# Bundle-7 / Audit D-001 / staticcheck suppressions.
#
# Bundle-7 first-run dispositions:
#
#   ST1005 (90 hits — error strings should not be capitalized)
#     Style-only. Would require updating ~90 error strings across
#     connectors/discovery for a cosmetic effect. Tracked for a future
#     style-sweep bundle, not security-relevant. Suppressed below.
#
#   S1009 (15 hits — should omit nil check; len() handles nil)
#     Style-only. The redundant nil checks make the intent explicit
#     for new-Go-engineer readers. Tracked for the same future sweep.
#
#   S1011 (4 hits — could use append spread)
#     Style-only.
#
#   SA1019 (6 hits — deprecated API)
#     Real engineering issue, NOT suppressed. Tracked as new audit
#     finding M-028 for explicit migration:
#     - cmd/server/main_test.go × 4: middleware.NewAuth → NewAuthWithNamedKeys
#     - internal/api/handler/scep.go: csr.Attributes → Extensions
#     - one more SA1019 hit elsewhere — see staticcheck.txt receipt.
#
# Configuration format: TOML.

checks = [
    "all",
    # Bundle-7 first-run dispositions:
    "-ST1005",  # error string capitalization — style-only (90 hits), future sweep
    "-ST1000",  # package comment — already-documented packages (126 hits), low value
    "-ST1003",  # naming convention — pre-existing, future style sweep (10 hits)
    "-S1009",   # redundant nil check — explicit-intent style (15 hits)
    "-S1011",   # append-spread — style-only (4 hits)
    "-SA9003",  # empty branch — guarded sites with `// no-op (...)` comments
]