[sergo] Sergo Report: 24th-Linter execcommandwithoutcontext — Control-Flow Precision & Enforce-Readiness - 2026-06-10

[github-actions[bot]]

Executive Summary

Run R32 detected a tool change — the 24th custom linter, execcommandwithoutcontext, has landed (cmd/linters/main.go:52). Notably, it landed fully documented, breaking the 2-run new_linter_doc_lag streak: the team now syncs doc.go, README.md, and spec_test.go at landing. With the doc-sync and syntactic-precision angles closed, this run pivoted to a control-flow precision audit and uncovered a novel false-positive class plus a clean enforce-readiness path.

• Tool change: Serena LSP stable at 23 tools (R4–R32); linter registry 23 → 24 (execcommandwithoutcontext).
• Cached reverify: R31 issues sortslice (23rd custom linter) is registered in the driver but undocumented — sync doc.go, README, and spec_test to 23 analyzers #38028 (sortslice doc-sync) and sortslice precision: match sort.Slice/SliceStable via package identity (pass.TypesInfo), not the syntactic identifier name "sort [Content truncated due to length] #38029 (sortslice precision) both LANDED + CLOSED.
• New findings: 1 false positive (nil-guard control flow) + 2 genuine violations + 1 nolint/enforce gap.
• Issues filed: 2 (#38281, #38282). Status: ✅

Critical Findings

1. Nil-guard false positive — unsafe autofix (Issue #38281)

execcommandwithoutcontext flags exec.Command in the nil branch of an explicit guard:

if ctx != nil {
    cmd = exec.CommandContext(ctx, "gh", args...)
} else {
    cmd = exec.Command("gh", args...) // pkg/workflow/github_cli.go:32 — FLAGGED
}

On this path ctx is provably nil, and the suggested fix exec.CommandContext(ctx, ...) panics at runtime (Go's exec.CommandContext panics on a nil context). This is the intentional dual-path behind ExecGH (nil) / ExecGHContext(ctx). The diagnostic is wrong and the autofix is unsafe.

2. Genuine context-propagation gap (Issue #38282)

connectStdioMCPServer (pkg/cli/mcp_inspect_mcp.go:150, :155) receives a real 30s-timeout ctx but spawns subprocesses with exec.Command, so the MCP server process is not bound to the timeout. Safe to convert to exec.CommandContext(ctx, ...).

Strategy: 50/50 Split

Cached reuse (50%) — reverify + apply established patterns

• Reverified the two R31 issues landed: sortslice (23rd custom linter) is registered in the driver but undocumented — sync doc.go, README, and spec_test to 23 analyzers #38028 and sortslice precision: match sort.Slice/SliceStable via package identity (pass.TypesInfo), not the syntactic identifier name "sort [Content truncated due to length] #38029 are both closed (sortslice now in doc.go/README/spec_test and uses type identity). The team_closes_fast pattern holds — zero open sergo issues.
• Applied new_linter_doc_lag to the 24th linter → gap = 0. doc.go says "All 24", documentedAnalyzers() has 24 entries including execcommandwithoutcontext. Pattern downgraded from "automatic finding" to "watch".
• Applied new_linter_precision_audit → the analyzer uses type identity (ObjectOf -> *types.PkgName -> Imported().Path() == "os/exec", types.Identical for ctx), so there is no syntactic-match bug like sortslice had.

New exploration (50%) — control-flow precision + enforce-readiness

With type-identity clean, the audit pivoted to control-flow precision and violation triage:

• Enumerated all ~90 prod exec.Command sites across 30 files; mapped each to its enclosing function to find which are inside context-receiving functions.
• Only 3 qualify: github_cli.go:32 (FP), mcp_inspect_mcp.go:150 and :155 (genuine).
• Discovered the nil-guard FP class — a new sub-pattern for context-propagation linters: intentional if ctx != nil { CtxVariant } else { PlainVariant } dual-path APIs are mis-flagged, and autofixing into the nil path panics.
• Confirmed the linter lacks internal/nolint support (cannot suppress the FP), making it a prerequisite for enforcement.

Run targets: ≥1 proven-to-land precision issue; a concrete enforce roadmap for the new linter; cache + pattern updates. All met.

Generated Tasks

Task	Type	Location	Effort	Lands?
#38281	Precision FP (control-flow guard)	execcommandwithoutcontext.go run() + testdata	Small	~1 day (single-file template)
#38282	Enforce-readiness (convert 2 + nolint + CI flag)	mcp_inspect_mcp.go, linter, cgo.yml	Small–Medium	Gated on sg32a1

Metrics

• Run: R32 · Findings: 6 · Tasks: 2 · Issues: 2 · Self-score: 9/10
• Linters: 24 registered · 24 documented · 12 enforced (CI unchanged at cgo.yml:1122)
• Aggregate: 32 runs · 245 findings · 63 tasks · avg score 8.73

Historical context

• R30: 22nd linter lenstringzero — undocumented (doc-lag) → lenstringzero (22nd custom linter) is registered in the driver but undocumented — sync doc.go, README, and spec_test to 22 analy [Content truncated due to length] #37740/lenstringzero precision: flag len() stored in an intermediate variable (n := len(s); n == 0) using the alias-tracking pattern th [Content truncated due to length] #37741 landed.
• R31: 23rd linter sortslice — undocumented (doc-lag) + syntactic-match precision → sortslice (23rd custom linter) is registered in the driver but undocumented — sync doc.go, README, and spec_test to 23 analyzers #38028/sortslice precision: match sort.Slice/SliceStable via package identity (pass.TypesInfo), not the syntactic identifier name "sort [Content truncated due to length] #38029 landed.
• R32: 24th linter execcommandwithoutcontext — documented at landing (no doc-lag), type-identity correct → pivoted to control-flow precision.

The doc-lag pattern (confirmed 2×) broke this run — evidence the team internalized sergo's repeated doc-sync findings.

Recommendations

1. Land #38281 first — it is the blocker for enforcement and the autofix is currently unsafe.
2. Then #38282 — convert the 2 MCP sites, add internal/nolint, append the 13th CI flag.
3. Audit ctxbackground for the same nil-guard FP class (it is the other context-propagation linter).

Next-Run Focus (R33)

• Verify #38281 + #38282 landed.
• Watch for a 25th linter — run new_linter_doc_lag (expect gap 0 now) then precision audit (type identity → then control-flow/nil-guard).
• lenstringzero enforce-roadmap; sortslice enforce auto-follows the lint-monster migration ([lint-monster] Sort Type-Safety: Migrate from sort.Slice to slices.SortFunc #38012/[lint-monster] Migrate unsafe sort.Slice calls to type-safe slices.SortFunc #38014).

References: §27254549539

Generated by 🤖 Sergo - Serena Go Expert · 294.4 AIC · ⌖ 14.5 AIC · ⊞ 6.3K · ◷

• expires on Jun 10, 2026, 9:19 PM UTC-08:00