fix(ci): Sprint 6 CI follow-up — staticcheck ST1021 + tenant-query baseline + skip inventory

Sprint 6 push (commits 43836ac + 663b14b) tripped three CI guards. Fixing all three in this single follow-up — each is a small, mechanical correction that doesn't change behavior: 1. staticcheck ST1021: AuditChainSnapshot doc comment was on the wrong type. internal/service/audit_chain_metric.go:91 had: // Snapshot returns the current counter state for the Prometheus // exposer. Reads use atomic loads — no mutex. type AuditChainSnapshot struct { ... } The comment described Snapshot() (the method on AuditChainCounter) but sat directly above the AuditChainSnapshot struct. staticcheck ST1021 requires exported-type comments to start with the type's name + optional leading article. Rewrote to lead with "AuditChainSnapshot is the point-in-time view ...". 2. multi-tenant-query-coverage: baseline drifted 31 → 32 because Sprint 6 COMP-002-RETENTION added UserRepository.ListDeactivatedBefore at internal/repository/postgres/user.go:191 — legitimately tenant-spanning by design. The retention policy is control-plane-wide (one CERTCTL_USER_RETENTION_WINDOW for the whole deployment, not per-tenant). The scheduler's userRetentionLoop walks every tenant's deactivated users on the same tick. A per-tenant tenant_id filter would require the scheduler to iterate every tenant — more code for equivalent semantics. Per the guard's own documentation (option b), legitimately tenant-spanning queries get an inline rationale comment + a baseline lift. Both delivered: - Inline comment block on the SELECT in user.go::ListDeactivatedBefore. - BASELINE_COUNT 31 → 32 in scripts/ci-guards/multi-tenant-query-coverage.sh, with the Sprint 6 rebase entry added to the rebase-history comment. 3. skip-inventory-drift: docs/testing/skip-inventory.md was stale. COMP-001-HASH added three new t.Skip sites in internal/repository/postgres/audit_chain_test.go (the three testing.Short() gates on the testcontainers integration tests). Re-ran ./scripts/skip-inventory.sh to regenerate the doc — totals went from 144 → 147 sites + 78 → 82 short-mode guards. Verified locally: bash scripts/ci-guards/multi-tenant-query-coverage.sh (clean) bash scripts/ci-guards/skip-inventory-drift.sh (clean) go vet ./... (clean) staticcheck ./internal/service/... (clean) Closes the three Sprint 6 CI failures. The next CI run should green out.
2026-06-07 12:21:31 +00:00 · 2026-05-16 06:24:09 +00:00
parent 663b14bfd8
commit c4ed3da30b
4 changed files with 26 additions and 6 deletions
@@ -185,6 +185,13 @@ func (r *UserRepository) ListAll(ctx context.Context, tenantID string) ([]*userd
 // this list per tick and calls UserRetentionService.DeleteUserPII on
 // each. Cross-tenant on purpose: a single retention policy spans the
 // whole control plane.
+//
+// multi-tenant-query-coverage carve-out: the SELECT below intentionally
+// omits `tenant_id` because retention is a control-plane-wide policy
+// (one CERTCTL_USER_RETENTION_WINDOW for the whole deployment, not
+// per-tenant). Adding a `tenant_id = $N` filter would require the
+// scheduler loop to iterate every tenant, which is more code for
+// equivalent semantics. The guard's baseline counts this query.
 func (r *UserRepository) ListDeactivatedBefore(ctx context.Context, threshold time.Time) ([]*userdomain.User, error) {
 	rows, err := r.db.QueryContext(ctx,
 		`SELECT `+userColumns+`
@@ -88,8 +88,10 @@ func (c *AuditChainCounter) RecordBreak(brokenAtID string, brokenAtPos int) {
 	}
 }

-// Snapshot returns the current counter state for the Prometheus
-// exposer. Reads use atomic loads — no mutex.
+// AuditChainSnapshot is the point-in-time view of the counters the
+// Prometheus exposer reads. Snapshot() returns one of these; the
+// metrics handler renders each field into Prometheus exposition
+// format. Reads use atomic loads — no mutex required.
 type AuditChainSnapshot struct {
 	BreaksDetected uint64
 	WalksCompleted uint64