chore: rename Go module path to github.com/certctl-io/certctl

Mechanical sed across the main go.mod's module declaration, the f5-mock-icontrol sub-module's go.mod, every Go file's import path (361 files), and a rebuild of the checked-in f5-mock-icontrol binary so its embedded build-info reflects the new module path. No behavior change. Choice B from cowork/transfer-certctl-to-org.md, executed 2026-05-04. Choice A (keep module path declared as github.com/shankar0123/certctl regardless of repo URL) shipped on the day of the org transfer (2026-05-03) since we had no external Go consumers; this commit closes that deferral. Backward-compat: GitHub HTTP redirects continue to forward github.com/shankar0123/certctl → github.com/certctl-io/certctl at the URL level, but Go's module proxy uses the path declared in go.mod as the canonical name. Pre-fix, anyone trying `go get github.com/certctl-io/certctl/...` hit a "module path mismatch" error because go.mod said github.com/shankar0123/certctl and the URL they fetched it from said certctl-io/certctl. Post-fix, the canonical name and the URL agree, so go get / go install / external Go consumers / Go-tooling integrations work cleanly via either the new path (preferred) or the old path (which redirects and Go follows the redirect for source fetch). Anyone still importing the old path inside their own code keeps working provided they update their go.mod's `require` line to match — the module path declared in their consumer's go.sum / go.mod is the authoritative import name, so a mass sed across their import statements is the migration on the consumer side. No external consumers exist today. Diff shape: 361 *.go files — import path replacement only 2 go.mod — module declaration replacement only 1 binary — deploy/test/f5-mock-icontrol/f5-mock-icontrol rebuilt so embedded build-info reflects the new path (8618965 vs 8618933 bytes; 32-byte diff is the build-info change) Total: 364 files, 730 insertions / 730 deletions, net-zero size, pure mechanical substitution. Verification: gofmt: 17 files needed re-alignment after sed (the new path is one char shorter than the old, so column-aligned import groups drifted). Applied `gofmt -w` to fix. go mod tidy: clean exit on both modules. go vet ./...: clean exit. go build ./...: clean exit. go test -short -count=1 on representative packages: all green (internal/domain, internal/validation, internal/crypto, internal/crypto/signer, cmd/agent). Test output now reads `ok github.com/certctl-io/certctl/...` confirming the module path resolves correctly. binary: f5-mock-icontrol rebuilt; `strings | grep shankar0123` returns nothing; `strings | grep certctl-io/certctl` shows the new module path embedded in build-info. Files intentionally NOT touched in this commit: README.md / CHANGELOG.md / docs/ / etc. — already swept to certctl-io URLs in commit 0729ee4 (the post-transfer URL refresh). This commit is purely the Go-tooling layer. Scarf pixels (`shankar0123.docker.scarf.sh/...`) — Scarf-account namespace, not a Go import or GitHub repo URL. Stays. This is a non-blocking, non-customer-impacting change. Operators pulling container images, running `make verify`, hitting the API, or installing the agent see no functional difference. Only Go-tooling consumers (none today) are affected, and they're enabled — not broken — by this commit.
2026-06-07 13:51:36 +00:00 · 2026-05-04 00:30:29 +00:00
parent 2d22e08a1e
commit 8b75e0311b
364 changed files with 730 additions and 730 deletions
@@ -15,10 +15,10 @@ import (

 	jose "github.com/go-jose/go-jose/v4"

-	"github.com/shankar0123/certctl/internal/api/acme"
-	"github.com/shankar0123/certctl/internal/config"
-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/api/acme"
+	"github.com/certctl-io/certctl/internal/config"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // ACMERepo is the persistence-layer surface ACMEService consumes for
@@ -21,10 +21,10 @@ import (

 	jose "github.com/go-jose/go-jose/v4"

-	"github.com/shankar0123/certctl/internal/api/acme"
-	"github.com/shankar0123/certctl/internal/config"
-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/api/acme"
+	"github.com/certctl-io/certctl/internal/config"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // Phase 4 — service-layer tests for RotateAccountKey + RevokeCert +
@@ -14,9 +14,9 @@ import (

 	jose "github.com/go-jose/go-jose/v4"

