You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sort.Slice used in checkpoint.go:146 and sessions.go:144 despite the project targeting Go 1.26.1 - prefer slices.SortFunc from the standard slices package (available since Go 1.21), which provides generic, type-safe sorting and avoids index-based closures
Silent error discard home, _ := os.UserHomeDir() in launcher.go:290 (macOS/Linux path of FindCopilotCLI) - if UserHomeDir fails, home is an empty string, silently corrupting every path constructed from it; error should be handled and surfaced
FindCopilotCLI spawns exec.CommandContext(context.Background(), "npm", ...) (launcher.go:231) and EnsureExtensionsInstalled creates timeouts from context.Background() (lines 652, 662) instead of threading the caller's context - prevents cancellation propagation and is non-idiomatic in Go
Fragile JSON key detection in ConfigureMCPServer uses strings.Contains(string(existingConfig), '"'+name+'"') (launcher.go:547) - a JSON string value containing e.g. "description": "azure pipeline" could falsely match the "azure" server key; the existing fallback uses proper json.Unmarshal so the pre-check heuristic should too
MCP server config is duplicated in two forms in ConfigureMCPServer: once as raw JSON snippets in the requiredServers map and again as a full JSON string template (launcher.go:501-598) - violates DRY and will cause drift when adding/modifying servers; a typed struct marshalled via encoding/json should be the single source of truth
EnsureExtensionsInstalled (launcher.go:640-673) always returns nil despite having error return type, silently swallowing all install failures - either return meaningful errors or change the signature to reflect that errors are intentionally suppressed
idiomatic code audit
sort.Sliceused in checkpoint.go:146 and sessions.go:144 despite the project targeting Go 1.26.1 - preferslices.SortFuncfrom the standardslicespackage (available since Go 1.21), which provides generic, type-safe sorting and avoids index-based closureshome, _ := os.UserHomeDir()in launcher.go:290 (macOS/Linux path ofFindCopilotCLI) - ifUserHomeDirfails,homeis an empty string, silently corrupting every path constructed from it; error should be handled and surfacedFindCopilotCLIspawnsexec.CommandContext(context.Background(), "npm", ...)(launcher.go:231) andEnsureExtensionsInstalledcreates timeouts fromcontext.Background()(lines 652, 662) instead of threading the caller's context - prevents cancellation propagation and is non-idiomatic in GoConfigureMCPServerusesstrings.Contains(string(existingConfig), '"'+name+'"')(launcher.go:547) - a JSON string value containing e.g."description": "azure pipeline"could falsely match the"azure"server key; the existing fallback uses properjson.Unmarshalso the pre-check heuristic should tooConfigureMCPServer: once as raw JSON snippets in therequiredServersmap and again as a full JSON string template (launcher.go:501-598) - violates DRY and will cause drift when adding/modifying servers; a typed struct marshalled viaencoding/jsonshould be the single source of truthEnsureExtensionsInstalled(launcher.go:640-673) always returnsnildespite havingerrorreturn type, silently swallowing all install failures - either return meaningful errors or change the signature to reflect that errors are intentionally suppressedAutomated analysis - 6 finding(s)