From 4c032a3b5354b2ee58cc03a22297c941a3e0d2e8 Mon Sep 17 00:00:00 2001
From: claw <claw@weiker.me>
Date: Wed, 13 May 2026 11:58:25 -0700
Subject: [PATCH] fix: move AllowInsecureHTTPForTest to export_test.go, fix
 gofmt alignment

---
 github/client.go      | 20 +++++---------------
 github/export_test.go | 13 +++++++++++++
 2 files changed, 18 insertions(+), 15 deletions(-)
 create mode 100644 github/export_test.go

diff --git a/github/client.go b/github/client.go
index dabb51d..718935a 100644
--- a/github/client.go
+++ b/github/client.go
@@ -96,8 +96,8 @@ type Client struct {
 	// Higher-level exported methods (GetPullRequest, etc.) will use it to
 	// construct request URLs; remove this field if those methods end up
 	// accepting full URLs instead.
-	baseURL string
-	token   string
+	baseURL    string
+	token      string
 	httpClient *http.Client
 
 	// allowInsecureHTTP permits requests to HTTP (non-TLS) endpoints.
@@ -155,23 +155,13 @@ type clientConfig struct {
 // environment variable. Without the env var set, the option is silently ignored
 // and a warning is logged.
 //
-// For tests, prefer AllowInsecureHTTPForTest which bypasses the env gate.
+// For tests, use AllowInsecureHTTPForTest (defined in export_test.go) which bypasses the env gate.
 func AllowInsecureHTTP() ClientOption {
 	return func(cfg *clientConfig) {
 		cfg.allowInsecureHTTP = true
 	}
 }
 
-// AllowInsecureHTTPForTest permits sending credentials over plaintext HTTP
-// without requiring the REVIEW_BOT_ALLOW_INSECURE environment variable.
-// This is intended exclusively for test code using httptest.Server.
-func AllowInsecureHTTPForTest() ClientOption {
-	return func(cfg *clientConfig) {
-		cfg.allowInsecureHTTP = true
-		cfg.insecureIsTestBypass = true
-	}
-}
-
 // NewClient creates a new GitHub API client.
 // If baseURL is empty, it defaults to https://api.github.com.
 // For GitHub Enterprise, pass the API base URL (e.g. https://github.concur.com/api/v3).
@@ -196,8 +186,8 @@ func NewClient(token, baseURL string, opts ...ClientOption) *Client {
 	}
 
 	return &Client{
-		baseURL:          strings.TrimRight(baseURL, "/"),
-		token:            token,
+		baseURL:           strings.TrimRight(baseURL, "/"),
+		token:             token,
 		allowInsecureHTTP: cfg.allowInsecureHTTP,
 		httpClient: &http.Client{
 			Timeout:       30 * time.Second,
diff --git a/github/export_test.go b/github/export_test.go
new file mode 100644
index 0000000..9b82083
--- /dev/null
+++ b/github/export_test.go
@@ -0,0 +1,13 @@
+package github
+
+// AllowInsecureHTTPForTest permits sending credentials over plaintext HTTP
+// without requiring the REVIEW_BOT_ALLOW_INSECURE environment variable.
+// This is intended exclusively for test code using httptest.Server.
+//
+// Defined in a _test.go file so it is only available to test binaries.
+func AllowInsecureHTTPForTest() ClientOption {
+	return func(cfg *clientConfig) {
+		cfg.allowInsecureHTTP = true
+		cfg.insecureIsTestBypass = true
+	}
+}