-	"github.com/shankar0123/certctl/internal/config"
-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/config"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // fakeACMERepo is an in-memory ACMERepo for tests. It tracks issued
@@ -10,8 +10,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // AgentService provides business logic for managing and coordinating with agents.
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // AgentGroupService provides business logic for agent group management.
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // mockAgentGroupRepo is a test implementation of AgentGroupRepository
@@ -7,7 +7,7 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // I-004 coverage-gap closure: the agent retirement surface.
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // setupRetireTest wires up an AgentService with a single registered agent and
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // Bundle N.C-extended: agent service-layer round-out (target +5pp).
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 func TestRegisterAgent(t *testing.T) {
@@ -29,8 +29,8 @@ import (
 	"errors"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // TestCertificateService_Create_AtomicWithTx asserts the issuance path
@@ -6,8 +6,8 @@ import (
 	"fmt"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // AuditService provides business logic for recording and retrieving audit events.
@@ -6,8 +6,8 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 func TestRecordEvent(t *testing.T) {
@@ -7,8 +7,8 @@ import (
 	"log/slog"
 	"strings"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // ErrBulkReassignOwnerNotFound is the typed sentinel for a non-existent
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 func newBulkReassignmentTestService() (*BulkReassignmentService, *mockCertRepo, *mockOwnerRepo, *mockAuditRepo) {
@@ -7,8 +7,8 @@ import (
 	"strings"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // BulkRenewalService coordinates bulk certificate renewal operations.
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // newBulkRenewalTestService spins up a BulkRenewalService wired against
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"strings"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // BulkRevocationService coordinates bulk certificate revocation operations.
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // helper to create a test BulkRevocationService wired for bulk revocation tests
@@ -9,8 +9,8 @@ import (
 	"math/big"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // CAOperationsSvc provides CA operations: CRL generation and OCSP response signing.
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // helper to create a CAOperationsSvc for testing
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // CertificateService provides business logic for certificate management.
@@ -6,7 +6,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // TestCertificateService_RevokeCertificate_RevocationSvcNil tests RevokeCertificateWithActor
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // Bundle N.C-extended: service-layer round-out (70.5% → ≥80%).
@@ -5,7 +5,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 func TestCreateCertificate(t *testing.T) {
@@ -6,7 +6,7 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // Sentinel agent IDs for cloud discovery sources.
@@ -7,7 +7,7 @@ import (
 	"os"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // mockDiscoverySource implements domain.DiscoverySource for testing.
@@ -8,8 +8,8 @@ import (
 	"sync"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // TestConcurrentCertificateList tests that 10 goroutines can safely list certificates simultaneously
@@ -7,8 +7,8 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // TestCertificateService_ListWithCancelledContext verifies that List respects a cancelled context
@@ -10,7 +10,7 @@ import (
 	"math/big"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // detailsMapFromAuditEvent unmarshals the json.RawMessage Details
@@ -9,8 +9,8 @@ import (
 	"sync"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // CRLCacheService is the read-through + scheduler-driven cache layer
@@ -9,11 +9,11 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/connector/issuer"
-	localissuer "github.com/shankar0123/certctl/internal/connector/issuer/local"
-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
-	"github.com/shankar0123/certctl/internal/service"
+	"github.com/certctl-io/certctl/internal/connector/issuer"
+	localissuer "github.com/certctl-io/certctl/internal/connector/issuer/local"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/service"
 )

 // fakeCRLCacheRepo is an in-memory repository for CRLCacheService
@@ -8,7 +8,7 @@ import (
 	"encoding/pem"
 	"fmt"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // CSRValidationResult contains metadata extracted from a validated CSR.
@@ -10,7 +10,7 @@ import (
 	"encoding/pem"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // generateTestCSR creates a valid CSR PEM for testing purposes.
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // NOTE: generateTestCSR(t, keyType, keySize) is defined in crypto_validation_test.go
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // DeploymentService manages certificate deployment to targets via agents.
@@ -6,7 +6,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // newTestDeploymentService creates a test deployment service with all necessary mocks.
@@ -8,7 +8,7 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // DigestService generates and sends periodic certificate digest emails.
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // mockHTMLEmailSender implements HTMLEmailSender for testing.
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // DiscoveryService provides business logic for certificate discovery.
@@ -6,8 +6,8 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // mockDiscoveryRepo is a test implementation of DiscoveryRepository
@@ -16,10 +16,10 @@ import (
 	"strings"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/pkcs7"
-	"github.com/shankar0123/certctl/internal/repository"
-	"github.com/shankar0123/certctl/internal/trustanchor"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/pkcs7"
+	"github.com/certctl-io/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/trustanchor"
 )

