You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
service.go declares two dead re-exports (var RedactSensitiveHeader = client.RedactSensitiveHeader and var NewFormatter = client.NewFormatter) that are never referenced by any caller - mcp.go already uses client.RedactSensitiveHeader directly. These dead exports add misleading API surface with no consumers and should be removed.
root.go uses var _ = auth.DetectScope to artificially keep an import alive after the real usage was moved to the service layer. This blank-identifier hack is a maintenance hazard - it silently prevents go mod tidy and the unused-import checker from catching a stale import, and obscures the actual dependency relationship.
buildRequestOptions in root.go silently discards the cleanup function returned by BuildRequestOptions via _ = cleanup, creating a latent file handle leak. Any caller (including tests) that provides --data-file and calls this function directly will open an *os.File that is never closed through the intended cleanup path. The comment acknowledges this but offers no safe alternative.
The maxPages global variable is declared in root.go and flows into config.Config.MaxPages, and the verbose path even prints "Pagination enabled (max %d pages)" using it - but no cobra PersistentFlags().IntVar(&maxPages, ...) binding is ever registered, so maxPages is always 0 at runtime regardless of the 100 default in config.Defaults(). This is a partially-implemented feature flag that silently produces wrong output.
code quality audit
service.godeclares two dead re-exports (var RedactSensitiveHeader = client.RedactSensitiveHeaderandvar NewFormatter = client.NewFormatter) that are never referenced by any caller -mcp.goalready usesclient.RedactSensitiveHeaderdirectly. These dead exports add misleading API surface with no consumers and should be removed.root.gousesvar _ = auth.DetectScopeto artificially keep an import alive after the real usage was moved to the service layer. This blank-identifier hack is a maintenance hazard - it silently preventsgo mod tidyand the unused-import checker from catching a stale import, and obscures the actual dependency relationship.buildRequestOptionsinroot.gosilently discards thecleanupfunction returned byBuildRequestOptionsvia_ = cleanup, creating a latent file handle leak. Any caller (including tests) that provides--data-fileand calls this function directly will open an*os.Filethat is never closed through the intended cleanup path. The comment acknowledges this but offers no safe alternative.maxPagesglobal variable is declared inroot.goand flows intoconfig.Config.MaxPages, and the verbose path even prints"Pagination enabled (max %d pages)"using it - but no cobraPersistentFlags().IntVar(&maxPages, ...)binding is ever registered, somaxPagesis always 0 at runtime regardless of the100default inconfig.Defaults(). This is a partially-implemented feature flag that silently produces wrong output.Automated analysis - 4 finding(s)