claw
bf52fceea0
CI / test (pull_request) Successful in 20s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 20s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 48s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 51s
Update the approved dependency table to document go-yaml subpackage usage (ast, parser) and remove the deviation comment now that the proper allowlist process is being followed. Closes #91
1.5 KiB
1.5 KiB
Conventions
Language & Dependencies
- Target the latest stable Go release.
- STRICT ALLOWLIST: Only packages listed below may be imported. No exceptions.
Approved Third-Party Packages
| Package | Use Case | Scope |
|---|---|---|
github.com/goccy/go-yaml |
YAML parsing and AST inspection (subpkgs: ast, parser) |
production |
github.com/google/go-cmp |
Test comparisons (cmp.Diff) |
test only |
Any import not in this table or the Go standard library is forbidden.
Transitive dependencies of approved packages are automatically allowed.
To request a new dependency:
- Open a PR that ONLY updates this table
- Requires explicit approval from Aaron
- After merge, a separate PR may use the package
Enforcement: scripts/check-deps.sh parses this table — update only here.
Error Handling
- Return errors; never panic.
- Wrap errors with context using
fmt.Errorf("context: %w", err). - Check all error returns.
Testing
- Test every exported function.
- Use
net/http/httptestfor HTTP mocking. - Table-driven tests where multiple inputs share the same assertion logic.
- Integration tests use build tags (
//go:build integration).
Style
- Keep functions short and focused.
- Prefer early returns over deep nesting.
- Meaningful variable names — no single-letter names outside loop indices.
- Comments explain why, not what.
Process
go test ./...must pass before commit.go vet ./...must pass before commit.- Keep commits atomic and well-described.