 // ESTService implements the EST (RFC 7030) enrollment protocol.
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // EST RFC 7030 hardening master bundle Phase 11.4 — audit-code assertions.
@@ -5,7 +5,7 @@ import (
 	"sync/atomic"
 	"time"

-	"github.com/shankar0123/certctl/internal/trustanchor"
+	"github.com/certctl-io/certctl/internal/trustanchor"
 )

 // EST RFC 7030 hardening master bundle Phase 7.1.
@@ -16,7 +16,7 @@ import (
 	"strings"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // generateCSRPEM creates a valid ECDSA P-256 CSR for testing.
@@ -7,8 +7,8 @@ import (
 	"fmt"
 	"log/slog"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 	"software.sslmate.com/src/go-pkcs12"
 )

@@ -12,7 +12,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // generateTestCertPEM creates a self-signed test certificate PEM for export tests.
@@ -7,9 +7,9 @@ import (
 	"sync"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
-	"github.com/shankar0123/certctl/internal/tlsprobe"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/tlsprobe"
 )

 // HealthCheckService manages endpoint TLS health monitoring.
@@ -8,8 +8,8 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // mockHealthCheckRepo implements the HealthCheckRepository interface for testing.
@@ -9,11 +9,11 @@ import (
 	"strings"
 	"time"

-	"github.com/shankar0123/certctl/internal/config"
-	"github.com/shankar0123/certctl/internal/connector/issuerfactory"
-	"github.com/shankar0123/certctl/internal/crypto"
-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/config"
+	"github.com/certctl-io/certctl/internal/connector/issuerfactory"
+	"github.com/certctl-io/certctl/internal/crypto"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // IssuerService provides business logic for certificate issuer management.
@@ -4,7 +4,7 @@ import (
 	"context"
 	"time"

-	"github.com/shankar0123/certctl/internal/connector/issuer"
+	"github.com/certctl-io/certctl/internal/connector/issuer"
 )

 // IssuerConnectorAdapter bridges the connector-layer issuer.Connector interface with the
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/connector/issuer"
+	"github.com/certctl-io/certctl/internal/connector/issuer"
 )

 // mockConnectorLayerIssuer is a test implementation of issuer.Connector
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"testing"

-	"github.com/shankar0123/certctl/internal/config"
-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/config"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // TestBuildEnvVarSeeds_ACMEConfig tests env var seeding with ACME configuration
@@ -8,15 +8,15 @@ import (
 	"sync"
 	"time"

-	"github.com/shankar0123/certctl/internal/connector/issuer"
-	"github.com/shankar0123/certctl/internal/connector/issuer/acme"
-	"github.com/shankar0123/certctl/internal/connector/issuer/local"
-	"github.com/shankar0123/certctl/internal/connector/issuer/vault"
-	"github.com/shankar0123/certctl/internal/connector/issuerfactory"
-	"github.com/shankar0123/certctl/internal/crypto"
-	"github.com/shankar0123/certctl/internal/crypto/signer"
-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/connector/issuer"
+	"github.com/certctl-io/certctl/internal/connector/issuer/acme"
+	"github.com/certctl-io/certctl/internal/connector/issuer/local"
+	"github.com/certctl-io/certctl/internal/connector/issuer/vault"
+	"github.com/certctl-io/certctl/internal/connector/issuerfactory"
+	"github.com/certctl-io/certctl/internal/crypto"
+	"github.com/certctl-io/certctl/internal/crypto/signer"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // IssuerRegistry is a thread-safe registry of issuer connectors.
@@ -8,8 +8,8 @@ import (
 	"sync"
 	"testing"

-	"github.com/shankar0123/certctl/internal/crypto"
-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/crypto"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 func registryTestLogger() *slog.Logger {
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // TestIssuerService_List tests listing issuers with pagination
@@ -12,8 +12,8 @@ import (

 	"golang.org/x/sync/semaphore"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // ErrSelfApproval is returned by ApproveJob when the actor attempting to
@@ -21,7 +21,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // quietLogger discards the boundedFanOut log output so the test runner
@@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // Bundle C / Audit M-016 (CWE-754): regression suite for the new
@@ -11,7 +11,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // helper to build job service with proper constructor signatures
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // m11cProfileRepo wraps the existing mockProfileRepo from profile_test.go with AddProfile helper.
@@ -12,10 +12,10 @@ import (
 	"sync"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
-	"github.com/shankar0123/certctl/internal/tlsprobe"
-	"github.com/shankar0123/certctl/internal/validation"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/tlsprobe"
+	"github.com/certctl-io/certctl/internal/validation"
 )

