* fix(lint): unblock Platform Go CI — suppress 8 pre-existing errcheck warnings
golangci-lint errcheck has been flagging these since before this PR —
not regressions from the restart fix, just long-standing debt that
blocks Platform (Go) CI from ever going green. Prefix ignored returns
with `_ =` to make the signal explicit without changing behavior:
- channels/lark_test.go:97 (w.Write) + :118 (resp.Body.Close)
- channels/channels_test.go:620 + :760 (mockDB.Close in t.Cleanup)
- channels/manager.go:131 + :196 (defer rows.Close via closure wrapper)
- channels/manager.go:206–207 (json.Unmarshal into struct fields)
- artifacts/client_test.go:195, 237, 297 (json.Decode in test handlers)
The manager.go defer patch uses `defer func() { _ = rows.Close() }()`
since errcheck doesn't allow the `_ =` prefix directly on `defer`.
Build + `go test ./...` green locally for internal/channels and
internal/artifacts. The manager.go change touches production code so
I re-ran the channels test suite; passes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* chore: trigger PR refresh
* test(handlers): add CWE-22 regression suite + KI-005 terminal access fix + tests
container_files_test.go (152 lines):
- 11 path-traversal test cases for copyFilesToContainer (F1501/CWE-22)
- Tests nil Docker client — validation logic runs before any Docker call
terminal.go KI-005 security fix (backport from ship/security-fix 6de7530c):
- Enforce CanCommunicate hierarchy check before granting terminal access
- Shell access is more dangerous than A2A message-passing; apply the
same hierarchy check used by A2A and discovery endpoints
- When X-Workspace-ID header is present and bearer token is valid
(ValidateAnyToken), reject unless CanCommunicate(callerID, targetID)
- Canvas/molecli callers without X-Workspace-ID header pass through to
WorkspaceAuth middleware for existing bearer check
- canCommunicateCheck exposed as package var for testability
terminal_test.go (5 test cases):
- TestTerminalConnect_KI005_RejectsUnauthorizedCrossWorkspace
- TestTerminalConnect_KI005_AllowsOwnTerminal
- TestTerminalConnect_KI005_SkipsCheckWithoutHeader
- TestTerminalConnect_KI005_RejectsInvalidToken
- TestTerminalConnect_KI005_AllowsSiblingWorkspace
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Hongming Wang <hongmingwang.rabbit@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Molecule AI Core-BE <core-be@agents.moleculesai.app>
All httptest.ResponseWriter.Write calls in client_test.go now discard
the byte count and error return with _, _ = prefix. The Write method
is safe to discard in test handlers — httptest.ResponseWriter.Write
never returns an error for in-memory buffers.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Suppress errcheck warnings for calls where the return value is safely
ignored:
- resp.Body.Close() (artifacts/client.go): deferred cleanup — failure
to close a response body is non-critical; the defer itself is what
matters for connection reuse.
- rows.Close() (bundle/exporter.go): deferred cleanup in a loop where
rows.Err() already handles query errors.
- filepath.Walk (bundle/exporter.go): top-level walk call; errors in
sub-directory traversal are handled by the inner callback (which
returns nil for err != nil).
- broadcaster.RecordAndBroadcast (bundle/importer.go): fire-and-forget
event broadcast; errors are logged internally by the broadcaster.
- db.DB.ExecContext (bundle/importer.go): best-effort runtime column
update; non-critical auxiliary data that the provisioner re-extracts
if needed.
Fixes: #1143
