Add golangci-lint v2 config and fix all lint issues across codebase

Author: jakeschepis

.claude/rules/release.md

@@ -70,5 +70,3 @@ This release adds budget reporting commands and improves error messages across a
 GitHub Actions extracts the CHANGELOG entry and uses it as the release description, then builds 5 platform binaries automatically.
 
 > Never push a tag without a well-written CHANGELOG entry first.
-ry first.
-try first.

.gg/commands/fix.md

@@ -0,0 +1,32 @@
+---
+name: fix
+description: Run typechecking and linting, then spawn parallel agents to fix all issues
+---
+
+Run all linting and typechecking tools, collect errors, group them by domain, and use the subagent tool to spawn parallel sub-agents to fix them.
+
+## Step 1: Run Checks
+
+Run each tool and capture output:
+- `gofmt -l .` (format errors — files that need formatting)
+- `go vet ./...` (type/correctness errors)
+- `staticcheck ./...` (lint errors — unused code, simplifications, bugs)
+- `go test ./... -count=1` (test failures)
+
+## Step 2: Collect and Group Errors
+
+Parse the output. Group errors by domain:
+- **Format errors**: files listed by `gofmt -l`
+- **Vet errors**: issues from `go vet`
+- **Lint errors**: issues from `staticcheck`
+- **Test failures**: failing tests from `go test`
+
+## Step 3: Spawn Parallel Agents
+
+For each domain with issues, use the subagent tool to spawn a sub-agent to fix all errors in that domain. Include the full error output and file paths in each agent's task.
+
+Auto-fix format errors directly with `gofmt -w .` instead of spawning an agent.
+
+## Step 4: Verify
+
+After all agents complete, re-run all checks to verify all issues are resolved.

.gg/commands/test.md

@@ -0,0 +1,41 @@
+---
+name: test
+description: Run tests, then spawn parallel agents to fix failures
+---
+
+Run all tests for this project, collect failures, and use the subagent tool to spawn parallel sub-agents to fix them.
+
+## Step 1: Run Tests
+
+Run unit tests with coverage:
+```
+go test ./... -count=1 -cover
+```
+
+For integration tests (builds and executes the binary):
+```
+go test ./internal/cli/ -count=1 -tags=integration
+```
+
+For a specific package:
+```
+go test ./internal/inngest/ -count=1 -v
+```
+
+For a specific test:
+```
+go test ./internal/inngest/ -count=1 -v -run TestHashSigningKey
+```
+
+For race detection:
+```
+go test ./... -count=1 -race
+```
+
+## Step 2: If Failures
+
+For each failing test, use the subagent tool to spawn a sub-agent to fix the underlying issue (not the test). Include the test name, file path, and full error output.
+
+## Step 3: Re-run
+
+Re-run `go test ./... -count=1 -cover` to verify all fixes and confirm coverage hasn't regressed.

.gg/commands/update.md

@@ -0,0 +1,102 @@
+---
+name: update
+description: Update Go dependencies, fix deprecations and security issues
+---
+
+## Step 1: Check for Updates
+
+List all dependencies and check for available updates:
+
+```
+go list -m -u all
+```
+
+Review the output. Modules with `[v1.X.Y]` annotations have newer versions available.
+
+## Step 2: Update Dependencies
+
+Update all direct and indirect dependencies to their latest minor/patch versions:
+
+```
+go get -u ./...
+go mod tidy
+go mod verify
+```
+
+Then check for known vulnerabilities:
+
+```
+go install golang.org/x/vuln/cmd/govulncheck@latest
+govulncheck ./...
+```
+
+If govulncheck reports any findings, update the affected module to the fixed version it recommends and re-run until clean.
+
+## Step 3: Check for Deprecations & Warnings
+
+Run a full build and read ALL output carefully:
+
+```
+go build ./...
+go vet ./...
+```
+
+Look for:
+- Deprecated function/type usage (e.g. `io/ioutil`, `strings.Title`)
+- Vet warnings about incorrect format strings, unreachable code, struct tags
+- Build warnings about minimum Go version compatibility
+
+Also run staticcheck if available:
+
+```
+go install honnef.co/go/tools/cmd/staticcheck@latest
+staticcheck ./...
+```
+
+## Step 4: Fix Issues
+
+For each deprecation or warning found:
+1. Research the recommended replacement (e.g. `io/ioutil.ReadAll` → `io.ReadAll`)
+2. Update the code
+3. Re-run `go vet ./...` and `staticcheck ./...`
+4. Verify no warnings remain
+
+For security vulnerabilities:
+1. Update to the patched version `govulncheck` recommends
+2. If no patch exists, evaluate the risk and document it
+3. Re-run `govulncheck ./...` until clean
+
+## Step 5: Run Quality Checks
+
+Run the full project quality gate:
+
+```
+go fmt ./...
+go vet ./...
+go test -race -cover ./...
+```
+
+If golangci-lint is available:
+
+```
+golangci-lint run ./...
+```
+
+Fix all errors before completing. Coverage must remain at 100% on:
+- `pkg/output`
+- `internal/inngest`
+- `internal/common/config`
+- `internal/cli/commands`
+
+## Step 6: Verify Clean Build
+
+Clear module cache artifacts and verify everything resolves cleanly:
+
+```
+go clean -cache -testcache
+go mod download
+go build ./...
+go test -count=1 ./...
+```
+
+Confirm zero warnings and zero errors. Run `make build` to verify the final binary compiles.