 // SentinelAgentID is the agent ID used for network-discovered certificates.
@@ -7,8 +7,8 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/validation"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/validation"
 )

 // mockNetworkScanRepo for testing
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // I-005 retry + DLQ knobs. These pin the operator-approved retry budget and
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 func TestSendThresholdAlert(t *testing.T) {
@@ -8,8 +8,8 @@ import (
 	"sync"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // OCSPResponseCacheService is the read-through + scheduler-driven
@@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // Production hardening II Phase 2 — exercise the REAL OCSPResponseCacheService
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // Production hardening II Phase 2 — OCSP response cache tests.
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // OwnerService provides business logic for certificate owner management.
@@ -6,7 +6,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // mockOwnerRepo is a test implementation of OwnerRepository
@@ -8,8 +8,8 @@ import (
 	"strings"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // PolicyService provides business logic for compliance policy management.
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 func TestCreateRule(t *testing.T) {
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // ProfileService provides business logic for certificate profile management.
@@ -5,7 +5,7 @@ import (
 	"errors"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // mockProfileRepo is a test implementation of CertificateProfileRepository
@@ -16,8 +16,8 @@ import (
 	"sync/atomic"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // RenewalService manages certificate renewal workflows.
@@ -29,7 +29,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // channelMockNotifier records (recipient, subject, body) per Send call.
@@ -7,8 +7,8 @@ import (
 	"strings"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // G-1: service-level sentinels alias the repository sentinels so errors.Is
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // G-1 red tests: lock in the behavior of RenewalPolicyService before
@@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 func TestCheckExpiringCertificates_SendsThresholdAlerts(t *testing.T) {
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // RevocationSvc provides revocation-related business logic.
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // helper to create a RevocationSvc for testing
@@ -6,7 +6,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // helper to create a test CertificateService wired for revocation tests
@@ -13,9 +13,9 @@ import (
 	"sync/atomic"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
-	"github.com/shankar0123/certctl/internal/scep/intune"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/scep/intune"
 )

 // SCEPService implements the SCEP (RFC 8894) enrollment protocol.
@@ -20,7 +20,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/scep/intune"
+	"github.com/certctl-io/certctl/internal/scep/intune"
 )

 // SCEP RFC 8894 + Intune master bundle Phase 8.9 — service-layer dispatcher
@@ -12,7 +12,7 @@ import (
 	"log/slog"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // SCEP RFC 8894 + Intune master bundle Phase 5.6 follow-up: end-to-end
@@ -14,10 +14,10 @@ import (
 	"strings"
 	"time"

+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/pkcs7"
+	"github.com/certctl-io/certctl/internal/validation"
 	"github.com/google/uuid"
-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/pkcs7"
-	"github.com/shankar0123/certctl/internal/validation"
 )

 // SCEP RFC 8894 + Intune master bundle Phase 11.5 — SCEP probe.
@@ -12,7 +12,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // SCEP RFC 8894 + Intune master prompt §13 line 1859 acceptance —
@@ -7,8 +7,8 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // setupShortLivedTestService creates a RenewalService with mock dependencies for short-lived cert tests
@@ -6,8 +6,8 @@ import (
 	"strings"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // StatsService provides statistics and observability data for dashboards and monitoring.
@@ -5,7 +5,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 func newTestStatsService() (*StatsService, *mockCertRepo, *mockJobRepo, *mockAgentRepo) {
@@ -8,9 +8,9 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/crypto"
-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/crypto"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // ErrAgentNotFound is returned by [TargetService.CreateTarget] when the caller
@@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // newTestTargetService creates a TargetService with mock repositories for testing.
@@ -6,8 +6,8 @@ import (
 	"log/slog"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // TeamService provides business logic for team management.
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // mockTeamRepo is a test implementation of TeamRepository
@@ -9,8 +9,8 @@ import (
 	"sync"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 var errNotFound = errors.New("not found")
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"log/slog"

-	"github.com/shankar0123/certctl/internal/domain"
-	"github.com/shankar0123/certctl/internal/repository"
+	"github.com/certctl-io/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/repository"
 )

 // VerificationService handles recording and querying certificate deployment verification results.
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/shankar0123/certctl/internal/domain"
+	"github.com/certctl-io/certctl/internal/domain"
 )

 // mockVerificationJobRepo is a test double for JobRepository used by verification tests.