Summary
complyctl doctor panics with a nil pointer dereference when run in a directory without a complytime.yaml file. The get, scan, and other commands handle this case gracefully with a clean error message.
The typical workflow is init → get → scan. A user running doctor in an empty directory is either:
- New to the tool and exploring — they get a panic instead of a helpful message like "no workspace found, run complyctl init". Bad first impression, but no data loss.
- In the wrong directory — same outcome. Confusing but harmless.
Steps to Reproduce
mkdir /tmp/empty-workspace
cd /tmp/empty-workspace
complyctl doctor
Expected Behavior
A clean error message, e.g.:
❌ config: complytime.yaml not found — run 'complyctl init' to create
Actual Behavior
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x40 pc=0x1027a0e80]
goroutine 1 [running]:
github.com/complytime/complyctl/internal/doctor.CheckCollector(0x14000434210?)
/Users/sonu/GitHub/complyctl/internal/doctor/doctor.go:678 +0x20
github.com/complytime/complyctl/internal/doctor.Run(0x0, ...)
/Users/sonu/GitHub/complyctl/internal/doctor/doctor.go:87 +0x4a8
Root Cause
In cmd/complyctl/cli/doctor.go, runDoctor calls complytime.LoadFrom() which fails when the file is missing. The cfg variable remains nil, but is passed to doctor.Run() which forwards it to CheckCollector() at doctor.go:678. CheckCollector dereferences cfg without a nil check.
Impact
- Severity: Low
- Data loss: None (read-only command)
- Security: None
- Frequency: Low — requires running
doctor without ever running init
- UX: Bad first impression for new users exploring the CLI
Suggested Fix
Add a nil guard in CheckCollector (or in Run before calling it):
func CheckCollector(cfg *complytime.WorkspaceConfig) CheckResult {
if cfg == nil {
return CheckResult{
Name: "collector",
Status: StatusPass,
Message: "no config loaded (skipped)",
}
}
// ... existing logic
}Discovered During
Review of PR #479 — this bug exists on main and is unrelated to that PR's changes.
Summary
complyctl doctorpanics with a nil pointer dereference when run in a directory without acomplytime.yamlfile. Theget,scan, and other commands handle this case gracefully with a clean error message.The typical workflow is init → get → scan. A user running doctor in an empty directory is either:
Steps to Reproduce
mkdir /tmp/empty-workspace cd /tmp/empty-workspace complyctl doctorExpected Behavior
A clean error message, e.g.:
Actual Behavior
Root Cause
In
cmd/complyctl/cli/doctor.go,runDoctorcallscomplytime.LoadFrom()which fails when the file is missing. Thecfgvariable remainsnil, but is passed todoctor.Run()which forwards it toCheckCollector()atdoctor.go:678.CheckCollectordereferencescfgwithout a nil check.Impact
doctorwithout ever runninginitSuggested Fix
Add a nil guard in
CheckCollector(or inRunbefore calling it):Discovered During
Review of PR #479 — this bug exists on
mainand is unrelated to that PR's changes.