.github/workflows/release.yml

@@ -12,13 +12,13 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.23'
+          go-version-file: go.mod
           cache: true
 
       - name: Extract release notes from CHANGELOG.md

.github/workflows/test.yml

@@ -1,19 +1,37 @@
-name: Test
+name: CI
 
 on:
   push:
     branches: [main]
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v7
+        with:
+          version: v2.11.3
+
   test:
+    name: Test
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.23'
+          go-version-file: go.mod
           cache: true
       - name: Verify dependencies
         run: go mod verify
@@ -22,4 +40,4 @@ jobs:
       - name: Vet
         run: go vet ./...
       - name: Test
-        run: go test -v -race ./...
+        run: go test -v -race -coverprofile=coverage.out ./...

.golangci.yml

@@ -0,0 +1,46 @@
+version: "2"
+
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  settings:
+    goimports:
+      local-prefixes:
+        - github.com/Coastal-Programs/inggest-cli
+
+linters:
+  default: standard
+  enable:
+    - bodyclose
+    - errcheck
+    - errorlint
+    - gosec
+    - govet
+    - gocritic
+    - goconst
+    - gocyclo
+    - ineffassign
+    - misspell
+    - nakedret
+    - nilerr
+    - prealloc
+    - unconvert
+    - unparam
+    - unused
+    - modernize
+    - intrange
+  settings:
+    gocyclo:
+      min-complexity: 15
+    goconst:
+      min-len: 3
+      min-occurrences: 3
+  exclusions:
+    presets:
+      - comments
+      - std-error-handling
+      - common-false-positives
+    rules:
+      - linters: [errcheck, gosec, gocritic, gocyclo]
+        path: _test\.go

CLAUDE.md

@@ -6,7 +6,7 @@ Built for AI agents, shell scripts, and CI/CD pipelines.
 - **Module:** `github.com/Coastal-Programs/inggest-cli`
 - **Binary:** `inngest`
 - **Config:** `~/.config/inngest/cli.json`
-- **Only external dep:** `github.com/spf13/cobra v1.8.1` — prefer stdlib for everything else
+- **External deps:** `github.com/spf13/cobra v1.10.2`, `golang.org/x/term` — prefer stdlib for everything else
 
 ## Commands
 

Makefile

@@ -16,7 +16,7 @@ help:
 ## build: Build binary to ./build/inngest
 build:
 	@mkdir -p $(BUILD_DIR)
-	go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY) $(CMD)
+	go build -trimpath $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY) $(CMD)
 
 ## install: Install binary to GOPATH/bin
 install:
@@ -49,7 +49,7 @@ vet:
 
 ## lint: Run golangci-lint (installs if missing)
 lint:
-	@which golangci-lint > /dev/null 2>&1 || go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	@which golangci-lint > /dev/null 2>&1 || go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.3
 	golangci-lint run ./...
 
 ## check: Run fmt, vet, and lint (pre-commit gate)

go.mod

@@ -1,14 +1,14 @@
 module github.com/Coastal-Programs/inggest-cli
 
-go 1.25.0
+go 1.26.1
 
 require (
-	github.com/spf13/cobra v1.8.1
+	github.com/spf13/cobra v1.10.2
 	golang.org/x/term v0.41.0
 )
 
 require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	golang.org/x/sys v0.42.0 // indirect
 )