).Setenv
        - (os).Unsetenv
        - (os).Chdir
        - (os).MkdirAll
        - (fmt).Sscanf
    misspell:
      locale: US

  exclusions:
    rules:
      # G304: File inclusion via variable in tests is safe (test data)
      - path: '_test\.go'
        linters:
          - gosec
        text: "G304"
      # G306: File permissions 0644 in tests are acceptable (test fixtures)
      - path: '_test\.go'
        linters:
          - gosec
        text: "G306"
      # G304: Safe file reads from known JSONL and error paths
      - path: 'cmd/bd/autoflush\.go|internal/beads/beads\.go|internal/daemon/discovery\.go|internal/daemonrunner/sync\.go|internal/syncbranch/worktree\.go'
        linters:
          - gosec
        text: "G304"
      # G302/G306: Directory/file permissions 0700/0750 are acceptable
      - linters:
          - gosec
        text: "G302.*0700|G301.*0750"
      # G302/G306: JSONL files and error logs need 0644 for debugging/sharing
      - path: 'cmd/bd/autoflush\.go|cmd/bd/daemon\.go|cmd/bd/daemon_sync_branch\.go|internal/daemon/registry\.go|internal/daemonrunner/daemon\.go|internal/git/worktree\.go'
        linters:
          - gosec
        text: "G306"
      # G306: Git hooks must be executable (0700)
      - path: 'cmd/bd/init\.go'
        linters:
          - gosec
        text: "G306.*0700"
      # G204: Safe subprocess launches with validated arguments
      - path: 'cmd/bd/daemon_autostart\.go|cmd/bd/daemon_sync_branch\.go|cmd/bd/doctor\.go|cmd/bd/doctor/fix/sync_branch\.go|cmd/bd/jira\.go|cmd/bd/migrate_sync\.go|cmd/bd/show\.go|cmd/bd/sync\.go|internal/git/worktree\.go|internal/syncbranch/worktree\.go'
        linters:
          - gosec
        text: 'G204'
      # G104: Deferred file closes - errors are non-critical
      - path: 'cmd/bd/show\.go'
        linters:
          - gosec
        text: "G104.*Close"
      # G115: Safe integer conversions in backoff calculations
      - path: 'cmd/bd/daemon_autostart\.go'
        linters:
          - gosec
        text: "G115"
      # G201: SQL with fmt.Sprintf using placeholders (IN clause expansion)
      - path: 'internal/storage/sqlite/(dependencies|batch_ops)\.go'
        linters:
          - gosec
        text: "G201"
      # errcheck: Ignore unchecked errors in test files for common cleanup patterns
      - path: '_test\.go'
        linters:
          - errcheck
        text: "Error return value of .*(Close|Rollback|RemoveAll|Setenv|Unsetenv|Chdir|MkdirAll|Remove|Write|SetReadDeadline|SetDeadline|Start|Stop).* is not checked"

      # unparam: Placeholder functions that may return errors in future implementation
      - path: 'cmd/bd/jira\.go'
        linters:
          - unparam
        text: 'reimportConflicts|resolveConflictsByTimestamp'

issues:
  uniq-by-line: true